ormastoto Privacy Policy - How We Protect Your Data

Payment credentials and identity documents are sensitive. Most platforms store them generically and pass them to multiple vendors. We at ormastoto compartmentalise your data—payment details go to trusted payment processors only, identity documents stay on our secure servers, and we do not cross-sell or share your information across third parties without your explicit consent.

This page describes what we collect when you use ormastoto, who we share it with, how we protect it, and what rights you have. We want you to understand exactly where your data goes when you open an account, make a deposit via DANA or e-wallet, or request a withdrawal.

Our commitment is transparency: we will not ask for more data than we need, we will not store it longer than we must, and we will tell you clearly if we are required by law to disclose it.

How We Collect and Use Your Data on ormastoto

When you register on ormastoto, we ask for your email, phone number, full name, date of birth, and identity number. We use this information to create your account, to comply with anti-money-laundering rules, and to contact you about your account if needed. We do not sell your personal data to marketers or third-party brokers. We store your information on encrypted servers. Our team in Jakarta and our technical infrastructure across Indonesia handle your data securely.

Payment Information and Our Processing Partners

When you deposit via DANA, e-wallet, mobile banking, local payment, online payment, or e-wallet, your payment credentials are sent directly to those e-wallet providers—we do not store your credentials on our servers. Similarly, if you deposit via mobile banking, local payment, online payment, or e-wallet virtual account, you are transferring funds to a business account we maintain; the bank handles the authentication, and we receive only the confirmation of the transfer.

We at ormastoto see the amount, the timestamp, and the source account type. We do not hold your card numbers, PIN codes, or e-wallet passwords. Our payment processors are PCI-DSS compliant and meet local financial security standards. When you withdraw, we return funds only to the original source—if you deposited via mobile banking, your withdrawal goes back to your local payment wallet. This protects you from unauthorized fund transfers.

We never store your payment credentials

Payment details are handled by your e-wallet provider or your bank, not by ormastoto. We see confirmation of the transaction, not your passwords or card numbers.

Identity Verification Documents

Before your first withdrawal, we require you to upload a photo of your national ID and a selfie. We use these to verify your identity and prevent fraud. We store these documents on secure, encrypted servers. We do not share them with third parties unless required by law. We delete identity documents after two years unless local regulation requires a longer retention period.

Cookies and Tracking on ormastoto

We use cookies to keep you logged in to your ormastoto account and to remember your preferences. Cookies are small files stored on your phone or browser. We do not use cookies to track you across other websites. We do not build a profile of your browsing outside ormastoto. Our cookies are functional only—they help our platform work, not to market to you elsewhere.

Game Logs and Account Activity

We record your game history, deposits, withdrawals, and betting activity on ormastoto. This data helps us detect fraud, dispute settlements fairly, and comply with anti-money-laundering checks. We keep game logs for seven years. You can access your own account history at any time by logging into your ormastoto account and viewing your transaction list.

Data access: You can download your account data from ormastoto at any time. Log in, go to Account Settings, and select Download My Data. We will send you a file containing your personal information, transaction history, and game logs within 5 business days.

Your Data Rights and Contact

You have the right to request a copy of your data, to correct inaccurate information, and to request deletion of your account and associated data. To exercise these rights, contact our support team. We will respond within 30 days. If you are in a jurisdiction with specific data protection laws (such as GDPR equivalent), those protections apply to you, and we will honor your requests in accordance with those laws.

Our servers may sit in jurisdictions outside your location. By using ormastoto, you consent to your data being processed and stored internationally where necessary. We maintain the same security standards regardless of server location. We do not transfer your data to jurisdictions with weaker data protection laws without your consent.

We may update this privacy policy from time to time. If we make changes that affect your data, we will notify you via email or through your ormastoto account. Your continued use of ormastoto after the update means you accept the new policy. If you do not agree with a material change, you may close your account and request deletion of your data.

To contact our data protection team, email us through your ormastoto account support page or visit our office in Surabaya during business hours. You can also submit a data request by post to our registered address. We respond to all inquiries within two business days.