LEGAL REFERENCE

Your privacy is how we build trust

We've built totomacau around one principle: your account, your payment details and your activity stay protected. This policy shows exactly what we collect, how we use it and...

Data ProtectionPayment SecurityAccount PrivacyTransparent PracticesIndonesia-Compliant
Account access Read FAQ
totomacau Your privacy is how we build trust

Privacy policy overview and scope

totomacau collects personal information—your name, email, phone, address and payment details—solely to set up your account, process deposits via DANA, OVO, GoPay and QRIS, and keep your profile secure. We do not sell your data to third parties. Where local law permits, we may share information with payment processors and compliance partners. All data is encrypted and stored on secured servers. You

retain the right to request, correct or delete your personal information by contacting our support team.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

HELP CHANNELS

How to reach us about your privacy

Email Support Send privacy inquiries, data requests or correction notices...
In-Account Messaging Log in, open the help menu and message...
Phone Line Call our privacy team during business hours. Indonesian...
WHY VISITORS TRUST US

Why we keep privacy standards high

SSL Encryption

Every payment, login and personal detail travels through 256-bit SSL encryption. No interceptor can read your data in transit.

Regular Audits

Third-party security firms audit our systems quarterly. We fix gaps before they become risks and publish results transparently.

Payment PCI Compliance

We meet PCI DSS Level 1 standards for card and e-wallet processing. Your DANA, OVO, GoPay and QRIS transactions follow...

Limited Staff Access

Only authorized personnel see your full details. Most team members work with masked account numbers and hashed identifiers only.

Data Minimization

We ask only for information we need. We don't collect browsing history, device IDs or location data unless you explicitly...

Breach Response Plan

If a breach occurs, we notify affected users within 24 hours and provide free identity monitoring for 12 months.

WHY THIS PLATFORM

How our privacy policy compares

01

Data Retention

We keep your data for as long as your account is active. After closure, records stay for 7 years per local law, then deleted.

02

Cookie Use

We use session cookies to remember your login and preferences. No third-party tracking cookies. You can disable them in settings.

03

Marketing Emails

We send promo updates only if you opt in. Unsubscribe links work instantly. We never share your email with external marketers.

04

GDPR & Local Laws

Though based offshore, we comply with Indonesia's data protection expectations for users in supported regions.

05

Account Access Control

Two-factor authentication is optional but recommended. You control who can see your transaction history and account balance.

06

Payment Partner Privacy

DANA, OVO, GoPay and QRIS providers handle their own data policies. We share only the minimum required for payment settlement.

07

Children's Data

totomacau is for users 21+. We do not knowingly collect data from minors. Any accidental collection triggers immediate deletion.

QUICK SIGNAL

What this privacy policy protects

Account Identity Your username, email and phone are encrypted at rest. Login...
Transaction Records Deposit, withdrawal and gaming activity is logged but accessible only...
Payment Method Details DANA, OVO, GoPay and QRIS identifiers are tokenized. We never...
Device & IP Logs We keep minimal device fingerprints for fraud detection. Logs are...
Communication Records Chat with support? Messages are encrypted and archived for 2...
Withdrawal Requests Bank details you provide for payouts are used once, verified...

Privacy questions answered

No. We do not sell, rent or trade your personal information. We only share data with payment processors and compliance partners bound by strict confidentiality agreements to keep your details private.

Active account data stays accessible to you as long as your account exists. After closure, we retain records for 7 years as required by law, then permanently delete everything.

Yes. We tokenize your payment details so we never store actual wallet or bank credentials. Transactions are encrypted end-to-end and processed through PCI-compliant payment gateways only.

We notify you within 24 hours with clear details. We provide free identity monitoring for 12 months and cover any verified fraudulent charges on your account during that period.

You can request deletion of certain non-essential data, but we must retain name, email and transaction history for compliance. Close your account and we'll schedule full erasure after the legal 7-year hold.

We use session cookies only to remember your login and preferences. No third-party tracking. You can disable cookies in your browser settings, though this may affect account functionality.

Email our privacy team, message us in-account, or call during business hours. All requests are logged and responded to within 48 hours. We also have a formal appeal process if you're unsatisfied.