LEGAL REFERENCE

Your Privacy Matters to Us

We built herototo around your trust. This privacy policy shows exactly how we handle your account details, payment information and personal data across our live casino tables, slot...

Data ProtectionPayment SecurityAccount PrivacyTransparent PracticesIndonesia Compliant

See the Lobby Read FAQ

How We Protect Your Information

herototo collects personal information only to set up your account, process deposits via DANA, OVO, GoPay and QRIS, and deliver the games and sportsbook markets you request. We use encryption to secure all data in transit and at rest. Your payment details are never stored on our servers after a transaction completes. We comply with data protection standards in supported regions and

do not share your information with advertisers, data brokers or unaffiliated third parties without your explicit consent.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

PLAYER SUPPORT

Privacy Questions? We're Here

WHY VISITORS TRUST US

Why Your Privacy Is Secure Here

SSL Encryption

All data between your device and our servers travels through military-grade encryption. Your login, payment details and game activity are protected from interception.

No Third-Party Sales

We never sell your personal information to marketers, data brokers or external companies. Your account stays yours alone, used only to deliver herototo services.

Regular Security Audits

Our systems undergo quarterly penetration testing and compliance reviews. We stay ahead of emerging threats and update our defenses continuously.

Payment Data Isolation

DANA, OVO, GoPay and QRIS transactions are processed through PCI-compliant gateways. We never store full card or wallet credentials on our infrastructure.

Transparent Logging

We keep audit logs of who accesses your data and when. You can request a full activity report from your account at any time.

Incident Response Plan

If a breach occurs, we notify affected users within 24 hours with clear steps to protect your account. We maintain cyber insurance and legal compliance protocols.

How Our Policy Stacks Up

Data Minimization	We ask for only the information needed to verify your identity and process payments. No unnecessary fields, no hidden data collection.
User Control	You can download, update or delete your personal data anytime from account settings. Deletion requests are processed within 30 days.
Cookie Transparency	We use cookies only for session management and fraud prevention. No tracking pixels, no cross-site profiling, no behavioural advertising.
Vendor Accountability	Every third-party service we use (payment processors, hosting providers, analytics) signs a data protection agreement. We audit them annually.
Regional Compliance	Our policy aligns with data protection standards in supported regions. We respect local privacy laws and adjust practices accordingly.
No Automated Decisions	We don't use algorithms to make decisions about your account access, Deposit references or game eligibility without human review.
Policy Updates	When we change this policy, we notify you 30 days in advance. You can review changes and opt out of new practices before they apply.

What Defines Our Privacy Approach

Account Ownership

Your account is yours alone. We never share login credentials, session tokens or account access with anyone, including support staff, without your written permission.

Payment Method Privacy

DANA, OVO, GoPay and QRIS transactions are linked to your account but never exposed to other users. Your payment history stays private and encrypted.

Game Activity Confidentiality

Your slot sessions, live table hands and sportsbook bets are logged for your records only. We don't publish player activity or share it with third parties.

Location Data Limits

We collect your general location (country/region) for compliance only. We never track your precise GPS location, device movement or real-time whereabouts.

Communication Preferences

You control every email, SMS and push notification. Opt out of promotions anytime from your account without losing access to service updates.

Data Retention Limits

We keep your account data for as long as your account is active. After closure, we delete personal information within 90 days unless law requires retention.

Privacy Policy Questions Answered

We collect your name, email, phone number, date of birth and address to verify your identity and comply with local regulations. We also log your IP address, device type and browser for security. Payment details are collected only during transactions and processed through secure gateways.

We retain your account data for 90 days after closure to process final payouts and resolve disputes. After that, we delete personal information permanently. Transaction records may be kept longer if required by law in supported regions.

Yes. Log into your account, go to Settings > Privacy, and select Download My Data or Request Deletion. Download requests are processed within 7 days. Deletion requests take up to 30 days and remove all personal information except legally required records.

No. We never sell your personal information to marketers, data brokers or external companies. We share data only with payment processors, hosting providers and compliance partners under strict confidentiality agreements.

All payment transactions are encrypted end-to-end and processed through PCI-compliant gateways. We never store your full payment credentials. DANA, OVO, GoPay and QRIS handle tokenization, so we only see transaction confirmations.

We notify all affected users within 24 hours with details of what was accessed and steps to protect your account. We maintain cyber insurance and work with law enforcement. You can request a full incident report from our support team.

Yes. We use cookies only for session management and fraud prevention. You can disable non-essential cookies in your browser settings. Disabling them may affect account functionality, but your privacy choice is always respected.