boytotoPrivacy Policy

This page describes what we collect when you use boytoto and how we keep that data protected. Our privacy practices are designed around a simple principle: we gather only the information we need to verify your identity, process your payments, deliver our gaming service, and comply with law. We do not sell your data to third parties, and we do not share your personal information beyond what is necessary to operate boytoto securely.

When you create a boytoto account, we ask for your email, a password, and basic profile details. When you deposit or withdraw funds, we collect banking and payment information. When you use our platform—whether you are playing live baccarat in a studio feed or placing a bet on Liga 1—we log your activity for fairness, security, and regulatory reasons. All of this data is encrypted in transit and at rest, and access is restricted to our staff and trusted partners who help us operate boytoto.

This policy applies to all boytoto users regardless of location. We operate under jurisdiction-restricted access: our services are available only where local law permits. If you have questions about your data, your rights, or how to request deletion or correction, our support team can guide you.

What Data We Collect on boytoto

Our data collection is straightforward and purpose-driven. We collect what is necessary to operate boytoto, nothing more.

Account registration and identity verification

When you register on boytoto, we ask for your email address, a password, and basic profile information (name, date of birth, address). This allows us to create your account and communicate with you about your activity. We do not collect your data and immediately store it indefinitely; instead, we retain it only as long as your account is active or as required by law.

Before you can withdraw winnings, we conduct Know Your Customer (KYC) verification. This means we ask for a government-issued ID (passport, national ID, or driver's licence) and proof of residence (utility bill or bank statement). We use this information to confirm your identity and prevent fraud, money laundering, and underage access. Our verification team reviews your documents and marks your account as verified or requests clarification. Once verified, your withdrawal access is enabled. We do not share your ID scan with third parties except where required by law enforcement or regulatory bodies.

Payment and transaction data

When you deposit funds into boytoto via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer (mobile banking, local payment, online payment, e-wallet), we collect transaction records including the amount, date, and payment method. We do not store your full card number or bank account number on our servers. Instead, payment processing is handled by our payment partners—mobile banking, local payment, and the banks maintain your sensitive banking details, and we receive only confirmation of successful or failed transactions.

When you request a withdrawal, we collect your chosen withdrawal method and destination account details (e.g., your online payment phone number or bank account). This information is used solely to dispatch your funds. After the withdrawal is processed, we retain a record of the transaction for accounting and regulatory purposes, but we do not use your banking details for any other purpose.

Encryption in transit: We encrypt all sensitive data (passwords, payment details, ID scans) using TLS/SSL protocols when it travels between your device and our servers. Data at rest is encrypted using industry-standard algorithms.

Gaming activity and device data

When you play a game on boytoto—whether it is live baccarat, Book of Dead, Dragon Fishing, or a Liga 1 bet—we log the following: the game or market you accessed, your bet amount, the outcome, the time, and your resulting balance. This activity log serves multiple purposes: it allows you to review your own history, it helps us detect unusual patterns that might indicate fraud, and it meets our regulatory obligations to maintain records of all wagering activity.

We also collect technical information about your device and connection: your device type (Android or iOS), browser version, IP address, and approximate location based on IP geolocation. This helps us optimize boytoto for different devices and networks, troubleshoot technical issues, and detect security threats (e.g., logins from unexpected locations).

How We Use Your Data

We use your data for these specific purposes only:

Account management: Creating and maintaining your boytoto account, verifying your identity via KYC, resetting your password, and communicating account-related updates.
Payment processing: Depositing and withdrawing funds through our payment partners, ensuring transactions are secure and reconciled correctly.
Game and service delivery: Running our live-dealer studios, calculating slot outcomes, settling sportsbook bets on Liga 1, Piala AFF, and other markets, and updating your account balance in real time.
Fraud and security: Monitoring for unauthorized access, unusual betting patterns, duplicate accounts, and other signs of fraud or abuse.
Legal compliance: Maintaining records required by law, responding to lawful requests from regulators or law enforcement, and preventing money laundering or underage gambling.
Service improvement: Analyzing how users interact with boytoto so we can fix bugs, optimize performance, and add features. This analysis is typically done on anonymized data.

We do not use your data for marketing purposes without your explicit consent. We do not sell or rent your personal information to advertisers or data brokers. We do not profile you based on your gaming preferences and sell those profiles to third parties.

Third-Party Processors and Data Sharing

Operating boytoto requires us to share certain data with third-party service providers. Here is who we work with and why:

Payment partners

We share transaction data with e-wallet, mobile banking, local payment, online payment, e-wallet, and participating banks (mobile banking, local payment, online payment, e-wallet). They process your deposits and withdrawals. We share only what is necessary: your account identifier, the transaction amount, and confirmation of the purpose (deposit or withdrawal). These partners have their own privacy policies and are responsible for protecting your banking data.

Live-dealer studios and game providers

We work with licensed studios that operate our live-dealer tables (blackjack, roulette, baccarat, Dragon Tiger). These studios see only your account identifier and bet amounts—they do not see your real name, address, or payment details. Game software providers (for slots, fishing games, and sportsbook markets) have access to your gameplay data to ensure fair outcomes and to detect cheating. They operate under strict data-protection agreements with boytoto.

Data hosting and IT infrastructure

Our servers may be located outside your jurisdiction (for example, in Singapore or other regional data centres). This means your data crosses borders. We choose data-centre providers with strong security certifications, and we encrypt your data so that even our hosting provider cannot read your personal information without the encryption key.

Legal and regulatory compliance

If we receive a lawful request from law enforcement, a court, or a financial regulator, we may disclose your data as required by law. We will attempt to notify you of such requests unless we are legally prohibited from doing so.

Cross-border data transfer: By using boytoto, you acknowledge that your data may be transferred, stored, and processed in countries outside your own, including countries with different data-protection laws. We use encryption and contractual safeguards to protect your data during these transfers.

Your Rights on boytoto

Depending on your jurisdiction, you have certain rights regarding your data:

Access: You can request a copy of all personal data we hold about you. We will provide this within a reasonable timeframe.
Correction: If your data is inaccurate or incomplete, you can ask us to correct it (e.g., if your address on file is outdated).
Deletion: You can request deletion of your account and associated data, subject to legal retention requirements. We will delete your data once any legal holds are lifted and no regulatory reasons require retention.
Portability: You can request that we provide your data in a portable format (e.g., CSV or JSON) so you can transfer it to another service.
Objection: You can object to certain data processing (e.g., analytics), though this may limit our ability to deliver boytoto's services.

To exercise any of these rights, contact our support team. We will verify your identity and respond within a reasonable timeframe, typically 14–30 days depending on the complexity of your request.

Cookies and Tracking Technologies

boytoto uses cookies to remember your login session, store your language preference, and track your usage for security and analytics purposes. A cookie is a small text file stored on your device. When you revisit boytoto, your browser sends the cookie back to us, and we recognize you without requiring you to log in again.

You can control cookies through your browser settings. If you disable cookies, boytoto may not function correctly—for example, you might be asked to log in on every page load. We do not use third-party tracking cookies (from advertisers or social networks) on boytoto.

Data Retention

We retain your data only as long as necessary. Here are our guidelines:

Active accounts: While your boytoto account is active, we retain all your data (profile, payment history, gaming activity) so you can access your account and withdraw your balance.
Closed accounts: Once you close your account, we keep your transaction records and KYC documentation for a minimum of five years to comply with anti-money-laundering regulations and taxation requirements.
Gaming logs: Your detailed gaming activity is retained for one year for regulatory audit purposes. After one year, detailed logs are archived and eventually deleted.
Marketing opt-outs: If you unsubscribe from marketing communications, we retain your email address on a suppression list for two years to ensure we do not contact you again.

Security Measures

We employ multiple layers of security to protect your data on boytoto:

Encryption of data in transit (TLS/SSL) and at rest (AES-256)
Strong password requirements and optional two-factor authentication (2FA)
Regular security audits and penetration testing
Restricted staff access to sensitive data (only employees with a need-to-know have access)
Firewalls and intrusion-detection systems
Secure logging and monitoring of unauthorized access attempts

While we implement industry-standard security, no system is completely immune to breach. If we experience a data breach, we will notify affected users and relevant regulators as required by law.

Contact and Policy Updates

If you have questions about our privacy practices, want to exercise your rights, or suspect a data breach, contact our support team through the boytoto app or website. We respond in English during business hours.

We may update this policy from time to time as our practices evolve or law changes. When we make material changes, we will notify users via email or a prominent notice on boytoto. Continued use of boytoto after such notice constitutes your acceptance of the updated policy. Check this page regularly to stay informed.

Key takeaways

We collect only data necessary to run boytoto: email, identity, payment info, and gaming activity.
All data is encrypted in transit and at rest; access is restricted to essential staff.
We do not sell your data or use it for marketing without consent.
Third-party processors (payment partners, studios, hosting providers) handle specific functions under strict data-protection agreements.
You have rights to access, correct, delete, or port your data; contact support to exercise these rights.
We retain transaction and KYC data for five years to comply with anti-money-laundering law.