TotoKiasu

ASEAN's smartest lottery ticket scanner

Privacy Policy

Last updated: 7 May 2026  ·  Effective: 7 May 2026

TotoKiasu ("we", "our", or "us") is committed to protecting your personal data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA). This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your rights as a user.

By downloading or using the TotoKiasu mobile app, you consent to the practices described in this policy.

1. Who We Are

2. What Data We Collect

Account information — collected when you sign in:

Ticket data — created when you scan a ticket:

App preferences and usage data:

Device data:

What we do NOT collect:

3. Device Permissions

PermissionWhy we need itWhen prompted
CameraTo photograph your lottery ticket for scanningFirst time you tap Scan
Photo library / mediaTo save scanned ticket images to your device galleryFirst time you save an image
Push notificationsTo notify you of draw results, jackpot alerts, and claim remindersOn first sign-in

You can revoke any permission at any time in your device Settings. Revoking camera access will prevent ticket scanning. Revoking notification access will stop all push notifications.

4. How We Use Your Data

We do not use your data for advertising, profiling, or sale to third parties.

5. Third-Party Services

To operate TotoKiasu, we share limited personal data with the following categories of trusted service providers. Each is bound by contractual data protection obligations and their own privacy policies.

We do not use advertising networks, analytics platforms, attribution services, or any tracking SDKs. No personal data is sold or shared for marketing purposes.

6. International Data Transfers

Our primary Firebase infrastructure is hosted in the asia-southeast1 (Singapore) region. Some third-party services (RevenueCat, Expo) operate servers in the United States. By using TotoKiasu, you consent to your data being transferred to and processed in these countries.

All service providers are contractually bound to protect your data and comply with applicable privacy laws.

7. Data Retention

8. Your Rights Under PDPA

Under the Singapore Personal Data Protection Act 2012, you have the right to:

To exercise any of these rights, email us at support@totokiasu.sg. We will respond within 10 business days.

You may also lodge a complaint with the Personal Data Protection Commission (PDPC) if you believe your data has been handled unlawfully.

9. Security

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security against all threats.

10. Children's Privacy

TotoKiasu is intended for users aged 18 and over. Lottery participation is restricted to adults under Singapore law. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact us at support@totokiasu.sg and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above and notify you via the app or email for significant changes. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact Us