gilaloto Platform Privacy Notice
This page describes what we collect when you use gilaloto and how we keep that data protected. We at gilaloto collect personal information—your name, email, phone number, national ID, and payment details—only to operate your account, process deposits and withdrawals, comply with law, and verify your identity. We do not sell your data, rent it to marketers, or share it with third parties except where the law requires us to do so.
Our data handling follows international privacy standards and local Indonesian regulations. Your account data sits on gilaloto servers. Payment information passes through secure encrypted channels and is handled by certified payment processors (DANA, e-wallet, mobile banking, and bank partners). Game activity (your bets, winnings, withdrawals) is logged for audit and compliance purposes only.
If you have questions about how we handle your data, how long we keep it, or your rights to access or delete it, contact us via our FAQ page or our support channels.
What data we collect on gilaloto
Account registration. When you create a gilaloto account, we collect your email address, phone number, and a password of your choice. These are mandatory to establish your account. We use your email to send you account notifications and recovery links. Your phone number is used for account verification (SMS codes) and customer support contact.
Identity verification. To comply with anti-money-laundering (AML) and know-your-customer (KYC) rules, we request your full legal name, national ID number, date of birth, and physical address. We may ask for a photo of your ID or a selfie holding your ID for visual verification. This data is encrypted and stored separately from your account login credentials. We retain identity documents for as long as your gilaloto account is active, plus a retention period defined by Indonesian financial regulations.
Payment information. When you deposit via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer (mobile banking, local payment, online payment, e-wallet), we collect the payment method details and transaction records. For e-wallet methods, we do not store your wallet password—only the linked account identifier. For bank transfers, we record your bank account number and name (used for withdrawal matching). Payment data is encrypted using industry-standard TLS and stored on PCI-compliant servers.
Game and betting activity. We log every bet you place, every game you play, every withdrawal you request. This includes the time, amount, outcome, and final balance after each transaction. We use this data to calculate your account balance, settle bets fairly, detect fraud, and provide you with a complete account history if you request it. We do not use your activity data for profiling or targeted marketing.
Data we collect on gilaloto
- Email, phone number, password.
- Full name, national ID, date of birth, address.
- Payment method details and transaction history.
- Betting activity, game outcomes, account balance changes.
- IP address and device information (for security auditing).
- Support chat logs and correspondence.
Device and access logs. We log your IP address, browser type, operating system, and approximate geographic location each time you access gilaloto. This helps us detect unusual account activity (e.g., login from a new country, multiple failed login attempts) and protect your account from unauthorized access. We retain these logs for up to 12 months for security auditing.
How we use your data and your rights on gilaloto
How we use what we collect. We use your data to operate your gilaloto account (login, balance calculation, transaction settlement), verify your identity (compliance with Indonesian KYC laws), process your deposits and withdrawals, detect fraud, respond to your support requests, and maintain audit trails for regulatory purposes. We do not use your data for email marketing unless you opt in explicitly. We do not sell, rent, or share your data with advertisers, data brokers, or third-party marketers.
Third-party processors. gilaloto contracts with payment processors (DANA, e-wallet, mobile banking, bank partners) to handle your deposits and withdrawals. These processors have their own privacy policies and handle payment data under their own security standards. We contractually require them to protect your data and use it only for payment processing. We also use hosting providers and backup services to keep our servers and data secure—these providers have signed data processing agreements and are bound by confidentiality.
Legal requirements and disclosure. We may disclose your data if required by law (Indonesian court order, regulatory request, police investigation). We will inform you of such a request unless the law prohibits us from doing so. We do not comply with requests from non-governmental organizations or private individuals—only from government agencies with legal authority.
Your privacy on gilaloto is not negotiable. We encrypt your data, limit access, and delete it when no longer needed.
Your rights regarding your data on gilaloto. You have the right to request what data we hold about you (a data subject access request). You have the right to ask us to correct inaccurate data (e.g., if we recorded your address wrong). You have the right to ask us to delete your data once your account is closed and all legal retention periods have passed. To exercise these rights, contact our support team in writing and we will respond within a standard window.
Data retention on gilaloto. We keep your account registration data (email, phone, password) as long as your account is active. If you close your account, we retain identity documents and transaction records for seven years (required by Indonesian financial law). After seven years, we delete or anonymize this data. Access logs are retained for 12 months; older logs are automatically purged. Payment processor records (local payment, online payment, e-wallet transactions) may be retained longer—check their privacy policies.
Cookies and tracking. gilaloto uses cookies to maintain your login session and remember your preferences (language, theme). These are functional cookies necessary for the platform to work. We do not use tracking cookies for marketing or profiling. If you disable cookies in your browser, you may not be able to use gilaloto. We do not track your activity across other websites.
Data security on gilaloto. We use encryption (TLS/SSL) for all data in transit. Stored data is encrypted at rest using AES-256 or equivalent. Access to your data is restricted to authorized gilaloto staff members who need it to process your requests. Our servers are located in secure data centers with physical and digital access controls. We conduct regular security audits and penetration testing to identify and fix vulnerabilities.
Breach notification. If a security incident compromises your data, we will notify you and relevant authorities within the timeframe required by law. We do not hide breaches. If we discover unauthorized access to your account, we will freeze your account, investigate, and contact you immediately.
Cross-border data flows. gilaloto's servers may be located outside Indonesia. When you use gilaloto, your data may be processed, stored, or backed up in jurisdictions outside your location. By using gilaloto, you consent to this cross-border transfer. We ensure that our overseas data processors maintain the same security and privacy standards as required by Indonesian law.
Changes to this privacy notice. We may update this notice from time to time to reflect changes in our practices or the law. We will notify you of material changes by email or by posting an update on gilaloto. Your continued use of gilaloto after an update constitutes acceptance of the new terms. Check this page periodically for updates.
Contact us about privacy on gilaloto. If you have a privacy concern, believe we have mishandled your data, or want to exercise your data rights, contact our data protection team. You can also lodge a complaint with the Indonesian Data Protection Authority (Otoritas Jaminan Informasi Pribadi) if you believe we have violated your privacy rights under Indonesian law. Users in Jakarta, Surabaya, Bandung, and Medan have the same data protection rights regardless of location.
We at gilaloto treat your privacy as a core responsibility, not a legal checkbox. Your data is encrypted, compartmentalized, and accessed only when necessary. We retain data only as long as required and delete it securely when no longer needed. Trust is earned through transparency and action.
This privacy notice is current as of the date last updated. We recommend reviewing it periodically for changes. If you do not agree with our privacy practices, you have the right not to use gilaloto. Your voluntary use of our platform constitutes acceptance of this notice.