mastoto Privacy Policy
This page describes what we collect when you use mastoto and how we keep that data protected. We take your privacy seriously; when you create an account, deposit funds, or place bets on our platform, you trust us with personal and financial information. Our privacy practices are built to comply with Indonesian data protection standards and international best practices.
We do not sell your data to third parties. We do not use your betting history to profile you for marketing purposes outside mastoto. Instead, we collect only what is necessary to verify your identity, process your deposits and withdrawals, and keep your account secure. This policy explains exactly what we collect, who we share it with, and how long we keep it.
What Data We Collect on mastoto
When you register on mastoto, we collect your full legal name, date of birth, phone number, and email address. We ask for these details to create your account and verify your identity. During KYC verification, we request a scan of your Indonesian ID (KTP, SIM, or passport) and a selfie. We do not store your ID number in plain text; instead, we hash it and compare it against our compliance partner's database to confirm you are who you say you are.
Transaction and Activity Data
We record every deposit, withdrawal, and bet you place on mastoto. This includes the payment method used (DANA, e-wallet, mobile banking, local payment, etc.), the amount, the timestamp, and the outcome. We keep this data for 7 years to comply with Indonesian anti-money-laundering regulations. We also log your login times, the device and browser you use, and your IP address. This helps us detect unauthorized access and fraud.
Device and Browser Information
Our mastoto servers automatically record your device type (smartphone, tablet, desktop), operating system, browser version, and approximate location (country and city level, not street address). This data helps us optimize our platform for different devices and identify suspicious logins from unusual locations. For example, if you normally log in from Jakarta and suddenly log in from Medan, we flag this as potentially unusual and may ask for additional verification.
Cookies on mastoto
We use session cookies to keep you logged in and functional cookies to remember your preferences (language, bet slip layout). We do not use tracking cookies for advertising. You can disable cookies in your browser; mastoto will still work, but you will need to log in each time.
How We Use Your Data
We use the data we collect for four purposes: account verification, transaction processing, fraud prevention, and customer support. We verify your identity to comply with know-your-customer (KYC) regulations and to prevent underage gambling. We process your transactions to move funds between your bank or e-wallet and your mastoto balance. We monitor unusual activity patterns — for example, rapid deposit-and-withdrawal cycles or large bets from a new account — to detect money laundering and fraud. We use your contact information to respond to your support requests and notify you of account changes.
We do not use your betting data to discriminate against winning players. We do not adjust odds or game outcomes based on your profile. We do not share your transaction history with advertisers or data brokers. We do not sell your email address or phone number to third parties.
Third-Party Data Processors
We work with external partners who help us deliver mastoto services. Our payment processor handles online payment, e-wallet, mobile banking, local payment, and bank-transfer settlements; they see only the amount, date, and payment method — not your bet history. Our ID verification partner (a compliance firm) receives your KTP scan and selfie; they compare these against government records and return a yes/no result to us. Our hosting provider (a cloud server company) stores our servers' data; they operate data centres in Singapore and are bound by data protection agreements. We do not permit any of these partners to use your data for their own purposes.
Your Rights and Data Retention
You can request a copy of the data we hold about you at any time. Contact our support team at [email protected] with "Data Request" in the subject line. We will provide a file containing your account details, transaction history, and device logs within 14 days. You can also request that we delete your account and all associated data; we will do so within 30 days, except for transaction records which we must retain for 7 years under Indonesian law.
We keep your account data (name, email, phone) for as long as your account is active. If you close your account, we delete this data after 1 year unless we are legally required to retain it. We keep transaction logs for 7 years. We keep device and login logs for 90 days. If we detect fraudulent activity on your account, we may retain relevant data for longer to investigate and prevent future fraud.
Our security practices are reviewed annually by an external auditor. We use TLS 1.3 encryption for all data in transit and AES-256 encryption for data at rest. We do not store passwords in plain text; instead, we use PBKDF2 hashing with a unique salt per account.
Data Protection and International Transfers
Our mastoto servers are located in Singapore, which is outside Indonesia but has strict data protection laws. When your data leaves Indonesia and is stored on our Singapore servers, it remains encrypted and is subject to our data protection agreement with our hosting provider. We do not move data to countries with weaker privacy standards. If local law requires us to hand over user data to Indonesian authorities, we will comply but will notify you unless legally prohibited from doing so.
Changes to This Privacy Policy
We may update this privacy policy if our practices change or if new laws require us to. We will notify you by email if we make material changes — for example, if we start sharing data with a new partner or if we change how long we retain transaction records. You can always view the current version of our policy on mastoto. If you disagree with the updated policy, you can close your account and request deletion of your data.
How to Contact Us
If you have questions about how we use your data or if you believe we have mishandled your information, contact our privacy team. We respond to all privacy inquiries within 48 hours during business days. You can also reach out to our general support team, and they will escalate your request to the appropriate department.
- Email: [email protected]
- In-app Support: Available 24/7 on mastoto
- Phone: +62-21-xxxx-xxxx (business hours)
- Mailing Address: mastoto Compliance, Jakarta, Indonesia
We at mastoto believe transparency builds trust. This policy is not hidden behind complex legal language; it describes our actual practices. If any clause is unclear, ask our support team to explain it in simpler terms. Your data is yours, and you have the right to know exactly how we use it.