nawatoto Casino & Sportsbook Data Care

This page describes what we collect when you use nawatoto and how we keep that data protected. We operate on the principle that your personal information—email, identity documents, payment details, gaming history—belongs to you and deserves encryption, careful handling, and transparency. When you open an account with us or place a wager on Liga 1, withdraw funds via QRIS, or play live blackjack, we collect certain information. We explain here what that is, why we collect it, who may access it, and how long we retain it.

Our nawatoto platform processes data across multiple jurisdictions. Your account may be accessed from Jakarta, Surabaya, Bandung, Medan, Semarang, Yogyakarta, or supported regions elsewhere. Our servers may sit outside your jurisdiction. Data transfers are encrypted; your consent is implicit when you use our service. We do not sell your data to third parties for marketing. We share it only with payment processors, fraud-detection services, and compliance partners necessary to operate our platform legally.

This policy is written in plain language. We avoid legal jargon where possible and speak directly about what we do with your information. If you have questions after reading, contact our support team.

What data we collect on nawatoto

We collect several categories of information when you open and use a nawatoto account. First, account data: your email address, username, password (hashed, never stored in plain text), and phone number if you provide one. Second, identity documents: when you request your first withdrawal, we ask for a photo ID (national card, passport, or driver license) and an address-proof document (bank statement, utility bill, or government letter). Third, payment data: we record which payment method you use (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, or e-wallet), the amount deposited or withdrawn, and the transaction reference. Fourth, gaming history: we log which games you play, bet amounts, outcomes, and session timestamps. Fifth, device and access data: we record your IP address, browser type, and device model for security and fraud detection.

We do not collect your full payment credentials—bank account numbers, e-wallet passwords, or card details. Our payment processor handles those. We receive only confirmation that a transaction succeeded or failed. We also do not retain any data beyond what is necessary for compliance, fraud prevention, or account management. Identity documents are encrypted and deleted after verification is complete and no disputes exist.

Account data: Email, username, hashed password, phone number. Retained for the life of your account.
Identity documents: Encrypted photo ID and address proof. Deleted after verification is complete and six months have passed, unless a withdrawal dispute or regulatory investigation is open.
Payment records: Deposit/withdrawal amounts, methods, and transaction dates. Retained for five years for compliance and dispute resolution.
Gaming history: Bet amounts, game selections, outcomes, and session times. Retained for three years; older records are archived.

How we use your data on nawatoto

We use account data to operate your account—login verification, password reset, and communication about your balance or withdrawals. Identity documents are used solely for compliance: Know Your Customer (KYC) verification, anti-money-laundering checks, and fraud prevention. We compare your documents against identity-verification databases (third-party services) to confirm you are who you claim. This process is required by law in all jurisdictions where we operate; we have no discretion to skip it.

Payment data is used to process deposits and withdrawals, generate transaction records for your account, and detect fraud. Our fraud system flags unusual patterns—sudden large payouts, rapid deposit-and-withdrawal cycles, or payments to new destinations—and may pause processing pending investigation. Gaming history is used to comply with game-fairness audits, resolve player disputes, and detect problem patterns (e.g., automated betting bots or collusion schemes).

We do not use your data for marketing without consent. We do not sell your email to third parties. We do not profile you for targeting or discrimination. Occasionally, we may send you service announcements (account security alerts, game outages, payment-method changes) via email, but only if these are operationally necessary. You can disable non-essential emails through your account settings.

Important: We at nawatoto may disclose your data if required by law, court order, or regulatory investigation. We will comply with government requests for customer information where applicable law permits. We do not resist lawful demands, but we also do not volunteer data absent a legal directive.

Data storage, encryption, and third-party access

All data transmitted to and from our nawatoto servers uses SSL/TLS encryption. Your session token, payment information, and identity documents are encrypted in transit. Data at rest on our servers is also encrypted. We do not store passwords in plain text; they are hashed using industry-standard algorithms. Even our support team cannot see your password; password resets generate a temporary link that lets you set a new one.

Our servers are hosted by third-party cloud providers. Your data sits in encrypted storage; the provider cannot access it without the encryption key, which we control. These providers have strict data-protection agreements and undergo regular security audits. We also use third-party services for fraud detection, identity verification, and payment processing. Each of these partners has a contract limiting their use of your data to their stated purpose. They cannot sell your information or use it for other services.

We retain backups of your account data for disaster recovery. Backups are encrypted and stored off-site. If our primary servers fail, we can restore from backups to ensure account continuity. Backups are retained for 30 days; older backups are securely deleted. If you request account deletion, we delete your active data immediately but may retain encrypted backups for the standard 30-day window.

Your rights regarding your data on nawatoto

You have the right to access all data we hold about you. You can download your account statement, gaming history, and withdrawal records from your account dashboard. You have the right to correct inaccurate information—if your email or address is wrong, update it through settings. You have the right to request deletion of your account and associated data, subject to legal retention periods. If you request deletion, we anonymise active records and delete non-essential data; retention required by law (payment records for five years, gaming records for disputes) continues in encrypted form.

You have the right to object to data processing in certain contexts. For example, if we use your data for fraud detection, you may request that we cease, though doing so may prevent you from using our platform. You have the right to lodge a complaint with your local data-protection authority if you believe we have mishandled your information. Our contact details are below; you may also reach out to your jurisdiction's data-protection agency.

Cookies and tracking on nawatoto

Our nawatoto platform uses cookies to recognise you when you log in and to maintain your session. These are necessary cookies; without them, you would need to log in on every page. We do not use cookies for tracking or profiling. We do not use advertising cookies. Our website may embed analytics to measure site traffic and identify technical issues; these analytics are anonymised and do not track individual behaviour.

You can disable cookies in your browser settings, but doing so may break login functionality. We do not recommend disabling cookies for nawatoto. Third-party services (payment processors, fraud detection) may set their own cookies; their privacy practices are governed by their policies, not ours.

Our nawatoto contact and dispute process

If you have questions about our privacy practices or how we handle your data, contact our support team. We respond in English and local languages via in-app help, email, and chat. We do not promise response windows, but we aim to acknowledge requests within business hours. For data-subject requests (access, deletion, correction), submit your request through your account settings or email our support team; we aim to fulfill requests within standard timeframes unless law allows us to refuse or delay.

If you believe we have violated your privacy rights or misused your data, you have the right to file a complaint with your local data-protection authority. You can also contact us directly; we will investigate and respond. If we find we have erred, we will correct the issue and notify you. This is our commitment to you.

This privacy policy may change. We will notify you of material changes via email or by posting an updated policy on our website. Your continued use of nawatoto after such notification constitutes acceptance of the new policy. Our services are available only where local law permits; this policy applies only to users accessing nawatoto from supported jurisdictions. Users in restricted regions are responsible for verifying that access complies with their local regulations.

Related guides

Legal