gilalotto Platform Privacy Notice

This page describes what we collect when you use gilalotto and how we keep that data protected. Our platform processes personal information—such as your email, payment details, and gaming activity—only to operate our service and comply with applicable law. We do not sell your data to third parties, and we encrypt all transactions using industry-standard security.

We at gilalotto operate live-dealer tables (blackjack, roulette, baccarat, Dragon Tiger, Sic Bo), a sportsbook covering football, badminton, and esports, slot games, and payment processing across Indonesia. Each of these services involves collecting different categories of data. Our privacy practices are consistent across all product areas: we collect only what we need, we protect it with encryption, and we delete it when no longer required by law or our operational needs.

If you have questions about how we use your data on gilalotto, see the contact section at the end of this page. We update this notice periodically to reflect changes in our practices or applicable regulations; any material changes will be announced via email to all active users.

What Data We Collect on gilalotto

We collect the following categories of data when you create an account and use gilalotto:

  • Account registration: We collect your email address, chosen username, and password (hashed and encrypted). We do not store your password in readable form.
  • Identity verification: Before your first withdrawal, we require a government-issued ID (KTP, passport, or driving licence). We collect a photo or scan of this document and verify that it matches your account details. This process complies with anti-money-laundering (AML) regulations.
  • Payment information: When you deposit, we collect your payment method (e.g., DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) and the IDR amount. We do not store your full card or bank account number; payment processing is handled by third-party providers who comply with PCI Data Security Standards.
  • Gaming activity: We log every bet you place, spin you make, or hand you play on gilalotto. This data includes timestamps, stake amounts, game outcomes, and your account balance before and after each transaction. We retain this history indefinitely so you can audit your account activity at any time.
  • Device and connection data: We collect your IP address, device type, browser, and operating system. This helps us detect fraud, prevent duplicate accounts, and optimize our infrastructure.
  • Communication: If you contact our support team via in-app chat or email, we retain a copy of your message and our response for service improvement and dispute resolution.
Note: We do not collect sensitive personal information such as health data, biometric data, or religious affiliation unless you voluntarily provide it during account disputes or support inquiries.

How We Use Your Data on gilalotto

We use your data for the following purposes:

  • Account management: We use your email and password to authenticate you when you log in to gilalotto. Your identity verification documents confirm that you are the legitimate account holder before we process withdrawals.
  • Payment processing: We share your payment method and transaction details with our payment processors (mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment) so they can process your deposits and withdrawals. These providers operate under their own privacy policies.
  • Regulatory compliance: Indonesian law requires us to verify your identity and monitor for money laundering. We use your account data to comply with these obligations. We may also disclose data to law enforcement if legally required to do so.
  • Fraud detection: We analyze your device data and login patterns to detect unauthorized account access and prevent fraud. If we detect suspicious activity, we may temporarily lock your account and ask you to verify your identity.
  • Customer support: We use your account history and communication records to assist you with disputes, account resets, and technical issues.
  • Service improvement: We analyze aggregated, anonymized gaming data (e.g., which games are most popular, which payment methods are preferred) to improve gilalotto's features and user experience. This analysis does not identify you personally.

Where We Store Your Data

We at gilalotto operate servers in multiple regions to ensure platform availability and resilience. Your data may be stored in data centres located outside Indonesia, including in jurisdictions with different privacy laws. By using gilalotto, you consent to your data being transferred to and stored in these locations. We apply the same encryption and security standards to all stored data, regardless of physical location.

We retain your account data (email, identity documents, payment history, gaming logs) for as long as your account is active. If you request account deletion, we will remove your personally identifiable information (email, ID photo) within 30 days, but we retain aggregated transaction data as required by Indonesian financial regulations. We may also retain data longer if we are involved in a legal dispute or regulatory investigation.

Third-Party Data Sharing

We share your data with the following categories of third parties:

Payment processors
online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet receive your payment details to process deposits and withdrawals. They operate under their own privacy policies.
Fraud detection services
We use third-party fraud-detection vendors who analyze your device and login data to prevent unauthorized access. These vendors sign data-processing agreements with us and do not use your data for their own purposes.
Legal and regulatory authorities
We may disclose your data to Indonesian government agencies, law enforcement, or financial regulators if legally required or if we suspect illegal activity.
Customer support contractors
We may engage third-party support providers to handle customer inquiries. These contractors sign confidentiality agreements with us.

We do not sell your data to advertisers or marketing firms. We do not use your gaming history to target you with external advertisements.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies on gilalotto to:

  • Maintain your login session (session cookies).
  • Remember your language preference and account settings (persistent cookies).
  • Detect fraud and prevent duplicate accounts (tracking pixels and fingerprinting).
  • Analyze which features users interact with most (analytics cookies).

Most cookies expire after your browser closes. Some cookies persist for up to 12 months to recognize returning users. You can disable cookies in your browser settings, but this may limit gilalotto's functionality (e.g., you may need to re-enter your login credentials on each visit).

We do not use third-party tracking services (Google Analytics, Facebook Pixel) that would share your data with external advertisers. Our analytics are conducted internally and do not identify you personally.

Data Security on gilalotto

We protect your data using the following security measures:

  • SSL encryption: All communication between your device and our servers is encrypted using TLS 1.2 or higher. Your data in transit cannot be intercepted or read by unauthorized parties.
  • Encrypted storage: Payment data and identity documents are encrypted at rest using AES-256 encryption. Even our own staff cannot read these files without decryption keys.
  • Password hashing: Your password is hashed using bcrypt or a similar modern algorithm. We never store your plaintext password.
  • Access controls: Only authorized employees can access user data, and they do so only for legitimate operational or support purposes. Access is logged and monitored.
  • Firewalls and intrusion detection: Our servers sit behind firewalls and are protected by intrusion-detection systems that monitor for unauthorized access attempts.

Despite our security measures, no system is non-specific info secure. If we experience a data breach, we will notify all affected users via email within 72 hours, as required by Indonesian data-protection regulations.

Your Rights on gilalotto

You have the following rights regarding your data on gilalotto:

  • Access: You can request a copy of all data we hold about you. We will provide this within 30 days.
  • Correction: If your account information (email, address, identity document) is inaccurate, you can request correction. Contact our support team via in-app chat or email.
  • Deletion: You can request deletion of your account and associated personally identifiable information (email, ID photo). We will comply within 30 days, though we may retain aggregated transaction data as required by law.
  • Portability: You can request a copy of your transaction history in a portable format (CSV or JSON). We will provide this within 14 days.
  • Objection: If you object to our use of your data for fraud detection or service improvement, contact us and we will review your request.
Note: We cannot delete data that is required by law to be retained (e.g., identity verification records for AML compliance) or data that is part of an active dispute or investigation.

Children and gilalotto

gilalotto is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we discover that a user is a minor, we will delete their account and data immediately. If you are a parent or guardian and believe your child has created an account on gilalotto, contact our support team.

Jurisdiction and Data Transfers

gilalotto operates primarily in Indonesia but maintains servers in multiple jurisdictions to ensure availability and performance. When you use gilalotto from Jakarta, Surabaya, Bandung, Medan, or Semarang, your data may be processed or stored in data centres outside Indonesia. These jurisdictions may have weaker privacy protections than Indonesia. By using gilalotto, you consent to this international transfer of data. We apply consistent encryption and security standards globally, but we cannot guarantee the same legal protections across all jurisdictions.

Changes to This Privacy Notice

We may update this privacy notice periodically to reflect changes in our practices, new technologies, or changes in applicable law. We will notify you of material changes via email at least 30 days before the change takes effect. Your continued use of gilalotto after such notification constitutes acceptance of the updated notice.

Contact Us About Privacy on gilalotto

If you have questions about our privacy practices, wish to exercise your data rights, or suspect a data breach, contact us:

  • In-app chat: Available during operating hours via your gilalotto account dashboard.
  • Email: Send inquiries to our support address (check the FAQ page for current contact details).
  • Postal address: You may send written requests to the address provided in our legal notice

We will respond to data-access and deletion requests within 30 days of receipt. For urgent privacy concerns (e.g., suspected unauthorized access), use in-app chat to contact our support team immediately.

Summary of Our Privacy Commitments

We at gilalotto operate on the principle that your data is a trust we must protect. We collect only what we need to operate our service and comply with law. We encrypt all sensitive data, we do not sell your data to third parties, and we respond to your requests for access or deletion within 30 days. Our servers operate globally, so your data may be stored outside Indonesia, but we apply the same security standards everywhere. If we experience a breach, we will notify you immediately. For any questions about your privacy on gilalotto, contact our support team via in-app chat or email.