bostoto Privacy Policy

This page describes what we collect when you use bostoto and how we keep that data protected. We take your privacy seriously and operate under clear principles: we collect only what is necessary for account management, fraud prevention, and regulatory compliance; we do not sell your data to third parties; and we encrypt all communication between your device and our servers.

Our privacy practices comply with international standards and apply to all users of bostoto, regardless of location. Because we operate as a jurisdiction-restricted service, your data handling may differ based on where you access bostoto from — for example, users connecting from Jakarta, Bandung, or Surabaya may have different data retention rules depending on their local law. This policy outlines our general approach; specific questions about your jurisdiction should be directed to our support team.

Our services are available only where local law permits. Users are responsible for verifying that access and use comply with their own jurisdiction's law.

What we collect on bostoto

When you register an account on bostoto, we collect your email address, username, password (encrypted), and phone number. During account verification (required before your first withdrawal), we ask for your legal name, identity document number (KTP or passport), and proof of address. We may also request additional verification documents such as bank statements or utility bills if our systems flag your account for suspicious activity.

We collect transaction data: every bet you place, deposit, withdrawal, and game outcome is recorded with timestamps and amounts. This data is used for account reconciliation, fraud detection, and regulatory reporting. We do not collect your payment card details directly — when you fund via DANA, e-wallet, mobile banking, or bank transfer, the payment processor handles credential exchange, and we receive only confirmation of the transaction.

We collect behavioral data passively: your IP address, device type, operating system, browser type, and pages you visit on bostoto. We use this to detect unauthorized access, prevent account takeover, and optimize the platform. We also log login times and locations — if you log in from an unexpected location (e.g., Jakarta one day and Medan the next, within an hour), our system may flag the activity for additional verification.

  • Account data: Email, username, phone, legal name, identity number, address.
  • Transaction data: Bets, deposits, withdrawals, game outcomes, balances.
  • Device and behavioral data: IP address, device type, browser, login times, page visits.
  • Payment data: Only transaction confirmation; we do not store card numbers or payment credentials.

How we use your data on bostoto

We use your data primarily for account management and service delivery. Your email and phone are used for login recovery, withdrawal confirmations, and security alerts. Your transaction data ensures your balance is accurate and allows you to review your betting history. We use device and behavioral data to detect fraud — if we see multiple login attempts with wrong passwords, or logins from geographically impossible locations, we may lock your account temporarily and ask you to verify your identity.

We use your data for regulatory compliance. Gaming operators in many jurisdictions must report customer data to financial authorities for anti-money-laundering (AML) purposes. If you make large deposits or rapid withdrawals, we may file reports with relevant agencies. We do not disclose your data to these agencies without legal requirement, but we retain the legal right to do so if compelled by law.

We use your data to improve bostoto. Aggregated (non-identifying) data helps us understand which games are popular, when users typically access the platform, and what payment methods are preferred. This informs product decisions — for example, if we see high local payment usage during Idul Fitri, we may enhance online payment support around that holiday.

Marketing note: We do not use your data to send marketing emails without your consent. If you opt into promotional messages, you can unsubscribe at any time through your bostoto account settings.

Third-party processors and data sharing on bostoto

We share your data with third parties only when necessary for service delivery. Our payment processors (e-wallet, mobile banking, local payment, bank-transfer intermediaries) receive your transaction details to process deposits and withdrawals. Our hosting provider stores encrypted copies of your account on servers, some of which may be located outside Indonesia. Our email service provider handles login-recovery and withdrawal-confirmation messages. None of these processors are permitted to use your data for their own marketing.

We also share data with fraud-prevention vendors and identity-verification services. These vendors use your information to check against known-fraud databases and confirm your identity legitimacy. They do not retain your data longer than necessary for verification.

We do not sell or lease your data to third parties. We do not share your data with other gaming operators, affiliate networks, or data brokers. The only exceptions are: (1) when required by law (courts, financial regulators, law enforcement), (2) when necessary to prevent fraud or protect account security, and (3) when you explicitly consent to sharing (e.g., if you ask us to transfer your account to a linked service).

How long we keep your data on bostoto

We retain your account data (name, email, phone, identity number) for as long as your bostoto account is active, plus seven years after account closure. This retention window is standard for gaming operators and reflects regulatory requirements for audit trails and dispute resolution. If you request account deletion before the seven-year window expires, we anonymize your personal data but retain transaction records for regulatory purposes.

We retain transaction data (bets, deposits, withdrawals) for the full seven-year period. This allows us to investigate disputed transactions and comply with financial audits. Device and behavioral data (IP addresses, login logs) is retained for one year, then archived or deleted unless required by ongoing investigations or legal holds.

Your rights on bostoto

  • Right to access: You can request a copy of all data bostoto holds about you.
  • Right to correction: You can update your name, email, or address through account settings.
  • Right to deletion: You can request account closure and data anonymization (some data retained for compliance).
  • Right to object: You can opt out of non-essential data processing (marketing emails, usage analytics).

Cookies and tracking on bostoto

We use cookies to maintain your login session and remember your preferences (e.g., which sportsbook markets you follow, your preferred game language). Session cookies expire when you close your browser; persistent cookies may remain for up to one year. You can delete cookies through your browser settings, which may log you out of bostoto.

We do not use cookies for tracking across third-party websites. We do not employ retargeting pixels or cross-site analytics. Our analytics service (used to measure page views and bounce rates) operates with anonymized data and does not identify individual users.

How we protect your data on bostoto

All communication between your device and bostoto servers uses HTTPS encryption (TLS 1.3 or higher). Your password is hashed on our servers and cannot be retrieved, even by our support staff — if you forget your password, we issue a reset link rather than sending you the original password.

Our servers are protected by firewalls, intrusion-detection systems, and regular security audits. We do not store payment card data on our infrastructure — payment processing is handled by third-party processors with their own security certifications. Our databases are encrypted at rest, and access is restricted to authorized staff with two-factor authentication.

Despite these measures, no security system is perfect. If we discover a breach affecting your bostoto account, we will notify you within 24 hours and provide guidance on how to secure your account (reset password, enable 2FA, monitor for unauthorized activity).

Contacting us about your privacy on bostoto

If you have questions about how we handle your data on bostoto, or if you wish to exercise any of your rights (access, correction, deletion, objection), you can contact our support team via in-app chat or email. Requests for data access or deletion are processed within 30 days. For complex requests or jurisdictional inquiries, our privacy officer can be reached through the support team.

This privacy policy is effective from the date of posting. We may update it periodically to reflect changes in our practices or applicable law. Material changes will be announced on bostoto's homepage; we do not retroactively apply changes to data collected before the policy update.

Our services are available only where local law permits. Users are responsible for verifying that access and use comply with their own jurisdiction's law.