LEGAL REFERENCE

Your data privacy at cantiktoto

We've built cantiktoto around protecting what you share with us. Your account details, payment records and gaming activity stay encrypted and private. This policy explains exactly how we...

Data EncryptedPayment SecureNo Third-Party SellAccount PrivateQRIS Protected

Enter Game Lobby Read FAQ

Privacy policy scope and jurisdiction

cantiktoto operates for players in supported Indonesian regions where local law permits. This privacy policy governs how we collect and process personal data when you create an account, make deposits via DANA, OVO, GoPay or QRIS, play games, or contact our support team. We comply with Indonesian data protection standards and keep your information confidential. We do not sell or share your

personal details with third parties without explicit consent. If you have questions about how your data is handled, our support team is available 24/7 to help clarify our practices and your rights.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

HELP CHANNELS

How to reach us about privacy

WHY VISITORS TRUST US

Privacy standards we maintain

Encryption Standard

All account data, payment records and personal information move through 256-bit SSL encryption. Passwords are hashed and never stored in plain text on our servers.

No Cookie Tracking

We use session cookies to keep you logged in and improve page speed. We do not sell cookie data to advertisers or third-party analytics firms.

Regular Audits

Our platform undergoes quarterly security reviews to check for data leaks, unauthorized access and outdated encryption. Results guide our compliance roadmap.

Staff Training

Every cantiktoto team member handling customer data completes annual privacy training. We enforce strict confidentiality agreements and access controls.

Incident Response

If a data breach is suspected, our security team investigates within 24 hours and notifies affected users immediately with guidance on account protection steps.

Policy Updates

When we change our privacy practices, we notify you via email and in-app banner at least 30 days before the change takes effect. You can review the full update here.

How our privacy policy compares

Data Retention	We keep your account data as long as your account is active, plus 12 months after closure for regulatory compliance and dispute resolution.
Third-Party Sharing	We share account data only with licensed payment processors (DANA, OVO, GoPay, QRIS providers) and anti-fraud partners. No data is sold to marketers.
Withdrawal Rights	You can request a copy of all your personal data in machine-readable format within 14 days. Account deletion requests are processed within 30 days.
Cookies Policy	Essential cookies keep you logged in. Analytics cookies track lobby navigation to improve user experience. Marketing cookies are disabled by default; you control them.
Children's Data	cantiktoto is restricted to players 18 and older. If we discover a minor account, we close it immediately and delete all associated data without recovery option.
Cross-Border Transfers	Your data stays within Indonesia-based servers unless you explicitly move your account region. International transfers require your written consent and local law review.
GDPR Equivalence	Though GDPR does not apply in Indonesia, our policy meets GDPR principles: transparency, minimal collection, user rights and breach notification within 72 hours.

What shapes our privacy approach

Account Verification

We verify your identity once at signup using your email and phone. This one-time check lets us secure your account and prevent fraud without repeated requests.

Payment Isolation

Your DANA, OVO, GoPay and QRIS details are tokenized and never stored on our servers. Payment processors handle the sensitive data; we only store your transaction receipt.

Gaming History Privacy

Your game results, session logs and betting history are encrypted and viewable only to you and our compliance team if requested by law enforcement in supported regions.

Device Fingerprinting

We record your login location and device type to flag unusual activity. If your account is accessed from a new city or phone, we send you a security alert in seconds.

Two-Factor Option

You can enable optional two-factor authentication via SMS or email. This adds a second password step when you log in from an unrecognized device or browser.

Withdrawal Confirmation

Before any withdrawal to your DANA, OVO, GoPay or QRIS account processes, we send a confirmation code to your registered email. This prevents unauthorized payouts.

Privacy policy questions answered

We retain your account data for 12 months after closure for tax, fraud investigation and dispute resolution purposes. After 12 months, all personal information is deleted unless legal holds apply in your region.

Yes. Log into your account, go to Settings → Data Export and request a download. We compile your data in CSV format and email it within 14 days. You can also print your game history anytime from the Statements tab.

No. We share only your transaction amount and timestamp with DANA, OVO, GoPay and QRIS to process withdrawals and deposits. We never share your card number, bank account or full payment history with third parties.

Our security team investigates within 24 hours. If personal data is compromised, we notify all affected users via email with breach details, steps to secure your account and a direct line to our incident response team.

Yes. Every marketing email includes an unsubscribe link at the bottom. Click it and you'll be removed from our email list within 48 hours. In-app promotions can be disabled in your Preferences.

Passwords are hashed using bcrypt with a unique salt for each account. We never see your actual password. If you forget it, we send a secure reset link that expires in 30 minutes for safety.

We use session cookies to keep you logged in and performance cookies to load pages faster. Marketing cookies are off by default. You can manage all cookie preferences in Settings → Privacy without losing core functionality.