gdtotoPrivacy Policy

This page describes what we collect when you use gdtoto and how we keep that data protected. We at gdtoto collect personal information—your name, email, phone number, government ID, and payment details—to verify your identity, process deposits and withdrawals, and comply with anti-money-laundering regulations. We store this data on secure servers and do not sell it to third parties.

Our gdtoto platform processes payments through DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and bank virtual accounts. When you deposit, your banking and identity information flows through encrypted channels to third-party payment processors; we do not retain your full payment card or e-wallet credentials on our own servers.

We outline below what data we collect, who we share it with, how long we keep it, and your rights regarding your data. By using gdtoto, you consent to this privacy policy.

What Data We Collect on gdtoto

We at gdtoto collect information in several categories. Account data includes your full name, date of birth, email address, phone number, and a username you create. Identity verification data includes a government ID (national ID, passport, or driver's license), a proof of residence (utility bill or bank statement), and a selfie holding your ID. Payment data includes your banking details (account number, bank name) or e-wallet account identifiers (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet).

We also collect transaction data: every deposit, withdrawal, and gaming activity on gdtoto is logged with timestamps, amounts, payment methods, and game outcomes. We use this data to detect fraud, resolve disputes, and meet legal reporting obligations. When you contact our support team, we log your messages and our responses. If you use our platform via mobile app, we may collect your device type and operating system for troubleshooting purposes.

Data processing: We at gdtoto process all personal data under a legal basis of contract (to fulfil your account agreement) and legitimate interest (to operate our platform and comply with law).

How We Use Your Data on gdtoto

Our primary use of your data is account management and payment processing. When you deposit via mobile banking, local payment, or any supported method, we pass your identity and payment information to our payment processor; they verify the transaction and return a confirmation. We store the confirmation and credit your gdtoto balance.

We use your data for account security. We analyse login patterns, device fingerprints, and transaction velocity to detect account takeover attempts. If we spot suspicious activity, we may ask you to verify your identity via email or SMS before allowing a withdrawal. We use your data to comply with Know Your Customer (KYC) and anti-money-laundering (AML) regulations. We may share your identity information with financial regulators or law enforcement if legally required.

We analyse transaction data to improve our platform. We track which games are popular, which payment methods users prefer, and which features users engage with. This analysis is anonymised—we do not associate gameplay patterns with your name—but it helps us optimise our gaming portfolio and payment integrations.

Third Parties and Data Sharing on gdtoto

We at gdtoto share your data with third-party payment processors. Companies that operate online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, and your bank (mobile banking, local payment, online payment, e-wallet) receive your identity and banking information to authorise transactions. These companies are data controllers in their own right; we recommend reviewing their privacy policies as well.

We may share data with fraud-detection vendors and KYC service providers. These vendors verify your identity and check your details against sanctions lists and fraud databases. They process your data only on our instruction and are bound by data protection agreements.

We do not sell or rent your personal data to advertisers or data brokers. We do not use your gaming history for targeted advertising. We may disclose data if required by law, court order, or regulatory investigation. We may also share data in the event of a merger or acquisition of gdtoto, but we will notify you and provide opportunity to opt out where legally permissible.

Note: Our servers and payment processors may be located outside Indonesia. Your data may be processed in jurisdictions with different data protection laws than Indonesia.

Data Retention on Our gdtoto Platform

We at gdtoto retain your account and transaction data for as long as your account is active, plus five years after closure. We keep this data to comply with anti-money-laundering rules, resolve disputes, and enforce our terms. After five years, we anonymise or delete most personal data, though we may retain aggregated, de-identified statistics for analytical purposes.

Government ID copies and proof-of-residence documents are retained for five years. Payment information (bank account numbers, e-wallet IDs) is retained only as long as necessary to process refunds or resolve disputes; once a transaction is fully settled and the refund window has closed, we may delete stored payment details.

Cookies and Tracking on gdtoto

Our gdtoto website and mobile app use cookies and similar tracking technology to keep you logged in, remember your preferences, and analyse platform performance. Session cookies expire when you close your browser; persistent cookies may remain for months to track your account status and settings.

We use analytics cookies to measure which pages users visit, how long they stay, and which features they use. These cookies do not identify you by name; they assign you an anonymous user ID. We use this data to optimise our interface and identify technical issues.

We do not use behavioural advertising cookies on gdtoto. We do not track your activity across other websites or sell your browsing history to advertisers. Some third-party payment processors may use their own cookies; we recommend reviewing their cookie policies.

Your Rights Regarding Data on gdtoto

We at gdtoto recognise your rights over your data. You have the right to access: you can request a copy of all data we hold about you. You have the right to correction: if your name, email, or phone number is outdated, you can update it in your account settings or ask our support team to change it. You have the right to deletion: you can request we delete your account and associated data, subject to any legal retention obligations or pending disputes.

You have the right to data portability: upon request, we provide your account data in a machine-readable format. You have the right to withdraw consent: if you consented to receive marketing emails or promotional notifications, you can opt out at any time via the unsubscribe link in our emails or by contacting our support team.

To exercise any of these rights, contact our privacy team via the support link in your gdtoto account or email the address listed below. We respond within 30 days. If you believe we have violated your privacy rights, you can lodge a complaint with your local data protection authority.

Our Data Security Commitment on gdtoto

We at gdtoto use industry-standard encryption (TLS 1.2 or higher) to protect data in transit. All communication between your device and our servers is encrypted. We store personal data on servers with restricted access, firewalls, and intrusion detection. We do not store full payment card numbers; payment processors retain this data on their own secure servers.

We conduct regular security audits and penetration testing to identify vulnerabilities. We have a data breach response plan: if we discover unauthorised access to personal data, we notify affected users and relevant authorities within the timeframe required by law. Users across Jakarta, Surabaya, Bandung, Medan, Semarang, and Yogyakarta are covered by these protections equally.

Encryption

TLS 1.2+

Access

Role-based

Audits

Regular

Breach plan

30-day notify

Children's Privacy and gdtoto

We at gdtoto do not knowingly collect data from children under 18. Our platform is intended for adults. If we discover we have collected data from a minor, we delete it immediately. If you are aware that a child has created a gdtoto account, please contact our support team.

Changes to Our Privacy Policy on gdtoto

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We notify users of material changes via email to their registered gdtoto account address. Continued use of our platform after notification constitutes acceptance of the updated policy. We maintain a version history of all previous policies on this page.

Contact Us Regarding Privacy on gdtoto

If you have questions about our privacy practices, want to exercise your data rights, or wish to report a privacy concern, contact our privacy team. Use the support chat in your gdtoto account or email our support address listed in your account settings. We respond within 30 days. You can also contact our data protection officer if you believe we have not resolved your concern satisfactorily.

Payment Processing and Data Handling on gdtoto

DANA deposit and withdrawal

When you deposit via DANA on our gdtoto platform, your identity and banking information flow through an encrypted channel to DANA's payment processor. We send DANA your full name, ID number, account email, and the deposit amount. DANA verifies your identity against their own database and authorises the transaction. We do not store your DANA account credentials; DANA manages your login credentials securely on their servers.

Once DANA confirms the transaction, we receive a confirmation message containing your transaction ID, amount, timestamp, and status. We credit your gdtoto balance using this confirmation as proof of deposit. We retain this confirmation in our transaction log for five years to resolve future disputes and comply with AML record-keeping rules.

Withdrawal via DANA follows a similar flow. We send your name, ID, and withdrawal amount to DANA's processor. DANA initiates a transfer from your DANA wallet to your bank account or reverses the original deposit. We receive a confirmation and update your gdtoto balance. DANA's privacy policy governs how they handle your data once the transaction is complete; we recommend reviewing their policy as well.

OVO and GoPay usage

OVO and GoPay deposits on gdtoto follow the same encrypted pathway as DANA. When you select OVO or GoPay in our Cashier, we redirect you to the respective app or web interface. You authenticate using your PIN or biometric; this authentication happens directly between you and OVO or GoPay—we do not see your PIN or biometric data.

Once you authorise the payment, OVO or GoPay sends us a confirmation containing your transaction ID, amount, timestamp, and verification status. We do not receive or store your OVO or GoPay account credentials. We store only the transaction confirmation, which we use to credit your gdtoto balance and keep records for AML compliance.

OVO and GoPay each have their own privacy policies governing how they handle your personal data. We recommend reviewing their policies to understand how they use your information. On our gdtoto side, we retain transaction confirmations for five years and do not share OVO or GoPay data with third parties except as required by law.

BCA, Mandiri, BRI, BNI virtual account

When you use a BCA, Mandiri, BRI, or BNI virtual account on gdtoto, we generate a unique VA number linked to your account. We send your name and ID to the bank; the bank assigns a VA number for your exclusive use. You log into your own bank account (via their app or website) and transfer funds to our VA number. The bank processes the transfer and confirms receipt to us.

We receive confirmation from the bank containing the transfer amount, timestamp, sending account, and your VA code. We match this confirmation to your gdtoto account and credit your balance. We do not access your personal bank account or credentials; you perform the transfer directly through your bank's own secure interface.

The bank retains your identity and banking information as part of their own record-keeping for AML and tax purposes. We store only the transaction confirmation and VA code. When you request a withdrawal to your bank account, we send a reversal request to the bank with your name and VA code; the bank transfers funds back to your original account. We retain all confirmations for five years.

Fees, limits and verification

Our gdtoto platform does not charge deposit fees; the amount you enter is credited in full. Withdrawal fees vary by payment method and are disclosed before confirmation. We use your identity data to verify your account before permitting withdrawals. First-time withdrawals require Know Your Customer (KYC) verification: we request your government ID, proof of residence, and a selfie holding your ID.

We send this identity data to a third-party KYC vendor, who cross-references it against government registries and sanctions lists. The vendor returns a verification result (approved, rejected, or under review). We store the KYC result but do not retain copies of your ID or selfie longer than necessary to complete verification—typically a few days. After verification clears, we archive the KYC result for five years for record-keeping.

Deposit and withdrawal limits on gdtoto are tied to your account age and verification status. New, unverified accounts have lower limits. Once you complete KYC verification, limits increase. We use your transaction history to detect unusual patterns; if we see rapid deposits followed by rapid withdrawals (potential money laundering), we may restrict withdrawals and request additional documentation or a video call to confirm your identity.

Resolving a stalled transaction

If a deposit to your gdtoto account does not credit within the expected timeframe, our support team investigates. We check our payment processor logs to see if your e-wallet or bank submitted the transaction. We may contact your payment provider (DANA, OVO, GoPay, or your bank) using your transaction ID to verify the deposit was sent and cleared.

During this investigation, we handle your personal data (name, transaction ID, payment details) according to this privacy policy. We share your data only with the relevant payment provider as necessary to resolve the issue. We do not share your data with other third parties. Once we confirm the deposit was sent by your bank or e-wallet, we credit your gdtoto account manually, even if the provider's system has not yet reconciled.

For stalled withdrawals, we investigate whether the reversal was submitted to your payment provider. We may request additional documentation (ID, utility bill, bank statement) if our anti-fraud checks flagged the withdrawal. We explain why we requested additional docs and wait for you to provide them. During investigation, we handle your data confidentially and do not share it with unrelated parties. Once we clear the hold or complete the investigation, we either process the withdrawal or explain why we cannot release the funds.