vs Terms of Use
Terms cover what you agree to do on the platform; this policy covers what we do with the data that flow from those actions. Conflicts default to whichever is stricter for you.
LEGAL REFERENCE
How We Handle Your Account Data
This is the uus toto privacy policy — the plain-English version of what we collect when you open an account, why we keep it, and how long it...
Indonesia ScopeAccount DataWallet LogsCookie NotesLast Updated
Our Privacy Posture in Plain English
We collect the minimum data needed to run your uus toto account where local law permits: your registered name, contact details, device fingerprint, session logs and the wallet identifiers tied to DANA, OVO, GoPay or QRIS top-ups. We keep transaction records for the retention window Indonesia financial rules require, then we purge. Marketing consent is separate from account consent — you can
switch one off without losing the other. Third-party game studios receive only the session token they need to load a round on your screen, never your full identity. Data leaves our servers only when a supported regions regulator asks for it through a formal request, and we log every such disclosure internally.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
24/7 SUPPORT
Privacy Contact Paths
If something in this policy isn't clear, or you want to exercise a data right, reach our privacy desk through any of the routes below. We aim to respond inside two working days.
Team online
Privacy Mailbox
Email our data protection contact directly for access, correction or deletion requests tied to your uus toto account. Include your registered handle so we can match the record without asking for extra ID upfront.
In-App Chat
Open the chat bubble inside your account dashboard and type 'privacy' to route straight to the data team rather than general support. Useful when you want a written trail attached to your account file.
Postal Request
For formal data subject requests under Indonesia personal data rules, send a signed letter to our registered correspondence address. We confirm receipt by email and process within the statutory window.
EDITORIAL CLARITY
Why You Can Rely on This Policy
This document isn't a copy-paste template. It's reviewed by people who actually run the uus toto lobby and know what data each system touches.
Reviewed Quarterly
Our compliance team re-reads this policy every three months and on any major lobby change, so the wording you see here matches what our servers actually do today, not what they did last year.
Named Owner
A single data protection contact signs off every revision. That person is reachable through the privacy mailbox above and answers under their own name, not a generic ticket queue.
Plain Language
We deliberately avoid the wall-of-Latin style. If a clause affects how your DANA or OVO data flows, we say so in the same sentence, not buried three subsections down.
Change Log Kept
Every edit to this policy is timestamped internally. Ask us and we'll show you exactly which paragraph moved, when, and which regulation or product change prompted the rewrite.
Vendor Audited
Game studios and payment partners we connect to are checked for their own data handling before we plug them into your session. We drop integrations that fail that check.
Indonesia-Aware
The retention windows, lawful bases and disclosure routes here are written against Indonesia personal data rules first, then mapped to our other supported regions — not the other way round.
PLATFORM COMPARISON
Consistency With Our Other Policies
This privacy policy sits alongside our terms, cookie notice and payment terms. Here's how it lines up so you don't have to cross-reference four tabs.
vs Cookie Notice
Cookies are a subset of this policy. The cookie notice lists each tag by name; this document explains the lawful basis behind setting them in the first place.
vs Payment Terms
Payment terms describe DANA, OVO, GoPay and QRIS flows operationally. This policy explains what wallet metadata we store from those flows and for how long.
vs KYC Notice
KYC documents you upload are governed here under a stricter retention clause. The KYC notice itself describes which documents are requested and when re-verification triggers.
vs Marketing Consent
Marketing preferences are a separate opt-in captured at signup and editable any time. Withdrawing marketing consent does not affect the account-data processing described in this document.
vs Complaints Policy
If you feel this policy was breached, the complaints policy tells you the escalation order. Privacy complaints jump the queue and go straight to the named data contact.
vs Closure Policy
On account closure we apply the retention windows set out here, not an arbitrary date. Closure does not erase records we are legally required to keep for the statutory period.
PLATFORM SNAPSHOT
What This Policy Page Actually Covers
To make this document easier to skim, here are the six building blocks that structure every section above and below.
Scope Statement
Tells you which uus toto surfaces this policy applies to...
Data Categories
Lists the exact buckets of information we touch: identity, contact...
Retention Windows
Sets out how long each data bucket lives on our...
Your Rights Block
Spells out access, correction, deletion, portability and objection rights in...
Third-Party Map
Names the categories of partners — game studios, payment processors...
Update Mechanism
Explains how we notify you when this policy changes: a...
Privacy Questions We Hear Most
At signup we capture your name, date of birth, email, phone and a chosen credential. Device and IP details are logged automatically for security. Wallet identifiers attach only when you link DANA, OVO, GoPay or QRIS.
Transactional records stay on file for the retention period Indonesia financial rules require, typically several years. Marketing and preference data are purged shortly after closure. KYC documents follow the stricter window noted in our KYC notice.
Studios receive a scoped session token so a round can load on your screen. They do not see your name, contact details, wallet identifier or balance — only the anonymised reference our server attaches to that play session.
Email the privacy mailbox listed in the support section with your registered handle. We verify identity through the account itself, then deliver an access export or process a deletion within the statutory response window for Indonesia requests.
We store a tokenised reference plus the transaction metadata required for reconciliation and dispute handling. The raw wallet credential lives with the payment provider, not on our servers, and is requested fresh for each new top-up.
Yes. Material changes trigger a dashboard banner the next time you sign in and an email to the address on file. Minor wording edits are logged internally and visible through the change log on request.
For Indonesia visitors, complaints route first through our named data contact, then to the relevant Indonesia personal data authority if unresolved. Other supported regions follow their local supervisory authority, listed on request from the privacy mailbox.