xrtoto Privacy Policy

This page describes what we collect when you use xrtoto and how we keep that data protected. Our xrtoto platform processes personal information—your name, email, phone, payment details—to operate our service, process deposits and withdrawals, verify your identity, and comply with anti-money-laundering law. We do not sell your data to third parties, and we encrypt sensitive information at rest and in transit.

When you create an xrtoto account, we collect your name, date of birth, email, and phone number. When you deposit, we record the payment method, amount, and timestamp. When you withdraw, we request identity verification (government ID and proof of address) to prevent fraud and meet regulatory requirements. All of this data is stored on encrypted servers and accessed only by xrtoto staff who need it to serve your account.

Our xrtoto privacy policy reflects our commitment to protect your information while meeting legal obligations. Read this page so you understand what we collect, how we use it, and your rights regarding your data.

What Data We Collect on xrtoto

When you sign up for xrtoto, we collect the following information:

  • Identity information: Your full name, date of birth, email address, and phone number. We use this to verify your age () and create your account.
  • Payment information: When you deposit via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer (mobile banking, local payment, online payment, e-wallet), we record the payment method, amount, date, and transaction ID. We do not store full card numbers or bank account details—payment processors tokenize sensitive data.
  • Identity verification documents: On your first withdrawal, we request a government ID (passport, national ID) and proof of address (utility bill, bank statement). We upload and encrypt these documents. They are deleted after verification completes.
  • Account activity logs: We record every wager, every game result, every deposit and withdrawal. This creates an audit trail so you can verify your activity and we can investigate disputes.
  • Device and connection information: We log your IP address, device type, browser, and operating system. This helps us detect fraud and troubleshoot technical issues.
Data Retention: We keep your xrtoto account data as long as your account is active. After you close your account, we retain records for seven years to comply with anti-money-laundering law, then delete them.

How We Use Your Data on xrtoto

We at xrtoto use the data we collect for specific purposes:

  • Account management: We use your name, email, and phone to create your account, send password-reset links, and notify you of important account changes.
  • Payment processing: We share payment information (amount, method, timestamp) with our payment processors to settle deposits and withdrawals. We do not store full payment card data on our servers.
  • Identity verification (KYC): We verify your identity to comply with anti-money-laundering regulations and prevent fraud. This involves cross-referencing your documents against government databases.
  • Fraud detection: We use your IP address, device fingerprint, and activity patterns to detect suspicious behavior—account takeovers, collusion, money laundering. If we detect fraud, we flag your account and may request additional verification.
  • Customer support: Our xrtoto support team accesses your account history to help resolve disputes, answer questions, and investigate technical issues.
  • Legal compliance: We may be required by law to disclose your data to government agencies, law enforcement, or regulators investigating financial crime.

Third-Party Processors and Our xrtoto Data Partners

We at xrtoto do not sell your personal data to marketing companies or advertisers. However, we share data with specific third parties who help us operate:

  • Payment processors: mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment receive payment information necessary to process your deposit or withdrawal. Their privacy policies govern how they handle that data.
  • Identity verification providers: When you submit your government ID, we may share it with a third-party KYC service that cross-references government databases. We use reputable vendors with strong security standards.
  • Game providers: Live-dealer studios, slot game publishers, and sportsbook data providers receive your wager information (amount, game, outcome) necessary to settle your bets. They do not receive your payment or identity data.
  • Hosting and cloud providers: Our xrtoto servers may be hosted by third-party cloud providers (e.g., Amazon, Google Cloud) located outside Indonesia. Your data is encrypted so the provider cannot read it.
  • Law enforcement: If compelled by court order or legal process, we disclose data to government agencies or law enforcement investigating money laundering, fraud, or other crimes.

We at xrtoto keep your data protected through encryption, access controls, and strict vendor vetting. Your privacy is not negotiable.

xrtoto data protection principle

Your Rights Regarding Data on xrtoto

Under most jurisdictions' data-protection law, you have the right to access, correct, or delete your personal data. On xrtoto, you can:

  • View your data: Log into your xrtoto account and review your profile, transaction history, and verification documents.
  • Correct errors: If your name, email, or phone number is incorrect, contact our support team to update it.
  • Request deletion: After you close your xrtoto account, you can request permanent deletion of your profile data (except records required by law).
  • Export your data: Contact our xrtoto support team to request a copy of all data we hold about you in a standard format.

To exercise any of these rights, contact our support team via live chat or email. We respond within 14 days and process requests within 30 days (or as required by law). We may request additional verification to confirm you are the account holder.

Cookies and Tracking on xrtoto

Our xrtoto website and app use cookies and similar tracking technologies to improve your experience:

  • Session cookies: These keep you logged in while you use xrtoto. They expire when you close your browser.
  • Authentication cookies: These verify your identity and prevent unauthorized access to your account.
  • Analytics cookies: We use these to understand how players navigate xrtoto, which games are popular, and where technical issues occur. This data is anonymized and does not identify you personally.

You can control cookies in your browser settings. Disabling cookies may affect your xrtoto experience—for example, you may need to log in each time you visit. We do not use third-party advertising cookies or sell your browsing data.

Data Security and Encryption on xrtoto

We at xrtoto protect your data through industry-standard encryption and security practices:

  • Encryption in transit: All communication between your device and xrtoto servers is encrypted using TLS (HTTPS). This prevents third parties from intercepting your login, payment, or game data.
  • Encryption at rest: Your personal data, payment records, and documents are encrypted on our servers. Staff cannot access them without encryption keys held separately.
  • Password hashing: We never store your xrtoto password in plain text. We hash it using a one-way algorithm so even our staff cannot see your password.
  • Access controls: Only xrtoto staff who need your data to serve your account have access. We log all data access for audit purposes.
  • Regular security audits: We conduct penetration testing and vulnerability assessments to identify and fix security gaps.

Jurisdiction and Data Transfer

Our xrtoto servers may be located outside Indonesia. When your data is transferred internationally, we ensure it is encrypted and your rights are protected as if it were stored locally. We do not transfer data to jurisdictions with weaker privacy protections without explicit safeguards (e.g., data-processing agreements).

Contact Us About Privacy on xrtoto

If you have questions about our xrtoto privacy policy, how we use your data, or your privacy rights, contact our support team:

  • Live chat: Available 24/7 in your xrtoto account for urgent questions.
  • Email: Send detailed privacy inquiries to our support email. We respond within 24–48 hours.
  • In-app messaging: Use your xrtoto account dashboard to send a message to our privacy team.

If you believe xrtoto has violated your privacy rights or handled your data improperly, contact our support team immediately. We investigate all privacy complaints and take corrective action where warranted. You also have the right to lodge a complaint with your local data-protection authority if you are unsatisfied with our response.

Summary: Your Privacy on xrtoto

We at xrtoto collect personal information—name, email, phone, payment details, identity documents—to operate our platform, process transactions, verify your identity, and comply with law. We do not sell your data to advertisers or third parties. We share data only with payment processors, identity-verification services, game providers, and law enforcement (when legally required). Your data is encrypted at rest and in transit, access is controlled, and records are deleted after legal retention periods expire.

Players in Jakarta, Surabaya, Bandung, Medan, and Semarang have the same privacy protections on xrtoto. You have the right to access, correct, and delete your personal data. You can exercise these rights by contacting our support team. Our privacy policy may be amended at any time; we notify you of material changes at least 14 days in advance.

Your trust is essential to xrtoto's operations. We protect your data the way we would want our own data protected—with encryption, minimal collection, and clear usage policies. If you have questions or concerns about privacy on xrtoto, contact our customer support.