madetoPrivacy Policy

This page describes what we collect when you use madeto and how we keep that data protected. We collect personal information only when you create an account, deposit funds, or request support. Our privacy practices apply whether you access madeto via our Android app, iOS browser, or desktop site. We encrypt all data in transit and at rest, and we never sell your information to third parties.

Our servers may sit outside your jurisdiction, but your data is subject to the same encryption and access controls regardless of location. We comply with standard data protection practices and respond to data-access requests from users. If you have questions about how we handle your information, this policy explains our approach in detail.

Last updated: This policy reflects our current practices and is subject to change. We will notify you of material changes via email or through a notice on madeto.

What Data We Collect on madeto

Account Registration Data

When you create a madeto account, we collect your email address, phone number, and basic identity information (name, date of birth, nationality). We use this data to verify your identity, communicate with you about your account, and comply with regulatory requirements. We do not share this information with third parties except where required by law or to process your requests (for example, payment processors need your name to settle deposits).

KYC and Verification Documents

Before your first withdrawal, we require KYC (Know Your Customer) verification. You upload a government-issued ID (passport, national ID, or driver's licence) and proof of address (utility bill, bank statement, or official letter). We store these documents encrypted and separately from your account profile. Our verification team reviews them to confirm your identity and prevent fraud. Once verification is complete, we retain your documents for compliance purposes (typically 5–7 years) but do not use them for any other purpose. You can request deletion of your documents after the legal retention period expires by contacting our support team.

Payment and Transaction Data

When you deposit via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or direct bank transfer (mobile banking, local payment, online payment, e-wallet), we record the transaction amount, timestamp, and payment method. We do not store your full payment card details or bank account numbers—payment processors handle that data using tokenisation. We retain transaction records for accounting and compliance purposes. Your transaction history is visible in your madeto Account Settings under Statements; you can download records for your own records.

Betting and Gaming Activity

We log your bets, game plays, and account balance changes. This data helps us detect fraud, resolve disputes, and comply with regulatory audits. We do not use this data for marketing or profiling. Your betting history is private and visible only to you and our compliance team. We do not share your gaming activity with third parties.

Device and Usage Data

When you use the madeto app or browser, we collect your device type (Android, iOS, desktop), app version, IP address, and general usage patterns (which games you access, how long you stay logged in). We use this data to improve app performance, diagnose technical issues, and prevent abuse. We do not use this data to track your location or build a profile of your behaviour outside madeto. If you disable location services on your phone, madeto will not access your location.

Support and Communication Data

When you contact madeto support via email or live chat, we store your messages and our responses. We use this data to resolve your issue and to improve our support process. We retain support tickets for one year after closure. If you request account closure, we delete your support history unless we need to retain it for legal or compliance reasons.

Our Data Protection Practices on madeto

Encryption and Security

We encrypt all data in transit using TLS 1.2 or higher. Your login credentials, payment information, and personal data are encrypted end-to-end between your device and our servers. We do not store passwords in plain text—we hash them using industry-standard algorithms. Our servers are protected by firewalls, intrusion detection, and regular security audits. We do not guarantee absolute security, but we maintain standard security practices consistent with online gaming and financial services platforms.

Third-Party Processors

We work with third-party processors for payments, hosting, and analytics. These processors have access only to the data necessary to perform their function. For example, payment processors see your transaction amount and payment method but not your full account history. We require all processors to maintain confidentiality and security standards equivalent to our own. We do not sell your data to advertisers or data brokers.

Data Retention and Deletion

We retain your account data for as long as your account is active. If you request account closure, we delete your personal information (email, phone, identity documents) within 30 days, except where we are required by law to retain it. We retain transaction records for compliance purposes (typically 5–7 years). You can request a data export of all information we hold about you by contacting our support team; we will provide it within 30 days in a standard format.

Your Rights on madeto

You have the right to access, correct, or delete your personal data. You can update your email, phone number, and account settings directly in your madeto Account Settings. If you want to correct information we hold (such as your name or date of birth), contact our support team. You have the right to request deletion of your account and associated data, subject to legal retention requirements. You have the right to opt out of marketing emails—we include an unsubscribe link in every email we send.

1. We collect only necessary data

   We ask for your email, phone, and identity information only to verify your account and comply with regulations.

2. We encrypt all data in transit and at rest

   Your information is protected with TLS 1.2 encryption and stored on secure servers.

3. We do not sell your data

   We never share your personal information with advertisers or data brokers.

4. You can request access, correction, or deletion

   Contact our support team to exercise your data rights.

Jurisdiction and Legal Compliance

Our servers may be located outside Indonesia, but we comply with standard data protection practices. We respond to legal requests from law enforcement or regulatory authorities. We do not disclose user information to third parties except where required by law or to process your requests. If you are located in Jakarta, Surabaya, Bandung, Medan, or elsewhere in Indonesia, your data is subject to the same protection regardless of server location.

Contact Us About Privacy

If you have questions about our privacy practices, want to request a data export, or want to report a data breach, contact our support team via email or live chat. We respond to privacy requests within 30 days. If you believe we have mishandled your data, you have the right to lodge a complaint with your local data protection authority.

madeto's services are available only where local law permits. Your use of madeto constitutes acceptance of this privacy policy. We may update this policy from time to time; material changes will be communicated via email or a notice on madeto. Your continued use of madeto after such changes constitutes acceptance of the updated policy.

Related guides