sritoto Privacy Policy

This page describes what we collect when you use sritoto and how we keep that data protected. When you register with email, fund your account via DANA, e-wallet, mobile banking, or local payment, or place a wager on Liga 1 or Champions League matches, we collect and store data about your activity. We treat your data as confidential and encrypt it during transmission to our servers.

We at sritoto operate as a gaming and sportsbook platform available where local law permits. We collect only the information necessary to verify your identity, process deposits and withdrawals, settle wagers, and comply with anti-money-laundering (AML) regulations. We do not sell your personal data to third parties.

Our data processors sit in multiple jurisdictions, including Southeast Asia and Europe. If you reside in Jakarta, Bandung, or any supported region, your data may be stored on servers outside your location. This document sets out our commitments and your rights regarding that data.

What we collect at sritoto

We at sritoto collect data in three categories. Account data includes your email, password hash, full name, date of birth, residential address (city: Jakarta, Surabaya, Medan, Semarang, Bandung, or other), government ID number (KTP, Passport, Driver's License), and phone number. We request government ID only after you decide to place stakes, not at registration.

Payment data includes your chosen method (DANA account identifier, e-wallet phone number, mobile banking virtual-account number, or similar), deposit amount, withdrawal request timing, and transaction ID from your bank or e-wallet provider. We store this data to reconcile transactions and prevent fraud.

Betting data includes your wager details (match, market type, stake amount, odds, settlement result), login timestamps, device type and IP address, browser language, and session duration. We collect this to calculate your account balance, settle disputes, and detect unusual activity patterns (e.g., automated betting from suspicious IP ranges).

Account verification note: We request government ID only after you have registered and chosen to fund your account. Unverified accounts can view game rules and market odds but cannot stake real funds.

How we use your data at sritoto

We use account data to verify your identity, prevent duplicate accounts, and comply with local AML/Know Your Customer (KYC) requirements in supported jurisdictions. During high-volume periods (Idul Fitri, Idul Adha, Imlek, Nyepi, or major tournaments), KYC verification may take 24–48 hours.

We use payment data to process deposits and withdrawals, reconcile transactions with your bank or e-wallet, and flag suspicious patterns (e.g., deposits via one method and immediate withdrawals via another). We use betting data to calculate your balance, settle wagers, and respond to dispute claims. For example, if you contest a football match settlement, we compare your claim against official league results and our settlement logs.

We do not use your data for marketing, sales, or profiling beyond what is necessary to operate our platform and comply with local law. We do not share your data with advertisers. We do not use your data to train machine-learning models.

Data retention and third-party processors at sritoto

We retain account data for the life of your sritoto account plus 7 years after closure, as required by AML regulations in most jurisdictions. We retain payment and betting data for 5 years to support transaction audits and dispute resolution. We delete marketing consent records within 30 days of your request.

Our third-party processors include payment gateways (payment processors for local payment, online payment, e-wallet, mobile banking, local payment, online payment, and bank virtual accounts), identity-verification vendors (for KYC/AML), and data-centre operators (for server hosting). These processors have signed data-processing agreements obligating them to keep your data confidential and use it only for the services we contract them for. We do not disclose your name, address, or betting history to these processors except as necessary to complete the transaction or verification in question.

Key takeaways

  • We collect account, payment, and betting data only as necessary to operate sritoto
  • We do not sell your data to marketers or data brokers
  • We retain data for 5–7 years as required by AML law
  • We encrypt all transmission between your device and our servers
  • We share data with payment processors and identity-verification vendors only under strict data-processing agreements

Cookies and tracking on sritoto

We at sritoto use session cookies to keep you logged in during your visit. These cookies expire when you close your browser. We use persistent cookies to remember your language preference and account settings across future visits. We do not use third-party tracking pixels or Google Analytics on sritoto.

You can disable cookies in your browser settings. If you disable session cookies, you will need to re-enter your login credentials on each visit. If you disable persistent cookies, your language preference will reset to English on your next visit.

Your rights at sritoto

You have the right to access all personal data we hold on your sritoto account. Contact our support team and request a data export; we provide this within 14 days at no charge. You have the right to correct inaccurate data (e.g., if your residential address has changed). You have the right to request deletion of your account and associated data after the mandatory 7-year AML retention period expires.

You have the right to object to our processing of your data for marketing purposes. We do not conduct marketing profiling, so this right is rarely invoked; however, if we were to do so in future, you could opt out via your account settings or by contacting support.

International data transfers and jurisdiction

Our sritoto servers are located in multiple jurisdictions, including Southeast Asia and Europe. When you use sritoto from a supported region (Jakarta, Surabaya, or another jurisdiction where we operate), your data may be transferred to and stored on servers outside your country. We apply the same level of encryption and security safeguards to all data, regardless of server location. We do not transfer data to jurisdictions with weaker data-protection laws than the country where you reside, except where necessary to comply with AML or law-enforcement requests.

Contact and data requests at sritoto

To request a data export, report a data breach, or ask questions about this Privacy Policy, contact sritoto customer supportin English or Indonesian. Our typical response time is 1–2 hours for urgent requests and 24 hours for standard inquiries. We handle all data requests confidentially and log them for compliance audit purposes.

This Privacy Policy is effective as of February 2025. We may update it to reflect changes in our data practices or local law. We notify all account holders via email if we make material changes to this policy. Continued use of sritoto after the notification date constitutes your acceptance of the updated policy.

sritoto Data Protection team
Privacy and compliance

Your privacy matters to us. We encrypt your data at rest and in transit, limit access to authorised staff, and comply with AML regulations in all supported jurisdictions. Questions about how we handle your information? Our support team can clarify any section of this policy.