tajabandotPrivacy Policy
This page describes what we collect when you use tajabandot and how we keep that data protected. We collect personal information only to verify your identity, process your deposits and withdrawals, and deliver our service. We do not sell your data to third parties, and we encrypt all sensitive information using industry-standard protocols.
Our servers may sit outside your jurisdiction, but we comply with Indonesian data-protection principles. Your account data is retained for seven years after closure (as required by law), but we do not use or access that data once you deactivate your account. This policy explains what information we hold, who has access to it, and what rights you have.
If you have questions about how we handle your data, contact our support team via the live chat or email address listed at the end of this policy.
What data we collect on tajabandot
We collect your email address, phone number, and password when you register. During identity verification, we collect your full name, date of birth, and ID number (KTP, passport, or driving licence). We store these details in encrypted form on our servers.
We also collect payment information — the payment method you choose (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank account), transaction history, and the amounts you deposit and withdraw. We do not store your bank account number or payment-app credentials; instead, we use secure tokenisation so that only a reference code is saved. This means we cannot access your banking details even if our servers are compromised.
We collect gameplay data: which games you play, your bet sizes, your session length, and your wins and losses. This data helps us understand user preferences and detect unusual activity that may indicate fraud or account compromise. We also collect your IP address and device type to identify location and prevent duplicate accounts.
How we use your data on tajabandot
We use your personal information to verify your identity, comply with anti-money-laundering (AML) laws, and process your deposits and withdrawals. Your email and phone are used to send account notifications (login alerts, withdrawal confirmations, password resets). Your payment data is used to route your funds to the correct bank or e-wallet and to reconcile deposits with your account balance.
We use your gameplay data internally to detect fraud (unusual bet patterns, rapid cashouts after large wins) and to improve our platform. We do not use this data for marketing or to profile you for targeted advertising. We do not share your gameplay data with game providers or third-party analytics firms unless required by law.
We may contact you if we detect suspicious activity on your account — for example, a login from a new location or an unusually large withdrawal. These contacts are sent via email or SMS to the address and phone number on your account. If you do not recognise the activity, you can reset your password immediately via the account menu.
Third-party processors and data sharing
We share your payment data with payment processors (e.g., the mobile banking or local payment payment gateway) to route deposits and withdrawals. These processors are bound by confidentiality agreements and use your data only to process your transaction. We do not control how these third parties use your data after the transaction completes — you should review their privacy policies separately.
We may share your identity data with our own anti-fraud and compliance team, who review large withdrawals and unusual activity. We may also be required by law to share your data with Indonesian financial regulators (Bank Indonesia, OJK) if requested. We do not share your data with game providers, marketing agencies, or data brokers.
- Data retention
- We retain your account data for seven years after account closure (required by Indonesian financial regulations). After this period, we securely delete your personal information.
- Encryption
- All sensitive data (passwords, bank details, identity info) is encrypted using TLS 1.3 and stored in encrypted form. Payment data is tokenised — we do not store readable account numbers.
- Access control
- Only tajabandot staff with a legitimate need (compliance, fraud prevention, customer support) can access your data. All access is logged and audited quarterly.
Your rights regarding tajabandot data
You have the right to access your personal data held by tajabandot. You can request a copy of your account information, gameplay history, and payment records by emailing our support team. We will provide this information within fourteen days.
You can request that we correct any inaccurate information — for example, if your name or date of birth is recorded incorrectly. You can also request that we delete your data after account closure (though we are required by law to retain it for seven years). Deletion requests are honoured after the seven-year retention period expires.
You have the right to object to the processing of your data for marketing or profiling purposes. Since we do not use your data for marketing, this right is rarely relevant; however, if you wish to limit how we use your data, contact our support team to discuss your options.
Security practices on tajabandot
We encrypt all data in transit using TLS 1.3 and at rest using AES-256 encryption. Your password is hashed using salted SHA-256; we do not store your password in readable form. We conduct monthly security audits and penetration testing to identify and fix vulnerabilities.
We require two-factor authentication (2FA) as an optional feature on your account. Enabling 2FA means a second verification code (sent via SMS or authenticator app) is required at login, preventing unauthorised access even if your password is compromised.
Our data centres are located in secure facilities with restricted physical access. Only authorised personnel can access our servers, and all access is logged. Backup copies of your data are stored in geographically separate locations to protect against data loss from natural disasters or hardware failures.
Jurisdiction and legal basis
tajabandot operates in Indonesia and complies with Indonesian data-protection principles. Our legal basis for processing your data is the performance of our service agreement with you (account registration, deposit, withdrawal) and compliance with anti-money-laundering and know-your-customer (KYC) regulations.
Our servers may be located outside Indonesia, but we apply Indonesian data-protection standards to all user data. If you are located in a jurisdiction with stricter data-protection laws (such as the European Union), your data receives equivalent protection under our policy.
Policy updates and contact information
We may update this privacy policy to reflect changes in our practices or legal requirements. If we make material changes, we will notify you via email at least thirty days before the change takes effect. Your continued use of tajabandot after such notification constitutes acceptance of the updated policy.
If you have questions about this privacy policy, your data, or how we handle your information, contact our support team. We are available via live chat (24/7) and email (response within four hours). Our support team can help you request your data, correct inaccuracies, or discuss your privacy concerns.
This policy was last updated in 2026. We review it annually and make changes as needed to reflect our current practices and legal obligations.