kikoto Platform Privacy Notice

This page describes what we collect when you use kikoto and how we keep that data protected. We at kikoto handle your personal information—email, phone number, national ID, payment details, and gameplay history—with care and in compliance with data protection laws applicable to our service area.

When you open an account on kikoto, download our Android APK, log in via Safari on your iPhone in Jakarta or Surabaya, or request a withdrawal via DANA or e-wallet, we collect data to verify your identity, process your transactions, and keep our platform safe. We do not sell your data to advertisers, we do not share your payment methods with unrelated third parties, and we delete documents after a set retention period.

Our privacy approach is straightforward: we collect only what we need, we encrypt it, and we limit access to our internal teams. Read below for specifics on data types, retention, your rights, and how to contact us.

What Data We Collect on kikoto

We collect data in several categories when you use kikoto:

  • Account information: Email, phone number, date of birth, full name, password (hashed), and security settings (two-factor authentication choice).
  • Identity verification (KYC): National ID number, passport or driver's license, and a photo of your ID document. We keep this separate from your account profile.
  • Payment information: Your deposit and withdrawal history, payment method type (e.g., DANA, e-wallet, mobile banking), and transaction status. We do not store your full bank account number or card number—payment processors (local payment, online payment, e-wallet, etc.) handle that.
  • Gameplay data: Every bet, every spin, every result, timestamps, and your running balance. This is logged in our Result Archive (visible to you anytime).
  • Device and usage data: Your Android APK version, iOS Safari user agent, IP address, device type, and general location (country, not street address).
  • Support interactions: Your messages to our help team, ticket history, and account recovery requests.

How We Use Your Data on kikoto

We use the data we collect on kikoto for these purposes:

  1. Account verification and compliance: We verify your identity via KYC to comply with anti-money-laundering (AML) laws and prevent fraud.
  2. Payment processing: We use your payment details to process deposits (mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment) and withdrawals. Payment processors see your method and amount; we do not share unnecessary details.
  3. Gameplay and account management: We log your gameplay to settle bets fairly, resolve disputes, and prevent abuse (e.g., multiple accounts from one person).
  4. Support and account recovery: If you contact us for help or forget your password, we use your data to verify your identity and assist you.
  5. Platform security: We analyze usage patterns to detect fraud, unauthorized access, and system abuse.
  6. Legal and regulatory obligations: If required by law, we provide data to government agencies, tax authorities, or court orders.
Note: We do not use your gameplay data for marketing profiling, targeted advertising, or sale to third parties. We do not send you unsolicited promotional emails unless you opt in to our newsletter.

Third-Party Data Processors on kikoto

We on kikoto work with partners to run our platform. These third parties process your data on our behalf under strict contracts:

  • Payment processors: online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet. They see your transaction details but not your full identity or gameplay history.
  • Cloud servers: We host our platform on data centers outside your jurisdiction (e.g., in regional cloud infrastructure). Your data may be stored in multiple locations for redundancy.
  • Game providers: Studios like Yggdrasil, Push Gaming, and esports data feeds (for Liga 1, Mobile Legends, Free Fire) provide game content and live data. They do not see your personal identity; they see only aggregate, anonymized gameplay metrics.
  • Support platform: Our help-desk system (in-app chat and ticketing) is hosted by a third-party vendor. Support agents access your account data only to help you.
  • Compliance and fraud detection: We use automated tools to scan for AML red flags and account abuse. These tools process your transaction history but do not share it with external parties.

We on kikoto encrypt all data in transit (TLS) and at rest (AES-256). Third parties access only what they need to serve you.

Data Retention on kikoto

We keep your data for different periods depending on type:

  • KYC documents (ID photos): Retained for seven years for compliance, then securely deleted.
  • Account information (email, phone, password): Kept as long as your account is active. If you close your account, we retain minimal data for 12 months for dispute resolution, then delete.
  • Gameplay data (Result Archive): Accessible to you for 24 months; archived beyond that for compliance and audit.
  • Payment history: Retained for seven years for tax and regulatory purposes.
  • Support tickets: Kept for three years or longer if related to an unresolved dispute.
  • Device and usage logs: Retained for up to 90 days for security analysis, then deleted.

Your Rights on kikoto

You have the right to:

  • Access: Request a copy of all data we hold about you. Log into your kikoto account and use the Data Download feature, or contact support.
  • Correction: If your email, phone, or name is wrong, update it in your Account Settings. If your KYC data is incorrect, contact support with corrected documents.
  • Deletion: Request deletion of your account and associated personal data (except KYC and payment records, which we retain for legal reasons). We process deletion requests within 30 days.
  • Portability: Request your data in a standard, portable format (CSV or JSON). Contact support for this request.
  • Withdraw consent: If you agreed to optional notifications (push alerts, promotional emails), you can disable them in your Account > Settings > Notifications anytime.

Cookies and Tracking on kikoto

We use cookies on our website and within our mobile apps to:

  • Remember your login session (so you stay logged in on return).
  • Prevent fraud by tracking suspicious patterns.
  • Measure traffic and performance (anonymized, for internal optimization only).

We do not use cookies for third-party advertising tracking. Your browser's cookie settings allow you to delete or block cookies anytime. If you disable cookies, some features (like account login) may not work properly.

Cross-Border Data Transfer on kikoto

Our servers may sit outside your jurisdiction. When you use kikoto from Jakarta, Medan, Bandung, or Surabaya, your data may be transferred to and processed in other countries. We implement standard security practices (encryption, access controls) to protect data during transfer. By using kikoto, you consent to this cross-border processing.

Security Measures on kikoto

We employ industry-standard security: TLS encryption for all traffic, AES-256 encryption for stored data, password hashing with salt, and restricted staff access. We do not guarantee absolute security (no system is non-specific info secure), but we invest in protections.

If we detect a data breach affecting your account, we notify you via email within 30 days of discovery. In the unlikely event of unauthorized access to your KYC documents, payment info, or account, we follow our incident-response plan: isolate the breach, notify affected users, and report to relevant authorities if required by law.

Contact Us on Data Privacy

If you have questions about our privacy practices, want to request access to your data, or believe we have mishandled your information, reach out:

  • Open your kikoto account and tap Help > Privacy or Data Rights.
  • Email us with "Privacy Request" in the subject line (email address available in your Account > Contact Us).
  • Use the contact form on our Legal notice page.

We respond to privacy requests within 30 days. If you are unsatisfied with our response, you may lodge a complaint with your local data protection authority.

Data
Encrypted at rest
KYC
7-year retention
Access
Download anytime
Support
Privacy requests

Changes to This Privacy Notice

We may update this privacy policy from time to time. We notify you of material changes via email or in-app notification. Your continued use of kikoto after notification means you accept the updated policy. For the current or archived version, visit this page or contact support.