shopeetoto Casino & Sportsbook Data Care
This page describes what we collect when you use shopeetoto and how we keep that data protected. We take account security and privacy seriously—your identity, payment details, and transaction history are encrypted and stored on isolated servers. We do not sell your data to advertisers or third-party marketers.
When you create an account on shopeetoto, deposit via DANA or e-wallet, place bets on Liga 1, or play live roulette, we collect information necessary to process your activity and verify your identity. Know-Your-Customer (KYC) verification requires your legal name, national ID (KTP), and date of birth. Ongoing use generates transaction logs, gameplay records, and device identifiers. All of this data is treated as sensitive and protected by encryption and access controls.
Our privacy policy outlines what we collect, how long we keep it, who has access, and your rights to request data correction or deletion. We comply with applicable data-protection laws in jurisdictions where we operate. Your privacy on shopeetoto is not negotiable—it is central to our commitment to your security.
What Data We Collect on shopeetoto
We collect data in four categories: identity data, transaction data, device data, and behavioural data. Identity data includes your legal name, date of birth, national ID (KTP), email address, phone number, and banking details. We require this for account creation and KYC verification. Transaction data includes all deposits, withdrawals, bets, game plays, and settlements—timestamps, amounts, game types, and outcomes. Device data includes your IP address, device type, browser, and operating system. Behavioural data includes your login times, frequency of play, preferred games, and account activity patterns.
We collect identity data during signup and collect transaction and device data continuously during your use of shopeetoto. You do not explicitly consent to each data collection point; instead, by using our platform, you acknowledge that we collect these data categories. We do not collect sensitive data such as health information, biometric data, or financial credit scores—we collect only what is necessary for account operations and legal compliance.
Optional data includes your preferred language, communication preferences, and customer-support notes. Providing this information is voluntary; refusing does not prevent account use, though it may limit our ability to personalize your experience or respond to support requests efficiently.
How We Use Your Data on shopeetoto
We use your data for five primary purposes: account operations, fraud prevention, legal compliance, customer support, and analytics. Account operations include processing your deposits via mobile banking, local payment, online payment, e-wallet, and mobile banking virtual accounts; settling bets on Liga 1, Piala AFF, Champions League, and other markets; and managing your live-dealer table stakes and slot-game spins. Fraud prevention includes monitoring your account for suspicious patterns (rapid deposits followed by large withdrawals, coordinated betting suggesting collusion, attempts to manipulate odds). Legal compliance includes Know-Your-Customer verification, anti-money-laundering screening, and record-keeping required by applicable law. Customer support includes responding to your inquiries about deposits, withdrawals, bet settlements, and account security. Analytics includes tracking aggregate usage patterns (e.g., peak gaming times, popular games, regional preferences) to improve our platform—we do not use analytics for individual targeting or profiling.
We do not use your data for marketing without your explicit consent. We do not sell your data to third parties. We do not share your identity with game studios, payment processors, or advertisers unless you explicitly authorize sharing or we are legally required to disclose (e.g., responding to court orders).
Third-Party Processors and Data Sharing on shopeetoto
We use third-party service providers for specific functions, and we share your data with them only to the extent necessary. Payment processors (local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment) receive your banking information and transaction details to process deposits and withdrawals. Identity-verification services receive your name, national ID, and date of birth to confirm your age and legal status. Fraud-detection vendors receive transaction data and device identifiers to detect suspicious patterns. Customer-support platforms may store your communication logs and account notes. Cloud-hosting providers host our servers and databases.
All third-party processors are bound by data-protection agreements requiring them to encrypt data in transit and at rest, limit access to authorized personnel only, and delete data upon request or contract termination. We audit third-party security practices annually. We do not use processors that resell your data or use it for their own marketing.
We may disclose your data if legally required: responding to court orders, government requests, or regulatory investigations. We provide notice of such disclosures whenever legally permissible. We do not voluntarily share data with law enforcement absent legal process.
How Long We Keep Your Data on shopeetoto
We retain data for different periods based on data type and legal requirements. Identity data (name, national ID, date of birth) is retained for the duration of your account plus five years after closure (standard for fraud investigation and dispute resolution). Transaction data (deposits, withdrawals, bets, settlements) is retained for five years (standard for financial record-keeping). Device and behavioural data (IP addresses, login times, gameplay patterns) is retained for one year. Customer-support records are retained for two years.
If you request account closure, we mark your account as inactive and stop collecting new data. However, we retain existing data for five years to satisfy legal and fraud-prevention requirements. After five years, we delete or anonymize your data, removing identifiers so it cannot be linked to you. You cannot accelerate data deletion beyond these timelines; they are set by legal requirements, not our discretion.
Your Data Rights on shopeetoto
We recognize your right to access, correct, and delete your personal data. You may request a copy of your data by contacting our support team through your account dashboard. We respond within 10 business days with your data in a portable format (typically CSV or JSON). You may request correction of inaccurate data (e.g., if your recorded name differs from your legal name). We process corrections within 5 business days after verifying your identity.
You may request deletion of non-essential data (e.g., device records, behavioural logs). However, we may retain essential data (identity, transaction history) if required by law or if you have pending disputes. If you request deletion and we must retain data for legal reasons, we notify you and explain the hold period. Upon account closure, we begin our data-deletion timeline (five years before anonymization).
You may also object to data processing for specific purposes—e.g., objecting to analytics or fraud-detection monitoring. We honor objections where feasible, though we may need to retain data for legal compliance or account security. If your objection prevents us from operating your account safely, we may close your account and return your balance.
Your data is your responsibility, and our responsibility is to protect it. We encrypt it, restrict access, and delete it on schedule. We do not profit from your information.
Cookies and Tracking Technologies on shopeetoto
We use cookies to maintain your login session, store your language preference, and track your usage for analytics. Session cookies are deleted when you log out. Persistent cookies (e.g., preference cookies) are retained for up to one year. We do not use cookies for cross-site tracking or to build profiles of your activity outside shopeetoto.
We use analytics services to track aggregate traffic (e.g., how many users access our platform per day, which games are most popular). This data is anonymized and aggregated; it does not identify you individually. You may disable cookies in your browser settings, though this may limit platform functionality (e.g., you may be logged out frequently).
International Data Transfers and Data Location
Our servers and databases are hosted in data centres that may be located outside your country. When you use shopeetoto, your data may be transferred to and stored in jurisdictions with different data-protection laws. By using our platform, you consent to such transfers. We take precautions to ensure data security regardless of location: all data is encrypted in transit (TLS 1.2) and at rest (AES-256), and we use data-processing agreements with our hosting providers to require equivalent data-protection standards.
If your jurisdiction prohibits data transfers outside its borders without specific safeguards, you may contact our support team to discuss alternatives. However, we cannot guarantee that local data-residency is possible given our current infrastructure.
Security Measures We Employ on shopeetoto
We protect your data using industry-standard encryption and access controls. All data in transit (between your device and our servers) is encrypted using TLS 1.2. All data at rest (stored on our servers) is encrypted using AES-256. We use firewalls, intrusion-detection systems, and regular security audits to prevent unauthorized access. We limit data access to authorized employees and contractors with a legitimate need to know. We require multi-factor authentication for employees accessing sensitive systems.
We perform regular security testing, including penetration testing and vulnerability scanning. We maintain incident-response procedures: if we detect a data breach, we notify affected users within 24 hours and provide guidance on securing your account (e.g., changing your password). We do not guarantee security; no system is impenetrable. However, we take reasonable precautions and continuously improve our practices.
Changes to This Privacy Policy
We may update this policy at any time by posting a revised version on this page. Material changes (e.g., new data sharing practices, longer retention periods) are announced via email to all users and with 30 days' notice before taking effect. Non-material changes (e.g., clarifications, corrections) may be effective immediately. Continued use of shopeetoto after policy changes constitutes acceptance of the revised policy. If you disagree with a policy change, you may close your account and request a balance withdrawal.
Contact Us About Your Privacy
If you have questions about how we handle your data, or if you wish to exercise your rights to access, correct, or delete your data, contact our support team through your account dashboard. For privacy-specific inquiries, use subject line "Privacy Request" to ensure your message reaches our data-protection team. We respond within 10 business days. For complex requests or if you are unsure how to proceed, our support team will guide you through the process.
We also maintain a privacy officer who oversees data-protection compliance. If you have concerns about our data practices or believe we have violated your rights, you may contact our privacy officer via your account dashboard or by email. We investigate all complaints and respond with findings within 15 business days.
Our services are available only where local law permits. This privacy policy applies to all shopeetoto users, regardless of jurisdiction. If your jurisdiction has specific data-protection laws, we comply with those laws to the extent applicable. If you reside in a jurisdiction with legal data-protection rights (e.g., GDPR-equivalent laws), you may exercise those rights by contacting us—we recognize your rights and will fulfill requests in compliance with applicable law.
Data Protection and Jurisdiction Framework
Service availability
shopeetoto provides gaming and wagering services only in jurisdictions where such services are legally permitted. Our privacy policy applies to all users of our platform, but the legal framework governing data protection varies by jurisdiction. In some regions, strong data-protection laws mandate user consent before data collection, limit data retention, and grant users extensive access rights. In other regions, data-protection laws are minimal or absent. We comply with the applicable laws of the jurisdiction in which we operate. If your jurisdiction has specific data-protection regulations (e.g., GDPR-equivalent laws, data-residency requirements, breach-notification mandates), we apply those standards to your data. If your jurisdiction's laws are stricter than our default practices, the stricter standard applies to you. Conversely, if our practices exceed your jurisdiction's requirements, we maintain our higher standard. Our policy is to treat all users' data with equivalent care regardless of jurisdiction. We do not offer different data-protection levels based on user location; instead, we apply uniform encryption, access controls, and retention schedules globally. However, we recognize that some jurisdictions may have specific legal requirements we must satisfy (e.g., data must be retained for a specific period for tax compliance, or data must not be transferred outside the jurisdiction). In such cases, we work with you to find compliant solutions. If we cannot satisfy your jurisdiction's legal requirements, we may restrict your account access. We are transparent about these limitations and notify you before taking such action.
Account eligibility
Eligibility to use shopeetoto depends partly on your age and legal capacity, which is verified through the data we collect. During account creation, we collect your date of birth and conduct Know-Your-Customer (KYC) verification using official identity documents (national ID, passport). This verification ensures you meet the minimum age threshold set by your jurisdiction's law. We do not specify a fixed global age limit; instead, we comply with each jurisdiction's legal requirements. Most jurisdictions set the minimum age at 18 years, but others may differ. We verify your age by cross-referencing your provided birthdate against your official ID. If your age does not meet your jurisdiction's threshold, your account application is declined. We retain your age-verification data for five years (standard for fraud prevention and dispute resolution). You do not have the right to delete age-verification records while you maintain an account; these are retained for your protection and ours. If you have concerns about age-verification procedures or dispute the age recorded on your ID, contact our support team for review. We may request additional documents (e.g., a more recent passport) to verify your current age. Eligibility also depends on your jurisdiction; if we determine that your jurisdiction does not permit our services, we deny your account application or close your account regardless of age. In such cases, any data collected is handled per our standard retention schedules.
Local-law responsibility
You are responsible for ensuring that your access and use of shopeetoto comply with the laws of your jurisdiction. This responsibility extends to data-protection laws as well. If your jurisdiction requires specific data-protection practices (e.g., data must not leave your country, you must receive explicit consent before processing, or data must be deleted within a specific timeframe), you are responsible for understanding and complying with those laws. If using shopeetoto violates your jurisdiction's data-protection laws, you may not use our platform. We provide this privacy policy to inform you of our practices; however, we do not provide legal advice about whether our practices comply with your jurisdiction's specific laws. If you are uncertain, consult a local privacy lawyer. We will not modify our data practices to comply with a single jurisdiction's unique requirements unless doing so does not compromise our ability to serve other users or comply with applicable law. However, if your jurisdiction has legal data-protection rights (e.g., the right to data access, deletion, or portability), we recognize and honor those rights. Users from jurisdictions with strong data-protection laws (e.g., Indonesia, EU, California) can exercise their statutory rights by contacting our privacy team. We respond to all such requests in compliance with applicable law. If your jurisdiction's laws change and our practices become non-compliant, we notify you and provide a reasonable period (typically 30 days) for you to opt out or request data deletion before we cease service in that jurisdiction.
Data and privacy scope
This privacy policy describes the data we collect, how we use it, and your rights. The core data categories are identity (name, national ID, date of birth), transaction (deposits, withdrawals, bets, game plays), device (IP address, browser, device type), and behavioural (login times, game preferences, activity patterns). We collect these data to operate your account, verify your identity, prevent fraud, comply with law, and improve our platform. We do not collect sensitive data such as health, biometrics, financial credit scores, or genetic information. We do not request social media access or use third-party data brokers to augment your profile. We use third-party processors (payment companies, identity-verification services, hosting providers) to handle specific functions, and we share your data with them only to the extent necessary under data-processing agreements requiring equivalent data protection. We do not sell your data. We do not use your data for marketing without explicit consent. We retain data for periods specified in this policy (identity data for five years after account closure, transactions for five years, device data for one year). You have the right to request access to your data, request correction of inaccurate information, request deletion of non-essential data, and request portability (a copy of your data in a portable format). We respond to all such requests within 10 business days. Our full privacy policy is published at this URL, and you may refer to it for additional details on specific practices.
Contact for legal inquiries
If you have legal questions about our privacy practices, wish to exercise your data-protection rights, or believe we have violated applicable data-protection law, contact our privacy team via your account dashboard or email our support team with subject line "Privacy Legal Inquiry". Our privacy officer oversees all legal and compliance matters related to data protection. We respond to all legal inquiries within 10 business days with a substantive answer or notice that additional time is required for investigation. Complex matters (e.g., disputes over data deletion, requests for large data exports) may take 15–20 business days. We investigate all complaints thoroughly and provide findings in writing. If you disagree with our response, you may escalate to our compliance office; this escalation process takes an additional 5–7 business days. If you believe we have violated data-protection law in your jurisdiction, you may lodge a complaint with your jurisdiction's data-protection authority or privacy regulator (e.g., your country's data-protection agency or privacy commissioner). We will cooperate fully with any regulatory investigation. We do not retaliate against users who lodge complaints or exercise their legal rights. If you request data deletion and we must retain data for legal reasons, we explain the hold period and provide estimated timelines for deletion. You may also request restriction of data processing (e.g., we may freeze your data and avoid updating it) while a complaint is under investigation. All such requests are processed per applicable law.