direksitoto Platform Privacy Notice and Data Protection

This page describes what we collect when you use direksitoto and how we keep that data protected. When you create an account, deposit funds via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfers (mobile banking, local payment, online payment, e-wallet), and verify your identity, you provide personal information to direksitoto. We use this information to operate your account, settle transactions, comply with financial regulations, and prevent fraud.

Our direksitoto platform processes data across multiple systems. Your login credentials are encrypted and stored separately from your government ID documents. Payment information flows through third-party processors. Your data may be retained outside your jurisdiction on secure servers. We explain each step of our data handling below so you understand exactly what we collect and why.

You have rights over your data on direksitoto. You can request access, correction, or deletion of your personal information by contacting our support team. This policy is effective immediately and applies to all direksitoto account holders across Indonesia, including those in Jakarta, Surabaya, Bandung, Medan, Semarang, and Yogyakarta.

Data We Collect on direksitoto

We collect several categories of information when you use direksitoto. First, we collect account information: your email address, password (encrypted), phone number, and account username. Second, we collect identity information required for account verification: your full name from your government ID (KTP or passport), your ID number, your date of birth, and your address. Third, we collect payment information: the deposit method you choose (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or your bank name), transaction IDs, deposit amounts, and withdrawal destinations.

During identity verification, we ask you to upload a photograph of your government ID and a selfie holding that document. These images are stored in encrypted form and are used only for compliance verification. Fourth, we collect behavioral data: your login history, IP addresses, device information, and which games or markets you view. This data helps us detect fraudulent access and improve direksitoto's performance across different devices and network conditions.

How We Use Your Data on direksitoto

We use your account information to authenticate your login and manage your direksitoto balance. We use your identity information to comply with Know-Your-Customer (KYC) regulations required by Indonesian financial authorities. We verify that you are who you claim to be before allowing withdrawals. This protects your account and prevents money laundering.

We use your payment information to process deposits and withdrawals. When you deposit via mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, or bank transfer, we route this information to our payment processor, who completes the transaction. We do not store your full bank account details—only that a transfer occurred and to which destination method you wish to withdraw.

We use your behavioral data to detect fraud and enforce our terms of service. If we detect suspicious login patterns or unauthorized access attempts, we flag your account and may require additional verification. We use IP addresses and device information to improve direksitoto's performance and identify technical issues affecting users across different regions and network types.

Third-Party Processors and Data Sharing

Your direksitoto data passes through third-party processors who are contractually bound to protect it. Payment processors (for online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet transactions) receive transaction details to complete deposits and withdrawals. Compliance verification services receive your government ID image and biometric data (from your selfie) to verify your identity. Cloud storage providers host our encrypted databases containing your account balance and payment history.

We do not sell your personal data to advertisers or third parties. We do not share your email address or payment information with marketing companies. We share data only when legally required to do so—for example, when Indonesian financial authorities request information during an investigation or when a law enforcement agency presents a valid court order.

Payment processors

Receive transaction data to complete deposits and withdrawals on direksitoto.

Compliance services

Receive your ID image and selfie to verify your identity before account approval.

Cloud storage

Host encrypted copies of your account data for backup and disaster recovery.

Legal authorities

Receive data only when direksitoto receives a court order or regulatory request.

Cookies and Tracking on direksitoto

Our direksitoto website and app use cookies to store your login session. Session cookies remember that you are logged in so you do not need to enter your credentials on every page. These cookies expire when you close your browser. We also use analytics cookies to measure how users interact with direksitoto—which pages they visit, how long they stay, and which devices they use. This helps us improve the platform's usability and performance.

You can disable cookies in your browser settings, but doing so may prevent direksitoto from functioning properly. Your mobile app does not use traditional cookies—instead, it stores an authentication token locally on your device. If you uninstall the app, this token is deleted.

Your Rights Regarding Data on direksitoto

You have the right to request access to your personal data on direksitoto. Contact our support team and we will provide a copy of the information we hold about you. You have the right to correct inaccurate information—if your address or phone number changed, you can update it in your account settings. You have the right to request deletion of your data, though we may retain it for as long as required by Indonesian financial regulations (typically five to seven years after account closure).

You have the right to withdraw consent for non-essential data collection. However, we must retain account information (email, identity, payment method) to operate direksitoto and comply with regulations. You cannot withdraw consent for data we are legally required to collect.

Data Retention and Security on direksitoto

We retain your account and payment data for seven years after your account closes, as required by Indonesian financial authorities. Your government ID image and selfie are retained only for the duration of account verification, then deleted while keeping a record that verification occurred. Login history and behavioral data are retained for one year for fraud detection purposes, then deleted automatically.

Your data on direksitoto is protected by industry-standard encryption. Your password is hashed using a one-way algorithm so even our support team cannot read it. Your identity documents are encrypted and stored on separate servers from your login credentials. We recommend enabling two-factor authentication in your account settings for additional security.

Contact Us About Privacy on direksitoto

If you have questions about how direksitoto collects or uses your data, contact our support team. We respond to privacy inquiries during business hours. If you wish to request access, correction, or deletion of your personal information, include "Privacy Request" in your message subject line so it is routed to our compliance team.

This privacy notice reflects our current practices on direksitoto. If we change how we collect or use data, we will notify you by email and update this page. We do not make retroactive changes that worsen your privacy—any updates apply only to data collected after the change takes effect.

Related guides