Rujukan Laman

totonito Privacy Policy for Your Account

This privacy policy explains what we collect when you open an account, how we use it, who may see it, and how long we keep it.

Account dataCookie signalsMalaysia lawSupport route

Browse lobby Read FAQ

What This Policy Covers

totonito Service availability depends on jurisdiction. It is the user's responsibility to check local law before access.

This policy applies to account creation, sign-in, deposits, withdrawals, messages, and site visits on totonito.net. We collect only what we need to run the account, process supported payments, answer privacy requests, and meet legal duties, including contact details, login timestamps, device and browser signals, cookie data,

1
transaction references, and the messages you send us. Where local law permits, we may pass limited records to payment processors, anti-fraud tools, hosting services, and support systems that help us complete those tasks. If your request asks for access, correction, or deletion, we will check the
2
account details on file first and answer through a verified channel. Some requests can be narrowed or refused when the law requires us to keep certain records or when another person's rights would be affected. When a provider stores data outside Malaysia, we keep the same
3
purpose limits and access controls described here.

Service availability depends on jurisdiction. It is the user's responsibility to check local law before access.

REQUEST ROUTES

How to Send a Privacy Request

If you want to ask about your records, start with the same contact route you use for account help and mark the message as a privacy request.

Email the privacy desk Send a message from the email on your account if you want a copy of stored data, a correction, or a question about a payment record or login record.

Use live chat Open chat, choose the privacy route, and we will point you to the right team. We may ask for checks so we can match the request to the account safely.

Submit a form request Use the contact form when you want a dated record of your request. Include your account email, the change you want, and any file that helps us verify the matter.

RECORD CARE

How We Handle Records

We built our privacy handling around the account flow, so the records we keep match the purpose of each step.

Data minimisation

We collect only the account, device, and payment details needed for the action you asked for. Anything outside that purpose is not part of the standard flow, and we avoid extra fields without a reason.

Cookie control

Browser cookies remember language, session state, and login steps. They also help us detect repeated failed logins or unusual device changes. If you clear them, some pages may ask you to sign in again.

Session checks

When you sign in, we log time, device pattern, and security events so we can spot account misuse. These records are used for access checks and support only, not for unrelated profiling.

Payment records

Touch 'n Go, GrabPay, Boost dan FPX references stay with the account to reconcile deposits, withdrawals, dispute handling, and charge reversals. We retain only the transaction trail needed for that task and any legal duty.

Retention windows

We keep active account data while your account is open, then retain only the records needed for legal, tax, audit, or dispute purposes. When those reasons end, we remove or de-identify the rest where possible.

Change requests

If you want a copy, correction, or deletion where allowed, send the request through a verified channel. We will confirm what we can do, what must stay, and the steps needed to finish it.

Privacy Policy Questions for Malaysia

These are the privacy questions we hear most when you open an account or send a request. The short version is simple: we use data for the account you asked for, we keep payment and login records only as long as we need them, and we answer requests through verified contact routes. If the law in your location limits a request, we will say so and handle it within what local law permits.

We collect the details needed to create and verify the account, such as your contact route, login events, and device signals. If you choose Touch 'n Go, GrabPay, Boost dan FPX, the payment trail is linked to the same record.

Yes. Cookies help us keep you signed in, remember basic settings, and spot unusual session changes. If you clear them, some pages may ask you to sign in again, and we may lose saved preferences.

We keep payment records to match deposits, withdrawals, charge reversals, and dispute checks. Those records are used only for the transaction purpose, fraud checks, and legal duties that apply to the account.

Yes, when the request is allowed it depends on local law and is available where local law permits. We will verify the account first, then send the copy through a secure route.

If a record must stay for legal, tax, audit, or dispute reasons, we may keep that part even if you ask for removal. We will explain what can change and what must stay when we reply.

Use the email, chat, or form listed on the page and mark it as a privacy request. Send it from the contact detail on your account so we can match it quickly and reply through a verified route.

totonito Privacy Policy for Your Account

How to Send a Privacy Request

How We Handle Records

Data minimisation

Cookie control

Session checks

Payment records

Retention windows

Change requests

Privacy Policy Questions for Malaysia

01 What data do you collect when I open an account?

02 Do you use cookies on my browser?

03 Why do you keep payment records?

04 Can I ask for a copy of my data?

05 What happens if a record must stay?

06 How do I contact you about privacy?

Related Pages