bandito Privacy Policy

This page describes what we collect when you use bandito and how we keep that data protected. We gather personal information—your email, payment details, identity documents, and gameplay history—to operate our platform, process your deposits and withdrawals through DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet, and comply with local verification requirements.

We take data security seriously. We use encryption protocols to protect your financial information and maintain audit trails of account activity. We do not sell your personal data to third parties. We may share limited information with payment processors and compliance partners necessary to operate bandito and meet legal obligations. This policy explains our data practices in detail.

Our services are available only where local law permits. We comply with applicable data-protection regulations in the jurisdictions where we operate. If you have questions about how we handle your data, our support team can provide clarity.

What We Collect on bandito

We collect several categories of information when you open and use a bandito account:

• Account information: Your email address, password (hashed, not stored in plain text), and phone number.
• Identity documents: A clear photo of your ID (KTP, passport, or SIM), proof of address (utility bill or recent bank statement), and sometimes video confirmation for account verification.
• Payment information: Your payment method (DANA wallet number, e-wallet account, mobile banking profile, local payment details, online payment identifier, or bank account number). We do not store full banking credentials—payment redirects occur through your bank or wallet provider's secure layer.
• Gameplay data: Records of your spins, bets, wins, and losses across all games and markets on bandito (Liga 1 matches, live-dealer tables, slots, esports). We retain this data to calculate your balance and provide account history.
• Technical information: Your IP address, device type, browser, and access timestamps. We use this to detect fraud and maintain platform security.

We do not collect data unrelated to operating bandito. We do not track your browsing outside our platform or sell data to marketing firms.

How We Use Your Data on bandito

We use the information we collect for specific operational and legal purposes:

• Account operation: We calculate your balance, process deposits and withdrawals, and maintain your gameplay history.
• Verification and compliance: We verify your identity through your ID and address documents to comply with Know Your Customer (KYC) requirements. We do not process KYC submissions on weekends or during major holidays like Idul Adha or Imlek.
• Payment processing: We transmit your payment details securely to e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, and mobile banking to complete deposits and withdrawals.
• Fraud prevention: We analyze your IP address, device fingerprint, and account patterns to detect and prevent fraudulent activity.
• Legal obligation: We may disclose your data if required by law, court order, or regulatory authority in jurisdictions where bandito operates.
• Support: We use your email and phone number to respond to support inquiries and account-recovery requests.

Third-Party Data Processors

We work with external partners to operate bandito. These partners have limited access to your data and only for purposes we specify:

• Payment processors: local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and online payment receive your payment method details to process transactions. They operate under their own privacy policies.
• Identity verification services: Third-party verification providers may process your ID photo and address documents to confirm your identity. They delete these documents after verification completes.
• Compliance and anti-fraud services: External partners help us detect fraud and comply with legal obligations. They receive limited transactional data, not your full personal profile.
• Cloud hosting: Our servers may sit outside your jurisdiction (for example, in Singapore or Malaysia). Your data is encrypted both in transit and at rest.

We do not sell your data to advertising networks, data brokers, or marketing firms. All third-party processors sign confidentiality agreements prohibiting them from using your data for their own purposes.

Your Rights on bandito

We recognize your data rights. Depending on your jurisdiction, you may have the right to:

• Access your data: You can request a copy of all personal information we hold about you. We provide this in a machine-readable format where possible.
• Correct inaccuracies: If your account information is wrong, you can request corrections via our support team.
• Delete your account: You can request account deletion. We will delete your personal data, though we may retain gameplay records and transaction history as required by law.
• Withdraw consent: If you consented to data processing, you can withdraw that consent. We will stop processing your data, though this may affect your ability to use bandito.
• Complaint: If you believe we have mishandled your data, you can lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact our support team with your request. We will respond within documented timeframes.

Cookies and Tracking on bandito

We use cookies and similar tracking technologies to operate bandito. These serve specific functions:

• Session cookies: These keep you logged in while using bandito. They expire when you close your browser.
• Preference cookies: We store your language preference and interface settings so bandito remembers your choices.
• Security cookies: We use these to detect and prevent fraud and unauthorized account access.
• Analytics cookies: We track page views and user flows to understand how players use bandito and identify technical issues. These do not identify you personally.

Most browsers allow you to disable cookies or receive alerts when cookies are set. However, disabling cookies may limit bandito's functionality. We do not use third-party tracking pixels or retargeting services.

Our Data Security Practices on bandito

We protect your data through multiple security layers. We use Transport Layer Security (TLS) encryption for all data in transit—your login details, payment information, and gameplay data are encrypted when transmitted to bandito's servers. Your password is hashed and salted, never stored in plain text. We maintain firewalls and intrusion-detection systems to prevent unauthorized access.

We conduct regular security audits and penetration tests to identify vulnerabilities. We limit employee access to personal data to those who need it for their role. All staff sign confidentiality agreements. If we discover a data breach, we will notify affected users and relevant authorities as required by law.

However, no security system is perfect. We cannot guarantee absolute protection against all threats. You bear responsibility for keeping your password confidential and your device secure.

How Long We Keep Your Data

We retain personal data for as long as necessary to operate your bandito account and comply with legal obligations. Specifically:

• Active account data: While your account is open, we retain your email, payment details, and gameplay history.
• Account deletion: If you delete your account, we remove your personal data within 30 days, except where law requires longer retention.
• Compliance records: We may retain transactional records and KYC documents for up to seven years to comply with anti-money-laundering regulations.
• Support records: We keep support tickets and correspondence for up to two years for dispute resolution.

Jurisdiction and Data Protection

We operate bandito in multiple jurisdictions, including Indonesia, Malaysia, and Singapore. Our servers may be located in any of these regions. Data-protection laws differ by jurisdiction. We comply with applicable regulations in the regions where we operate. If you are in the European Union or have data-protection rights under your local law, we comply with those requirements as well.

Our services are available only where local law permits. If you access bandito from an unsupported jurisdiction, we may restrict your access or limit data processing. Users bear responsibility for verifying that their use of bandito complies with their local legal framework.

Contact Us About Privacy

If you have questions about this privacy policy or how we handle your data, contact our support team via in-platform chat, email, or phone. Our team provides English-language assistance during business hours. We will respond to privacy inquiries within documented timeframes.

You can also submit a formal data-subject request (for access, correction, or deletion) via our support team. We will process these requests according to applicable data-protection law.

Changes to This Privacy Policy

We may update this privacy policy to reflect changes in our practices or applicable law. We will notify you of material changes by email or by displaying a notice on bandito. Your continued use of bandito after such changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically to stay informed about how we protect your data.

Last updated: This privacy policy reflects our current practices and applies to all bandito account holders using the platform from supported jurisdictions.