jambitoto Platform Privacy Notice

This page describes what we collect when you use jambitoto and how we keep that data protected. We gather information necessary to verify your identity, process deposits and withdrawals through DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet, and settle your football and live-casino markets fairly.

Our servers may sit outside your jurisdiction, but we encrypt all personal data in transit and at rest. We share your information only with payment processors, banks, and regulatory authorities as required by law. We do not sell or lease customer data to third parties for marketing purposes.

We undertake to answer data-access requests within 30 days. If you believe we have mishandled your information, you may lodge a complaint with your local data protection authority. Our contact details are at the end of this notice.

What We Collect on jambitoto

We collect your legal name, date of birth, phone number, email address, and residential address during account registration. We also collect government-issued ID (KTP, passport, driver's licence) to verify your identity before opening an account. This information is stored encrypted on our servers in Jakarta and backed up to a secondary facility.

When you deposit or withdraw, we record your transaction details—payment method, amount, timestamp, and bank reference—for reconciliation and compliance. We retain these records for seven years. We log your login timestamps, IP address, device type, and browser user-agent to detect fraud and unauthorised access.

Cookies and tracking: We use session cookies to maintain your login state and functional cookies to remember your settings. We do not use advertising cookies or cross-site tracking pixels on jambitoto.

How We Use Your Data on jambitoto

We use your personal data to fulfil our legal obligations under Indonesian gaming law, verify your age and identity, process your deposits and withdrawals, investigate disputes, and prevent fraud. We may contact you by email or phone to confirm large withdrawals, notify you of account changes, or resolve payment issues.

We analyse aggregated, anonymised betting patterns (without linking them to you) to understand market demand for Liga 1, Piala Indonesia, Piala AFF, Champions League, and esports markets. This helps us decide which markets to offer and how to price them. We do not profile you individually for marketing segmentation.

If you have provided consent, we may email you about bonus offers or new markets. You may withdraw consent at any time via your account settings or by replying to any marketing email with "Unsubscribe".

Third-Party Processors and Data Sharing

We share your data with payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) to execute withdrawals. These partners have their own privacy policies, which we recommend you review. We also share sanitised account data (no personal identifiers) with our fraud-detection provider to flag suspicious activity.

We do not share your data with sports-betting exchanges, odds aggregators, or third-party marketers without your explicit written consent. We may be required to disclose account information to law enforcement or regulatory authorities if legally compelled.

Your Rights and Data Access

You may request a copy of all personal data we hold about you. We will provide this within 30 calendar days in a portable, human-readable format. You may also request correction of inaccurate data, deletion of your account and associated records (subject to legal retention periods), or restriction of processing for specific purposes.

We retain your account data for as long as your account remains open plus seven years (as required for tax and gaming compliance). If you close your account, we delete non-essential data immediately but retain transaction records and identity documents for the full seven-year period.

  1. Request your data

    Email [email protected] with "Data Access Request" and your registered email address.

  2. Correct or delete information

    Log into your jambitoto account and update your profile, or contact us to initiate deletion.

  3. Lodge a complaint

    If we do not respond adequately, file a complaint with the Indonesian Personal Data Protection Authority.

Data Security and Breach Notification

We encrypt all personal data in transit using TLS 1.2 and at rest using AES-256. Access to customer data is restricted to authorised jambitoto staff and is logged and reviewed quarterly. We conduct annual security audits and penetration tests by an independent third party.

In the event of a data breach affecting personal information, we will notify affected users by email within 72 hours and inform relevant authorities as required by law. We maintain cyber-liability insurance to cover financial losses from unauthorised access.

Jurisdiction and Policy Changes

This privacy notice is governed by the laws of the jurisdiction where jambitoto operates. Our services are available only where local law permits. We may update this notice at any time by posting revised text here. Material changes will be notified to your registered email address at least 14 days before taking effect.

For privacy enquiries, contact us at [email protected] or write to our office in Jakarta during business hours. We maintain a data protection officer available to address concerns about how we handle your information.