attatoto Privacy Policy

This page describes what we collect when you use attatoto and how we keep that data protected. Digital payment adoption across Indonesia has grown rapidly; millions of transactions now flow through mobile wallets and banking platforms daily. We take your privacy seriously because your personal and financial information—collected during registration, deposits, and withdrawals—must be safeguarded with industry-standard encryption and access controls.

We at attatoto collect personal data only to operate your account, process your deposits and withdrawals, verify your identity, and comply with local financial regulations. We do not sell your information to marketing firms or data brokers. Your data is shared only with payment processors, identity verification providers, and authorities when required by law. We retain your information only as long as your account is active and for periods mandated by local compliance rules.

Our privacy practices are transparent. You have rights over your data—you can request access to what we hold, ask for corrections, and request deletion when your account closes. This policy explains your rights, our obligations, and how to exercise your choices. If you have privacy concerns, contact our support team during business hours (Monday–Sunday, 08:00–20:00 Indonesian time).

What we collect on your attatoto account

We collect your full name, date of birth, email address, phone number, and physical address when you register. We require these details for account setup and identity verification. We collect payment information—your deposit and withdrawal transactions, payment method details, and account holder names—to process your requests through DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet. We collect your betting history, market selections, and account balance to track your engagement and settle your bets correctly.

We also collect technical data: your IP address, device type, browser, and login timestamps. This information helps us detect fraud, enforce jurisdiction restrictions, and monitor account security. We use cookies to remember your preferences and keep you logged in across sessions. You can disable cookies in your browser settings, though this may limit platform functionality.

Identity verification and Know Your Customer (KYC)

When you open an attatoto account, we verify your identity using a government-issued ID (passport, national ID, or driver's license) and address proof (utility bill, bank statement, or rental agreement). We may use a third-party identity verification service to confirm your details. These providers use secure document scanning and biometric matching. Your ID and address documents are encrypted and stored separately from your main account data. We retain these documents for the duration your account is active and for periods required by local financial law (typically 5–7 years post-closure).

Payment processors and third-party vendors

Your payment data passes through our payment processors to complete deposits and withdrawals. These processors—including mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and banking partners—handle the actual fund movement. They store transaction records according to their own privacy policies and comply with Indonesia's payment regulations. We do not store your full payment card details; our processors handle that data under their security standards. We share only the minimum information necessary (account holder name, amount, transaction reference) to complete your requests.

Data location: Our attatoto servers may be located outside Indonesia. By using our platform, you consent to your data being transferred and processed internationally, subject to encryption and standard security protections.

Our data protection commitments

We encrypt all data in transit and at rest using industry-standard SSL/TLS protocols. Your password is hashed and salted—we never store plain-text passwords. Two-factor authentication (2FA) adds a second security layer. Only authorized staff can access your account data, and their access is logged and audited. We conduct regular security testing and penetration reviews to identify and patch vulnerabilities. If we experience a data breach, we notify affected users within 24 hours and cooperate with local authorities.

We retain your personal data for as long as your attatoto account is active. After you close your account and request data deletion, we securely erase personal information within 30 days, except where local law requires longer retention (compliance holds typically last 5–7 years for anti-money-laundering purposes). Even after erasure, some data may be retained in backup systems for a limited period; these backups are also encrypted and subject to access restrictions.

Your rights regarding attatoto data

You have the right to request access to all personal data we hold about you. We provide a downloadable account statement or data export upon request within 10 business days. You have the right to correct inaccurate information—use your account settings to update name, email, or phone number. You have the right to request deletion of your data when your account closes. You have the right to data portability—we can provide your information in a machine-readable format suitable for transfer to another service. You also have the right to object to certain processing; contact support to discuss specific concerns.

How we use your data

We use your data to operate your account, process deposits and withdrawals, settle bets against official results, and prevent fraud and money laundering. We use your email and phone to send account notifications, transaction confirmations, and support responses. We use technical data (IP, device) to enforce jurisdiction restrictions—if we detect access from a prohibited region, we block the connection. We analyze betting patterns to detect unusual activity and protect your account from compromise. We share minimal data with authorities when required by law—subpoenas, regulatory requests, or investigation warrants. We do not use your data for marketing or third-party advertising without explicit consent.

Key privacy principles on attatoto

  • We collect only data necessary to operate your account and comply with financial regulations
  • We encrypt all data in transit and at rest using industry-standard protocols
  • We do not sell or share your data with marketing partners or data brokers
  • You have rights to access, correct, and delete your personal data
  • We retain data only as long as your account is active or compliance rules require

Contact and privacy requests

If you have questions about how we handle your data, want to request access or deletion, or need to report a privacy concern, contact our support team. We respond to privacy requests within 10 business days. For urgent matters—suspected data breach or unauthorized access—contact support immediately; we prioritize security incidents and investigate within 24 hours. This privacy policy is effective immediately and may be updated; we notify you of material changes via email and provide a 14-day notice period before updates take effect. Continued use of attatoto after the notice period indicates acceptance of the updated policy.