pestoto Casino & Sportsbook Data Care

This page describes what we collect when you use pestoto and how we keep that data protected. Our approach to privacy is straightforward: we collect only what we need, we encrypt what we store, we don't sell your information, and we give you control over your account whenever possible. Whether you access pestoto via Android app, iOS browser, or desktop from Jakarta, Surabaya, Bandung, or Medan, the same privacy commitments apply.

We recognize that your personal information—your email, phone number, ID, bank details, game history—is sensitive. We treat it with the care it deserves. This policy explains what data we collect, how we use it, who can access it, how long we keep it, and what rights you have. If you have questions after reading this, contact our support team via in-app chat or email.

This privacy policy is effective immediately and supersedes all prior versions. We update it occasionally to reflect changes in our practices or law. We notify you of material changes at least 30 days in advance via email or in-app notification.

Data We Collect When You Use pestoto

We collect data in three categories: account data, payment data, and gameplay data. Account data includes your email, phone number, legal name, date of birth, and residential address. We collect this during registration and KYC verification. Payment data includes your deposit and withdrawal history, the payment method you use (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet), and transaction amounts. Gameplay data includes which games you play on pestoto, your bet sizes, your game results, and your running balance.

We also collect technical data: your device type (Android, iOS, desktop), your browser version, your IP address, your general location (country/region level, not street address), and your login timestamps. This technical data helps us detect fraud, prevent unauthorized access, and improve our platform's performance.

Our pestoto KYC Verification Process

Before your first withdrawal, we require Know Your Customer (KYC) verification. You upload a clear photo of your national ID or passport, confirm your residential address, and verify your phone and email. We store this ID photo securely in an encrypted database separate from your login credentials. We do not share KYC data with game vendors, payment processors, or marketing partners.

KYC data is used only for regulatory compliance and fraud prevention. We retain it as long as your account is active, and for one year after account closure for legal compliance purposes.

What We Don't Collect on pestoto

We do not ask for your password via email or chat—we only request it during login. We do not collect your full bank account number; payment processors tokenize this for us. We do not use cookies to track you across other websites. We do not retain your login history longer than 90 days. We do not record live-dealer game video feeds beyond the duration of the hand or session—those videos are not stored on our servers.

Data we collect on pestoto

  • Account data: email, phone, name, date of birth, address (for KYC)
  • Payment data: deposit/withdrawal history, payment method, transaction amounts
  • Gameplay data: games played, bet history, game results, account balance
  • Technical data: device type, IP address, browser type, login timestamps
  • Communication data: support chat messages, email correspondence

How We Use Your Data

We use your account data to operate your pestoto account, verify your identity, comply with legal requirements, and process your withdrawals. We use payment data to settle deposits and withdrawals, prevent fraud, and audit transactions for regulatory compliance. We use gameplay data to calculate your winnings, detect bonus abuse, and generate your account statement.

We use technical data to detect suspicious login patterns (repeated failed passwords, login from unusual locations), prevent unauthorized access, and improve our platform's speed and stability. We analyze aggregated, anonymized data (never individual data) to understand which games are popular, which payment methods work best in each region, and where we have technical issues.

We do not use your data for marketing unless you explicitly opt in. We do not send you promotional emails or SMS unless you request them in Account → Preferences. You can disable promotional messages at any time.

Third Parties & Data Processors

Our payment processors (mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment) receive your payment data to complete deposits and withdrawals. These partners have their own privacy policies and security practices. We do not share your account balance or game history with them—only transaction amounts and your registered phone or bank account.

Our game vendors (Pragmatic Play, Yggdrasil, and other licensed providers) receive only your anonymized player ID (a random string, not your name or email), game results, and bet amounts. They do not receive your personal information. Our compliance and anti-fraud partners may receive transaction data and KYC information to verify your eligibility and detect fraud. These partners are contractually bound to keep your data confidential.

We may be required to share data with government authorities, tax agencies, and legal enforcement if served with a lawful request (subpoena, search warrant, court order). We notify you of such requests unless legally prohibited.

Your data on pestoto is yours. We don't sell it, trade it, or use it for purposes beyond running our platform.

pestoto Privacy & Security Team

Data Security & Encryption

We encrypt all data in transit (between your device and our servers) using standard SSL/TLS encryption. Your password is hashed using bcrypt with salt and stored in an encrypted database—we never store your plaintext password. Your KYC data is encrypted at rest in a separate, isolated database. Your payment method details are tokenized by our payment processors; we store only the token, not the full account number.

Our servers are located in data centres with physical security, 24/7 monitoring, and regular security audits. We maintain access logs and conduct quarterly penetration testing. If we detect a data breach, we notify affected users within 72 hours and provide guidance on securing their accounts.

Your Rights & Data Access

You have the right to request a copy of all personal data we hold about you on pestoto. Contact our support team via in-app chat or email with "Data Access Request" in the subject line. We provide your data in a readable format (PDF or CSV) within 30 days. Your data includes your account profile, transaction history, KYC documents, and support correspondence.

You have the right to request corrections to your personal data (name, address, email). Submit corrections via Account → Settings → Profile, and we apply them immediately. You have the right to request account closure. Upon closure, we delete all personal data within 30 days, except transaction records (retained for one year for legal compliance).

You have the right to object to marketing communications. Disable these in Account → Preferences → Email Notifications. You can withdraw consent at any time by contacting support. Your withdrawal of consent does not affect the lawfulness of data processing before you withdrew consent.

Cookies & Tracking

Our Android app does not use cookies. Our web browser version (iOS Safari, Chrome on desktop) uses essential cookies only: session cookies (to keep you logged in) and security cookies (to prevent CSRF attacks). We do not use analytics cookies, advertising cookies, or third-party tracking tools. You can disable cookies in your browser settings, but this may prevent pestoto from functioning properly.

Data Retention & Deletion

We retain your account data (name, email, phone, address) as long as your account is active. After account closure, we delete personal data within 30 days. We retain transaction records for seven years for legal and tax compliance. We retain login history and IP logs for 90 days, then delete them.

If you request data deletion before account closure, we delete your account immediately and purge personal data within 30 days. Your balance at the time of closure is forfeited; we do not provide refunds for voluntary closures.

Jurisdiction & International Data Transfer

Our servers may be located in jurisdictions outside your own. By using pestoto, you consent to your data being transferred to, stored in, and processed in these jurisdictions. These jurisdictions may have different data protection laws than your own. If you do not consent to international data transfer, do not use pestoto.

This privacy policy is governed by the laws of the jurisdiction where pestoto operates. For questions about this policy, contact support. We endeavor to respond within five business days.