oketoto Casino & Sportsbook Data Care
This page describes what we collect when you use oketoto and how we keep that data protected. We're committed to transparency about how your information moves through our platform, who has access to it, and what rights you hold over your own data.
We at oketoto operate an online gaming service available where local law permits. When you open an account, deposit funds, or place a wager on Liga 1 matches or live-dealer tables, you share personal and financial information with us. Our privacy policy sets out exactly what we do with that data, how long we keep it, and the safeguards we use to protect it.
Our services span football betting, live-dealer games (blackjack, roulette, baccarat, Dragon Tiger), slot games, and esports markets. Each activity generates data — your email, payment method, game history, IP address, and device details. We handle all of it under the same commitment to security and lawful use.
What we collect on oketoto
We collect your email address, phone number, full name, date of birth, and residential address when you register. These details are required for account verification and compliance with anti-money-laundering rules. We also collect government-issued ID numbers and, in some cases, a photo of your ID or passport — this is our Know Your Customer (KYC) process, and it applies to all users regardless of deposit size.
When you deposit funds via DANA, e-wallet, mobile banking, local payment, or a bank transfer (online payment, e-wallet, mobile banking, local payment), we record the transaction amount, timestamp, and payment method. We do not store your full card or e-wallet credentials — payment processors handle that separately. We do store a reference token so we can match deposits to your account and detect fraud.
Every time you log in, we log your IP address, browser type, and device model. If you play a live-dealer game, we record which table you joined, how long you stayed, and your bets (but not your win or loss, which is calculated server-side). If you bet on a Liga 1 match or Piala AFF fixture, we store your stake and the outcome. Slot game sessions are logged similarly — spin count, bet size, and result.
How we use your data on oketoto
We use your personal information to verify your identity, process your deposits and withdrawals, and settle your bets. Your email is used for account notifications — login alerts, deposit confirmations, withdrawal status updates. We send these to keep you informed, not to market to you.
We analyze game history and betting patterns to detect fraud and money-laundering activity. If your account shows unusual behavior — for example, a sudden spike in deposits followed by rapid withdrawals, or repeated failed login attempts — our compliance team reviews it. This is a legal obligation, not a marketing tool.
We use your IP address and device fingerprint to prevent account takeover and to enforce our terms (for example, one account per person). If you access oketoto from Jakarta one day and Surabaya the next, that's normal; if you access it from two countries simultaneously, we flag it for review.
We do not sell your data to third parties. We do not use your betting history to build a profile and sell it to advertisers. We do share your information with payment processors, our compliance vendors, and our hosting provider — all under strict data-processing agreements.
Third parties and data processors
Our payment processors (online payment, e-wallet, mobile banking, local payment, and the banks online payment, e-wallet, mobile banking, local payment) receive your transaction details. They are responsible for their own privacy practices. We do not control how they use your data beyond the transaction itself.
Our hosting provider stores our servers and databases. Our servers may sit outside Indonesia — they may be in Singapore, Australia, or another jurisdiction. When your data leaves Indonesia, it remains subject to our privacy policy and applicable data-protection law, but you should be aware that some jurisdictions have different legal standards for data access by government agencies.
We use a compliance vendor to screen accounts against sanctions lists and politically exposed persons (PEP) databases. This vendor receives your name, date of birth, and ID number. We use an anti-fraud service that analyzes your login patterns and device fingerprint. Both vendors are bound by data-processing contracts that limit their use of your data to the service we've contracted them for.
Your rights on oketoto
You have the right to access your data. You can request a copy of everything we hold about you — your account details, transaction history, login logs, and game records. We will provide this within 30 days of your request.
You have the right to correct inaccurate data. If your address or phone number is wrong, you can update it in your account settings. If you believe we hold incorrect information, contact our support team.
You have the right to delete your account and request deletion of your personal data, subject to legal holds. If you close your account, we will anonymize your data after the retention period expires. However, we must keep transaction records for seven years for financial compliance — we cannot delete those.
You have the right to object to certain uses of your data. For example, if we use your email for service notifications, you can opt out of non-critical messages. You cannot opt out of security alerts or legal compliance checks.
Cookies and tracking
We use cookies to keep you logged in and to remember your preferences (language, theme, game filters). These are essential for the platform to function. We also use analytics cookies to understand how users navigate oketoto — which pages are visited most, where users drop off, which games are popular. This helps us improve the platform.
We do not use cookies to track you across other websites. We do not sell cookie data to advertisers. If you disable cookies in your browser, you will not be able to log in to oketoto.
How we protect your data
We use industry-standard encryption (TLS 1.2 or higher) to protect data in transit. All communication between your browser and our servers is encrypted. We use bcrypt hashing for passwords — we do not store your password in plain text, and we cannot recover it if you forget it.
Our databases are encrypted at rest. Access to customer data is restricted to authorized staff and is logged. We conduct regular security audits and penetration testing. We have a data-breach response plan: if we discover unauthorized access to your data, we will notify you within 72 hours and describe what happened and what steps we're taking.
We require two-factor authentication (2FA) for all accounts. You can enable it in your account settings — we support authenticator apps and SMS codes. We strongly recommend enabling 2FA, especially if you use oketoto during Idul Fitri or other high-traffic periods when phishing attempts increase.
Contact us about your data
If you have questions about our privacy practices, want to request a copy of your data, or believe we've mishandled your information, contact our support team. We respond to data-access requests within 30 days. For urgent security concerns, email our compliance team directly.
Our services are available only where local law permits. We do not offer oketoto in jurisdictions where online gaming is prohibited. If you are unsure whether you can legally use our platform in your location, you are responsible for verifying that before opening an account. We reserve the right to suspend or close accounts that violate local law or our terms.
This privacy policy was last updated in January 2025. We may update it from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or by posting a notice on our platform. Your continued use of oketoto after an update means you accept the new policy.