garitoto Platform Privacy Notice

This page describes what information we collect when you use garitoto, how we use and protect that data, and what rights you have. We at garitoto collect personal information necessary to operate our sportsbook (Liga 1, Piala AFF, Champions League, Premier League), live-casino tables (blackjack, roulette, baccarat, Dragon Tiger), slot games (Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways), and esports markets (Mobile Legends, Free Fire, PUBG Mobile). We also process payment data for deposits and withdrawals via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet.

We take data security seriously. All personal information is encrypted, stored securely, and never shared with third parties except as required by law or to process your transactions. This policy applies to users in supported jurisdictions where garitoto operates; we do not provide services in jurisdictions where online wagering is prohibited.

By accessing garitoto, you accept our privacy practices outlined below. If you do not agree, you must cease using our platform. We may update this policy; continued use after updates constitutes acceptance of the new terms.

What Information We Collect on garitoto

We at garitoto collect several categories of information. First, identity data: your full name, date of birth, email address, phone number, and residential address. During account verification, we request government-issued ID (KTP, passport, or equivalent) and a recent utility bill or bank statement. Second, payment data: your bank account number or e-wallet identifier, transaction amounts, and payment history. Third, behavioural data: your wagers, game selections, betting patterns, login times, and account activity. Fourth, device data: your IP address, browser type, operating system, and device identifiers to detect fraud and unauthorized access.

We also collect data indirectly via cookies and analytics. When you visit garitoto, we set cookies to remember your preferences, maintain your session, and track your navigation across the platform. These cookies help us understand user behaviour and improve our service. You can disable cookies in your browser settings, though this may limit some platform features.

How We Use Your Data on garitoto

We use the information we collect for the following purposes. First, account management: we verify your identity, process your deposits and withdrawals, and calculate your tier status (Diamond Empire loyalty tiers). Second, compliance: we comply with anti-money-laundering (AML) and know-your-customer (KYC) regulations in all jurisdictions where garitoto operates. Third, security and fraud prevention: we monitor for unusual account activity, suspicious login patterns, and potential fraud. Fourth, customer support: we use your contact information to respond to inquiries, address disputes, and provide account assistance via chat, email, or phone.

Fifth, marketing and promotions: we may send you information about new offers, seasonal bonuses (tied to Idul Fitri, Idul Adha, Imlek, Nyepi), or tournament promotions (Liga 1, Piala Indonesia, Piala AFF). You can opt out of marketing emails at any time. Sixth, analytics and improvement: we analyse user behaviour to enhance our platform, optimize game performance, and identify trends. We do not use your data for any purpose beyond operating garitoto and complying with law.

Data retention: We retain your personal data for as long as your garitoto account is active, plus seven years after closure (required for financial compliance). After seven years, we delete your data unless legal obligations require longer retention.

Third-Party Processors and Data Sharing

We at garitoto do not sell or share your personal data with marketing third parties. However, we do share data with service providers necessary to operate our platform. Our payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet partners) receive your payment information to process deposits and withdrawals. These processors are bound by confidentiality agreements and only use your data to complete transactions.

Our hosting and storage providers may be located outside your jurisdiction. Your data may be transferred to servers in Singapore, Australia, or other regions for redundancy and security. We ensure all transfers are encrypted and comply with international data protection standards. Our analytics partner (to track platform performance) receives anonymized, aggregate data only — not personal identifiers. We may disclose your data if required by law (court order, regulatory investigation, or government request).

Your Rights and Data Access on garitoto

You have the right to access, correct, or delete your personal data. To exercise these rights, contact our support team via in-app chat or email with your request. We will respond within 14 days. You may request a copy of all data we hold about you in a portable, machine-readable format — we provide this within 30 days. You also have the right to opt out of marketing communications by clicking the unsubscribe link in any promotional email or updating your preferences in your garitoto account settings.

If you request account closure on garitoto, we delete all active account data and marketing preferences immediately. However, we retain your transaction history, identity documents, and financial records for seven years as required by Indonesian financial regulations and anti-money-laundering law. After seven years, we permanently delete these records. You cannot request deletion of transaction data during this retention period if doing so would violate legal obligations.

Security and Protection of Your Data

We at garitoto employ industry-standard encryption (SSL/TLS) for all data in transit. Your passwords are hashed and salted, never stored in plain text. Your account is protected by multi-factor authentication (optional, but available to all members). Our servers are housed in secure data centres with physical access controls, backup power, and fire suppression. We conduct regular security audits and penetration testing to identify vulnerabilities.

Despite our security measures, no system is completely risk-free. If we detect a data breach affecting garitoto accounts, we notify affected users within 72 hours and provide guidance on protective steps. We maintain cyber-insurance to cover potential losses from security incidents. Users are responsible for keeping their login credentials confidential; we do not hold liability for unauthorized access resulting from user negligence (e.g., sharing passwords, using public WiFi without a VPN).

Cookies and Tracking on garitoto

We use cookies to enhance your garitoto experience. Session cookies keep you logged in and maintain your preferences during a single browsing session. Persistent cookies remember your settings across multiple visits. Analytics cookies track which features you use, how long you spend on different pages, and which games you prefer — this helps us optimize the platform. Marketing cookies (set by our analytics partner) track which promotional channels brought you to garitoto so we can understand which campaigns are effective.

You can manage cookies in your browser settings. Most browsers allow you to block cookies entirely or only accept first-party cookies (set by garitoto, not by third parties). Disabling cookies may impair functionality: you may need to re-enter your login details, your preferences may not be saved, and personalized features may not work. We do not use cookies for decisions that significantly affect you (e.g., account suspension, bonus denial) — those are based on explicit account activity, not tracked behaviour.

Key privacy practices on garitoto

  • We collect identity, payment, behavioural, and device data to operate garitoto and comply with law.
  • We never sell personal data to third parties; we only share data with payment processors and service providers.
  • All data is encrypted and stored securely in redundant, audited data centres.
  • You have the right to access, correct, or delete your data by contacting our support team.
  • We retain transaction and identity data for seven years after account closure (legal requirement).
  • We use cookies for session management, analytics, and platform improvement; you can disable them in your browser.
  • If a data breach occurs, we notify affected users within 72 hours.

Contact Us and Policy Updates

If you have questions about our privacy practices on garitoto, contact our data protection officer via in-app chat, email, or phone (Platinum and Diamond members). We respond within 14 days. If you believe we have violated your privacy rights, you may also file a complaint with the data protection authority in your jurisdiction.

We at garitoto may update this privacy policy to reflect changes in our practices, legal requirements, or user feedback. We notify users of material changes via email and in-app notification at least 30 days before the new policy takes effect. Continued use of garitoto after the policy update date constitutes acceptance of the revised terms. You can review the date this policy was last updated at the bottom of this page. If you have concerns about any update, contact our support team before the effective date to discuss alternatives.

garitoto data protection team
Privacy officer & compliance

This privacy notice reflects our commitment to protecting your data while operating a transparent, compliant platform. We take user privacy seriously and continuously review our practices to ensure they meet international standards. If you have feedback on our privacy practices, we welcome your input.