mimpitoto Casino & Sportsbook Data Care

This page describes what we collect when you use mimpitoto and how we keep that data protected. We at mimpitoto process your personal information—name, contact details, payment method, and account activity—only for the purposes necessary to deliver our service, verify your identity, and comply with law.

Our mimpitoto privacy policy explains where your data is stored, who can access it, how long we retain it, and what rights you have regarding your information. We encrypt all data in transit and at rest, and we do not sell your information to third parties. Your privacy is central to how we operate as a platform.

If you have questions about our data practices on mimpitoto, our support team can provide clarification. You also have the right to request a copy of your data, request deletion, or withdraw consent for certain uses—all through your account dashboard or by contacting us directly.

What Data We Collect on mimpitoto

When you register on mimpitoto, we collect your email address and phone number. During account verification, we collect your government-issued ID (Kartu Tanda Penduduk, passport, or driver's licence), a photo of you, and proof of residence (utility bill or bank statement). We store these documents securely and use them only to verify your identity and confirm your location.

When you fund your account, we collect payment information: your chosen payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, or e-wallet), the amount, and the transaction reference. We do not store your raw card or bank details—our payment processors tokenize this information, and we store only a reference token.

As you use mimpitoto, we log your account activity: wagers placed, games played, results, deposits, withdrawals, bonus claims, and support interactions. We also record your login history, device information (operating system, browser type), and IP address. This data helps us detect fraud, resolve disputes, and improve our platform.

Cookies and analytics: Our mimpitoto website uses cookies to remember your login session and track usage patterns. We use Google Analytics and similar tools to measure how players navigate our platform, which helps us improve our interface and game offerings.

We also collect data on your interactions with our communications. If you opt into marketing emails, we track whether you open them and which links you click. This helps us personalize future messages. You can unsubscribe from marketing emails at any time via a link in the email footer.

How We Use Your Data on mimpitoto

We at mimpitoto use your data primarily to deliver our service. We process your identity documents to verify you are eligible to use mimpitoto and to prevent underage access, fraud, and money-laundering. We use your payment information to process deposits and withdrawals safely.

We analyse your account activity and device information to detect suspicious behaviour—such as account takeover attempts, bonus abuse, or colluding with other players. If we flag your account, we may place a temporary hold on withdrawals while we investigate. We will contact you via email or phone with details of our investigation and how to respond.

We use your data to personalise your experience on mimpitoto. If you are a new player, we may highlight games popular with beginners. If you are a high-activity player approaching a loyalty tier threshold during Idul Fitri, Idul Adha, Imlek, or Nyepi, we may notify you of tier-specific promotions. This personalization is based solely on your own account history, not on data from other players.

We also use your data to comply with law. Tax authorities may request our records of your activity. Anti-money-laundering regulators may ask for transaction history. We share data with these authorities only when legally required—never voluntarily or for marketing purposes.

Third-Party Processors and Data Sharing on mimpitoto

Our mimpitoto infrastructure relies on several trusted third parties. Our payment processors (Stripe, PaymentExpress, or similar) handle tokenization of payment data. Our email service provider sends transactional emails and marketing communications. Our hosting provider (Amazon Web Services or similar) stores our databases and runs our servers.

We have data processing agreements with all third parties, requiring them to encrypt data, restrict access, and use data only for the purposes we specify. We do not permit them to use our customer data for their own marketing or to share it with their other clients.

Our mimpitoto live-dealer game studios may process video feeds that include your activity at the table. These feeds are used only for game settlement and dispute resolution—not for surveillance of your personal habits outside the game. Video data is retained for 90 days, then deleted.

Geographic data transfer: Our servers may be located outside Indonesia. Your data is encrypted during transfer and at rest, so the physical location of our servers does not increase the risk of unauthorised access.

How Long We Keep Your Data on mimpitoto

We retain your identity documents (ID, selfie, proof of residence) for as long as your account is active, plus seven years after closure. This seven-year window is required by Indonesian tax and anti-money-laundering law. After seven years, we securely delete these documents.

We retain your transaction history (deposits, withdrawals, wagers, results) for seven years, then delete it. We retain your login history, device information, and IP logs for 90 days, then delete it. We retain email communications and support tickets for one year after resolution, then delete them.

If you request account closure on mimpitoto, we immediately disable your login and prevent new activity. Your historical data remains encrypted and is retained only for compliance purposes (tax audit, dispute resolution, anti-fraud investigation). We do not use closed-account data for marketing or analytics.

Your Rights Regarding Data on mimpitoto

You have the right to request a copy of all personal data we hold about you on mimpitoto. Navigate to Account → Privacy on your dashboard and select "Download my data". We compile your data into a portable file (CSV or JSON) and email it to you within 10 business days.

You have the right to request deletion of your data, subject to legal retention requirements. Contact our support team with a deletion request. We will delete what we can (e.g., marketing preferences, login history) and notify you of any data we are legally required to retain.

You have the right to withdraw consent for specific uses of your data. For example, you can opt out of marketing emails while keeping your account active. You can disable cookies in your browser settings, though this may affect mimpitoto's functionality. You can request that we not use your data for analytics—contact support to opt out.

You also have the right to lodge a complaint with your national data protection authority if you believe our mimpitoto data practices violate local privacy law. We cooperate with regulatory investigations and will provide documentation as requested.

Our Security Practices on mimpitoto

We at mimpitoto encrypt all data in transit using HTTPS (TLS 1.2 or higher). All servers hosting mimpitoto data are encrypted at rest using AES-256 encryption. Access to our servers is restricted to authorized staff, and all staff access is logged and audited monthly.

We conduct annual penetration testing and vulnerability scans by independent security firms. We maintain cyber liability insurance covering data breaches and maintain incident response procedures. If a breach occurs, we notify affected users within 72 hours of discovery and describe what data was accessed.

Password security is your responsibility. We recommend a strong password (minimum 8 characters, uppercase, lowercase, number, special character) and changing it every 90 days. We also recommend enabling two-factor authentication (2FA) via Google Authenticator or Authy—this adds a second verification step when you log in, preventing account takeover even if your password is compromised.

Phishing and social engineering: mimpitoto will never ask you for your password via email, chat, or phone. If someone claiming to be from mimpitoto requests your password, it is a scam. Forward the message to our support team immediately.

Cookies and Tracking on mimpitoto

Our mimpitoto website uses session cookies to remember your login and maintain your session. Without these cookies, you would need to re-enter your password on every page. Session cookies expire when you close your browser.

We also use persistent cookies to remember your preferences (language, theme). These cookies are set to expire after one year. You can delete cookies at any time in your browser settings, though this will log you out and reset your preferences.

We use Google Analytics and similar analytics tools to measure traffic, user engagement, and feature usage on mimpitoto. These tools set cookies that track your movements across our site. You can opt out of analytics tracking via your browser's "Do Not Track" setting or by visiting our privacy dashboard on mimpitoto.

We do not use cookies to track you across other websites. Our cookies are used only on mimpitoto and only for the purposes stated here.

How to Contact Us and Update Your Information on mimpitoto

If you have questions about our privacy practices on mimpitoto, contact our support team via email or live chat. You can also write to our compliance officer with privacy concerns. We respond to privacy inquiries within five business days.

You can update your email, phone number, and payment method at any time via Account → Settings on mimpitoto. Changes to your payment method are processed immediately. Changes to contact details take effect within 24 hours.

We update this privacy policy periodically to reflect changes in our practices or law. Material changes are announced via email to all registered users at least 30 days before taking effect. Your continued use of mimpitoto after the effective date means you accept the updated policy.