Clear Language
We write our privacy terms in plain English, not legal jargon, so you actually understand what happens to your data.
LEGAL REFERENCE
Your Privacy Matters to Us
We've built castletoto around your trust. This privacy policy shows exactly how we handle your account details, payment information and personal data across every part of our platform...
Data ProtectionPayment SecurityAccount PrivacyTransparent PracticesYour Control
How We Protect Your Information
castletoto operates under applicable data protection laws in supported regions where we offer our platform. We collect personal information — your name, email, phone number and payment details — only to set up your account, process transactions through DANA, OVO, GoPay and QRIS, and keep your lobby experience secure. We use encryption for all sensitive data, never sell your information to third
parties, and store everything on secure servers. You can request access to your data or ask us to delete it at any time through your account settings or by contacting our support team.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
WHY THIS PLATFORM
Why You Can Trust Our Privacy Approach
Encryption Standard
All data transmitted between your device and our servers uses industry-standard SSL encryption, the same technology banks use to protect financial transactions.
No Third-Party Sales
We never sell, rent or share your personal information with marketing companies, data brokers or any external parties without your explicit written consent.
Regular Security Audits
Our infrastructure undergoes regular security reviews to identify and fix vulnerabilities before they affect your account or payment data.
Payment Data Isolation
Your DANA, OVO, GoPay and QRIS details are processed through PCI-compliant payment gateways and never stored in plain text on our servers.
Transparent Logging
We keep audit logs of who accesses your account and when, so you can see exactly what activity has occurred on your profile.
Data Retention Limits
We only keep your information as long as needed to run your account and comply with local laws. You can request deletion of inactive account data anytime.
WHY THIS PLATFORM
How Our Privacy Policy Compares
No Hidden Clauses
Every data practice we use is listed here. We don't bury important details in footnotes or appendices you'll never read.
Easy Data Access
Request a copy of all your personal data in one click from your account settings, not through a weeks-long support process.
Deletion on Demand
Close your account and we'll remove your data within 30 days, except where local law requires us to keep records for compliance.
Payment Method Control
You choose which DANA, OVO, GoPay or QRIS account links to castletoto, and you can disconnect or swap them anytime.
Breach Notification
If we ever discover unauthorized access to your account, we notify you within 48 hours with details and steps to protect yourself.
Policy Updates
When we change this privacy policy, we email you 30 days in advance and let you review the changes before they take effect.
What This Privacy Policy Covers
Account Registration
Your name, email, phone number and identity verification details are encrypted and used only to create and secure your castletoto account.
Session Activity
We log which games you open, how long you play and when you're active to improve your experience and detect unusual account behavior.
Payment Transactions
Every deposit and withdrawal through DANA, OVO, GoPay or QRIS is recorded with timestamps and amounts for your account history and our compliance records.
Device Information
We collect your device type, browser and IP address to prevent fraud, enforce account security and ensure you can access the lobby from anywhere.
Communication Records
Emails, chat transcripts and support tickets are kept in your account file so we can help you faster and resolve disputes with a clear history.
Cookies and Tracking
We use cookies to remember your login, keep you in the lobby and show you relevant promotions — you can disable them in your browser settings anytime.
Privacy Policy Questions Answered
We delete your personal data within 30 days of account closure, except for transaction records we're required to keep by local law for up to seven years. You can request early deletion of non-essential data anytime.
Yes. Log into your account, go to Settings > Privacy, and click 'Download My Data' to receive a complete file of everything we've stored about you, including your profile, transactions and activity logs.
Your payment details are processed through PCI-compliant gateways and never stored in plain text. We use the same encryption banks use, and your payment provider handles the actual transaction — we only see confirmation codes.
No. We never sell or share your personal information with third parties for marketing, advertising or any other purpose without your explicit written permission. We only share data with payment processors to complete your transactions.
We notify you by email within 48 hours with details of what was accessed, steps we've taken to secure your account and what you should do to protect yourself. We also report the breach to relevant authorities where required by law.
Yes. You can disable cookies in your browser settings, though some features like staying logged in may not work. You can also manage tracking preferences in your account settings under Privacy Controls.
We review our privacy practices regularly and update this policy when needed. We'll email you 30 days before any changes take effect so you can review them and decide if you want to continue using castletoto.