kristoto Casino & Sportsbook Data Care

This page describes what we collect when you use kristoto and how we keep that data protected. Our privacy practices centre on transparency — we explain what information we gather, who has access to it, and how long we retain it. We collect only what is necessary to run our platform, verify your identity, process your payments, and comply with regulations in the jurisdictions where we operate.

We at kristoto take data security seriously. Your email, password, identity documents, and payment information are encrypted and stored on secure servers. We do not sell or share your personal data with third parties for marketing. Our only external data sharing occurs with payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) and anti-fraud partners who help us keep your account safe.

By using our kristoto platform, you consent to the data practices described here. If you do not agree with how we handle your information, you should not create an account. If you have specific privacy concerns, our support team can address them — contact us through the in-app help centre.

What Data We Collect on kristoto

Account Registration Data

When you open a kristoto account, we ask for your email address, password, and date of birth. These are mandatory to create your account. Your email serves as your login credential and is used for password recovery and account notifications. We hash your password using industry-standard encryption; we never store it in plain text, and our staff cannot view it.

We also collect your full name, government ID number, and proof of address during Know Your Customer (KYC) verification. This information is required by anti-money-laundering (AML) regulations in every jurisdiction where we operate. We store your ID photo and address documentation encrypted in our secure vault. We retain this data for as long as your kristoto account is active, and for up to seven years after account closure for regulatory compliance.

Transaction Data

We record every deposit, withdrawal, and wager on your kristoto account. This includes the date, time, amount, payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer), and game or market involved. We use this data to calculate your account balance, generate your transaction history, and detect suspicious activity that might indicate fraud or account compromise.

Our kristoto system also logs your login timestamps and IP addresses. If we notice unusual access patterns — such as logins from multiple countries in quick succession — we flag the account for verification. This protects you from unauthorized access.

KYC data: Government ID, proof of address, full name. Retained for regulatory compliance; encrypted at rest.
Transaction logs: All deposits, withdrawals, and wagers. Used for balance calculation and fraud detection on kristoto.
Login logs: Timestamps and IP addresses of account access. Monitored for unusual activity.
Payment tokens: Encrypted references to your payment methods, not full card or account numbers.

Device and Usage Data

When you use our kristoto app on Android or access kristoto via iOS Safari, we collect information about your device — its type, operating system version, and unique device identifier. We also track which games you view, which markets you browse, and how long you spend on our kristoto platform. This data helps us improve performance, identify technical issues, and personalize your experience.

We do not track your location in real-time, but we may infer your approximate location from your IP address for security and regulatory purposes. If you access kristoto from a jurisdiction where our service is not available, we may block your account to comply with local law.

Communication Data

If you contact our kristoto support team, we retain copies of your messages — email, in-app chat, or support tickets. We use this data to resolve your issue, improve our support processes, and train our team. We keep support records for up to two years.

We may also send you optional marketing emails about new games, tournaments (Liga 1, Piala AFF, MotoGP, etc.), or payment promotions. You can disable these notifications in your kristoto account settings at any time. Disabling marketing emails does not affect service emails — account alerts, deposit confirmations, and withdrawal notifications are always sent.

How We Use and Protect Your kristoto Data

Data Use and Sharing

We use the data we collect on kristoto for the following purposes: account verification (KYC), payment processing, fraud detection, regulatory compliance, customer support, and platform improvement. We do not use your data for purposes beyond these without your explicit consent.

We share your data only with third parties who assist us in running kristoto. These include payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet), anti-fraud providers, and legal/compliance advisors. These partners are contractually bound to protect your data and use it only for their specified purpose.

We do not sell your personal information to advertisers, data brokers, or marketing firms. We do not share your betting history, account balance, or gaming preferences with any external party without your written consent.

Data Security on kristoto

Our kristoto infrastructure uses TLS 1.2 encryption for all data in transit — when you log in, deposit, or withdraw, your connection is encrypted end-to-end. Your password is hashed using bcrypt, a one-way encryption algorithm. Your ID photo and address documents are encrypted at rest using AES-256.

Our servers sit in secure data centres with physical access controls, redundant power supplies, and continuous monitoring. However, no system is completely immune to breach. In the unlikely event that our kristoto servers are compromised, we will notify all affected users as required by applicable law.

Important: You are responsible for keeping your kristoto password confidential. We never ask for your password via email, chat, or phone. If you suspect your account has been compromised, change your password immediately and contact our support team.

Cookies and Tracking

Our kristoto website and app use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyse usage patterns. Session cookies are temporary and expire when you log out. Preference cookies store your language choice and theme preference. Analytics cookies help us understand how players use kristoto — which games are popular, where users encounter issues, etc.

You can disable cookies in your browser settings, but this may prevent kristoto from functioning properly. Our Android app does not use traditional cookies but does use similar local storage for session management.

Your Rights Regarding Your kristoto Data

You have the right to access your data, request corrections if information is inaccurate, and request deletion of your account. To exercise these rights, contact our kristoto support team through the in-app help centre or via email. We will respond within 30 days.

Account deletion is permanent and irreversible. All your kristoto data — transaction history, game records, payment information — will be permanently removed after our retention period (typically 7 years for KYC data for regulatory compliance, and 2 years for transaction logs for dispute resolution). You may withdraw funds from your account before requesting deletion.

Data Retention and International Transfer

We retain your kristoto data for as long as necessary to provide our service, comply with regulations, and resolve disputes. KYC data is kept for up to 7 years; transaction logs for 2 years; support communications for 2 years. Inactive accounts may be subject to different retention rules — contact our support team for details.

Our kristoto servers may be located outside your jurisdiction (Indonesia). By using kristoto, you consent to your data being transferred to, processed in, and stored in countries outside Indonesia. These countries may have different data protection laws than Indonesia. However, we apply the same security standards regardless of server location.

Contact Us About Privacy

If you have questions about our kristoto privacy practices, wish to exercise your data rights, or have a privacy complaint, reach out to our support team. You can submit a privacy inquiry through the in-app help centre, and we will respond within 30 days. For urgent privacy concerns, especially in cities like Jakarta, Surabaya, Bandung, or Medan, we encourage you to contact us promptly so we can assist you.

Encryption

TLS & AES-256

KYC data

7-year retention

Sharing

Payment partners only

Marketing

Opt-in via settings

Changes to Our Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or law. We will notify you of material changes via email or through a prominent notice on our kristoto platform. Your continued use of kristoto after a change notification constitutes acceptance of the updated policy.

We are committed to protecting your privacy and operating kristoto with transparency. Thank you for trusting us with your data.