gemilangtotoPrivacy Policy
This page describes what we collect when you use gemilangtoto and how we keep that data protected. Indonesia's digital economy has grown rapidly, with e-wallet adoption (DANA, e-wallet, mobile banking, local payment, online payment) now standard for online transactions. When you open an account on gemilangtoto and deposit via these methods, we collect information necessary to authenticate your identity, process your transactions, and comply with applicable regulations.
We at gemilangtoto treat your personal data with care. We do not sell user information to third parties, we do not use betting history for unsolicited marketing, and we encrypt all sensitive data. This policy explains which data we collect, how we use it, who may access it, how long we retain it, and what rights you have.
By using gemilangtoto, you acknowledge that you have read and accepted this privacy policy. If you have questions about how we handle your data, contact our support team via the help portal in your account.
Data collection and usage on gemilangtoto
We at gemilangtoto collect information in two categories: information you provide directly, and information we collect automatically.
Information you provide to us
When you register on gemilangtoto, you provide: email address, phone number, full name, and a password. We use this information to create and authenticate your account. When you deposit funds, you authorize a payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or a bank virtual account for mobile banking, local payment, online payment, e-wallet). We receive transaction confirmation data from your payment provider — transaction ID, amount, timestamp, and status — but we do not directly receive your e-wallet password or banking credentials.
For identity verification (required before withdrawal or in certain regulatory circumstances), you may upload a national ID photo, a government-issued photo ID (passport or driving license), and proof of address (utility bill, bank statement, or official letter). We store these documents securely in encrypted format and use them only for verification purposes. Once verification is complete, we typically retain these images for 12 months as audit evidence, then delete them.
We also collect information when you interact with our support team — emails, chat transcripts, and any documents you attach in support tickets. We retain support records for 24 months to handle disputes and complaints.
Information we collect automatically
When you use gemilangtoto, our systems automatically record: your IP address, device type (mobile, desktop, tablet), browser type, pages you visit, selections you place, games you play, your account balance history, login timestamps, and failed login attempts. We use this data to detect fraud, prevent account takeover, understand how users interact with our platform, and generate aggregated analytics (never linked to individual identities).
We use browser cookies to maintain your login session and to remember your language preference. We do not use third-party tracking cookies or social-media pixels. Our cookies persist for 30 days; you can delete them through your browser settings. Deleting cookies will log you out of gemilangtoto.
Data protection and third-party processors on gemilangtoto
We store all data on secure servers located outside Indonesia. These servers are protected by industry-standard encryption (TLS 1.3 for data in transit, AES-256 for data at rest). Our data centers maintain physical security with restricted access, surveillance, and redundant power systems. We perform security audits annually and penetration tests quarterly.
Third-party service providers
We at gemilangtoto use third-party processors for specific functions. These include: payment processors who handle e-wallet and bank-account transactions; hosting providers who operate our servers; email providers who send transactional messages (password resets, settlement notifications); and identity-verification services who help validate uploaded documents. All processors are bound by data protection contracts and are required to maintain equivalent security standards. We do not allow processors to use your data for purposes other than the service we've contracted.
Our payment processors in Jakarta, Surabaya, Bandung, and other regions may store transaction logs in their own systems per their terms of service. We do not control this secondary storage, but we have contractual assurances that such data is encrypted and accessible only to authorized personnel.
Data retention and deletion
We retain your account data (email, phone, name, account history) for as long as your account is active plus 5 years after closure (for regulatory and dispute-resolution purposes). If you close your account, we stop processing your data for new transactions, but we retain transaction records indefinitely per financial regulatory requirements. You cannot request deletion of transaction records, but you can request anonymization of your identity information (we replace your name with a generic identifier while preserving transaction history).
Identity documents (photo ID, address proof) are deleted 12 months after verification completion. If verification fails, we typically delete documents immediately unless required to retain them for compliance review. Payment records are retained per your bank or e-wallet provider's requirements — we do not delete them unilaterally.
Key data handling practices
- We encrypt all sensitive data in transit and at rest
- We do not sell personal information to third parties
- We retain account data for 5 years after account closure for regulatory purposes
- Identity documents are deleted 12 months after successful verification
- We use cookies only for login sessions and language preferences, not for tracking
Your rights and access requests
Under applicable privacy regulations, you have the right to request a copy of all personal data we hold about you. Submit a data-access request through our support portal; we will respond within 30 days with a downloadable file containing all your information (email, phone, name, account history, transaction records). You also have the right to request correction of inaccurate data — contact support if any of your account details are incorrect and we will update them.
You have the right to request deletion of your account and associated data, subject to regulatory retention requirements (transaction records cannot be deleted). When you request account closure, we suspend your account immediately, block all deposits and withdrawals pending verification, and then close it permanently. Remaining balance is returned to your original deposit method within 30 days. Account-related data (email, identity documents, support tickets) is deleted or anonymized within 90 days, except transaction records which are retained per regulatory mandate.
If you believe we have misused your data, you have the right to lodge a complaint with your local data-protection authority. We do not retaliate against users who exercise their legal rights.
International data transfers and jurisdiction
Our servers sit outside Indonesia, which means your data may be transferred to and stored in a jurisdiction different from your location. By using gemilangtoto, you consent to such transfers. We comply with applicable data-protection laws in all jurisdictions where we operate, but legal protections vary by country. We undertake to maintain equivalent encryption and access controls regardless of physical server location.
During holidays (Idul Fitri, Idul Adha, Imlek), our support team may experience reduced staffing, which can extend response times for data-access requests. We endeavour to respond within 30 days but may require up to 45 days during peak holiday periods.
Policy updates and contact
We may update this privacy policy periodically to reflect changes in our practices or applicable law. We will post the updated version on this page and will notify you via email if changes are substantial. Continued use of gemilangtoto after updates constitutes your acceptance. The version date appears at the top of this document; if you are viewing an older cached version, refresh your browser to see the current policy.
If you have questions about our privacy practices, contact our support team at the help portal integrated in your gemilangtoto account. We respond to privacy inquiries within 24 hours during business hours. This policy is published in English; any translations are for convenience and the English version is authoritative. We at gemilangtoto remain committed to transparent data practices and your right to privacy.