Your Data. Our Responsibility.
We handle your account details, payment information and gaming history with the same care we put into our lobby. This policy explains exactly how we collect, use and...
What We Collect and Why
When you open an account with bandit toto, we collect your name, email, phone number and identity details to verify your age and location. We also record your gaming activity, session history and payment transactions to maintain account integrity and comply with local regulations in supported regions. Your DANA, OVO, GoPay and QRIS payment data is encrypted and never stored on our
servers after each transaction completes. We use this information to deliver the lobby, process payouts, detect fraud and improve your experience.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
How We Earn Your Trust
Encryption Standard
All data in transit and at rest uses TLS 1.3 and AES-256 encryption, the same standard banks use to protect account credentials and payment details.
Third-Party Audit
We commission annual security audits from independent firms to verify our data handling practices and identify vulnerabilities before they become risks.
No Data Selling
We never sell your personal information to advertisers, brokers or third parties. Your gaming history stays between you and bandit toto.
Transparent Logging
Every access to your account data is logged with timestamp and reason. You can request a full audit trail of who viewed what and when.
Compliance Framework
Our privacy practices align with GDPR principles and Indonesian data protection guidelines, even where not legally required, to set a higher standard.
Incident Response
If a breach occurs, we notify affected users within 48 hours with clear steps to secure your account and monitor for unauthorized activity.
Consistency Across Our Platform
| Same Policy Everywhere | Whether you access bandit toto on mobile, desktop or tablet, the same privacy rules apply to your data collection and protection. |
|---|---|
| Unified Payment Security | DANA, OVO, GoPay and QRIS transactions follow identical encryption and fraud-detection protocols across all lobby sections and game types. |
| Consistent Retention | We keep your account data for as long as your account is active, plus 12 months after closure for dispute resolution and regulatory compliance. |
| Single Privacy Team | One dedicated team manages all data requests, deletion inquiries and privacy concerns across the entire bandit toto platform. |
| Unified Cookie Policy | Session cookies, analytics trackers and preference markers use the same consent framework and opt-out mechanisms across all pages. |
| Coordinated Updates | When we update this policy, the change applies to all users simultaneously. We notify you 30 days in advance via email and in-app alert. |
| Cross-Region Alignment | Our privacy standards for Indonesia users match or exceed those we apply to players in other supported regions, with no hidden regional exceptions. |