capsatoto login Casino & Sportsbook Data Care
This page describes what we collect when you use capsatoto login and how we keep that data protected. We take data privacy seriously—your personal information, payment details, and account activity are encrypted and handled according to applicable law. We do not sell your data to third parties for marketing. We collect information only to verify your identity (KYC), process your deposits and withdrawals, prevent fraud, and comply with legal obligations.
On capsatoto login, you provide information at registration (name, date of birth, phone number) and during deposits or withdrawals (payment account details, transaction records). Our mobile platform (Android APK and iOS browser) syncs all this data securely across devices. We also collect technical data—IP address, device type, browser—to detect fraud and maintain platform security.
Below, we explain what data we collect, how long we keep it, who has access, your rights, and how to contact us if you have privacy concerns.
What Data We Collect on capsatoto login
Registration and Identity Information
When you open an account on capsatoto login, we ask for your legal name, date of birth, phone number, and email address. This information is mandatory—we cannot activate your account without it. We use this data to verify your identity during Know Your Customer (KYC) verification, which is required by law in most jurisdictions where we operate. During KYC, we may ask for a national identity card, passport, or driver's license image. We encrypt these documents and store them securely; we do not use them for any purpose other than identity verification.
Payment and Transaction Data
When you deposit via QRIS, e-wallet, mobile banking, local payment, online payment, e-wallet, or direct bank transfer (mobile banking, local payment, online payment, e-wallet), we record your payment method, the transaction ID, the amount, and the timestamp. When you withdraw, we log the same information plus your withdrawal destination and any fees charged. We retain this transaction history for at least five years to comply with anti-money-laundering (AML) regulations. Every bet you place, every game round you participate in, and every cash-out is logged and tied to your account.
Technical and Device Data
Our platform collects your IP address, device type (Android phone, iPhone, desktop), operating system version, browser type, and device identifiers (such as Android advertising ID or iOS IDFA if you permit it). We use this data to detect fraud, enforce account limits, and troubleshoot technical issues. We also collect location data (inferred from IP address) to comply with jurisdiction restrictions—if you access capsatoto login from a jurisdiction where we do not operate, our system may block your access.
We use cookies and similar tracking technologies (local storage, session storage) to maintain your login state and remember your preferences. These are functional cookies necessary to operate capsatoto login; they are not used for third-party advertising.
Communication Data
If you contact our support team via chat, email, or phone, we retain a record of your communication. This includes your messages, our responses, ticket numbers, and timestamps. We use this data to resolve your issue, train our support staff, and detect abuse or fraud. Support records are typically kept for two years.
We send you transactional emails (account verification, deposit confirmation, withdrawal status) and, if you opt in, promotional communications during events like Idul Fitri, Idul Adha, Imlek, or major sports tournaments (Liga 1, Piala AFF, Piala Indonesia). You can unsubscribe from promotional emails at any time.
How We Use and Protect Your Data
Data Storage and Encryption
We store your data on encrypted servers located outside Indonesia (typically in Singapore or other regional hubs). All data in transit—from your mobile device or desktop to our servers—is encrypted using TLS (Transport Layer Security). At rest, personal data is encrypted using AES-256 encryption. Only authorized personnel (account security team, compliance team, legal team) have access to unencrypted personal data, and access is logged and audited.
Our payment processing does not store your full payment card or bank account numbers. Instead, we tokenize this information—a one-time code is generated and stored, protecting your actual banking credentials. Payment transactions are processed through PCI-DSS compliant third parties (payment gateways), and we do not handle your raw banking information directly.
Data Retention and Deletion
We retain your account data (name, ID, KYC documents) as long as your account is active, plus five additional years after account closure. This retention is required by AML/KYC regulations. Transaction history (deposits, withdrawals, bets) is retained for seven years (regulatory requirement in most jurisdictions). Support records are retained for two years. After these periods, we securely delete the data.
If you request deletion of personal data before the retention period expires, we comply where legally permitted. However, we cannot delete transaction records or identity verification documents if doing so would violate AML/KYC laws. You may request deletion by contacting our support team; we respond within 15 business days with either confirmation of deletion or a legal explanation of why deletion is not possible.
Your Data Rights on capsatoto login
You have the right to access your data, correct inaccurate information, and request deletion where permitted by law. Submit requests through our support form or email; we respond within 15 business days.
Third-Party Processors and Sharing
We share your data with third-party processors only as necessary to deliver our service. These include payment processors (e-wallet and bank partners), fraud-detection services, and legal advisors. All third parties are bound by confidentiality agreements and may only use your data for the specific purpose we authorize. We do not sell your data to advertisers, data brokers, or any unrelated third party.
We may disclose your data to law enforcement, government agencies, or regulatory authorities if legally required (subpoena, court order, AML investigation). We will inform you of such disclosure where permitted by law, unless doing so would be illegal or counterproductive.
Account Security on capsatoto login
Your account is protected by your password and, when you log in on a new device, a one-time verification code sent to your phone or email. We strongly recommend using a strong password (at least 12 characters, mixing letters, numbers, symbols). We do not store passwords in plain text; they are hashed using bcrypt. If you forget your password, use our password reset function—a link valid for subject to verification is emailed to you, allowing you to set a new password.
We monitor accounts for suspicious activity—unusual login locations, rapid betting changes, or large withdrawals. If we detect suspicious activity, we may place a temporary hold on your account and contact you for verification. This protects your account from unauthorized access.
Mobile Data and App Permissions
Our Android APK requests certain device permissions: Internet (for server communication), Location (to restrict service to supported jurisdictions), Phone State (to detect phone calls that interrupt gameplay), and Unique ID (device identifier for fraud detection). iOS browser access requires only Internet permission. You may deny location permission, though this may affect our ability to verify your jurisdiction compliance.
We do not access your contacts, photos, files, or camera unless explicitly required for identity verification. Any permission request for these sensitive items comes with a clear explanation. You can revoke permissions in your device settings at any time.
Service and Privacy Scope
Service availability
We at capsatoto login provide gaming and sportsbook services only in jurisdictions where such services are legally permitted under applicable local law. We do not operate in territories where online gaming or wagering services are prohibited. Our data collection and privacy practices conform to the data-protection laws of each jurisdiction where we operate. However, we emphasize that local laws vary significantly. Your personal data may be stored on servers located outside your home jurisdiction (typically Singapore or regional hubs), which means it may be subject to different data-protection standards than those in your country. By using capsatoto login, you consent to international data transfers and acknowledge that data protection laws differ across jurisdictions. We collect minimal data necessary to operate safely and comply with legal requirements in our service regions. We do not collect data from users in jurisdictions where our services are prohibited, and we block access attempts from restricted regions using IP geolocation and device verification.
Account eligibility
We collect age-related data (date of birth) during account registration to verify eligibility. You must meet the legal age of majority or minimum gambling age applicable in your jurisdiction—typically 18 years old, but some regions define it differently. You are responsible for truthfully reporting your age. Providing false age information during KYC is grounds for permanent account closure and forfeiture of funds. We do not perform real-time facial recognition or other biometric verification (unless required by local law); our verification relies on government-issued ID documents you provide and cross-referencing with public databases where available and lawful. Age verification is a one-time process at account opening; we do not re-verify age after the account is active unless you request changes to your profile or we detect suspicious activity suggesting account misuse.
Local-law responsibility
You are responsible for understanding and complying with data-protection laws in your jurisdiction. Our privacy policy describes our practices, but we do not warrant compliance with every jurisdiction's unique requirements. Some regions impose strict data-residency rules (data must be stored locally); our servers are located internationally, which may not comply with such rules. Users in jurisdictions with strict data-protection laws (such as GDPR-equivalent frameworks) should be aware that your data travels internationally. By using capsatoto login, you consent to international data transfer. If your jurisdiction prohibits international data transfers without explicit consent or permits only specific purposes, you are responsible for verifying compatibility before registering. We cannot restrict data transfer to meet every jurisdiction's standards, and continued use of capsatoto login constitutes your acceptance of our global data practices.
Data and privacy scope
We collect personal data for four primary purposes: (1) account verification and Know Your Customer (KYC) compliance as required by AML regulations, (2) payment processing and withdrawal authorization, (3) fraud detection and account security, and (4) legal compliance and regulatory reporting. We do not collect data for marketing profiling, algorithmic targeting, or analytics beyond what is necessary for platform operation. Your data is encrypted, access-restricted, and retained only as long as required by law. We comply with data-access requests from data subjects—you can request copies of all data we hold about you, and we provide this within 15 business days. We also comply with data-correction requests (if you have provided incorrect information) and data-deletion requests where permitted by law. For full details on your rights and our practices, see this privacy policy in its entirety. You may contact our data-protection officer (see contact section below) for privacy-specific inquiries.
Contact for legal inquiries
If you have privacy concerns, data-access requests, or believe we have mishandled your data, contact our data-protection team at [email protected] with the subject line "Privacy Request." Include your full name, account number (if applicable), and a clear description of your request. We respond within 15 business days. For urgent matters, mark your email "URGENT – DATA PROTECTION" and we prioritize response within 5 business days. If you are in a jurisdiction with a data-protection authority (such as GDPR's Data Protection Authority in Europe or local equivalents in other regions), you have the right to lodge a complaint with that authority if you believe we have violated your privacy rights. We cooperate fully with official regulatory inquiries and maintain detailed records of all data-access requests and our responses. For legal or regulatory matters, attorneys and government agencies may contact our legal team directly; we respond according to the timeframe specified by law. All communications regarding data protection are treated as confidential.