sistoto Platform Privacy Notice

This page describes what we collect when you use sistoto and how we keep that data protected. When you create an account, deposit funds via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer, or place wagers on Liga 1, Piala AFF, Champions League markets and live-dealer tables, we process personal information. We collect only what is necessary to verify your identity, process your deposits and withdrawals, prevent fraud, and comply with anti-money-laundering regulations.

Our sistoto privacy practice centres on transparency. We do not sell your data to third parties. We do not share your account details with external marketers. We encrypt all sensitive information and store it on secure servers. Our privacy policy applies to all users of sistoto in supported jurisdictions. If you have questions about how we handle your data, our support team is available through email and in-app messaging.

This policy outlines the categories of data we collect, how we use that information, our retention practices, your rights, and how to contact us about privacy concerns.

What Data We Collect on sistoto

We collect information in three categories on sistoto: registration data, financial data, and behavioural data. Registration data includes your email address, phone number, full name, date of birth, and government-issued identity number (KTP, passport, or driver's license). We collect this information when you open your account and verify your identity for withdrawal eligibility.

Financial data encompasses your deposit and withdrawal history, payment method details (the last digits of your DANA account, e-wallet wallet, bank account, or other payment rail), transaction amounts, and timestamps. We retain financial records for a minimum of five years to comply with anti-money-laundering and tax reporting regulations. Our sistoto systems never store full credit card numbers or complete bank account details — we retain only enough information to match your withdrawal request to the original deposit method.

Behavioural data includes your game play history, wagers placed on Liga 1 or other sportsbook markets, casino table sessions, and account login records. We collect this information to detect unusual account activity, prevent fraud, and improve our sistoto services. We also collect device information (IP address, browser type, operating system) to maintain account security and prevent multi-accounting.

How We Use Your Data on sistoto

We use your registration data to create and maintain your sistoto account, verify your identity during KYC review, and contact you with important account notifications (withdrawal approvals, deposit confirmations, security alerts). We do not use your data to send unsolicited marketing emails unless you have opted in to promotional communications.

We use financial data to process your deposits and withdrawals, reconcile transactions, detect fraud, and comply with anti-money-laundering laws. Our sistoto compliance team analyzes deposit patterns to identify suspicious activity — for example, rapid deposits followed by immediate withdrawals without play, or transactions inconsistent with your declared account purpose. If we detect suspicious patterns, we may freeze your account pending investigation.

We use behavioural data to personalize your sistoto experience, recommend games or markets matching your preferences, and detect account compromise. If your account is accessed from an unusual location or device, we may require re-verification via OTP before allowing play or withdrawals. This protects you from unauthorized access.

Data Encryption: We encrypt all sistoto data in transit and at rest. Your login credentials, payment information, and account balance are protected using SSL encryption. We do not transmit unencrypted sensitive data over the internet.

Third-Party Processors and Data Sharing on sistoto

We share your data with third-party service providers who assist sistoto operations. These include payment processors (mobile banking, local payment, online payment, e-wallet, mobile banking, local payment partners, and banks online payment, e-wallet, mobile banking, local payment) who process your deposits and withdrawals. We provide them only the minimum data needed to complete your transaction — typically your name, account number, and transaction amount.

We also engage third-party compliance vendors to verify your identity during KYC review. These vendors conduct background checks and document verification using your ID photos and proof of address. Once verification is complete, they delete your documents and retain only a verification status in our sistoto records.

We do not sell your data to advertisers or data brokers. We do not share your account balance, game play history, or contact information with external marketers. If we are required by law to disclose your data — for example, to satisfy a court order or law enforcement request — we will notify you of the disclosure unless prohibited by law.

How Long We Keep Your Data

We retain your registration data (name, ID, contact information) for as long as your sistoto account is active and for five years after account closure. This retention period satisfies anti-money-laundering and tax regulation requirements. After five years, we delete personal data except where we are legally required to retain it longer.

We retain financial data (deposit/withdrawal history, transaction records) for a minimum of five years. This allows us to investigate disputes, comply with tax authorities, and respond to regulatory inquiries. Behavioural data (game play logs, login records) is retained for one to two years; older logs are archived or deleted unless needed for ongoing investigations.

Cookies and Tracking: We use cookies to maintain your sistoto login session and remember your preferences. We do not use third-party tracking cookies for advertising. You can disable cookies in your browser settings; however, this may impair sistoto functionality.
IP Address Logging: We log your IP address with each sistoto login to detect unusual access patterns and prevent unauthorized account access. We compare your IP location against your registered address and may require re-verification if access comes from a new country or city.
Device Fingerprinting: We collect device information (browser type, operating system, device ID) to identify account holders across sessions and prevent multi-accounting fraud on sistoto.

Your Rights Regarding Your Data on sistoto

You have the right to access your personal data held by sistoto. You can request a copy of your account information, deposit history, and transaction records through our support team. We will provide this information within ten business days of your request.

You have the right to correct inaccurate data. If your name, contact information, or other registration details are incorrect in your sistoto account, contact our support team to request an update. Corrections are processed within two business days.

You have the right to request deletion of your data. Once your sistoto account is closed and any outstanding withdrawals are processed, you can request permanent deletion of your registration and behavioural data. We will delete non-essential data within thirty days; however, we retain financial records for five years to comply with anti-money-laundering law.

International Data Transfer and Jurisdictional Considerations

Our sistoto servers may be located outside your jurisdiction. By using sistoto, you acknowledge that your data may be processed in jurisdictions with different data protection laws than your own country. We undertake to apply the same privacy protections globally regardless of server location. Our encryption and access controls meet international privacy standards.

If you are located in Indonesia (Jakarta, Surabaya, Bandung, Medan, or other supported regions), your data is processed according to Indonesian data protection regulations. We comply with local law regarding data storage, cross-border transfer, and user rights. If you have questions about jurisdictional data handling, contact our support team.

Contacting sistoto About Privacy

If you have privacy concerns, questions about your data, or wish to exercise your rights, contact our sistoto support team. You can reach us through in-app messaging, email, or phone. Our team responds to privacy inquiries within two business days.

We take privacy seriously and investigate all complaints. If you believe sistoto has mishandled your data in violation of this policy, you have the right to lodge a complaint with your local data protection authority.

Protection

SSL encryption

Retention

5-year compliance hold

Access

10-day request window

Support

2-day response time

Summary of Our sistoto Privacy Commitment

We at sistoto collect personal data only to provide our service, verify your identity, process deposits and withdrawals, and comply with legal requirements. We do not sell your data, share it with external marketers, or use it for unauthorized purposes. We encrypt all sensitive information and maintain strong access controls to protect your data from unauthorized access.

You retain the right to access, correct, and request deletion of your data. We respond to privacy inquiries and requests within reasonable timeframes. If you have concerns about how we handle your data, contact our support team through in-app messaging or email. We maintain this privacy notice in compliance with data protection regulations applicable in supported jurisdictions where sistoto operates.

Our sistoto services are available only where local law permits. Privacy obligations vary by jurisdiction; your rights and our obligations are governed by applicable law in your location. We recommend reviewing this policy regularly for updates. For the latest version, visit this page or contact our support team.