LEGAL REFERENCE

How birtoto Handles Your Account Data

This is the birtoto privacy policy — the plain-language version of how we collect, store and use the information tied to your account. We've written it for you...

Account dataCookiesRetentionYour rightsContact
View Game Library Read FAQ
birtoto How birtoto Handles Your Account Data

Policy Posture and Scope of This Notice

Where local law permits, this policy governs how birtoto processes the data attached to your account: the email or phone you registered with, device identifiers, session logs and the payment references generated when you top up. We keep these on access-controlled systems and we don't sell them on. In supported regions you can request a copy of your records, ask us to

correct an entry, or close the account entirely. Third-party processors — payment gateways, game studios, anti-fraud tools — see only the slice they need to complete a request, nothing more.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

PLAYER SUPPORT

Privacy Contact Paths

If something in this policy needs clarifying, or you want to act on a data right, these are the channels that route straight to our privacy desk rather than general support.

Team online

Privacy Inbox

Email our data team directly when you want a copy of your account records, a correction to stored details, or full deletion. We aim to reply within three working days across supported Indonesia regions.

In-Lobby Chat

Open the chat bubble inside your account and ask for the privacy queue. The agent will escalate cookie questions, marketing opt-outs or consent withdrawals to the team that actually owns those settings.

Written Request

Prefer a paper trail? Send a signed letter referencing your registered handle and we'll match it to your file, verify identity, then action the request under the timelines this policy sets out.

PLATFORM TRUST SIGNALS

How We Review This Policy

Signals that show this notice is maintained, not copy-pasted and forgotten.

Quarterly Review

Our compliance team re-reads this page every quarter against current Indonesian data practice. Any change to processors, retention windows or cookie categories triggers a fresh version stamped at the foot of the document.

Named Owner

A single privacy lead signs off every revision before it goes live. That person also handles escalations, so the wording you read here matches the person who'll answer your data request.

Plain Language

We rewrite jargon into sentences a first-time account holder can follow. If a clause needs a legal term, we explain it in the same paragraph rather than burying definitions in a separate glossary.

Processor List

Every third party that touches your data — payment rails, game providers, fraud screens — sits on a list we keep current. Adding a new processor means updating this policy before the integration goes live.

Retention Clock

Records have fixed lifespans tied to the reason we hold them. Once that reason ends and legal hold periods expire, the row is purged from active systems on a scheduled sweep.

Audit Trail

Access to account data is logged at the row level. If you ask who viewed your file and why, we can reconstruct that history rather than handing back a vague summary.

Consistency With Our Other Legal Pages

How this notice lines up with the rest of the birtoto legal set.

Terms of Service
The terms describe what you agree to when opening an account; this privacy page describes what we do with the data that account generates. The two are written to reference each other cleanly.
Cookie Notice
Cookie categories, durations and the consent banner behaviour are covered in detail on the cookie page. This policy summarises them and links across rather than duplicating the full table.
KYC Notice
Identity verification rules live in the KYC notice. Here we only describe what happens to the documents you upload, how long we hold them and which staff role has access.
Payment Terms
DANA, OVO, GoPay and QRIS handling sits in the payment terms. This policy covers the personal data side — names, references, timestamps — that those flows produce on our end.
Marketing Preferences
Opt-in choices for promotional messages are stored against your account and described here. The marketing preferences page is where you actually change them in real time.
Complaints Policy
If you feel a privacy decision was wrong, the complaints policy explains the escalation route. This page tells you what to attach so the reviewer has the full picture.
Account Closure
Closure mechanics are documented in the account help section. This policy covers what we keep after closure, why we keep it, and when the final purge runs.

What This Policy Page Covers at a Glance

The visible building blocks of this notice, so you can jump to the part you actually need.

Data We Collect

Registration details, device fingerprints, session logs and the references tied to lobby activity. We list each category with the reason we hold it rather than lumping everything under one vague heading.

How We Use It

Running your account, keeping the lobby secure, meeting legal duties in supported Indonesia regions, and improving the parts of the product you actually open. No use beyond those buckets without a fresh consent.

Who Sees It

Internal staff on a role-based access model, plus the named third parties on our processor list. Each external party is bound by a contract that restricts use to the task we hired them for.

How Long We Keep It

Retention is tied to the reason. Active account data stays while the account is open; closed-account records sit for the legal minimum, then the scheduled purge clears them from live systems.

Your Rights

Access, correction, deletion, portability and the right to withdraw consent for marketing. Every right has a contact route in the support section above and a response window we publicly commit to.

Policy Updates

When wording changes, the version stamp at the foot of this page moves. Material changes are flagged inside your account on next sign-in so you don't miss something that affects you.

Privacy Questions We're Asked Most

The handle and contact detail you registered with, your device and session metadata, payment references from DANA, OVO, GoPay or QRIS top-ups, and the lobby activity tied to your account. Nothing collected without a reason listed in this policy.

Yes. Email the privacy inbox from your registered address, confirm a couple of identity points, and we'll package the records we hold and send them back within the response window set out earlier on this page.

Open your account, head to the marketing preferences screen, and switch the channel off. The change applies immediately to future sends. Messages already in a queue may go out, but nothing further will be triggered.

Only the minimum needed for a round to load and settle on your account — typically a session token and a balance reference. Studios don't see your contact details, payment data or the rest of your account history.

For the legal minimum period that applies to financial and anti-fraud records in supported Indonesia regions. After that window closes, the scheduled purge removes the row from active systems and from routine backups on the next cycle.

The version stamp at the foot of this page moves whenever we revise wording. Material changes — new processors, new data categories, shorter rights windows — are also flagged inside your account on the next sign-in.

Start with the privacy inbox listed in the support section. If the response doesn't resolve it, the complaints policy sets out the next step, including the external body you can approach where local law gives you that route.