aretoto Privacy Policy

This page describes what we collect when you use aretoto and how we keep that data protected. We are transparent about our data practices because account security and user trust are central to how we operate our platform across Jakarta, Surabaya, Bandung, Medan, Semarang, and Yogyakarta.

When you register with aretoto, deposit funds via DANA, e-wallet, mobile banking, local payment, or bank virtual accounts, or place a bet on Liga 1 or any other market, we collect information needed to verify your identity, process your payments, and comply with local regulations. We do not sell your data to third parties, nor do we use it for purposes unrelated to your aretoto account.

Read this policy carefully to understand what information we hold, who has access to it, and what rights you have over your own data.

What we collect and how we use it

We collect personal information in several categories. First, account data: your name, email address, phone number, date of birth, and government-issued identification (Indonesian KTP, passport, or driver's licence). We require this during registration to comply with know-your-customer (KYC) obligations and to verify that you are the legitimate account holder.

Second, payment information. When you fund your aretoto account using DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or virtual accounts from mobile banking, local payment, online payment, and e-wallet, we collect transaction IDs, amounts, timestamps, and your payment method identifier. We do not store your full bank account numbers or card details; our payment processors handle that encryption. We retain transaction records for up to seven years to meet regulatory requirements and to help resolve disputes.

Third, activity data: which markets you view, which bets you place, your account balance, your wins and losses, and withdrawal requests. We use this information to manage your account, calculate your taxable winnings if required by law, and detect fraudulent activity such as duplicate accounts or money laundering patterns.

Fourth, technical data. When you access aretoto via browser on iOS or the native app on Android, we log your IP address, device type, operating system version, and approximate location (country or region level, not street address). We use this to block access from jurisdictions where aretoto is not available, to prevent account takeovers, and to improve app performance.

Data we collect

Identity information (name, ID number, date of birth)
Contact details (email, phone, home address for verification)
Payment records (transaction IDs, amounts, methods, timestamps)
Account activity (bets, balances, withdrawals, login history)
Device and network data (IP address, device model, operating system, browser type)
Cookies and analytics data to measure site performance

Third parties and data processors

We share your data with third parties only when necessary to operate aretoto. Our payment processors (the mobile banking, local payment, online payment, and bank-account integrators) receive your transaction data to complete deposits and withdrawals. These processors are contractually bound to protect your information and use it only for payment settlement.

We also use hosting providers to store our servers and databases. Our infrastructure sits outside Indonesia in some cases; if your data travels to servers in other countries, we ensure that storage location meets or exceeds Indonesian privacy standards through data-protection agreements. Government agencies may request your data if required by law (for example, during a regulatory investigation); we will disclose only what is legally required, unless disclosure is prohibited.

We do not use your data for marketing purposes or share it with advertising networks. We do not sell your information to third parties. Internal aretoto staff access your account data only to resolve technical issues, investigate disputes, or prevent fraud.

Your rights and our commitments on aretoto

You have the right to request a copy of all data we hold about you within 30 days. You can also ask us to correct inaccurate information, such as a misspelled name or incorrect phone number. If you wish to close your aretoto account and have your data deleted (except where we are required to retain it by law), contact our support team. We will delete personal information 90 days after account closure, except transaction records and KYC documents, which we keep for seven years for regulatory compliance.

KYC retention: Your government ID and address proof are stored securely and retained for seven years after your final transaction to meet anti-money-laundering regulations.
Cookies: We use session cookies to keep you logged into aretoto and analytics cookies to understand how users interact with the platform. You can disable cookies in your browser, but some features may not work properly.
Data breach: If we discover that your data has been compromised, we will notify you within 72 hours and advise you to change your password immediately.

Security and contact

We encrypt all data in transit using HTTPS and store sensitive information on servers protected by firewalls and regular security audits. We do not guarantee absolute security — no platform is risk-free — but we undertake reasonable steps to protect your information from unauthorized access.

Your aretoto account is yours alone. Do not share your password with anyone. If you suspect your account has been compromised, notify our support team immediately. We will freeze the account and help you regain control.

If you have questions about this policy or how we handle your data, contact aretoto support via email or live chat. We respond during business hours on weekdays; during public holidays such as Idul Fitri, Idul Adha, Imlek, and Nyepi, response times may be longer. This policy may be updated at any time; we will post changes here and notify you via email if changes are material.