hermantoto online Platform Privacy Notice

This page describes what we collect when you use hermantoto online and how we keep that data protected. We collect personal information during account setup, deposits, withdrawals, and gameplay. We use this data to verify your identity, process payments, comply with regulations, and improve our service. We do not sell your data to third parties, and we encrypt all sensitive information in transit and at rest.

Our privacy practices are transparent and compliant with applicable data-protection standards. We store your data on secure servers, limit access to authorized staff, and retain information only as long as necessary. You have rights over your data—you can request access, correction, or deletion through our support team. This notice explains our practices in detail and answers common questions about data handling on hermantoto online.

If you have questions about how we handle your data, contact our support team via email during business hours. We respond to privacy inquiries within 5 business days.

What Data We Collect on hermantoto online

We collect several categories of data when you use hermantoto online. During account setup, we collect your name, email address, date of birth, phone number, and residential address. During KYC verification, we collect identity documents (KTP, passport, or driver's license) and may request proof of address. We store these documents securely and do not share them with third parties except where required by law or for regulatory compliance.

When you deposit or withdraw on hermantoto online, we collect payment information—your bank account details, DANA wallet ID, e-wallet number, mobile banking account, local payment credentials, or other payment method identifiers. We do not store full payment credentials on our servers. Instead, we use encrypted tokens provided by payment processors. This means your online payment PIN, bank password, or payment app credentials are never visible to hermantoto online staff.

Account data

Name, email, date of birth, phone, address, identity documents. Collected during signup and KYC verification.

Payment data

Payment method identifiers (e-wallet, mobile banking, local payment, online payment, bank account). Stored as encrypted tokens, not raw credentials.

Gameplay data

Game history, bets, results, account balance. Used to track your activity and detect fraud.

Technical data

IP address, device type, browser, login times. Collected for security and service improvement.

We also collect gameplay data—your game history, bets placed, results, and account balance. This data helps us detect fraud, resolve disputes, and improve our service. We track your activity on Liga 1 betting, Piala Indonesia markets, slot tournaments (Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways), and live-dealer tables. We retain gameplay data for at least three years to comply with regulatory requirements.

Technical data is collected automatically. When you access hermantoto online, we log your IP address, device type, browser, operating system, and login times. We use this data to detect unauthorized access, prevent fraud, and improve platform performance. We do not use this data to identify you personally—it is linked to your account only for security purposes.

We at hermantoto online collect only the data necessary to operate our service securely and comply with regulations. We do not sell or share your data with third parties.

How We Use and Protect Your Data on hermantoto online

We use your data for specific purposes. First, we verify your identity and comply with KYC regulations. We collect identity documents and cross-check them against official records to ensure you are who you claim to be. This process protects both you and hermantoto online from fraud. Second, we process your deposits and withdrawals. We use your payment information to route funds to and from your account. We do not retain payment credentials—we use encrypted tokens that expire after each transaction.

Third, we detect and prevent fraud. We monitor your account for suspicious activity—unusual login locations, rapid withdrawals, or patterns consistent with money laundering. If we detect suspicious activity, we may temporarily restrict your account pending review. We contact you via email to confirm the activity. Fourth, we improve our service. We analyze gameplay data to identify technical issues, optimize game performance, and understand user preferences. We do not use this data to identify individuals—we aggregate it across all users on hermantoto online.

We protect your data using industry-standard security measures. All data in transit is encrypted using SSL/TLS protocols. Sensitive data at rest—passwords, payment tokens, identity documents—is encrypted using AES-256 encryption. We limit staff access to personal data; only authorized personnel can view your information, and only for legitimate business purposes. We conduct regular security audits and update our systems to address emerging threats.

Our servers may be located outside your jurisdiction. If you are in Jakarta, Surabaya, Bandung, Medan, or Semarang, your data may be processed and stored on servers in other countries. By using hermantoto online, you consent to this international data transfer. We maintain the same security standards regardless of server location. If you do not consent to international data transfer, you should not use our service.

We may disclose your data if required by law. If a government agency requests your information, we comply with legal requirements. We do not voluntarily share your data with third parties. However, we use third-party processors for specific functions—payment processing, email delivery, fraud detection. These processors are contractually bound to protect your data and use it only for the purposes we specify.

You have rights over your data on hermantoto online. You can request access to all data we hold about you. You can request correction if your data is inaccurate. You can request deletion of your data, subject to legal retention requirements. You can request a portable copy of your data in a standard format. To exercise these rights, contact our support team via email. We respond to data-access requests within 10 business days.