Privacy Policy

1. Who we are

TotoID ("we", "our", "us") operates the TotoID web portal and mobile applications. Our registered address is in Bangladesh. Contact: [email protected].

2. What data we collect

• Account data: email address, name, phone number (optional) when you register.
• Lookup history: phone numbers you search and the timestamp of each search.
• Payment data: subscription status and transaction reference. We do not store full card or MFS credentials.
• Device data: device type and push-notification token if you use our mobile app.
• Log data: IP address, browser type, pages visited, and error logs.

3. How we use your data

• To provide the caller-ID lookup service.
• To enforce daily lookup quotas on free accounts.
• To process subscription payments.
• To send transactional emails (account, billing, support replies).
• To improve accuracy and performance of the service.

4. Third-party providers

To resolve names we query third-party services including bKash, Nagad, and Truecaller APIs. These providers have their own privacy policies. We do not share your account information with them — we only send the phone number being looked up.

5. Data retention

Cached phone records are retained for 7 days before refresh. Account data is retained for the lifetime of your account and up to 30 days after deletion. Lookup logs are retained for 90 days.

6. Your rights

You may request access to, correction of, or deletion of your personal data at any time by emailing [email protected]. We will respond within 14 days.

7. Security

We use HTTPS, hashed passwords, and restricted database access. No system is perfectly secure; we will notify you promptly in the event of a breach affecting your data.

8. Changes to this policy

We may update this policy. Material changes will be notified via email or a prominent notice on the portal at least 7 days before they take effect.