Payment Data Handling
Unlike many platforms, we do not store full card numbers or e-wallet credentials. DANA, OVO, GoPay and QRIS tokens are tokenized and encrypted separately.
We built 98toto login around your privacy. Every account detail, every transaction through DANA, OVO, GoPay or QRIS, and every session you spend in our live tables or...
When you open an account with 98toto login, we collect your name, email, phone number and payment details to verify your identity and process deposits via DANA, OVO, GoPay or QRIS. We use this information to deliver your lobby access, process withdrawals, detect fraud and comply with local regulations in supported regions. We do not sell your data to third parties. Your
session activity—which games you browse, which tables you join—helps us improve your experience but remains tied only to your account.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
All payment data—DANA, OVO, GoPay and QRIS transactions—travels through TLS 1.2+ encryption. Your account credentials are hashed and never stored in plain text.
We undergo annual security reviews by independent firms to verify our data handling meets industry standards and local Indonesian compliance requirements.
Every access to your account—login, deposit, withdrawal, game session—is logged and available for your review in your account history.
We do not sell, rent or share your personal information with data brokers, advertisers or marketing firms outside our direct service delivery.
If a security incident affects your data, we notify you within 48 hours with details of what occurred and steps you should take.
We keep your account data only as long as your account is active. After closure, we retain transaction records for 7 years per local law, then delete.
Unlike many platforms, we do not store full card numbers or e-wallet credentials. DANA, OVO, GoPay and QRIS tokens are tokenized and encrypted separately.
We log your game activity for fraud prevention and account security, but do not sell session data to analytics firms or third-party marketers.
Our cookie policy lists every tracking cookie by name and purpose. You can disable non-essential cookies in your browser without losing account access.
You can withdraw consent for marketing emails, SMS and push notifications at any time through your account settings or by replying 'STOP' to any message.
Request your data in machine-readable format (CSV or JSON) and we'll deliver it within 14 days so you can move it to another platform if you choose.
We do not knowingly collect data from anyone under 18. If we discover a minor account, we suspend it immediately and delete associated personal data.
Privacy disputes are handled first through our support team, then escalated to an independent ombudsman if you remain unsatisfied.