LEGAL REFERENCE

How We Handle Your Account Data

This is the banditobet privacy policy — the page that tells you what we collect when you open an account, why we keep it, and how long it...

Data scopeRetention windowsIndonesia focusPlain EnglishAccount-holder rights

Browse the Lobby Read FAQ

Privacy Posture and Jurisdiction Notes

We process your registration details, session logs and payment references only for the purposes set out in this policy: opening your banditobet account, settling deposits and withdrawals through DANA, OVO, GoPay or QRIS where local law permits, and meeting record-keeping duties for supported regions. We don't sell your data to third parties for marketing. Where we share information with payment partners or

fraud-screening services, the sharing is scoped to the transaction. You can ask us to export or delete your account data, subject to retention periods that apply in your jurisdiction. Cross-border storage is encrypted and access-logged.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

SUPPORT

Privacy Contact Paths

PLATFORM TRUST SIGNALS

Editorial Trust Signals for This Policy

Versioned text

Every change to this privacy policy is dated at the foot of the page so you can see when wording shifted and which clause was updated for Indonesia account holders.

Named reviewer

A human privacy reviewer signs off each revision before it goes live. We don't publish silent edits to the banditobet policy that affect how your data is used.

Scoped sharing

We list which partner categories see which fields. Payment processors see transaction references; fraud screens see device signals; marketing teams don't get raw account identifiers.

Retention map

The policy spells out how long each data category lives on our systems, from session cookies to KYC documents, with the legal basis for keeping it.

Encryption baseline

Account credentials, payment tokens and identity documents are encrypted at rest. Transit uses current TLS. We rotate keys on a schedule documented in our internal controls.

Rights workflow

Access, correction and deletion requests follow a documented workflow with audit trails, so the answer you get matches the answer the next account holder gets.

Consistency With Our Other Policy Pages

Terms of Service

Our terms reference the same data categories named here. If a clause there mentions account verification, this privacy policy explains exactly what's collected during that step.

Cookie Notice

Cookie behaviour is summarised here and detailed in the cookie notice. Both pages use identical category names so you can match them line for line.

KYC Policy

Identity checks described in the KYC page feed retention windows listed in this policy. The two documents are written together to avoid contradictions.

Payments Page

DANA, OVO, GoPay and QRIS handling on the payments page links back here for the data side. Transaction metadata storage is defined once, in this policy.

Account Closure

Closure mechanics live on the account help page; data deletion timelines after closure live here. Both pages cite the same number of days.

Marketing Preferences

Opt-in and opt-out states are described in marketing settings; the lawful basis for each channel is recorded in this privacy policy.

Complaints Path

If you disagree with a privacy decision, the complaints page mirrors the escalation steps named here, including the external contact for supported regions.

What This Policy Page Shows You

Section anchors

A sticky table of contents sits on the left so you can jump to retention, sharing or rights without scrolling the full banditobet privacy policy from the start each time.

Last-updated stamp

The revision date sits near the title. If we change wording, the stamp moves and a short note tells you which paragraph was rewritten for Indonesia account holders.

Plain-English summaries

Each clause opens with a one-line summary in plain English before the formal text, so you can scan the policy in a minute and read deeper only where it matters.

Inline definitions

Terms like processor, controller and retention period are defined inline the first time they appear, instead of being buried in a glossary at the bottom.

Request shortcuts

Buttons inside the policy take you to the export, correction and deletion forms without forcing you to dig through account settings to find the right page.

Version history

A short version log at the foot lists prior revisions of this banditobet privacy policy so you can compare what the wording said when you opened your account.

Privacy Policy Questions

We collect the identifiers you submit at sign-up — name, contact details, date of birth — plus the device and session signals needed to keep your account secure. The full list sits in the data scope section above.

Retention varies by category. KYC documents follow the period set by Indonesia rules for supported regions; marketing preferences last until you change them; session logs roll off on a shorter cycle described in the retention map.

Yes, but only the transaction reference and amount needed to settle a DANA, OVO, GoPay or QRIS movement. Partners don't receive your full profile, and the sharing is logged inside our internal access trail.

You can. Use the in-account privacy form or email the privacy inbox listed in the support section. We package your data in a readable format and confirm delivery within the response window stated in the policy.

Submit a deletion request through the account closure flow. We remove data that isn't subject to mandatory retention, and we tell you which categories must legally stay with us and for how long.

It will, when rules or our systems change. The last-updated stamp moves, the version history records what shifted, and account holders affected by a material change receive a notice before the new wording takes effect.

A named privacy reviewer handles escalations. If you're not satisfied with the answer, the complaints page points to the external contact available for supported regions, so you have a path beyond our internal team.