sdmtoto Casino & Sportsbook Data Care

This page describes what personal information we collect when you open an sdmtoto account, how we store and protect that data, and what rights you hold over your information. We take data protection seriously because your privacy is fundamental to trust on our platform.

When you register on sdmtoto, deposit via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or a bank virtual account (mobile banking, local payment, online payment, e-wallet), and engage with our sportsbook (football, esports) or live-dealer tables, we collect information necessary to operate our service, comply with anti-money-laundering regulations, and prevent fraud. We do not sell your data to third parties for marketing. We do not track your browsing habits across external websites.

Our sdmtoto data-handling practices follow industry-standard encryption, access controls, and regular security audits. This policy explains what we do with your information, how long we keep it, and how you can request access or deletion.

What we collect when you use sdmtoto

We collect data in several categories when you open and use an sdmtoto account. Your registration data includes your full name, email address, phone number, and date of birth. We require this information to verify your identity against government records and to contact you about account matters.

During your first withdrawal from sdmtoto, we ask for identity documents — a government-issued ID (national ID card, passport, or driver license) and proof of address (utility bill, rental agreement, or bank statement). We store images of these documents encrypted in our system. This Know-Your-Customer (KYC) data is required by law in jurisdictions where sdmtoto operates to prevent money laundering and terrorist financing.

We collect transaction data from your sdmtoto account — deposits, withdrawals, markets engaged, and game activity. This includes the payment method used, amount transferred, timestamp, and outcome (approved or declined). We retain this data to dispute resolution, regulatory reporting, and fraud detection.

We collect technical data when you access sdmtoto — your IP address, device type, operating system, and browser version. We use this information to maintain platform security, prevent account takeover, and diagnose technical issues. We may store this data in server logs for up to 90 days.

Info: We at sdmtoto do not collect location data or use your phone's GPS. We infer your general region only from IP address during login and withdrawal requests for compliance purposes.

How we use your data on sdmtoto

We use registration and identity data to verify your age (you must be ), confirm your residency in a jurisdiction where sdmtoto operates, and prevent duplicate accounts. If you attempt to open a second account, our system detects the duplicate via name and ID matching and closes both accounts.

We use transaction data to settle disputes, process withdrawals, and comply with tax and anti-money-laundering reporting required by law. If you dispute a match result or withdrawal delay, we reference your transaction history to investigate. Our compliance team may share anonymized transaction data with regulatory authorities in jurisdictions where sdmtoto operates.

We use technical data (IP addresses, device information) to prevent fraud, detect unusual account activity, and maintain platform security. If your account is accessed from a new device or geographic location, we may require re-authentication via SMS or email confirmation. This is a security control, not a privacy invasion.

We do not use your sdmtoto data for marketing beyond your registered email address. We do not sell your information to third parties. We do not track your behaviour across external websites. We do not build psychological profiles or use machine learning to predict your personal preferences.

Third parties and data processors for sdmtoto

We at sdmtoto use third-party processors only where necessary to operate our platform. Our payment processors (e-wallet providers and banks) receive limited transaction data — your account name, deposit amount, and confirmation — to complete transfers. These processors have their own privacy policies, which you should review before using their services.

Our identity-verification service (a specialized KYC vendor) receives your uploaded ID and address documents to validate against government records. This vendor is contractually obligated to delete your documents after verification is complete. We do not retain vendor access to your KYC files indefinitely.

Our cloud infrastructure provider (which hosts sdmtoto servers) has access to encrypted data on our systems. This provider is contractually bound by data-protection agreements and is prohibited from using your data for any purpose beyond hosting and backup. Our servers may be located outside Indonesia — you should assume that your data transits through multiple jurisdictions during normal sdmtoto operations.

We do not share your data with sports leagues (Liga 1, Piala AFF, Champions League), live-dealer studios, or slot-game providers. These entities do not see your personal information. They receive only anonymized aggregated data about market volume and engagement patterns.

Our data commitments on sdmtoto

  • We encrypt your personal data in transit and at rest using industry-standard protocols
  • We limit access to your data to sdmtoto employees who need it for account support or compliance
  • We conduct regular security audits and penetration testing to identify vulnerabilities
  • We do not sell or license your personal information to third parties
  • We do not use your data for advertising or behavioural tracking outside sdmtoto

Cookies and tracking on sdmtoto

We use cookies on sdmtoto for essential platform functions — session management (keeping you logged in), security (storing authentication tokens), and user preference (your chosen language or display settings). These cookies are necessary for the platform to work and are not optional.

We do not use cookies for behavioural tracking or to build marketing profiles. We do not use third-party analytics cookies (such as Google Analytics) that track your activity across the web. We do use basic server-side logs to measure page performance and identify technical errors — this data is aggregated and anonymous.

You can disable cookies in your browser settings, but doing so may prevent sdmtoto from functioning correctly. We cannot support account access if you have disabled all cookies. We recommend allowing essential cookies for sdmtoto while blocking third-party tracking cookies in your browser preferences.

How long we keep your sdmtoto data

We retain registration data (name, email, phone, date of birth) for as long as your sdmtoto account is active. If you request account deletion, we anonymize this data within 30 days so it cannot be linked to you. However, we retain anonymized transaction records for seven years to comply with anti-money-laundering and tax reporting laws in jurisdictions where sdmtoto operates.

We retain identity documents (uploaded ID and address proof) for one year after verification completion. After one year, we delete document files from our system. We may retain a verification record (confirming that you passed KYC) to prevent re-verification if you withdraw and return to sdmtoto later.

We retain transaction logs for seven years. These logs are encrypted and accessible only to our compliance team. After seven years, logs are deleted unless required by a jurisdiction's law to retain them longer.

We retain technical logs (IP addresses, browser information) for 90 days. After 90 days, these logs are purged unless they are relevant to an ongoing fraud investigation.

Your rights under our sdmtoto privacy policy

You have the right to request access to all personal data we hold about you on sdmtoto. Contact our support team with your request, and we will compile your data and provide it within 30 days. You may request this data in a portable format (CSV or JSON) suitable for transfer to another service.

You have the right to correct inaccurate data. If your registered name or address is outdated, you can update it in your sdmtoto account settings or contact support. We will correct the data in our system within 15 days.

You have the right to request deletion of your sdmtoto account and associated data. We can delete your account within 30 days. However, we will retain anonymized transaction records for seven years to comply with legal obligations. We cannot delete data that is legally required to be retained by jurisdictions where sdmtoto operates.

You have the right to withdraw consent for data processing where consent is the legal basis. However, some data processing (identity verification, transaction logging) is required by law, not consent-based. Withdrawing consent does not affect processing that is mandatory under regulation.

Security practices and breach notification on sdmtoto

We at sdmtoto protect your data through encryption (AES-256 for stored data, TLS for transmitted data), strong access controls, multi-factor authentication, and regular security audits. We conduct annual penetration testing to identify and patch vulnerabilities. Our team follows security best practices when handling your information.

We are not immune to breaches. If an unauthorized party gains access to your personal data on sdmtoto, we will notify you by email within 72 hours of discovering the breach, as required by data-protection law. Our notification will describe what data was accessed, what we are doing to remediate, and what steps you should take to protect yourself.

You should also take responsibility for your sdmtoto account security. Use a strong, unique password. Enable two-factor authentication. Do not share your login credentials. Log out on shared computers. Report suspicious activity to our support team immediately.

Notice: We at sdmtoto follow industry-standard security practices, but no online system is completely secure. You use sdmtoto at your own risk and accept the possibility of data breach as a condition of your account.

International data transfers and jurisdiction

Our sdmtoto servers and data processors may be located outside Indonesia. When you use sdmtoto, your personal data may be transmitted to, stored in, and processed in jurisdictions outside your home country. By opening an sdmtoto account, you consent to this international data transfer.

Different jurisdictions have different data-protection laws. Your data may be subject to legal disclosure requests from authorities in jurisdictions where our sdmtoto infrastructure operates. We cannot guarantee the same level of data protection as Indonesian law if your data is stored or processed abroad.

If you do not consent to international data transfers, you should not use sdmtoto. We cannot operate our platform with data stored exclusively within Indonesia.

Contact us about privacy on sdmtoto

If you have questions about our privacy policy, want to exercise your data rights (access, correction, deletion), or want to report a privacy concern, contact our support team. You can reach us via live chat, email, or the contact form in your sdmtoto account dashboard. We will respond to privacy requests within 15 business days.

We may update this privacy policy periodically to reflect changes in our data practices or applicable law. We will notify you of material changes by email or by posting an update notice on sdmtoto. Your continued use of sdmtoto after updates take effect constitutes your acceptance of the revised policy.

If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data-protection authority in addition to contacting us. This policy was last updated and describes our current practices on sdmtoto as of the publication date shown on our website.