aatoto Platform Privacy Notice

This page describes what we collect when you use aatoto and how we keep that data protected. We gather account information—your name, email, phone, government ID, and address—during registration and KYC verification. We also collect transactional data: deposits, withdrawals, wagers, game activity, and IP addresses. All of this information is processed with encryption and stored on secure servers.

Our privacy approach centres on transparency. We explain exactly what data we collect, why we collect it, how long we retain it, and who has access to it. We do not sell your personal information to third parties. We share data only with payment processors, compliance partners, and customer-support vendors who are contractually bound to protect it. Your data remains your property, and you retain rights to access, correct, or request deletion under applicable law.

This notice applies to all aatoto users in supported jurisdictions. If you have questions about your privacy on aatoto, our support team is available to provide clarity or assistance with data requests.

What Data We Collect on aatoto

We collect personal information in several stages. During registration, we collect your email address, phone number, and a chosen password. At this point, your account is created but withdrawal functionality remains locked.

During KYC verification, we request your full name, date of birth, government-issued ID number (passport, driver's license, or national ID), and proof of address. We accept scanned documents—photos or PDF copies of official documents are typical. This information is required by law in most jurisdictions to prevent fraud and money laundering. We store these documents securely and do not share them with third parties except where legally required.

During gameplay and account activity, we collect transactional data: every deposit amount and method, every wager you place, game round outcomes, withdrawal requests, and cashback credits. We also log your IP address, device type, and browser information for security and fraud detection. Your full account activity—every login, every bet, every deposit—is recorded in your transaction history.

We do not collect unnecessary data

aatoto collects only data required for account verification, payment processing, and regulatory compliance. We do not request your mother's maiden name, social security number, or other information unrelated to gaming services. If we request data during support, it is always tied to a specific account issue or verification need.

How We Use Your Data on aatoto

We use your email and phone to verify account ownership, send transaction confirmations, and communicate about your account status. When you request a password reset, we send a verification link to your email—this proves only you can reset your password. When you withdraw funds, we send a confirmation notification to your registered phone and email.

We use your KYC data (ID, address, name) to satisfy regulatory requirements and prevent fraud. Our compliance team reviews your documents to verify your identity matches your account details. This process is required by law in all jurisdictions where aatoto operates, including Indonesia. Once verified, your KYC status is stored but your documents are archived securely.

We use your transactional data to calculate cashback, process withdrawals, detect fraud, and comply with anti-money-laundering regulations. For example, we monitor for unusual patterns—sudden large withdrawals, velocity spikes, geographic mismatches—that might indicate a compromised account or fraudulent activity. If we detect unusual activity, we place a temporary hold on the withdrawal and request verification. This protects you and your funds.

We use your IP address and device information for security. If your account is accessed from an unusual location or device, we may flag it and ask you to verify login. This is not a penalty—it's protective. We also use this data to prevent account sharing and multi-accounting (creating multiple accounts under the same identity), which violates our terms.

Third-Party Processors and Data Sharing

We share your data with essential third parties only. Payment processors—the companies managing DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet integrations—receive your account information and payment details required to process deposits and withdrawals. These processors are contractually bound to protect your data and comply with banking regulations.

We share data with compliance and AML (anti-money-laundering) vendors to satisfy regulatory requirements in jurisdictions where we operate. These vendors verify KYC information and flag accounts that may require additional scrutiny. They are subject to strict data protection agreements.

We share data with customer-support vendors who assist with account inquiries, dispute resolution, and technical issues. These vendors access only the information necessary to resolve your specific issue and are bound by confidentiality.

We do not share data with marketing companies, data brokers, or advertisers. We do not sell your personal information. We do not combine your aatoto data with other databases to create behavioral profiles. Your data stays within the aatoto ecosystem and reaches third parties only when operationally or legally necessary.

Data location: Our aatoto servers may sit outside your jurisdiction, typically in Singapore or the Asia-Pacific region. Data is encrypted in transit and at rest, regardless of server location.
Retention period: We retain account data for the life of your aatoto account plus 7 years to satisfy regulatory record-keeping requirements. After 7 years, data is securely deleted unless law requires longer retention.
Access controls: Only aatoto staff with legitimate business reasons can access your personal data. All access is logged. Vendors and processors are bound by data protection agreements and audit requirements.
Encryption: All data transmitted to and from aatoto servers uses TLS encryption (256-bit standard). Bank account numbers, e-wallet IDs, and passwords are stored in encrypted form; we never store passwords in plaintext.

Your Rights Under Our aatoto Privacy Policy

You have the right to access your personal data. Log into your aatoto account and view your profile, transaction history, and KYC documents. You can also request a full data export from our support team—we will provide a machine-readable copy of all personal information we hold about you within 14 days.

You have the right to correct inaccurate data. If your name, email, or phone number changes, update it in your account settings. If you notice an error in your KYC documents or transaction history, contact our support team immediately. We will correct verified errors within 5 business days.

You have the right to request deletion of your account. Submit a deletion request via support, and we will close your account and anonymize your personal data (removing identifying information while retaining transaction records for regulatory compliance). Deletion typically completes within 30 days. Note: we cannot delete data required by law (KYC records, transaction logs for AML purposes) for 7 years after account closure.

You have the right to object to certain processing. If we contact you for marketing purposes (rare), you can opt out. You can also disable non-essential cookies via your browser settings. However, you cannot object to processing required for account operation or regulatory compliance—these are legal obligations.

Cookies and Tracking on aatoto

We use cookies to maintain your login session, remember your preferences, and analyse how you navigate aatoto. Session cookies are essential—without them, you would log out after every page load. These cookies expire when you close your browser.

We use analytics cookies to understand user behaviour—which games are popular, where players encounter issues, how long sessions typically last. This helps us improve the platform. These cookies are anonymized and do not identify you personally. You can disable them via your browser privacy settings without affecting aatoto functionality.

We do not use cookies for targeted advertising. We do not partner with ad networks to track you across other websites. aatoto operates independently; your data is not shared with external advertisers.

How We Secure Your Data on aatoto

We implement multiple layers of security. All data in transit uses TLS encryption (the same standard used by banks). All data at rest is encrypted using AES-256. Password hashing uses bcrypt with salt, preventing password recovery even if our database is compromised.

We conduct regular security audits and penetration testing. Our systems are scanned for vulnerabilities monthly. We maintain a security incident response plan—if a breach occurs, we notify affected users within 72 hours as required by law.

We restrict staff access to personal data. Employees access your information only when necessary to perform their job. All access is logged and audited. We provide security training to all staff handling user data.

We recommend you enable two-factor authentication (2FA) on your aatoto account. With 2FA enabled, even if your password is compromised, an attacker cannot access your account without your phone. You can enable 2FA in your account security settings.

Legal Compliance and aatoto Policy

We comply with applicable privacy and data protection laws in all jurisdictions where aatoto operates. Our data handling practices align with regulatory requirements for online gaming platforms.

We report suspicious account activity to local authorities as required by anti-money-laundering regulations. If our compliance team detects patterns consistent with money laundering, terrorist financing, or fraud, we report those accounts to relevant agencies. This is a legal obligation, not our discretion.

We retain transaction records for 7 years to satisfy regulatory record-keeping requirements. We cannot delete this data upon request—it is legally protected information.

Your Data Privacy on aatoto

Encrypted end-to-end communication
KYC data stored securely, not shared
Right to access, correct, and delete
Optional two-factor authentication

Data Limitations

Servers may sit outside your jurisdiction
KYC and transaction records retained 7 years
Compliance reporting required by law

Contacting Us About Your aatoto Privacy

If you have privacy questions, data access requests, or privacy concerns, contact our support team via in-app chat, email, or phone. We handle privacy requests within 14 days. Include your aatoto account email and the specific nature of your request (e.g., "data access request", "deletion request", "privacy complaint").

If you believe aatoto has violated your privacy rights, you may also lodge a complaint with the relevant data protection authority in your jurisdiction. We respect all formal privacy complaints and cooperate fully with regulatory investigations.

Policy Updates and Your aatoto Account

We may update this privacy notice if our practices change or if law requires it. Changes take effect 30 days after posting. We notify you of material changes via email. Your continued use of aatoto after 30 days constitutes acceptance of the updated policy.

This privacy notice was last updated as displayed at the bottom of this page. If you access aatoto from Jakarta, Surabaya, Bandung, Medan, Semarang, or other supported regions, this notice applies to your account. Our privacy commitments—encryption, secure storage, limited sharing, your data rights—remain consistent across all jurisdictions where we operate.

Summary of Our aatoto Privacy Commitments

We at aatoto collect personal information necessary for account operation, payment processing, and legal compliance. We protect that data with encryption, secure storage, and restricted access. We share data with payment processors and compliance partners only, never with advertisers or data brokers. We provide you with rights to access, correct, and delete your information within legal constraints. We encrypt your transactions, log all activity for your security, and conduct regular security audits.

Your privacy on aatoto is not optional—it is fundamental to how we operate. If you have questions about your data, our support team is available to provide clarity. If you disagree with any aspect of this policy, you have the right to close your account and request data deletion (with regulatory retention exceptions noted above).