LEGAL REFERENCE

Your privacy is how we operate

We keep your account, payment details and personal data secure by design. Every transaction through DANA, OVO, GoPay or QRIS is encrypted. We don't sell your information —...

Data EncryptionPayment SecurityNo Third-Party SalesAccount PrivacyTransparent Practices
Tour the Lobby Read FAQ
eshatoto Your privacy is how we operate

Policy scope and jurisdiction

eshatoto operates for players in supported Indonesian regions where local law permits online gaming activity. This privacy policy explains how we collect, store and protect your personal data when you create an account, deposit funds via DANA, OVO, GoPay or QRIS, or access our live casino tables, slot lobbies and sportsbook markets. We comply with applicable data protection standards and keep your

information confidential. If your location falls outside supported regions, we cannot process your account or payments.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

HELP CHANNELS

Privacy questions — reach us directly

Team online

Email Support

Contact our privacy team at [email protected] for data requests, policy clarifications or account-related data concerns. We respond within 48 business hours.

Account Inbox

Log into your eshatoto account and use the secure message centre to send privacy-related inquiries. Messages are reviewed by our support team in order.

Live Chat

Our support agents can answer basic privacy questions during lobby hours. For detailed data requests, email is faster and creates a written record.

WHY VISITORS TRUST US

Why your data is safe with us

SSL Encryption

All data between your device and our servers travels through 256-bit SSL encryption. Payment details never appear in plain text...

PCI Compliance

We follow Payment Card Industry standards for handling card and wallet data. Regular audits confirm our payment data security posture.

Limited Data Storage

We store only the information needed to run your account and process withdrawals. Historical data is archived securely and deleted...

Payment Partner Vetting

DANA, OVO, GoPay and QRIS are selected for their own strong security records. We do not pass your payment data...

No Account Sharing

Your account is personal and non-transferable. We never share login credentials or session data with other users, staff or external...

Incident Response Plan

If a breach occurs, our team notifies affected account holders within 24 hours and works with payment providers to mitigate...

Consistency across our legal pages

Terms of ServiceOutlines account rules, betting limits and dispute resolution. References the same data practices outlined here.
Payment PolicyCovers deposit, withdrawal and refund procedures. Reinforces encryption and fraud-prevention steps protecting your transactions.
Cookie PolicyDetails how we use cookies for session management and analytics. Does not involve third-party tracking for advertising purposes.
Anti-Money LaunderingExplains identity verification steps required at account creation and withdrawal. Protects you and us from regulatory risk.
Responsible ConductDescribes account controls and Account closure tools. Data collected for these tools is kept separate from marketing records.
Third-Party LinksIf we link to external sites, we do not vouch for their privacy practices. Read their policies before submitting data there.
Policy UpdatesWe notify you by email and in-account message when privacy terms change. Updates take effect 14 days after notice.
PLATFORM SNAPSHOT

What defines our privacy approach

Account Security First Two-factor authentication, session timeouts and login alerts keep your account...
Transparent Logging Your account dashboard shows all login timestamps, withdrawal requests and...
No Behavioral Selling We do not sell data about your play history, game...
Payment Method Isolation DANA, OVO, GoPay and QRIS payment details are tokenized. We...
Right to Access Request a copy of all personal data we hold about...
Deletion Rights When you close your account, we purge non-essential personal data...

Privacy questions answered

We collect your name, email, phone number, date of birth and address to verify your identity and comply with local regulations. Payment information is tokenized through DANA, OVO, GoPay or QRIS — we do not store full credentials. We also log your login times and device fingerprint for security.

Personal data is deleted within 90 days of account closure, except for transaction records kept for seven years per tax law. If you request account data deletion earlier, we retain only the minimum needed for refunds and regulatory compliance.

Yes. Email [email protected] or use your account message centre to request a data export. We provide your information in a machine-readable format (CSV or JSON) within 14 calendar days. A small processing fee may apply if requests exceed one per year.

We share only what is necessary: payment processors (DANA, OVO, GoPay, QRIS) receive your transaction details; fraud-detection services verify your identity; tax authorities receive transaction records when required by law. We never sell your behavioral data to advertisers or brokers.

All payment data is encrypted end-to-end and tokenized for storage. We use PCI-compliant vaults and do not retain full account numbers. Payment providers apply their own fraud monitoring. Disputed transactions are reported to your payment partner within 24 hours.

We notify all affected account holders by email and in-app message within 24 hours of discovery. We work with payment partners to issue new tokens if wallet data was exposed. Free credit monitoring is offered where applicable. Our incident response team files a report with local authorities.

Yes. Adjust your browser privacy settings or use our account preferences to disable non-essential cookies. Essential session cookies cannot be disabled, as they keep you logged in. We do not use third-party tracking pixels for advertising retargeting on external websites.