mahongtoto Platform Privacy Notice

This page describes what we collect when you use mahongtoto and how we keep that data protected. Our privacy practices apply whether you access our platform via web browser or Android app, from Jakarta, Surabaya, Bandung, Medan, or other supported jurisdictions. We collect personal information to verify your identity, process your deposits and withdrawals, maintain account security, and comply with financial regulations. We do not sell your information. Your data is encrypted, stored securely, and shared only with authorised payment partners and regulatory bodies where required by law.

This notice applies to all mahongtoto users—those who engage with football markets (Liga 1, Piala AFF, Champions League), live-dealer games, slots, esports, or any other content on our platform. Our commitment is straightforward: we collect only what is necessary, protect it with industry-standard encryption, and give you control over how your data is used.

What Data We Collect on mahongtoto

We collect information you provide directly. When you create a mahongtoto account, we ask for your email address, legal name, date of birth, and phone number. During KYC (Know Your Customer) verification, we request a government-issued identity document (passport, driving licence, or national ID) and proof of residence (utility bill, tenancy agreement, or bank statement issued within three months). We store scans of these documents encrypted and accessible only to our compliance team.

We also collect payment and transaction data. When you deposit via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer through mobile banking, local payment, online payment, or e-wallet, we record the deposit amount, timestamp, and payment method. These records link to your mahongtoto account and form part of your transaction history. We do not store your payment credentials (card numbers, bank passwords, wallet PINs)—payment processors handle those securely.

We collect behavioural data through cookies and log files. When you browse mahongtoto, our servers log your IP address, browser type, pages visited, time on page, and links clicked. This helps us understand platform usage, detect fraud, and prevent account takeover. Cookies store your session ID, language preference, and account login state—not payment or sensitive personal information.

Note: We do not collect location data from your device. Your jurisdiction is inferred from your IP address and verified through your KYC documents and payment method registration.

How We Use Your Data

We use your data for account management, payment processing, and regulatory compliance. Your email and phone number are used to send account notifications, withdrawal confirmations, and security alerts. Your legal name, date of birth, and identity documents are used only for KYC verification and compliance with anti-money-laundering regulations. Transaction records are maintained for our own compliance reviews and to support dispute resolution if you report a problem with a withdrawal or deposit.

We use behavioural data (IP logs, browser information, cookies) to detect fraud, prevent account compromise, and enforce our terms. If multiple login attempts fail, we may temporarily lock your account for security. If we detect unusual transaction patterns or geographic inconsistencies, we may request additional verification before processing a withdrawal.

We do not use your data for marketing purposes beyond sending you account-related notifications. We do not sell your information to third parties. We do not profile you for targeted advertising on external platforms. Our data use is limited to operating mahongtoto, protecting your account, and complying with legal obligations.

Third-Party Processors and Data Sharing

We share your data with third parties only when necessary. Payment processors (the partners behind mobile banking, local payment, online payment, e-wallet, mobile banking, and our banking partners local payment, online payment, e-wallet, mobile banking) receive your name, phone, and transaction details to settle deposits and withdrawals. These processors operate under their own privacy policies and security standards. We contractually require all processors to protect your data at the same level we do.

We may disclose data to government agencies, financial regulators, or law enforcement if required by law, court order, or subpoena. Such disclosures are limited to what is legally necessary. We do not voluntarily share your information with authorities absent a legal requirement.

Our platform is hosted on secure cloud infrastructure; our servers may sit outside Indonesia. We apply the same encryption and access controls regardless of server location. Cloud providers have limited access to your data and are contractually bound to keep it confidential.

Cookies and Session Data

We use cookies to maintain your mahongtoto session, remember your language preference, and track your navigation. Session cookies expire when you log out. Preference cookies persist for 12 months so you do not need to reset language settings. We use no third-party tracking cookies; all cookies are set and managed by mahongtoto directly.

You can disable cookies in your browser settings, though doing so may limit mahongtoto functionality (e.g., you may be logged out after browser refresh). We do not track you across other websites or apps—our cookie scope is limited to mahongtoto.app and our Android app.

Your Rights and Data Control

We at mahongtoto recognise your data control rights. You can view your personal information, transaction history, and account settings at any time via your dashboard. You can update your email, phone, and payment method directly. You can request a copy of your data in a portable format by contacting our support team—we will provide a CSV or JSON file of your account records within 10 business days.

You can request deletion of your data after account closure, subject to legal retention requirements. We must retain transaction records for seven years for financial compliance. Identity documents are deleted one year after account closure unless we are under investigation or legal hold. You can request account closure through your dashboard; we will process it within five business days, and your balance will be paid out to your registered payment method.

You can opt out of non-essential notifications (such as promotional emails about new football tournaments or esports events) by adjusting your notification settings. You cannot opt out of account-security alerts, withdrawal confirmations, or legal notices—these are necessary for account operation and regulatory compliance.

Your data on mahongtoto is yours. We collect only what we need, protect it with encryption, and give you control over how it is used and shared.

mahongtoto privacy commitment

Data Retention and Security

We retain your account data for as long as your mahongtoto account is active. After you close your account, we retain transaction records for seven years for anti-money-laundering compliance. Identity documents are retained for one year post-closure then deleted, unless we are under legal hold or investigating a dispute. Session cookies expire upon logout; preference cookies persist for 12 months unless you clear your browser cache.

We protect your data using AES-256 encryption for data at rest and TLS 1.3 for data in transit. Access to customer data is restricted to authorised mahongtoto staff (compliance, support, finance) who have signed confidentiality agreements. We conduct annual security audits and penetration testing. We maintain a log of all data access for audit purposes. If we discover a breach, we will notify affected users within 30 days and advise the relevant regulator.

Updates and Jurisdiction-Restricted Access

We may update this privacy notice to reflect changes in our practices or legal requirements. Material changes will be communicated via email and in-app notification; continued use of mahongtoto after notification constitutes acceptance. This notice was last updated in 2025; version history is maintained on our website.

mahongtoto services are available only in jurisdictions where local law permits. Your access may be restricted based on your IP address, payment method registration, or KYC verification location. During holidays such as Idul Fitri, Idul Adha, and Imlek, your account remains active but some support services may operate on limited schedules. Data collection and retention practices continue during all periods.

If you have questions about this privacy notice, contact our support team via in-app chat, email, or phone. We respond to privacy inquiries within five business days. You may also file a complaint with your local data-protection authority if you believe we have violated your privacy rights.