ind Privacy Policy

What data we collect on ind

We collect your personal information when you create an account or use our platform. This includes:

• Account information: Legal name, email address, phone number, date of birth, ID number (KTP, SIM, or passport).
• Identity verification: A selfie holding your ID document. We use facial-recognition software to match your face to your ID.
• Residential address: Your current home address, which must match your registered ID or we request clarification.
• Payment information: Your linked e-wallet or bank account details. We do not store full card numbers or full bank account numbers — only reference tokens.
• Transaction history: Every deposit, bet, and withdrawal you make is logged with timestamp and amount.
• Device and connection data: Your device type (Android or iOS), IP address, and connection method (4G, Wi-Fi). We use this to detect unauthorized access and prevent fraud.
• Cookies and session tokens: When you log in, we issue a session token that keeps you authenticated. This token expires after 30 days of inactivity.

We do not collect your password. We hash it with a one-way encryption algorithm, so even our administrators cannot see it. If you forget your password, you must reset it via SMS verification.

How we use your data on ind

We use your data for the following purposes:

• Account creation and login: Your email and phone number authenticate your account. Your password is hashed and never visible to us.
• Identity verification (KYC): We verify your legal name, ID, and address to comply with anti-money-laundering (AML) regulations. This is mandatory before you can withdraw funds.
• Deposit confirmation: We confirm that DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer deposits match your registered account. This prevents unauthorized deposits.
• Withdrawal processing: We verify your withdrawal request, check your transaction history for suspicious patterns, and process the funds to your linked payment method. Review windows vary by method and time of day.
• Fraud detection: We analyze your IP address, device, and transaction patterns. If we detect unusual activity (e.g., multiple login attempts from different countries, abnormally large withdrawals), we flag the account and may require re-verification.
• Regulatory compliance: We retain transaction records for at least seven years to comply with Indonesian financial-reporting requirements.

We use your data to keep your account secure, to verify your identity, and to comply with law. We do not use it for marketing or profiling.

Third-party processors and data sharing

We share your data with third parties only when necessary:

• Payment processors: When you deposit via mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, or bank transfer, those providers receive your payment details. We do not share additional personal data with them.
• Identity verification providers: We use third-party facial-recognition software to match your selfie to your ID. This provider receives your selfie and ID photo but nothing else.
• Hosting providers: Our servers are hosted by international cloud providers. Your data is encrypted at rest and in transit, so the hosting provider cannot read it.
• Legal and regulatory authorities: If required by law, we disclose your data to Indonesian government agencies, courts, or law enforcement. We will notify you of such requests unless legally prohibited.

We do not sell your data to marketing companies, data brokers, or advertisers. We do not share your data with unrelated third parties for any purpose.

Your rights regarding your data on ind

You have the right to access, correct, and delete your personal data, subject to legal requirements:

• Access: You can view your account information (name, email, phone, ID) and your complete transaction history anytime in Account > Settings and Account > Transactions on mobile or desktop.
• Correction: If your name, email, or address is incorrect, contact our support team with proof of the correct information. We will update your account and may require re-verification.
• Deletion: If you close your account, we delete your account information after 12 months (to allow for dispute resolution or regulatory inquiries). Your transaction history is retained for at least seven years for regulatory compliance.
• Opt-out of push notifications: In Account > Settings, disable push notifications. You will no longer receive alerts about match starts, withdrawal approvals, or promotional messages (if applicable).

To exercise these rights, contact our support team via email or in-app chat. We respond within 5 business days. If you are in Jakarta, Surabaya, Bandung, or Medan, you can contact our regional support center directly.

Cookies and session management

We use cookies and session tokens to keep you logged in and to improve your experience:

• Session token: When you log in, we issue a token that keeps you authenticated for up to 30 days of inactivity. If you log out or your session expires, you must log in again.
• Analytics cookies: We use cookies to track which games you play, how long you play, and which sportsbook markets you visit. This helps us improve our platform but does not identify you personally.
• Security cookies: We use cookies to prevent unauthorized access and to detect fraudulent login attempts.

On iOS Safari, your browser may block third-party cookies by default. Our platform works without third-party cookies. On Android, our app does not use third-party cookies. You can clear cookies in your browser settings anytime, but this will log you out of ind.

Data retention and account closure

We retain your account data as follows:

• Active account: Your data is retained as long as your account is active.
• Account closure: If you close your account, we delete your personal information (name, email, phone, ID) after 12 months. We retain transaction records for at least seven years for regulatory compliance.
• Dormant account: If your account is inactive for 24 months, we may close it and delete your personal information after 12 additional months.

During the 12-month retention period after account closure, you can dispute a withdrawal, report fraud, or request account reactivation. After 12 months, your personal information is permanently deleted, but your transaction records remain in our regulatory archive.

International data transfers

Our servers and backup systems may be located outside Indonesia. Your data may be transferred to and stored in multiple jurisdictions. We encrypt all data in transit using TLS (Transport Layer Security) and at rest using AES-256 encryption, so your data remains protected regardless of where it is stored.

By using ind, you consent to international data transfer. If you do not consent, you cannot use our platform. Our services are available only where local law permits — users are responsible for verifying compliance with their own jurisdiction's data-protection laws.

Security practices on ind

We implement the following security practices:

• Encryption: All sensitive data is encrypted with AES-256. Your password is hashed, not encrypted (one-way function).
• Access control: Only authorized staff can access your personal data. Staff access is logged and audited.
• Two-factor authentication (2FA): Optional 2FA via SMS adds a second layer of security. Enable it in Account > Security Settings.
• Fraud detection: We monitor for unusual activity and flag suspicious accounts for review.
• Regular audits: We conduct annual security audits and penetration tests to identify vulnerabilities.

Contact and requests

If you have questions about this privacy policy or want to exercise your rights, contact our support team:

• In-app chat: Available on mobile and desktop during business hours.
• Email: Our support team responds within 5 business days.
• Regional offices: We have support centers in Jakarta, Surabaya, Bandung, and Medan for in-person inquiries.

This privacy policy was last updated on the date shown in our legal notice. We may update this policy as our practices change or as required by law. We will notify you of material changes via email or in-app notification.

Summary of ind privacy commitments

We at ind commit to protecting your data. We collect only what is necessary for account management, identity verification, fraud prevention, and regulatory compliance. We do not sell your data. We do not use it for marketing or profiling. We encrypt sensitive information and limit access to authorized staff. We comply with Indonesian data-protection standards and international encryption practices.

You have the right to access, correct, and delete your personal data (subject to legal retention requirements). You can opt out of push notifications and review your complete transaction history anytime in your Account section. If you suspect unauthorized access, contact our support team immediately — we can force-logout all sessions and secure your account.

Our services are available only where local law permits. Users are responsible for verifying that their use of ind complies with their own jurisdiction's laws. For questions about this policy or to exercise your rights, contact our support team via in-app chat, email, or our regional offices in Jakarta, Surabaya, Bandung, and Medan.