kisstoto Privacy Policy

We collect your email address, full name, government-issued identity document, address, and phone number when you create an account on kisstoto. This page describes what we gather, how we use it, who we share it with, and what rights you have over your data. Our approach is straightforward: we collect only what is necessary for account verification, payment processing, and legal compliance. We do not sell your data to third parties, and we do not share your identity with other gaming platforms or marketing networks.

kisstoto operates in supported jurisdictions including Indonesia, and our servers may be located outside your home country. This means your data may be processed internationally according to our privacy standards, which meet or exceed Indonesian financial and data protection regulations. All data transfers use industry-standard encryption. We retain your information for as long as your account is active, plus a period afterward to satisfy legal requirements and dispute resolution needs.

This policy applies to everyone who uses kisstoto, whether you access via web or mobile. If any clause is unclear, or if you have questions about how we handle your data, our support team can walk you through specific practices. You can contact us at any time to request access to your data, correct inaccuracies, or ask us to delete your information where legally permissible.

What we collect and why

When you sign up for kisstoto, we require an email address and password. Your email is used for account recovery, security notifications, and communication about service changes. We send you a verification link and ask you to confirm your email before real-money activity is permitted. This protects against unauthorized account creation and ensures we can reach you if we detect suspicious activity on your account.

Once your account is active, we ask for your full name, date of birth, address, and national ID number. This is our Know-Your-Customer (KYC) process, required by Indonesian financial regulations and international anti-money-laundering standards. We verify these details against your government-issued ID (passport, national ID card, or driver's license) using automated checks and manual review where needed. We do not share KYC data with other gaming operators; we retain it only for verification and regulatory compliance.

When you deposit funds through DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or direct bank transfer (mobile banking, local payment, online payment, e-wallet), we record your payment method, deposit amount, and timestamp. We do not store your full card details or bank account numbers—our payment processors handle that encryption. We retain payment records for a minimum of five years to satisfy tax and anti-fraud requirements across all supported jurisdictions including Jakarta, Surabaya, Bandung, Medan, and Semarang.

We also track your gaming activity: which games you play, when you play, your account balance, deposits, withdrawals, and betting history. This data helps us detect fraud (unusual withdrawal patterns, repeated login failures, geographic anomalies), understand account health, and ensure settlement accuracy. All gameplay data is timestamped and logged for dispute resolution—if a settlement question arises during a peak period like Idul Fitri or Nyepi, we can pull the exact sequence of events from our records.

How we use your data

We use kisstoto account data for five main purposes: account operations (funding, settlement, balance tracking), fraud prevention, legal compliance, customer support, and service improvement. We do not use your data for marketing to other platforms, nor do we sell your contact information to third parties. We do not profile you for risk assessment beyond what is necessary to detect account abuse or money-laundering patterns.

Your IP address is logged each time you access kisstoto. We use this to detect unauthorized access attempts and to enforce jurisdiction restrictions—if you access kisstoto from an unsupported region, we block the connection. We also monitor for signs of account compromise: rapid login attempts, unusual withdrawal destinations, or large balance changes outside your typical pattern.

Third-party processors and data sharing

We share your data with three categories of vendors: payment processors (who handle online payment, e-wallet, mobile banking deposits and bank transfers), identity verification services (who confirm your KYC documents), and hosting providers (who store our servers). All vendors are bound by written data-processing agreements and must comply with Indonesian privacy law. We do not permit them to use your data for their own marketing purposes.

We may disclose your data to government agencies, tax authorities, or law enforcement if legally required to do so. We will inform you of such disclosures unless prohibited by law. We do not voluntarily share account data with financial regulators or other gaming platforms.

Your rights and controls

You have the right to access all personal data we hold about you. Submit a request through your kisstoto account settings or contact our support team, and we will provide a full export of your data within 10 business days. You can request corrections to any inaccurate information—we will update your address, phone number, or email immediately. You can also request deletion of your account and associated data. Note that we must retain transaction records for tax purposes, but we will anonymize your personal identifiers.

You have the right to withdraw consent for non-essential data uses. For example, if we send you promotional emails about new game releases, you can opt out through your account preferences or by replying "unsubscribe" to any email. This does not affect your account security or ability to use kisstoto.

Cookies and tracking

We use cookies to maintain your login session, remember your language preference, and track page navigation. These are essential for kisstoto to function. We do not use cookies for cross-site tracking or to build advertising profiles. You can disable cookies in your browser, but this will log you out of kisstoto and prevent normal use.

Security and data retention

We store all kisstoto account data on encrypted servers with restricted access. We use HTTPS encryption for all data in transit. Staff access is limited to those who need it for account support or fraud investigation, and all access is logged. We conduct regular security audits and penetration testing. If we discover a breach, we will notify affected users within one week and advise you to reset your password.

We retain your account data for as long as your account is active. After closure, we keep transaction records for five years (required by tax law), then permanently delete personal identifiers. KYC documents are retained for three years post-closure in case of audit or dispute.

Summary and contact

Our privacy approach on kisstoto is built around necessity: we collect what we need, we protect it with encryption, and we do not share it unnecessarily. Your identity documents are used only for verification. Your payment data is handled by PCI-compliant processors. Your gameplay data is retained for settlement accuracy and fraud prevention, not for profiling or resale.

We take data protection seriously because your account security underpins everything we do. If we fail to protect your data, we fail to protect your funds. This privacy policy reflects that commitment.

If you have questions about kisstoto's privacy practices, wish to exercise your rights, or have concerns about how we handle your data, contact our support team. Response times are typically within one business day, extending to two business days during regional holidays. You can also escalate privacy concerns to our data protection officer if you feel your rights have been violated.