nagasaon Privacy Policy

This page describes what we collect when you use nagasaon and how we keep that data protected. We take your privacy seriously and operate under a clear, transparent policy that applies to all players, whether you access nagasaon from Jakarta, Surabaya, Bandung, Medan, Semarang, or other supported jurisdictions.

We collect personal information only when you register an account, deposit funds, or interact with our support team. We never sell your data to third parties and use it solely to operate our platform—processing payments, verifying your identity, investigating disputes, and improving our service. Our servers may sit outside your jurisdiction, but we maintain the same data-protection standards across all regions where nagasaon operates.

This policy covers account data, payment information, cookies, and your rights. If you have questions about how we handle your data, contact our support team via the FAQ page or support contact form.

What Data We Collect on nagasaon

We collect several categories of information when you use nagasaon. During account registration, we gather your legal name, date of birth, email address, and permanent address. We use this information to create your account, verify your identity (KYC—Know Your Customer), and ensure compliance with gaming regulations.

When you deposit funds on nagasaon, we collect payment method details—your bank account number, credit card information (if applicable), or mobile payment credentials (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet). We never store raw payment-card numbers; instead, our payment processors tokenize this data, meaning nagasaon's servers receive only encrypted tokens that cannot be reverse-engineered.

We also collect identity documents during KYC verification: a government-issued ID (Indonesian ID card, passport, or driver's license), a selfie holding your ID, and proof of address (utility bill, bank statement, or rental agreement). These documents are stored securely and encrypted in our database.

Your gaming activity generates transaction logs. Each spin on a slot, each hand of blackjack, each roulette spin, and each sportsbook interaction is recorded in our database. These logs are retained for regulatory compliance, dispute resolution, and account auditing. We retain transaction records for seven years in line with financial regulations, after which we securely delete them.

How We Use Your Data

We use your data exclusively for the following purposes:

• Account management: We verify your identity, process deposits and withdrawals, and manage your account balance and transaction history.
• Payment processing: Your payment details are used to facilitate deposits via mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and Indonesian banks (online payment, e-wallet, mobile banking, local payment). Our payment processors handle tokenization and encryption.
• Fraud prevention: We analyze behavioral patterns to detect suspicious activity—such as multiple failed login attempts, withdrawals to new bank accounts, or unusually large wagers—and request additional verification when needed.
• Customer support: We use your contact information to respond to your inquiries and resolve disputes. Our support team may review your gaming history to investigate complaints about outcomes or account access.
• Regulatory compliance: We retain records for gaming regulators and financial authorities where required by law.

We do not use your data for marketing purposes unless you explicitly opt in. We do not sell your personal information to third parties. We do not share your gaming history or account details with unrelated companies.

Third-Party Processors and Data Sharing

Our nagasaon operations rely on third-party service providers who have access to limited data:

• Payment processors: Companies like payment gateways and banks handle your deposit and withdrawal transactions. They receive your payment method and transaction amount but never access your email, identity documents, or gaming history.
• Game providers: Blueprint Gaming, Pragmatic Play, and other software developers receive basic session data (user ID, game title, stake amount, payout) to verify RTP compliance and detect cheating. They do not receive your personal name or address.
• Hosting providers: Our servers are hosted by data-center operators who maintain physical security and backup systems. They have access to raw server data but operate under strict confidentiality agreements.
• Compliance auditors: Independent auditors review our systems, including transaction logs and RNG fairness certifications. They sign non-disclosure agreements before accessing any data.

All third-party processors are contractually obligated to protect your data and use it only for their specified function. We do not permit them to retain, sell, or repurpose your information.

KYC (Know Your Customer)

A verification process where we collect your identity documents to confirm your age, address, and legal identity. Required before your first deposit on nagasaon.

Data tokenization

A process where payment details are encrypted into unique tokens. We never store raw card numbers or bank credentials.

Retention period

We keep transaction records for seven years for regulatory and tax purposes, then securely delete them.

Cross-border data transfers

Your data may be processed outside Indonesia (e.g., on servers in other countries). We maintain the same encryption and security standards globally.

Your Rights and Our Commitments on nagasaon

You have the right to access, correct, or request deletion of your personal data on nagasaon. To exercise these rights, contact our support team. We will respond within ten business days. Note that we cannot delete transaction records required for regulatory compliance, but we can anonymize or redact personal identifiers where permitted by law.

We commit to protecting your data through industry-standard security measures: SSL encryption for all data in transit, encrypted storage for data at rest, firewalls, intrusion-detection systems, and regular security audits. Our database access is restricted to authorized personnel who operate under strict confidentiality agreements. We conduct annual penetration testing to identify and remediate vulnerabilities.

We do not retain your data longer than necessary. Session logs are kept for dispute resolution (typically six months); KYC documents are retained for seven years for regulatory compliance; and payment records are kept for seven years for tax and fraud-prevention purposes. After these periods, we securely delete or anonymize the data.

Cookies and Tracking

Our nagasaon website uses cookies to enhance your experience. Cookies are small text files stored on your device that help us remember your preferences, maintain your login session, and analyze site usage patterns. We use both session cookies (deleted when you close your browser) and persistent cookies (retained for up to one year).

We do not use cookies for third-party advertising or cross-site tracking. Our cookies are used solely for:

• Maintaining your login session on nagasaon.
• Remembering your language preference (English or Indonesian).
• Analyzing site performance and user behavior (via anonymous analytics).
• Detecting fraud and preventing account hijacking.

You can disable cookies in your browser settings, but this may limit your ability to access certain nagasaon features. We do not respond to "Do Not Track" browser signals because we do not engage in cross-site tracking.

Data Breach and Incident Notification

If we discover an unauthorized access to your account or a security breach affecting nagasaon data, we will notify you without unreasonable delay. We will also notify relevant regulatory authorities as required by law. Our notification will include details about the breach, the type of data affected, and recommended steps to protect your account.

In the event of a payment-data breach, we comply with Payment Card Industry Data Security Standard (PCI-DSS) requirements and notify affected payment processors immediately.

Contact and Dispute Resolution

If you believe we have misused your data or violated this privacy policy, contact our support team immediately. We will investigate your complaint and respond within ten business days. If you are unsatisfied with our response, you may escalate your complaint to your local data-protection authority or an independent ombudsman where applicable.

This privacy policy applies to nagasaon.id and our official mobile app. We may update this policy from time to time to reflect changes in our practices or applicable laws. Material changes will be announced on our platform or via email to registered users. Your continued use of nagasaon after policy changes constitutes your acceptance of the updated terms.