Your Privacy Matters — Here's How We Protect It
We handle your account details, payment records and gameplay data with encryption and regular security audits. This privacy policy explains exactly what we collect, why we keep it...
Privacy Policy Framework
to1888 collects account information (name, email, phone), payment details linked to QRIS, DANA, OVO and GoPay wallets, and gameplay records to deliver your lobby access, process withdrawals, detect fraud and comply with local regulations in supported regions. We use third-party payment processors and analytics providers bound by confidentiality. Your data stays within our infrastructure unless law enforcement or payment networks require disclosure.
We do not sell personal information to marketers.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
How We Earn Your Data Trust
TLS 1.3 Encryption
All payment and login flows use military-grade encryption. Your QRIS, DANA, OVO and GoPay credentials never touch our servers in plain text.
Annual Security Audits
We commission third-party penetration testing and compliance reviews every twelve months. Results shape our infrastructure roadmap.
PCI DSS Level 1
Payment processing meets international card-security standards. Audit reports are available to verified account holders upon request.
GDPR & Local Compliance
We respect data-protection laws across EU jurisdictions and Indonesian privacy frameworks. Your rights to access and erasure are honoured.
No Third-Party Sales
We do not broker or sell personal data to advertisers, data brokers or marketing firms. Your profile stays between you and to1888.
Incident Response Protocol
If a breach occurs, we notify affected accounts within 72 hours and publish a transparency report detailing scope, response and remediation steps.
Policy Consistency Across Our Brand
| Terms of Service | Outlines account rules, wager limits and dispute resolution. Works hand-in-hand with this privacy policy. |
|---|---|
| Cookie Policy | Explains session cookies, analytics trackers and how to manage consent. Referenced within privacy settings on login. |
| Withdrawal & Refund Policy | Details payout timelines and QRIS, DANA, OVO, GoPay processing fees. Data handling aligned with privacy frameworks. |
| Fraud Prevention Policy | Describes verification steps and account holds. Uses personal data only for security; never shared outside our risk team. |
| Affiliate Privacy Addendum | If you refer a friend, we track referral codes and payouts separately. Referral data is subject to the same encryption and audit standards. |
| Marketing Communication Policy | You control email, SMS and in-app notification frequency. Opt-out is immediate; we never re-add you without explicit consent. |
| Data Retention Schedule | Account data is kept for seven years post-closure. Payment records retained per local law; audit logs purged after two years of inactivity. |
What This Policy Covers
Account Registration Data
Name, date of birth, email, phone and ID number collected at signup. Used to verify your identity, prevent fraud and meet local KYC requirements.
Payment & Wallet Links
QRIS codes, DANA app IDs, OVO account numbers and GoPay tokens are encrypted and stored separately. We never log your PIN or OTP.
Gameplay & Bet History
Game logs, stake amounts, win/loss records and session timestamps are kept for seven years. Used for dispute resolution and fraud detection.
IP Address & Device
We log your IP, browser version and device type to spot unusual login patterns and prevent account takeover. This data is purged after 90 days.
Support & Compliance Records
Chat transcripts, email threads and refund requests are archived for two years. Used to train support staff and defend disputes fairly.
Withdrawal & Tax Documentation
Large payouts trigger tax filing forms where required. We keep these records per local finance ministry rules, typically five years.