Terms of Service
Terms cover what you agree to when using the lobby; this policy covers what we collect while you do. References cross-link so a clause about verification appears in both with matching wording.
LEGAL REFERENCE
How m3toto Handles Your Account Data
This privacy policy explains what m3toto collects when you open an account, browse our slot rooms, place sportsbook selections or top up through DANA, OVO, GoPay and QRIS...
Account dataDevice signalsCookiesMarketing choicesIndonesia scope
Policy Posture and Jurisdiction Scope
We apply this privacy policy to every m3toto surface accessible from Indonesia where local law permits. Data you submit during registration — name, contact, verification documents — is stored to confirm your identity and keep the lobby secure. Transaction metadata from DANA, OVO, GoPay and QRIS is retained for reconciliation windows required by payment partners. We do not sell your personal data.
Where supported regions allow, you can request a copy of what we hold, ask for corrections, or close the account entirely. Policy revisions are timestamped at the foot of this page so you can see when wording last shifted.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
24/7 SUPPORT
Privacy Contact Paths
If something in this policy needs clarification, or you want to exercise a data right, reach our privacy desk through any of the channels below. We respond in the order requests arrive and confirm receipt the same day where local law permits.
Team online
Privacy Inbox
Email our data team directly with the subject line that matches your request — access, correction, deletion or marketing opt-out — and we'll route it to the right reviewer within one business day.
Live Chat Desk
Open the chat bubble inside your account and ask for the privacy queue. Agents can verify your identity on the spot and log formal data requests without you leaving the lobby.
Postal Address
For documented requests requiring a wet signature, our registered correspondence address is listed on the contact page. Include your account handle so the privacy reviewer can match the file quickly.
EDITORIAL CLARITY
Editorial Trust Signals for This Policy
This policy is maintained by the same internal team that handles compliance for our Indonesia-facing brand. We document each revision, log who approved it, and align wording with payment-partner requirements so nothing...
Named Reviewer
Each revision is signed off by a named compliance lead before it goes live, so the wording you read here matches an internal owner rather than an anonymous template pulled from elsewhere.
Versioned History
We keep prior versions of this policy on file. If a clause changed between your registration date and today, we can show you exactly what shifted and when the update took effect.
Payment Partner Alignment
Wording about DANA, OVO, GoPay and QRIS data flows is reviewed against each partner's own retention rules so the policy stays consistent with how the rails actually behave.
Plain-Language Pass
Every draft goes through a plain-language pass in en-ID before publication. We strip jargon so you can read the policy on a phone in two minutes rather than ten.
Annual Audit
An internal audit revisits the full policy at least once per year, checking that collection points match the disclosures and that retention windows still reflect current operational practice.
Independent Counsel
Material clauses — particularly around cross-border processing and supported regions — are run past external counsel familiar with Indonesia data norms before they reach this page.
SIDE BY SIDE
Consistency Across Our Legal Pages
Our privacy policy is written to slot in cleanly beside the terms, cookie notice and account-closure pages. The points below show where this page agrees with siblings and where it deliberately goes...
Cookie Notice
The cookie notice itemises each tag and lifespan. This policy summarises the categories — strictly necessary, analytics, marketing — and points to the notice for the full table.
Account Closure
Closure procedure lives on its own page. This policy explains what data survives closure for legal retention and what is purged inside the standard window.
Marketing Preferences
The preference centre lets you toggle channels. This policy explains the lawful basis we rely on for each channel and how withdrawal of consent is recorded.
KYC Disclosure
KYC document handling is described here at policy level and in operational detail on the verification page. Both pages reference the same retention period.
Complaints Path
The complaints page lists escalation steps. This policy reiterates your right to lodge a privacy complaint with the supervisory authority where local law permits.
Security Statement
The security statement covers technical safeguards. This policy references those controls without duplicating the engineering detail, keeping each page focused on its own audience.
What This Policy Page Actually Shows You
The layout on this page is built so you can find the clause you need without scrolling through marketing copy. Below are the visible blocks we've...
Clause Anchors
A sticky table of contents pins to the side on desktop so you can jump from collection to retention to your rights without losing your place in the document.
Revision Stamp
At the foot of the page you'll see the last-updated date and a short summary of what changed in the most recent revision, so returning readers can skip straight to it.
Glossary Tooltips
Terms like processor, controller and lawful basis carry inline tooltips. Hover or tap and a short en-ID definition appears without sending you to a separate glossary page.
Request Shortcuts
Buttons beside the rights section open prefilled request forms for access, correction or deletion, so you don't have to compose an email from scratch to start the process.
Print View
A print-friendly version strips navigation and renders the policy as a clean document, useful if you want a dated copy on file before opening your account.
Language Toggle
The page is published in en-ID by default with a toggle to Bahasa Indonesia. Both versions are treated as authoritative and updated together on the same release.
Privacy Policy Questions
We collect your name, date of birth, contact details and a verification document so we can confirm identity and meet payment-partner rules. Device and session signals are logged separately for security purposes during every lobby visit.
Active account data stays on file while your account is open. After closure we retain identity and transaction records for the period required by payment partners and local law, then purge the rest inside our documented window.
Transaction metadata — amount, timestamp, reference — is retained for reconciliation. We do not store full wallet credentials on our systems. The payment rails handle their own authentication and share only what's needed to settle your top-up.
Yes. Submit an access request through the privacy inbox or chat desk and we'll prepare a structured export within the timeframe local law permits. Identity is verified before any file leaves our systems to protect your account.
Open the preference centre inside your account and toggle the channels you no longer want — email, SMS, push. Changes apply immediately and we log the timestamp so the withdrawal of consent is auditable later.
We share only what's needed with payment partners, verification vendors and infrastructure providers under written agreements. We do not sell personal data. Any cross-border processing is documented in the international transfers clause further up this page.
The revision date sits at the foot of the page alongside a short summary of what changed. We email account holders when material updates ship, giving you time to review before the new wording takes effect.