japritotoPrivacy Policy

This page describes what we collect when you use japritoto and how we keep that data protected. We at japritoto take data privacy seriously — your account information, identity documents, transaction history, and payment details are encrypted and stored securely on our servers.

We collect data only for the purposes of account verification, payment processing, regulatory compliance, and fraud prevention. We do not sell your data to marketers or advertisers. We do not track your location. We do not profile you for third-party use. This privacy policy explains our practices in detail.

Our services are available only where local law permits. Some jurisdictions have strict data-residency rules or require us to retain certain records. We comply with local regulations in every jurisdiction where we operate. If you have questions about how we handle your data, contact our support team through the in-app chat or email.

Data we collect on japritoto

When you register on japritoto, we collect your email address, phone number, password (encrypted), and date of birth. Before your first deposit, we require identity verification — a government-issued ID photo and a selfie holding that ID. We scan these documents using automated systems and delete the original photos after verification completes. We retain only a hash of your identity data for regulatory compliance.

We collect transaction data — every deposit, withdrawal, bet, and game result — and store it in your account history. We collect payment information linked to your deposits: e-wallet account details (DANA, e-wallet, mobile banking, local payment, online payment) or bank account numbers (e-wallet, mobile banking, local payment, online payment). We never store your e-wallet password or bank PIN — those stay between your phone and your payment provider.

We collect device information — your operating system, browser type, IP address — to identify unusual access patterns and prevent fraud. We collect push-notification preferences and game-category selections. We do not collect audio, video, or camera data unless you explicitly choose to enable video chat with our support team.

Cookies and local storage: We use browser cookies to keep you logged in on japritoto. We use local storage to cache your game preferences and recent transaction history on your phone. You can clear these at any time through your browser or app settings.

How we use your data on japritoto

We use your email and phone number to send account notifications — deposit confirmations, withdrawal status updates, login alerts, and password-reset links. We use your identity data only for KYC verification and regulatory compliance. We use your transaction history to calculate your account balance and generate statements. We use your payment details to process deposits and withdrawals through our payment partners.

We use your device IP and access patterns to detect fraud and unauthorized account access. If we detect suspicious activity — multiple failed login attempts, unusual withdrawal amounts, or access from a new device — we may temporarily lock your account and ask you to confirm your identity via email or 2FA. This protects your account from takeover.

We do not use your data for marketing emails or promotional offers unless you explicitly opt in. We do not share your data with third-party advertisers. We do not build behavioral profiles of you for targeting. We use your data only for japritoto operations and legal compliance.

Third-party processors and data sharing

We use payment processors to handle e-wallet, mobile banking, local payment, online payment, and e-wallet deposits. We use bank processors to handle mobile banking, local payment, online payment, and e-wallet virtual-account transfers. These processors see your e-wallet or bank account details but do not see your japritoto password or identity documents. Payment processing is governed by PCI DSS (Payment Card Industry Data Security Standard), which requires encryption and secure handling.

We use cloud providers to host our servers. Our data centre may sit outside Indonesia — we may use servers in Singapore or Malaysia for redundancy. These cloud providers are bound by strict data-protection contracts and cannot access your data without authorization. Our contracts require encryption of data in transit and at rest.

We may share transaction data with financial regulators or law-enforcement agencies if required by court order or legal obligation. We do not share data voluntarily. If we receive a legal request for your data, we inform you unless the request explicitly prohibits notification.

We encrypt your data using TLS 1.3 in transit and AES-256 at rest. Even our support team cannot see your password or full bank account number.

japritoto data security team

Your rights on japritoto

You have the right to access your data. Go to your account settings on japritoto and download your transaction history, verification status, and preference settings. If you want a complete copy of all data we hold about you, contact our support team and we provide it within 14 business days.

You have the right to correct your data. If your registered email or phone number is wrong, update it in your account settings immediately. If your identity information is incorrect, contact support and we can re-verify you with updated documents.

You have the right to delete your account. Go to account settings and request account closure. We delete your password and email from our active systems. We retain transaction records for 5 years for regulatory compliance, but we disassociate them from your identity — we delete your name, ID number, and contact details. You cannot re-register with the same email after closure.

You have the right to object to processing. If you believe we are using your data unlawfully, contact us through support and we review the concern. You have the right to lodge a complaint with your local data-protection authority.

Data retention and deletion on japritoto

We retain your transaction history for at least 5 years to comply with financial-reporting regulations. We retain your KYC verification records (hashed identity data) for the lifetime of your account, plus 5 years after closure. We delete your password immediately if you change it. We delete push-notification logs after 30 days. We delete device-access logs after 90 days unless a fraud investigation is underway.

If you close your account on japritoto, we immediately delete your email, phone, password, and preferences from active systems. Your transaction data is archived and disassociated from your name and ID. After 5 years, we purge archived transaction records from our systems entirely.

If a payment dispute arises, we may retain associated transaction details longer than 5 years to resolve the dispute with your bank or e-wallet provider. We notify you if we retain your data beyond the normal deletion window.

1

Account registration dataLifetime + 5 years

Email, phone, date of birth, hashed password, KYC verification records.
2

Transaction history5 years minimum

Deposits, withdrawals, bets, game results — required for financial reporting.
3

Login and access logs90 days

IP address, device type, login timestamps — deleted automatically after 90 days.
4

Push-notification logs30 days

Notification history and delivery status — purged every 30 days.

Security practices on japritoto

We encrypt all data in transit using TLS 1.3. We encrypt all data at rest using AES-256. We hash all passwords using bcrypt with a random salt — passwords are irreversible. We do not store plain-text passwords anywhere on our systems.

We implement multi-layer access controls. Our support team cannot see your password. Our data team cannot see your payment details. Our engineering team can access encrypted data only if a security incident requires investigation. All access is logged and audited.

We conduct regular security assessments. We scan our infrastructure for vulnerabilities. We test our APIs for injection attacks and data leaks. We maintain incident-response procedures for breach scenarios. If a security incident occurs, we notify affected users within 48 hours and guide them through protective actions (password reset, account monitoring, fraud alerts).

Changes to this privacy policy

We may update this privacy policy from time to time to reflect new practices or legal requirements. If we make material changes — such as sharing data with new third parties or extending data-retention periods — we notify you by email at least 30 days before the change takes effect. You can review the updated policy on japritoto before the change becomes binding. If you disagree with the updated policy, you can close your account.

We maintain a version history of this policy. You can view previous versions by contacting our support team. The current version is always live on japritoto.app/privacy-policy.

Contact us about privacy on japritoto

If you have questions about our privacy practices or want to exercise your rights, contact our support team. Reach out through the in-app chat on japritoto, or email our data team directly. We respond to privacy requests within 14 business days.

If you are located in Jakarta, Surabaya, Bandung, or Medan and want to discuss your account data or privacy concerns, our support team is available in English. We also accept formal data-subject requests by email — include your account email and a brief description of your request.

If you believe we have violated your privacy or mishandled your data, you can lodge a complaint with your local data-protection authority. We cooperate with regulatory investigations and provide requested information to authorities.

Related policies

Legal