cumitoto Privacy Policy

This page describes what we collect when you use cumitoto and how we keep that data protected. Digital payment adoption across Indonesia has accelerated over recent years, with e-wallet usage spanning DANA, e-wallet, mobile banking, and other channels—a trend that shapes how platforms like ours handle financial and identity information. We at cumitoto process account data daily from users across Jakarta, Surabaya, Bandung, Medan, and other supported jurisdictions, and our privacy commitments reflect the scale and sensitivity of that responsibility.

Our approach to privacy is straightforward: we collect the minimum data required to operate our platform, store it securely, and share it only where necessary for account management, payment processing, and legal compliance. We do not sell user data to marketers, and we do not build behavioural profiles for targeting. This document outlines exactly what we collect, how long we keep it, who can access it, and what rights you hold over your information on cumitoto.

What data we collect on cumitoto

We collect data in three categories when you use cumitoto. First, identity and account data: your full name, date of birth, email address, phone number, government-issued ID number, and proof of residence. We require this information before your first deposit to satisfy Know Your Customer regulations in supported jurisdictions. We store these documents encrypted at rest on our secure servers.

Second, payment data. When you deposit via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or banking partners mobile banking, local payment, online payment, e-wallet, we collect transaction records: amount, timestamp, payment method, and confirmation status. We do not store credit card numbers, e-wallet passwords, or bank account numbers—those remain with your payment provider. Our payment processors handle the sensitive details; we record only what the transaction contained.

Third, gameplay and account activity data. We record your cumitoto account balance, game selections, match or table sessions you join, bet placements, settlements, withdrawals, and login history. We also collect device information: browser type, operating system, IP address, and approximate geographic location derived from that IP. This data helps us detect fraudulent activity, resolve payment disputes, and troubleshoot technical issues.

How we use your data on cumitoto

We use identity and payment data primarily for account verification and payment processing. When you request a withdrawal, we match your submitted bank details against your verified identity to prevent fraud. When you deposit via mobile banking or another method, our payment processor confirms your transaction; we record the settlement to update your cumitoto balance.

We use gameplay data to calculate your winnings and losses, settle markets, and maintain your account history. You can access your complete play history—every game, every bet, every payout—through your cumitoto dashboard. We also use this data to detect suspicious patterns: duplicate accounts, unusual betting sequences, or velocity changes that may signal account compromise or fraud.

Our core privacy commitment is simple: we collect only what we need, we keep it encrypted, and we share it only where law or operational necessity requires.

cumitoto data governance team

Device and location data helps us secure your account. If we detect a login from an unusual location or device, we may trigger additional verification steps. We also use this data to comply with jurisdiction restrictions—if your account accesses cumitoto from a location we do not service, we may flag or suspend your account to protect both you and our platform.

Third parties and data processors on cumitoto

We share your data with third parties only where necessary. Our payment processors—the banks and e-wallet operators managing local payment, online payment, e-wallet, mobile banking transactions—receive only the information they need to process your deposit or withdrawal. They do not receive your gameplay history or ID documents.

Our hosting provider stores cumitoto servers and databases in data centres outside Indonesia; data therefore transits international boundaries. We encrypt all data in transit and at rest to mitigate that risk. We also work with a compliance partner to monitor anti-money-laundering signals; that partner receives only name, account ID, and transaction totals—not your ID documents or game details.

We do not share your data with marketing partners, advertisers, or data brokers. We do not build or sell audience segments. Our only sharing obligation beyond payment and compliance is to law enforcement when legally required; such requests are infrequent and we notify you when disclosure is legally permitted.

Your privacy rights on cumitoto

  • We store your data securely and encrypt it in transit and at rest.
  • You may request a copy of all data we hold about you within 10 business days.
  • You may request deletion of data we no longer need to retain; we retain gameplay records for 5 years for tax and dispute purposes.
  • You may correct inaccurate information through your cumitoto account settings or by contacting support.
  • You may withdraw from non-essential communications; we will continue to send transactional emails (receipts, withdrawals, account alerts).

Retention, cookies, and your control

We retain identity documents (ID scan, proof of residence) for the duration of your account plus five years after closure. We retain gameplay and transaction data for five years after the last activity on your account—this enables us to resolve late disputes, handle tax inquiries, and investigate fraud allegations. After five years, we anonymise or delete old records unless law requires longer retention.

We use cookies and similar tracking technologies minimally. Session cookies keep you logged into cumitoto during your visit; these expire when you close your browser. We do not use persistent cookies to track you across the internet, and we do not employ third-party tracking pixels. Your device may receive a cumitoto session identifier (a randomised string) to prevent CSRF attacks and maintain security—this is functional, not behavioural.

You control your communications preferences through your cumitoto account. You may opt out of promotional emails at any time. However, we will continue sending transaction emails: deposit confirmations, withdrawal notifications, login alerts, and account security messages. These are essential to account operations and cannot be disabled.

Your account closure and data deletion

You may close your cumitoto account and request deletion of non-essential data at any time through your account settings or by contacting our support team. We retain gameplay and transaction records for five years regardless—this is required for tax compliance and dispute resolution. After five years, we will delete or anonymise remaining records unless we are legally obligated to retain them.

Closing your account does not prevent future registration. If you close your account, you retain the right to verify a new identity and register again—cumitoto does not implement permanent bans unless you have violated our terms or engaged in fraud.

Our commitment and your contact options

We at cumitoto commit to protecting your data with industry-standard encryption, limiting access to authorised personnel, and being transparent about our practices. This privacy policy applies only where cumitoto operates—services are available only where local law permits. Different jurisdictions may have different data-protection standards; we comply with the stricter requirement in each region we serve.

If you have questions about your data, wish to exercise a privacy right, or believe we have mishandled your information, contact our support team through chat, email, or phone. Our team maintains published response windows and can escalate your request to our data protection officer if needed. We aim to respond to all privacy requests within 10 business days.