opmtoto Privacy Policy
We at opmtoto encrypt and protect all personal data you share during account setup, deposits, and gameplay, storing encrypted identity documents separately from transaction records and game activity. This page describes what we collect when you use opmtoto, how we handle it, which third parties may see it, and what rights you have over your own information.
Our policy is straightforward: we collect only what's necessary to verify your account, process deposits via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, handle withdrawals, comply with law, and provide customer support. Your payment details never reach our servers—they go directly to your chosen provider. Your identity documents are encrypted and access-restricted. All your activity—stakes, results, deposits, withdrawals—is logged for your audit trail and our fraud prevention.
Services on opmtoto are available only where local law permits. Your use of our platform is subject to your jurisdiction's applicable data protection and gaming regulations.
What we collect and why
We collect personal data in three categories. First, account details: your legal name, date of birth, email, phone number, and residential address. We require these to verify your identity—a mandatory step on opmtoto before deposit. Second, identity verification: we ask for a government ID photo (passport, driver's license, national ID) and a selfie. These documents are encrypted in transit and at rest, stored separately from your account credentials, and accessed only by our verification team and compliance staff. Third, payment information: we never store credit card numbers, bank account details, or e-wallet login credentials. When you deposit via DANA, e-wallet, mobile banking, local payment, online payment, or e-wallet, or via bank transfer through mobile banking, local payment, online payment, e-wallet, all sensitive payment data flows directly between you and your payment provider—opmtoto sees only a transaction receipt confirming the deposit succeeded.
We also collect activity data: every market you place on Liga 1, Piala AFF, Champions League, or other football tournaments; every game you play; every result; every withdrawal request. This data is logged in your account history for transparency. We collect device and connection data—your IP address, browser type, device model, approximate location (city or region level)—to detect fraud and ensure service availability during peak periods like Idul Fitri and Idul Adha when traffic spikes.
How we use your data
We use your personal data to operate opmtoto. Account verification is mandatory: we match your ID photo and selfie against your stated name and date of birth to confirm you are who you claim. Payment processing requires your name and residential address: your bank or e-wallet provider needs these to authorize the transaction. We use email and phone to send you account alerts—deposit confirmations, withdrawal status, customer support responses—and to recover your account if you forget your password or get locked out after failed login attempts.
We use activity logs to detect fraud: if we see unusual betting patterns, rapid withdrawals following large losses, or login attempts from multiple countries in a short time, our team reviews the account for security. We use device and location data to protect against account takeover and to ensure our platform stays available during high-traffic periods. We keep all records—identity documents, transactions, activity logs—for seven years to comply with Indonesian financial regulations and anti-money-laundering law. We never sell your data to advertisers, data brokers, or marketing firms. We share data only with payment processors (mobile banking, local payment, online payment, etc.) when you initiate a transaction, and with law enforcement only if required by lawful court order.
- Account verification
- We use your ID and selfie to confirm your identity once, before your first deposit on opmtoto.
- Payment processing
- We share your name and address with e-wallet, mobile banking, local payment, or your bank to authorize deposits and withdrawals.
- Fraud detection
- We monitor activity logs and device data to identify and prevent account takeover and money laundering.
- Legal compliance
- We retain identity documents and transaction records for seven years as required by Indonesian financial law.
Your rights on opmtoto
You have the right to access all data we hold about you. Send a request to our Help Center or support email, and we will provide a copy of your identity documents (as you submitted them), your account details, and your complete activity log within 14 business days. You can request that we correct inaccurate data—for example, if your address has changed or your email is wrong—and we will update it immediately and confirm the change in writing.
You have the right to request deletion of your account and associated data, with one exception: we must retain identity documents and transaction records for seven years under Indonesian anti-money-laundering regulation, so we cannot delete those. However, we can delete your email, phone, and device history once the retention period expires. You also have the right to withdraw consent for marketing emails at any time—click "Unsubscribe" in any email, or contact support, and we'll stop sending them within 24 hours.
Cookies and third-party processors
We use cookies to keep you logged in to opmtoto, remember your preferences, and measure page performance. Session cookies expire when you close your browser. Persistent cookies (like "remember me") last 30 days. We do not use tracking cookies or share cookies with advertisers. Google Analytics may be enabled on certain pages to measure traffic patterns and identify slowdowns during peak periods in Jakarta, Surabaya, Bandung, or Medan—you can opt out by disabling third-party cookies in your browser settings.
Third parties that process your data on our behalf include: your payment provider (online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet—receives name, address, transaction details); our SMS gateway provider (receives phone number to send withdrawal alerts and account recovery codes); our document-verification vendor (receives ID and selfie photos to confirm identity); and our hosting provider (stores encrypted databases and logs). All these vendors are subject to written data-processing agreements and are required to delete or return your data after our contract ends.
Policy updates and contact
We may update this policy from time to time to reflect changes in law, technology, or our practices. We will notify you of material changes by email at least 30 days before they take effect. Your continued use of opmtoto after the notice period means you accept the updated policy. If you disagree, you may request account closure and data deletion (subject to the seven-year retention obligation for compliance records).
If you have questions about this privacy policy, how we handle your data, or how to exercise your rights, contact our support team: live chat (9am–11pm Jakarta time, 7 days a week), email (response within 4 business hours), or phone. We speak Indonesian and English. You can also write to us with a formal data-subject request, and we will respond within 14 days as required by data-protection standards.
Services on opmtoto are available only where local law permits. This privacy policy is governed by the laws applicable in your jurisdiction and the terms of our service agreement. If you are located in a region where data-protection law grants you specific rights (such as the right to be forgotten or the right to data portability), those rights apply to your opmtoto account, subject to our legal obligations to retain records for anti-money-laundering compliance.