mahasepinPrivacy Policy
This page describes what we collect when you use mahasepin and how we keep that data protected. We collect personal information only when necessary to verify your identity, process your deposits and withdrawals, and comply with applicable law. We do not sell your data to third parties, and we do not use your gaming history for marketing purposes outside mahasepin.
Our privacy practices reflect our commitment to account security and user trust. When you register on mahasepin, we request your government-issued ID, proof of address, and payment account details. These documents are encrypted and stored securely. We retain them only for the duration of your account; after closure, we delete them within 12 months. Your email address, phone number, and transaction history remain encrypted at rest and are accessible only to our compliance and support teams on a need-to-know basis.
This policy applies to all mahasepin users across Jakarta, Surabaya, Bandung, Medan, Semarang, and other supported jurisdictions. Our services are available only where local law permits. Users are responsible for verifying that their access and use comply with their jurisdiction's applicable law.
What Data We Collect on mahasepin
We collect data in three categories: account registration, transaction processing, and compliance verification. During registration, we collect your email address, phone number, and a password (hashed and never stored in plain text). We do not collect your name, date of birth, or address until you request your first deposit—at that point, we require government-issued ID (KTP, passport, or driver's license) and proof of address (utility bill, bank statement, or rental agreement dated within the last six months).
For transaction processing, we collect deposit and withdrawal details: the payment method you use (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank account), the amount, the timestamp, and the destination account. We do not store your full payment card or bank account number—we store only a tokenized reference that allows us to process future transactions without re-entering details. For withdrawals, we collect your destination account and verify it matches your verified identity before processing.
For compliance, we collect your IP address, device type, and browser information during login. We use this data to detect unusual access patterns (e.g., login from a new country) and to protect your account from unauthorized access. We also log tournament participation, game session timestamps, and leaderboard positions—this data is used internally to audit fairness and detect fraud, and is never shared with third parties.
Data we collect
- Account registration: email, phone, hashed password
- Identity verification: government ID, proof of address
- Transaction data: payment method, amount, timestamp, destination
- Access logs: IP address, device type, browser, login timestamp
- Gaming activity: tournament entries, leaderboard positions, session timestamps
How We Use Your Data on mahasepin
We use your data for five purposes: account verification, transaction processing, fraud prevention, legal compliance, and platform improvement. Account verification ensures that only legitimate users can access mahasepin and that each account is tied to a real person. Transaction processing requires us to confirm your identity and payment method before settling deposits and withdrawals. Fraud prevention uses your access logs and gaming patterns to detect suspicious activity—for example, if your account is accessed from Jakarta one hour and then from Medan the next, we flag this for review.
Legal compliance requires us to maintain records of your identity, deposits, and withdrawals for regulatory audits and tax reporting. We retain these records for seven years after account closure, as required by Indonesian financial regulations. Platform improvement uses aggregated, anonymized data—we analyze tournament participation rates, game popularity, and payment method usage to optimize mahasepin's features. This analysis never includes personal identifiers or individual account data.
We do not use your data for marketing emails, SMS campaigns, or third-party advertising. We do not sell your email address or phone number to data brokers. We do not track your browsing outside mahasepin or build a profile of your interests beyond gaming activity on our platform.
Third-Party Processors & Data Sharing
We share your data with third parties only when necessary for service delivery. Our payment processors (mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and bank partners online payment, e-wallet, mobile banking, local payment) receive your payment method and transaction amount to settle deposits and withdrawals. These processors are bound by their own privacy policies and data protection agreements. We do not control how they use your data beyond the transaction itself.
Our hosting provider stores our servers and databases. Our servers may sit outside Indonesia—specifically, in Southeast Asia or Singapore. This means your encrypted data is stored on servers outside your jurisdiction. We encrypt all data at rest (AES-256) and in transit (TLS 1.2+), so even our hosting provider cannot read your personal information without the encryption key.
We do not share your data with analytics companies, advertising networks, or social media platforms. We do not use Google Analytics or similar third-party trackers that would expose your identity. Our internal analytics are performed on aggregated, anonymized data only.
Your Rights on mahasepin
You have the right to access, correct, and delete your personal data on mahasepin. To request access to your data, contact our support team with your account email. We will provide a copy of all personal information we hold about you within 14 days. To request correction, log into your account and update your email or phone number directly; for identity documents, contact support and we will guide you through re-verification. To request deletion, contact support and we will delete your account and associated data within 30 days, except for records we are required to retain for legal compliance (typically seven years for transaction history).
You have the right to withdraw consent for data processing. If you no longer wish to receive account notifications, you can disable them in your account settings. If you wish to close your account entirely, contact support and we will initiate account closure—your data will be encrypted and archived, then deleted after the legal retention period expires.
You have the right to lodge a complaint with your local data protection authority if you believe we have mishandled your data. Our contact information is provided at the end of this policy.
Cookies & Tracking on mahasepin
We use cookies to maintain your login session and to remember your preferences (language, theme, notification settings). These are session cookies that expire when you close your browser, or persistent cookies that expire after 30 days of inactivity. We do not use tracking cookies that follow you across the internet. We do not use third-party cookies from advertisers or analytics companies.
You can disable cookies in your browser settings, but this may prevent mahasepin from functioning correctly—for example, you may be logged out unexpectedly or your preferences may not be saved. We recommend keeping cookies enabled for the best experience.
How Long We Keep Your Data
We retain your data according to the following schedule: account registration data (email, phone, hashed password) is kept for the duration of your account and deleted within 30 days of closure. Identity documents (ID, proof of address) are encrypted and kept for the duration of your account, then deleted within 12 months of closure. Transaction history (deposits, withdrawals, tournament entries) is kept for seven years after account closure, as required by Indonesian financial regulations. Access logs (IP address, device type, login timestamp) are kept for 90 days and then deleted. Gaming activity (leaderboard positions, session timestamps) is kept for 12 months and then aggregated into anonymous statistics.
Security Practices on mahasepin
We protect your data through encryption, access controls, and regular security audits. All communication between your device and mahasepin is encrypted with TLS 1.2 or higher. Your personal data is encrypted at rest using AES-256. Your password is hashed with bcrypt and salted—we never store your password in plain text, and we cannot recover it if you forget it (you can only reset it). Access to your data is restricted to mahasepin employees on a need-to-know basis—our support team can view your email and phone number to assist you, but they cannot view your password or payment details.
We conduct security audits quarterly and penetration testing annually. We maintain a bug bounty program to encourage security researchers to report vulnerabilities responsibly. If we discover a data breach, we will notify affected users within 72 hours and provide guidance on protecting their accounts.
Contact Us About Your Privacy
If you have questions about this privacy policy or wish to exercise your rights (access, correction, deletion), contact our support team at [email protected] or through your mahasepin account dashboard. We will respond to privacy requests within 14 days. If you believe we have violated your privacy rights, you may lodge a complaint with your local data protection authority or contact us directly for resolution.
This privacy policy is effective as of the date posted on mahasepin. We may update this policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or by posting a notice on mahasepin. Your continued use of mahasepin after such notice constitutes your acceptance of the updated policy.
Access to mahasepin is available only where local law permits. Users are responsible for verifying that their access and use comply with their jurisdiction's applicable law.