Terms of Service
Definitions used here — account, session, processor, retention — match the Terms exactly so you never read two versions of the same word.
This is the privacy policy for your domtoto account. We explain what we collect when you open the lobby, why we keep it, and how long it stays...
We process your data where local law permits and only for supported regions. When you open an account, we record your name, contact details, device fingerprint and the payment reference attached to your top-ups so the cashier can reconcile a DANA, OVO, GoPay or QRIS movement to the right wallet. Marketing pings stay opt-in. Session logs are retained for fraud checks, then
aged out under our retention schedule. You can ask us to export, correct or erase your record at any time, and we'll respond inside the window our jurisdiction sets. Third-party processors are contracted, audited, and limited to the scope each task needs.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
Email our data desk to request an export, a correction or a deletion of your domtoto account record. We confirm receipt the same day and resolve inside the window your jurisdiction defines.
Open the chat bubble inside the lobby and ask for the privacy queue. The agent routes your case to the data team and shares a ticket reference you can quote in any follow-up message.
Inside your domtoto profile you'll find toggles for marketing contact, session cookies and saved device list. Changes apply immediately and a confirmation lands in your registered inbox for your records.
Our data protection lead signs off every revision before it appears on this page. Nothing ships without their review, and the version date at the foot of the policy is updated each time wording shifts.
External counsel familiar with Indonesia data rules reads each draft. They flag anything that conflicts with local statutes and we adjust the wording before the policy reaches your screen.
Our security engineers map every clause to a real control — encryption at rest, access logging, vendor scoping. If a clause cannot be backed by a live control, we rewrite it until it can.
Processors that touch your data sit on a register we audit twice a year. Contracts carry data-processing addenda and breach-notice clauses that match the obligations you read in this policy.
Material changes are summarised at the head of the page and emailed to your registered address. Minor edits are dated quietly so you can compare wording across revisions whenever you need to.
When you write in with a privacy question that exposes unclear wording, we treat it as a bug. The next revision usually carries the clarification and we credit your input in the change log.
Definitions used here — account, session, processor, retention — match the Terms exactly so you never read two versions of the same word.
The cookie categories described in section four mirror the toggles inside the Cookie Notice, including the analytics and preference buckets you can switch off.
Identity-check data referenced in our AML page is the same record this policy governs, with retention windows that line up clause for clause.
The escalation route in our complaints page picks up where this policy ends, so a privacy ticket can become a formal complaint without restarting from zero.
Closure timing here matches the closure flow page: data minimisation kicks in the day your wallet zeroes and your final session expires.
Opt-in language on this page is repeated verbatim on the marketing preferences screen so the consent you give is the consent we record.
The processor list summarised here is published in full on our vendor register, refreshed alongside every material policy update.