heratotoPrivacy Policy

This page describes what we collect when you use heratoto and how we keep that data protected. Our privacy practices apply to all account holders on our platform—whether you access heratoto via desktop, mobile browser, or our Android app. We process personal data in accordance with applicable Indonesian law and international standards.

We collect only the information required to operate our service: your email, mobile number, identity documents (for KYC verification), payment method details, and gameplay activity. We do not sell your data to third parties. We share information only with payment processors, hosting providers, and support staff who need it to serve you.

The sections below explain what we collect, how we use it, your rights, and how to contact us with privacy concerns.

What we collect on heratoto

We collect information in three ways: (1) directly from you during signup and account management, (2) automatically from your device and browser, and (3) from third-party payment processors.

Information you provide: Your email address, mobile number, username, password (hashed), and full name (for KYC). When you deposit, we collect payment method details (bank account, e-wallet identifier, QRIS code). Payment processors (e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking partners, local payment, online payment, e-wallet, mobile banking) transmit transaction confirmations to us; we retain these records for 90 days minimum.

Information we collect automatically: Your IP address, device type, browser version, and timezone. Our servers log gameplay activity (timestamps, bet amounts, game titles, session duration, outcomes). We use this data to detect fraud, improve platform stability, and respond to support requests.

Information from third parties: Payment processors send us transaction status, fraud flags, and reconciliation details. If you request account recovery, your email provider confirms your account ownership. We do not receive data from social media or other external sources unless you voluntarily connect them.

Data we collect on heratoto

  • Email, mobile number, username, full name
  • Identity documents (national ID, passport scan) for KYC
  • Payment method details and transaction history
  • IP address, device type, browser version
  • Gameplay logs (bets, game activity, session timestamps)
  • Support messages and account recovery requests

How we use your data

We use your data for six core purposes: (1) account operations (login, balance tracking, tournament leaderboards), (2) payment processing (deposits, withdrawals, fraud detection), (3) legal compliance (KYC verification, anti-money-laundering checks), (4) customer support (resolving disputes, account recovery), (5) platform improvement (identifying bugs, optimizing game performance), and (6) fraud prevention (detecting suspicious login patterns, duplicate accounts).

We do not use your data for marketing purposes without your explicit consent. We do not sell your data to advertisers, data brokers, or marketing agencies. We do not share your gameplay history with other players—leaderboards display only username and rank, not personal details.

Third-party processors and data sharing

We share your data with the following third parties only to the extent necessary to operate heratoto:

  • Payment processors: local payment, online payment, e-wallet, mobile banking, local payment, online payment partners, and banks (e-wallet, mobile banking, local payment, online payment) receive your payment method identifier and transaction amounts.
  • Hosting providers: Our servers may sit outside your jurisdiction (Singapore, Malaysia, or other regional data centres). Your data is encrypted in transit and at rest.
  • Support staff: Our customer-support team accesses your email, mobile number, and account history to resolve disputes and answer questions. Support staff are bound by confidentiality agreements.
  • Law enforcement: We share data with government agencies only when legally compelled by warrant or court order.
Note: Payment processors handle your financial data under their own privacy policies. We are not responsible for their data practices; we recommend you review their policies on their websites.

Your rights on heratoto

We recognize your rights to access, correct, and delete your data. You can:

  • Access your data: Contact our support team and request a copy of all personal information we hold about you. We will provide it in a structured, human-readable format within 14 days.
  • Correct inaccurate data: If your name, email, or mobile number is incorrect, update it via your account settings or contact support.
  • Request deletion: You may request we delete your account and associated data, except information we are legally required to retain (financial records for 7 years, anti-fraud logs for 2 years).
  • Withdraw consent: If we rely on your consent for any processing (e.g., marketing), you can withdraw it at any time by contacting support.
  • Port your data: We can export your account activity in a standard format if you decide to leave heratoto.

Cookies and tracking technologies

We use session cookies to keep you logged in and functional cookies to remember your preferences (preferred language, game settings). Cookies are stored on your device and expire when you close your browser (session cookies) or after 30 days of inactivity (preference cookies). We do not use tracking cookies or third-party analytics that follow you across websites.

You can disable cookies in your browser settings, but this may prevent heratoto from functioning correctly. We do not use pixels, web beacons, or similar tracking tools.

Data retention and deletion

We retain your data for as long as your account is active, plus 90 days after you request account closure. During this period, we retain gameplay logs, transaction history, and support messages. After 90 days, we delete gameplay activity but retain financial records (for 7 years, as required by Indonesian tax law) and KYC documents (for 5 years, as required by anti-money-laundering law). You can request early deletion of non-essential data by contacting support, though we may retain transaction records for legal and audit purposes.

Data security and encryption

We protect your data with HTTPS/TLS encryption for all traffic in transit. Your password is hashed using industry-standard algorithms; we never store plain-text passwords. Payment data is tokenized (converted to a unique identifier) and transmitted to payment processors via secure channels; we do not store full payment card numbers or bank account numbers. Our database is encrypted at rest and accessible only to authorized staff members with strong authentication (two-factor authentication required for admin access).

We conduct regular security audits and penetration testing. If we discover a data breach affecting you, we will notify you via email and in-app message within 48 hours, as required by law.

Children and minors

heratoto is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we become aware that a minor has created an account, we will delete it and any associated data immediately. If you believe a minor is using heratoto, contact support urgently.

Data transfers and international processing

Our servers are located in Southeast Asia (Singapore, Malaysia, or regional data centres). Your data may be transferred to and processed outside Indonesia. By using heratoto, you consent to such transfers. We ensure data is protected regardless of location through encryption and contractual agreements with all processors.

Policy updates

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes via email or in-app notification at least 30 days before the change takes effect. Continued use of heratoto after the effective date constitutes your acceptance of the updated policy.

Contact us about privacy

If you have questions about our privacy practices, wish to exercise your rights (access, correct, or delete your data), or believe we have mishandled your information, contact our support team:

  • In-app messaging: Use the support chat in your account dashboard (Monday–Friday, 09:00–17:00 Jakarta time)
  • Email: Send a privacy inquiry to our support address; include your account username and the nature of your request
  • Escalation: If you are unsatisfied with our response, request escalation to our data protection officer

We aim to respond to all privacy requests within 14 days. If your request is complex, we may request additional time (up to 30 days total).

heratoto remains committed to protecting your privacy and operating with transparency. If you have access to heratoto from Jakarta, Surabaya, Bandung, Medan, or Semarang, you have the same data protections regardless of location. Thank you for trusting us with your personal information.