stmtoto Privacy Policy

This page describes what data we collect when you use stmtoto and how we keep that data protected. We collect personal information only for account verification, payment processing, fraud prevention, and regulatory compliance. Our stmtoto platform processes data from users in supported jurisdictions; services are available only where local law permits.

We take data privacy seriously. Your personal information — email, identity documents, payment details, and betting history — is stored on encrypted servers and never sold to third parties. We share data only with payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and banks), regulators (when legally required), and fraud-prevention partners.

This privacy policy applies to all stmtoto account holders. If you have questions about how we handle your data, contact our support team or submit a data request via the account settings menu.

What Data We Collect on stmtoto

We collect different categories of data depending on your activity on stmtoto. At registration, we collect your email address and password (hashed and encrypted). When you complete KYC verification, we collect your name, date of birth, national ID number, a copy of your ID document, a selfie photograph, and proof of address (utility bill or bank statement).

When you deposit or withdraw, we collect transaction details: the payment method, amount, date, and settlement status. We retain this information for 24 months. When you place bets on Liga 1, Piala AFF, Champions League, or other sports, we record the bet slip ID, market, odds, stake, and settlement outcome. When you play live-dealer games (blackjack, roulette, baccarat, Dragon Tiger) or slots (Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways), we log your session duration, stake, and payout.

Technical data we collect on stmtoto

We collect technical information to maintain our platform. Your IP address is logged at each login. We record your device type (mobile, tablet, desktop), operating system, and browser type. We use cookies (small text files stored on your device) to remember your login session, language preference, and betting history. We do not use cookies to track you across other websites.

Optional data on stmtoto

If you contact our support team, we record your message, any screenshots or files you share, and our response. If you provide feedback or report a bug, we retain that feedback. This data helps us improve stmtoto but is optional; you can use our platform without submitting feedback or support requests.

How We Use Your Data

We use personal data for four primary purposes: (1) Account managementto verify your identity, process your KYC, manage your account, and respond to your requests; (2) Payment processingto accept deposits via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and bank transfer, and to process withdrawals to your registered payment method; (3) Fraud preventionto detect suspicious activity (multiple accounts, large unexpected withdrawals, unusual betting patterns) and prevent money laundering; (4) Legal complianceto comply with anti-money-laundering regulations, tax reporting, and requests from regulators.

How stmtoto uses your data

  • We use email and password for account login and security recovery
  • We use KYC documents (ID, selfie, address) only for identity verification; we do not use them for marketing
  • We use transaction history to process withdrawals and calculate tax liability (if applicable in your jurisdiction)
  • We use betting history to detect fraud and to send you account statements upon request
  • We use IP and device data to detect account takeovers and credential sharing

Who We Share Your Data With

stmtoto does not sell your personal data. We share data only in these circumstances:

  • Payment processors: When you deposit via mobile banking, local payment, online payment, e-wallet, mobile banking, or local payment, we share your transaction data with those e-wallet providers. When you withdraw to a bank account (online payment, e-wallet, mobile banking, local payment), we share your bank details and transaction amount with the bank and inter-bank clearing systems. These processors handle your data per their own privacy policies.
  • Fraud-prevention partners: We use third-party fraud-detection services to identify suspicious betting patterns and account takeovers. These services may analyze your betting history and device data; they are contractually forbidden from using that data for other purposes.
  • Regulators and law enforcement: If we receive a legal request from a court, tax authority, or law-enforcement agency, we may disclose your data to comply with the law. We will notify you of such requests unless legally prohibited from doing so.
  • Service providers: We use hosting providers (cloud servers) and email providers to store and transmit data. These providers are contractually obligated to keep your data confidential.

We at stmtoto do not sell or rent your personal information to marketers, data brokers, or other third parties outside our essential business partners.

stmtoto data protection principle

Data Retention and Deletion

We retain your data as long as your stmtoto account is active. Once you close your account, we keep your transaction history for seven years to comply with anti-money-laundering regulations. After seven years, we securely delete your account data, including KYC documents, payment records, and betting history.

If you request permanent deletion of your account before the seven-year retention window, we will close your account immediately and remove active data from our live systems. However, we retain transaction records in archived backups for the full seven years as required by law. We do not restore deleted accounts; closure is permanent.

Your rights regarding stmtoto data

You have the right to access, correct, and delete your personal data (subject to legal retention requirements). To request a copy of your data, submit a data-access request via the account settings menu or email our support team. We will provide a detailed report of all data we hold about you within 30 days. To correct errors (wrong address, misspelled name), update your profile directly in account settings or contact support. To request deletion, contact our support team; we will process the request within 14 days, subject to the seven-year legal retention window described above.

Data Security and Encryption

stmtoto encrypts all data in transit using SSL/TLS protocols (minimum 256-bit encryption). Your login credentials, payment information, and KYC documents are encrypted at rest on our servers using industry-standard algorithms. Our servers are located outside your physical jurisdiction; by using stmtoto, you consent to cross-border data storage where permitted by law.

We implement access controls so only stmtoto staff with legitimate business reasons can view your data. We conduct annual security audits and penetration testing. If we discover a data breach affecting your personal information, we will notify you within 72 hours and provide guidance on protective steps you can take. We maintain cyber-insurance to cover data-breach scenarios.

Cookies and Tracking

stmtoto uses cookies to maintain your login session, store your language preference, and remember your betting history on our platform. These cookies are not used for cross-site tracking; we do not follow you across other websites. You can disable cookies in your browser settings, but doing so will log you out of stmtoto and prevent seamless account access.

We do not use third-party analytics cookies that track you across the internet. We do use basic analytics (page visit counts, feature-usage statistics) to improve our platform; this data is aggregated and not tied to your identity.

Jurisdiction and Applicable Law

stmtoto services are available only where local law permits. Our data processing practices comply with regional privacy laws (where applicable). If your jurisdiction has specific data-protection requirements (e.g., data residency mandates), you may not be able to use stmtoto if those requirements conflict with our global infrastructure. Users are responsible for verifying that their jurisdiction permits use of our platform.

Contact Us About Privacy

If you have questions about our privacy practices, wish to submit a data-access request, or believe we have mishandled your data, contact our support team via in-app chat, email, or the contact form in the help section. We will respond to privacy inquiries within 14 business days. For disputes that cannot be resolved directly, you may escalate to our data protection officer (contact details available upon request).

We reserve the right to update this privacy policy. Changes take effect 14 days after publication on this page. Continued use of stmtoto after the effective date means you accept the updated policy. Major changes (e.g., new data-sharing arrangements) will be announced via email 30 days before implementation.