indo138 Privacy Policy

This page describes what data we collect when you use indo138 and how we keep that data protected. We collect personal information necessary for account verification, payment processing, and compliance with anti-money-laundering regulations. Your email, phone number, identity documents, and payment method details are encrypted and stored on secured servers. We do not sell your information to third parties, and we do not use it for marketing purposes beyond service notifications.

Our data handling follows regional privacy principles. When you create an account on indo138, you agree that we process your personal data for account management, deposit and withdrawal transactions, fraud prevention, and legal compliance. You have the right to request a copy of your data, correct inaccurate information, or request deletion (subject to regulatory retention periods).

Our servers may sit outside your jurisdiction. Data transfers to international locations are encrypted and follow standard security protocols. By using indo138, you consent to cross-border data processing where necessary to operate our platform.

Data We Collect on indo138

We collect the following information when you use indo138:

  • Account information: Email address, phone number, password (hashed), username, security questions and answers.
  • Identity verification: Full name, date of birth, national ID number or passport details, facial recognition scan (if provided), residential address.
  • Payment information: Payment method (bank account, e-wallet account), transaction history, deposit and withdrawal amounts and dates.
  • Activity logs: Login timestamps, games played, bets placed, winnings, account balance history, support tickets.
  • Technical data: IP address, device type, browser, operating system, cookies, session tokens.

Purpose of Data Collection

We collect this data for specific purposes: to create and manage your indo138 account, process deposits via QRIS, e-wallet, mobile banking, local payment, online payment, e-wallet, and bank transfers (mobile banking, local payment, online payment, e-wallet), verify your identity before withdrawal, detect and prevent fraud, comply with anti-money-laundering (AML) and know-your-customer (KYC) regulations, and respond to support inquiries. We do not use your data to send marketing emails or promotional messages unless you opt in. We do not profile your gaming behavior for third-party advertising.

Data security: We use SSL/TLS encryption for all data in transit. Passwords are hashed; payment details are tokenized. Access to your data is restricted to authorized indo138 staff and third-party processors who sign confidentiality agreements.

Third-Party Processors

We use third-party service providers to operate indo138. Payment processors (e.g., mobile banking providers, bank payment gateways) receive transaction data necessary to complete deposits and withdrawals. These processors are certified and comply with PCI DSS (Payment Card Industry Data Security Standard). We do not share your full identity documents with payment processors; only verification status is transmitted.

Our hosting provider stores encrypted account and activity data. Our email provider sends transactional messages (account confirmations, password resets, withdrawal notifications). We have data processing agreements with all third parties; they are prohibited from using your data for their own purposes.

Data Retention and Deletion

We retain account data for as long as your account is active plus seven years after closure (for regulatory compliance). Identity documents are encrypted and stored; you can request deletion of non-critical documents after your account closes, subject to legal holds.

If you request account deletion, we anonymize your personal information and retain only transaction records required by law (typically seven years for AML purposes). You cannot recover deleted accounts; you must create a new account if you wish to return to indo138.

Cookies and Tracking

We use cookies to maintain your session, remember your login, and analyze platform performance. Cookies are small text files stored on your device. Essential cookies are required for indo138 to function; analytical cookies help us understand how users interact with our platform (e.g., which games are popular, which payment methods are used most). You can disable non-essential cookies in your browser settings without losing access to core features.

Your Rights and Our Commitments

Your Rights on indo138

You have the following rights regarding your data:

  • Right to access: Request a copy of all personal data we hold about you.
  • Right to correct: Update inaccurate or incomplete information in your account.
  • Right to delete: Request deletion of non-essential data (subject to legal retention requirements).
  • Right to portability: Request your data in a machine-readable format for transfer to another service.
  • Right to object: Opt out of promotional communications or analytical tracking.

To exercise these rights, submit a request through your account dashboard or contact our support team. We respond within 30 days. If we cannot fulfill your request, we explain why and describe available alternatives.

Data Breach Response

We monitor our systems continuously for unauthorized access or data breaches. If we discover a breach affecting your personal data, we notify you within 72 hours via email. We describe the nature of the breach, the data compromised, and steps we have taken to contain it. We cooperate with law enforcement investigations and provide support for affected users (e.g., password reset assistance, fraud monitoring).

Important: We cooperate with law enforcement, financial regulators, and government agencies. Your data may be disclosed if legally required by court order, subpoena, or regulatory investigation. We do not voluntarily share data with law enforcement without legal process.

Account Verification and Data Transfers

When you withdraw funds from indo138, we verify your identity by cross-checking your account data against your submitted documents. This verification protects against money laundering and fraud. Large withdrawals (particularly during Piala AFF, Piala Indonesia, or Champions League tournaments when account activity spikes) may trigger additional review. We do not charge for verification; processing typically takes one to three business days.

International Data Transfers

Our servers and backup systems may be located outside Indonesia. When we transfer your data internationally, we use encryption and standard contractual safeguards to protect it. By using indo138, you consent to these cross-border transfers. We do not transfer data to countries with weaker privacy protections without additional safeguards.

Contact and Data Requests

If you have privacy concerns or wish to request your data, contact our support team through your account dashboard. Requests are processed during our standard business hours. We handle data subject access requests (DSARs) in compliance with regional privacy laws. Response time is typically 14 to 30 days depending on the complexity and volume of your request.

Summary

We collect personal data necessary for account management, payment processing, and legal compliance on indo138. Your information is encrypted, stored securely, and not shared with third parties for marketing purposes. Third-party processors (payment providers, hosting companies) handle specific functions under strict confidentiality agreements.

You have rights to access, correct, and delete your data. Data breaches trigger mandatory notification within 72 hours. Account verification is required before withdrawal; large transactions may trigger additional review. International data transfers use encryption and standard contractual safeguards. Contact our support team with privacy questions or data requests.

This policy may be updated as our services evolve or regulations change. Updates are posted on this page; continued use of indo138 indicates acceptance of the updated policy.