longtoto Casino & Sportsbook Data Care

This page describes what we collect when you use longtoto and how we keep that data protected. We collect personal information (email, phone number, name) when you register an account, and payment information (bank details, e-wallet identifiers) when you deposit or withdraw. We also collect game activity logs (bets placed, game outcomes, settlement records) to maintain account history and dispute resolution.

We store your data on encrypted servers and do not sell it to third parties. Our longtoto platform shares payment information only with our bank and e-wallet partners—DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet—as needed to process your deposits and withdrawals. We may store servers in multiple jurisdictions; your data may sit outside Indonesia. This privacy policy explains our full data practices.

You have rights over your longtoto account data: you can request a copy, ask us to correct inaccuracies, or request deletion once account closure is complete. Contact us using the details at the end of this page.

What Data We Collect on longtoto

Account Registration

We collect your email address, phone number, and full name when you create a longtoto account. We also ask for your date of birth to verify your age. We do not require a physical address at registration, but we do collect one during identity verification (KYC) when you request your first withdrawal.

Payment Information

When you deposit on longtoto, we collect information about your payment method. For e-wallet deposits (DANA, e-wallet, mobile banking, local payment, online payment), we receive a transaction ID and timestamp from the e-wallet provider. For e-wallet payments, we log the QR code scan and the amount. For bank transfers to mobile banking, local payment, online payment, or e-wallet virtual accounts, we receive your bank account name and the transfer reference number.

We do not store your full bank account numbers or e-wallet passwords on longtoto servers. Payment processing happens through encrypted gateways operated by our partners. Your credentials pass through these gateways but are never logged in plain text on our systems.

Identity Verification (KYC)

Before you withdraw from longtoto, we require identity verification. We collect a photo of your ID (KTP, passport, or driving licence) and a selfie showing you holding the ID. We encrypt both images and store them separately from your gaming activity. Our team reviews them only when processing your withdrawal or investigating a dispute.

Game Activity and Betting History

We log every action on your longtoto account: deposits, withdrawals, bets placed, game outcomes, and settlement results. These logs are stored in your Account History. We keep them to resolve disputes, comply with banking regulations, and provide you with a complete record of your activity. Game logs include timestamps, bet amounts, odds, and results but do not include your password or payment credentials.

Personal data
Email, phone, name, date of birth, ID documents (collected during KYC).
Payment data
Transaction IDs, e-wallet references, bank transfer details (never full account numbers or passwords).
Game data
Bet history, outcomes, settlement records, account balance snapshots.
Device data
IP address, browser type, device type, login timestamps (for security and fraud prevention).

Cookies and Tracking

longtoto uses cookies to keep you logged in, remember your preferences, and detect fraud. A session cookie stores your login token; it expires when you log out or close the browser. We also use analytics cookies (from third-party providers) to understand how users navigate our platform. These cookies do not identify you personally—they track aggregate patterns like page views and button clicks.

You can disable cookies in your browser settings, but some longtoto features may not work. We do not use cookies to track you across other websites.

How We Use and Protect Your Data

Use of Your Data

We use your longtoto data for these purposes only:

  • To verify your identity and comply with banking regulations (KYC).
  • To process deposits and withdrawals through DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet.
  • To maintain your account history and provide dispute resolution.
  • To detect fraud, prevent account takeover, and investigate suspicious activity.
  • To send you transaction confirmations and withdrawal notifications.
  • To comply with legal requests from law enforcement or banking regulators.

We do not use your data for marketing emails, third-party advertising, or any purpose outside the list above. If we must share data with law enforcement, we inform you unless legally prohibited.

Data Security

We encrypt all data in transit using TLS 1.3. Stored data is encrypted at rest using AES-256. Our servers are backed by firewalls and intrusion detection. We conduct regular security audits and do not publicly disclose specific infrastructure details for security reasons.

Your longtoto password is hashed and salted; we never store it in plain text. If you forget your password, we send you a reset link rather than a temporary password. We encourage you to enable two-factor authentication (2FA) in your Account Settings for added security.

Data Retention

We keep your longtoto account data for as long as your account is active. After you close your account, we retain game history, payment records, and KYC documents for up to seven years to comply with banking regulations and fraud prevention. After that period, we delete or anonymize the data.

During holidays like Idul Fitri, Idul Adha, Imlek, or Nyepi, account closure requests may take longer to process due to reduced staffing. Standard timelines resume after the holiday.

Third-Party Processors

Our longtoto platform uses third-party services to process payments and provide analytics. These processors include our payment partners (mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment) and analytics providers. We sign data-processing agreements with each processor requiring them to handle your data securely and not to use it for their own purposes.

These third parties may store data in their own jurisdictions. By using longtoto, you consent to this international data transfer. We ensure processors meet or exceed our security standards.

Your rights on longtoto

  • You can request a copy of all data we hold about you. Go to Account → Data Request or email us.
  • You can ask us to correct inaccurate information (e.g., misspelled name or wrong phone number).
  • You can request deletion of your data once your longtoto account is closed and the seven-year regulatory period has passed.
  • You can disable non-essential cookies in your browser settings (though some longtoto features may not work).
  • You can disable two-factor authentication, but we recommend keeping it enabled for security.

Data Breach Response

If longtoto experiences a data breach affecting your personal information, we notify affected users via email within a reasonable timeframe. We also notify relevant regulators as required by law. We do not publicly disclose specific breach details if doing so would aid further attacks; instead, we focus on helping users secure their accounts (e.g., recommending password resets).

Geographic Data Location

Our longtoto servers may be located in multiple jurisdictions, including outside Indonesia. Your data may be transferred to and stored in other countries. By using our platform, you consent to this transfer. We ensure that all jurisdictions where we store data meet acceptable privacy standards.

Policy Changes

We may update this privacy policy occasionally. We notify users of material changes via email or an in-app notification. Continued use of longtoto after changes take effect means you accept the updated policy. You can always request the previous version by contacting us.

Contact longtoto

If you have questions about longtoto's privacy practices, wish to request your data, or want to report a data breach, contact our support team. Include "Privacy Request" in your subject line. We respond within standard business timelines. If you are in Jakarta, Surabaya, Bandung, Medan, Semarang, or Yogyakarta, you can also contact local support channels if available.

This privacy policy is effective immediately and applies to all longtoto account holders. We reserve the right to update it at any time. Your continued use of our platform constitutes acceptance of this policy.