nmaxtoto Casino & Sportsbook Data Care
This page describes what we collect when you use nmaxtoto and how we keep that data protected. We collect personal information only to verify your identity, process your deposits and withdrawals, and comply with anti-money-laundering regulations. We do not sell your data to third parties, and we encrypt all sensitive information in transit and at rest.
Our privacy commitments apply to all nmaxtoto members across all categories: sports betting, live-dealer games, slots, and esports. Whether you access nmaxtoto from Jakarta, Surabaya, Bandung, Medan, or elsewhere, the same data protection standards apply.
Below, we explain what data we collect, how we use it, who may access it, and what rights you have over your information.
What data we collect on nmaxtoto
We collect personal information when you register, verify your identity, deposit, withdraw, or contact our support team. The data we collect includes:
- Account information: Your full name, email address, mobile phone number, date of birth, and username.
- Identity verification: A photo of your national ID (KTP, SIM, or passport) and a selfie of you holding that ID. We use this to verify your identity and comply with AML regulations.
- Payment information: Your payment method (e-wallet or bank account), transaction history, and deposit/withdrawal amounts. We do not store full payment card details; we store only the last four digits and the payment method type.
- Account activity: Your login history, bets placed, games played, account balance, and session duration.
- Communication: Any messages you send to our support team, including email, chat, or phone calls.
- Device and browser information: Your IP address, device type, operating system, and browser type. We use this to detect fraud and ensure account security.
We collect this data only when you provide it directly or when it is generated automatically as you use nmaxtoto. We do not collect data from third-party sources unless required by law.
Key takeaways
- We collect personal information only to verify your identity and process transactions
- We do not store full payment card details; only the last four digits
- We encrypt all sensitive data in transit and at rest
- We do not sell your data to third parties
- We retain your data only as long as necessary to provide our service and comply with law
How we use your data and your rights on nmaxtoto
How we use your data: We use the information we collect to verify your identity, process your deposits and withdrawals, settle your bets, detect fraud, and comply with anti-money-laundering and tax regulations. We also use your data to send you account notifications (e.g., login alerts, withdrawal confirmations) and to respond to your support requests. We do not use your data for marketing purposes unless you have explicitly opted in.
Third-party processors: We may share your data with third-party service providers who help us operate nmaxtoto. These include payment processors (for DANA, e-wallet, mobile banking, local payment, and bank virtual accounts), identity verification vendors, and cloud hosting providers. All third-party processors are bound by confidentiality agreements and are prohibited from using your data for any purpose other than providing services to nmaxtoto.
Data location: Our servers may sit outside your jurisdiction. By using nmaxtoto, you consent to the transfer of your data to countries outside Indonesia. We maintain the same level of data protection regardless of server location.
Your rights: You have the right to access, correct, or delete your personal data. You can update your account information in Account → Settings. If you wish to request a copy of all data we hold about you, or to request deletion of your account and associated data, contact our support team. We will respond to data access requests within 10 business days. Data deletion requests will be processed within 30 days, subject to legal retention requirements.
Cookies and tracking: We use cookies to remember your login session and to track your activity on nmaxtoto for security and analytics purposes. Cookies are small text files stored on your device. You can disable cookies in your browser settings, but this may affect your ability to use nmaxtoto. We do not use cookies to track you across other websites.
Data retention and security
We retain your personal data only as long as necessary to provide our service and comply with legal obligations. Account data is retained for at least five years after account closure for AML and tax compliance. We use industry-standard encryption (TLS 1.2 or higher) to protect data in transit. All passwords are hashed with bcrypt or equivalent. We conduct regular security audits and penetration testing to identify and fix vulnerabilities.
Data breach notification: If we discover a data breach that may affect your personal information, we will notify you by email within 72 hours of discovery. We will also notify relevant regulatory authorities as required by law. Our notification will include details of the breach, the data affected, and steps you should take to protect yourself.
Changes to this policy: We may update this privacy policy at any time. Changes take effect immediately upon publication. We will notify you of material changes by email or by posting a notice on nmaxtoto. Your continued use of nmaxtoto after a change constitutes acceptance of the updated policy.
Contact us: If you have questions about this privacy policy or how we handle your data, contact our support team via the Help section in your account. We are available 24/7 in English and Indonesian. You can also submit a data access or deletion request through the same channel. We will respond to all inquiries within 10 business days.
Jurisdiction and compliance: This privacy policy is governed by the laws of the jurisdiction in which nmaxtoto operates. We comply with applicable data protection regulations, including anti-money-laundering and know-your-customer (KYC) requirements. If you have a complaint about how we handle your data, you may lodge a complaint with the relevant data protection authority in your jurisdiction.