mandalatotoPrivacy Policy
This page describes what we collect when you use mandalatoto and how we keep that data protected. We at mandalatoto collect personal information—such as your email, phone number, national ID, and transaction history—to verify your account, process deposits and withdrawals, detect fraud, and comply with applicable law. Your data is encrypted and stored securely; we share it only with payment processors, fraud-prevention partners, and law-enforcement agencies when legally required.
Our platform processes data from users accessing our sportsbook (Liga 1 Indonesia, Piala Indonesia, Piala AFF, Champions League), live-dealer tables (blackjack, roulette, baccarat, Dragon Tiger), slots (Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways), and esports markets (Mobile Legends, Free Fire, PUBG Mobile). We also log deposits via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and bank transfers (mobile banking, local payment, online payment, e-wallet). All data collection follows this privacy policy and applicable law in the jurisdictions where we operate.
By using mandalatoto, you consent to the data collection and processing practices outlined here. If you do not agree with our privacy practices, do not register or use our platform.
What We Collect and How We Use Your Data
We collect two main categories of data from users on mandalatoto: identity information and transaction data. Identity information includes your email or phone number (provided at registration), password (hashed and not readable to us), national ID number (KTP), date of birth, full name, and a selfie for facial verification. We collect this information to confirm your eligibility under applicable law, prevent fraud, and satisfy regulatory Know Your Customer (KYC) requirements.
Transaction data includes all deposits, withdrawals, game activity, bets, results, table selections, and account balance changes. We collect this to manage your account, calculate your balance, settle game outcomes, detect abuse (such as bonus manipulation or collusion), and provide you with transaction history for your records. We also collect technical data: your IP address, device type, browser, and access timestamps. This helps us identify suspicious activity and maintain platform security.
We use your data for the following purposes: account management and customer support; fraud detection and prevention; regulatory compliance and anti-money-laundering (AML) reporting; responding to law-enforcement requests; improving our platform (via anonymized analytics); and communicating important account notifications (such as verification status or withdrawal confirmations). We do not use your data for marketing unless you have separately opted in to promotional communications.
How We Protect Your Data on mandalatoto
We encrypt all sensitive data—including passwords, KTP numbers, and payment information—using industry-standard encryption (typically TLS or AES-256). Our servers are protected by firewalls, intrusion detection systems, and regular security audits. Only authorized mandalatoto staff with legitimate business need can access personal data; we do not expose user information to unauthorized personnel.
We maintain data backups for disaster recovery; backups are also encrypted and stored securely. However, no online system is completely secure. While we undertake reasonable efforts to protect your information, we cannot guarantee absolute protection against all threats. If you suspect your account has been compromised, contact our support team immediately so we can secure it.
We retain identity data for as long as your account is active, plus an additional period (typically 7+ years) to satisfy financial and gaming-regulation requirements in the jurisdictions where we operate. Transaction data is retained for the same extended period to support audit trails and regulatory investigations. Once this retention period expires, we securely delete or anonymize your data.
We do not sell your data to third parties for marketing
Your personal information is used exclusively for operational, compliance, and customer-support purposes. We never sell, rent, or lease your data to marketers, data brokers, or other commercial entities.
Third-Party Data Sharing
We share your data with the following categories of third parties only when necessary for service delivery or legal compliance: payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet providers, and banks mobile banking, local payment, online payment, e-wallet) receive transaction information to process deposits and withdrawals; fraud-prevention and identity-verification services receive your identity information to confirm eligibility and detect abuse; and law-enforcement and regulatory authorities receive data when legally required (such as in response to a court order or during an investigation).
Payment processors operate under their own privacy policies; we recommend reviewing their policies to understand how they handle your financial data. We do not control how third parties use your data beyond what is necessary for service delivery. We require all third parties to maintain confidentiality and use your data only for the purposes we specify.
Our servers may be located outside your jurisdiction. By using mandalatoto, you consent to your data being processed and stored internationally. We comply with applicable data-protection laws, including GDPR for users in the European Union and local laws for users in other regions.
- Identity data
- Email, phone, KTP, date of birth, name, selfie. Retained for account lifetime plus 7+ years.
- Transaction data
- Deposits, withdrawals, bets, game results, balances. Retained for 7+ years for audit and compliance.
- Technical data
- IP address, device type, browser, access timestamps. Used for fraud detection and security.
- Communication records
- Support messages, verification confirmation emails, account notifications. Retained as account documentation.
Your Data Rights on mandalatoto
You have the right to request access to your personal data. You can download a copy of your account information—including identity records, transaction history, and support communications—through your mandalatoto account settings or by contacting our support team. We typically provide this within 14 days of request.
You have the right to request correction of inaccurate data. If your identity information contains errors (e.g., a misspelled name or incorrect date of birth), contact our support team with documentation, and we will correct it. You have the right to request deletion of your personal data, subject to legal constraints. We may retain data if required by law, if an investigation or outstanding balance claim exists, or if a withdrawal or fraud dispute is pending. Once these circumstances end, we will delete your data upon request.
To exercise any of these rights, contact our data-protection officer via the channels listed on our About us page. We will respond within 30 days of receiving your request. If you believe we have violated your privacy rights, you may lodge a complaint with the relevant data-protection authority in your jurisdiction.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to remember your login session, remember your language preference, track your activity for fraud detection, and analyze how you use mandalatoto. Essential cookies are necessary for platform functionality (e.g., session management); we do not require your consent to set these. Optional analytics cookies help us understand usage patterns and improve the platform; you may disable these through your browser settings without affecting core functionality.
We use first-party cookies only (set directly by mandalatoto); we do not permit third-party tracking pixels or advertising cookies. You can manage cookie preferences in your browser; disabling cookies may impact your ability to access mandalatoto features normally. We do not use cookies to collect sensitive data like passwords or payment card numbers; that information is encrypted separately.
If you use mandalatoto on a shared device (such as a family computer in Jakarta, Surabaya, or Bandung), remember to log out after each session to protect your account. We are not responsible for unauthorized access if you fail to log out on a shared device.
Data Breach Notification and Your Recourse
If we discover a data breach affecting your personal information—such as unauthorized access to encrypted identity records or payment data—we will notify you via email within the timeframe required by applicable law (typically 72 hours in regions with strict data-protection requirements). Our notification will describe what data was accessed, what steps we are taking to secure it, and what actions you should consider (such as changing your mandalatoto password or monitoring your bank account).
We encourage you to report suspected breaches or privacy concerns to our support team immediately. We maintain a security incident response team that investigates breaches, conducts forensic analysis, and implements remediation measures. We will cooperate with law enforcement and relevant authorities in breach investigations.
This privacy policy may be updated periodically to reflect changes in our data practices or applicable law. We will notify you of material changes via email and will post the updated policy here. Your continued use of mandalatoto after changes are published constitutes your acceptance of the updated privacy policy. We maintain an archive of previous versions of this policy available upon request. For questions about our privacy practices, contact our data-protection officer via the About us page or submit an inquiry through your account support section.
Legal and Jurisdiction Information
Expand legal framework
Service availability
We at mandalatoto offer our services—including sportsbook, live dealers, slots, esports, and all other products—only in jurisdictions where such services are permitted under applicable local law. We do not operate in, or facilitate access from, territories where online gaming, sports wagering, or casino-style games are prohibited by law. We structure our operations and data processing to comply with the laws of jurisdictions where we hold proper licensing and regulatory approval.
We do not maintain a definitive list of "approved" or "banned" jurisdictions; determining whether mandalatoto is legal in your location is your responsibility. However, we retain the right to restrict or block access to users if we detect they are accessing from a jurisdiction where such access would violate local law, or if a regulatory authority in any territory demands such restriction. We use geolocation monitoring, payment-flow analysis, and user declarations to enforce these boundaries.
If you are uncertain whether mandalatoto services are lawful in your jurisdiction, we recommend contacting our compliance team before proceeding with account creation or deposit. Our legal and compliance channels are outlined in the "Contact for legal inquiries" section below.
Account eligibility
Eligibility to use mandalatoto is determined by age and applicable local law. We do not enforce a single fixed age threshold globally (such as universal "") because age-of-majority standards vary by jurisdiction. During account registration and KYC verification, we confirm that your age meets the legal standard applicable in your location. Account eligibility applies equally to all mandalatoto offerings; there are no age-based restrictions on specific games (e.g., age limits for slots but not sportsbook).
Beyond age, eligibility also depends on residency status, legal capacity (e.g., no court-ordered gaming exclusions), and compliance with sanctions or financial-crime regulations. Our KYC process collects identity information that allows us to identify and flag ineligible users. If we determine that an account does not meet eligibility criteria, we reserve the right to suspend or close it immediately and handle any balance per applicable law and our terms.
By creating an account with mandalatoto, you represent and warrant that you are legally eligible to participate in gaming and wagering activities in your jurisdiction and that your use of mandalatoto does not violate any local statute, regulation, or court order. Any violation of this representation may result in account termination and fund forfeiture.
Local-law responsibility
Users are solely responsible for verifying that their access to mandalatoto and participation in our offerings comply with the laws of their own jurisdiction. We do not provide legal advice, and we do not represent that mandalatoto services are legal in any specific location. Before creating an account or depositing funds, you should review applicable gaming and wagering laws, or consult a qualified attorney in your jurisdiction if you are uncertain.
By using mandalatoto, you represent that you have verified compliance with local law and that you are using our platform in full accordance with applicable regulations. We rely on user self-declaration and verification; however, we also conduct ongoing monitoring. If we detect evidence—through geolocation analysis, transaction patterns, payment-method analysis, or third-party reporting—that you are accessing mandalatoto in violation of local law, we reserve the right to terminate your account and forfeit any balance.
The legal consequences of violating local gaming or wagering laws fall to you, not to us. We do not indemnify users for legal penalties or civil damages arising from their own jurisdictional violations. Use mandalatoto only where local law clearly permits such use.
Data and privacy scope
Our KYC verification process collects personal data including name, identity number (KTP), phone number, date of birth, and a selfie for facial recognition verification. This data is processed according to this privacy policy, which outlines retention periods, sharing with third parties (payment processors, fraud-prevention partners, law-enforcement agencies when legally required), and your rights under applicable data-protection law (such as Indonesia's Law No. 27 of 2022 on Personal Data Protection, GDPR for EU users, or equivalent regulations in other jurisdictions).
Gaming transaction data—sportsbook bets, live-dealer play, slot spins, esports wagers, deposits, withdrawals, timestamps—is collected for account management, fraud detection, regulatory compliance, and legal holds. This data may be retained for extended periods (typically 7+ years) to satisfy financial and gaming-regulation requirements in the jurisdictions where we operate. We do not sell your data to third parties for marketing purposes; it is used exclusively for operational, compliance, and legal purposes.
You have the right to request access to, correction of, or deletion of your personal data, subject to legal and operational constraints (we may retain data if required by law, if an investigation is pending, or if an outstanding balance or legal claim exists). Contact our data-protection officer using the channels listed below to exercise these rights. Data-subject requests are typically processed within 30 days of receipt.
Contact for legal inquiries
Users with legal, compliance, data-protection, or jurisdiction-related questions can contact our support team via live chat (available during standard business hours across Indonesian time zones), email, or the formal contact form on our About us page. We maintain a dedicated compliance inbox for formal legal and data-protection inquiries; responses are typically provided within two to three business days.
For urgent matters—such as suspected account compromise, sanctions concerns, law-enforcement requests, or data-subject access requests—contact our legal and compliance team directly using the email address provided in your account support section. We treat such inquiries with appropriate urgency while respecting applicable confidentiality and data-protection obligations.
Our full privacy policy, terms of use, and legal notices are available on the Privacy PolicyTerms and Conditionsand Legal Notice pages. You are responsible for reviewing these documents before using mandalatoto. If you have complaints or disputes regarding our privacy or compliance practices, you may lodge a formal complaint with our compliance officer; response timelines are outlined in our dispute-resolution procedures.