kotaspin Platform Privacy Notice

This page describes what data we collect when you use kotaspin and how we keep that information protected. We operate a sportsbook and gaming platform serving users in supported jurisdictions where local law permits. When you register an account, deposit funds via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, or e-wallet, place a Liga 1 or Piala AFF wager, or play a live-dealer game, we collect certain personal and transactional data.

Our privacy approach is straightforward: we collect only the minimum data needed to operate our platform, verify your identity (KYC), process payments, and comply with financial regulations. We do not sell your data to third parties or use it for marketing beyond our own service. Your data is encrypted at rest and in transit; access is restricted to kotaspin staff and authorized payment processors. This notice explains what we collect, how we use it, and what rights you have.

What data we collect on kotaspin

When you register an account on kotaspin, we collect your email address, chosen username, password (hashed, not stored in plain text), and the date you signed up. We do not require a phone number or legal name at registration; these remain optional.

Before your first withdrawal, we collect KYC documents: a government-issued ID (national ID, passport, or driver's license) and proof of address (utility bill, bank statement, or rental agreement dated within 3–6 months). We extract your legal name, date of birth, and address from these documents and verify them against official records. This process is mandatory to comply with anti-money-laundering regulations and prevent account takeover.

When you deposit or withdraw funds, we collect transaction data: the amount, payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank name), timestamp, and transaction ID. For bank transfers, we also collect your account number or mobile money identifier. Payment processors (the companies that handle mobile banking, local payment, online payment, etc.) collect their own data; our privacy policy covers only what kotaspin directly collects.

When you place a wager or play a game, we log:

The bet amount, sport or game type (Liga 1, Piala AFF, Champions League, blackjack, Dragon Tiger, Aviator, Sweet Bonanza, etc.), and timestamp.
The outcome (win, loss, or push) and the amount won or lost.
Your IP address and device type (mobile app or browser).
Session duration and frequency of play.

We also collect cookies and analytics data: browser type, pages visited, time spent, referring URLs, and location (inferred from IP address). This helps us understand how users navigate our platform and identify technical issues.

How we use your data

We use your data for the following purposes:

Account management: We maintain your account, process deposits and withdrawals, and send account notifications (login alerts, withdrawal confirmations, password resets).
KYC and compliance: We verify your identity, detect fraud, prevent money laundering, and comply with regulations in jurisdictions where we operate.
Game fairness and dispute resolution: We log all wagers and outcomes so we can investigate disputes (e.g., "My bet did not settle correctly"). Game logs are the source of truth for any disagreement.
Platform improvement: We analyze aggregated usage data (e.g., "Users in Jakarta prefer Liga 1 markets over Piala AFF") to improve our sportsbook markets and game selection.
Security and fraud prevention: We detect suspicious account activity (multiple failed logins, unusual withdrawal requests) and may pause an account pending verification.
Legal obligations: We may disclose data to law enforcement, tax authorities, or financial regulators if legally required or if we believe disclosure is necessary to prevent harm.

We do not share your data with third parties for marketing

Your email and wager history are not sold to advertisers or used to contact you about other products. We use your data only to operate kotaspin and comply with law.

Third-party data processors

We share data with the following categories of third parties, all bound by data-protection agreements:

Payment processors: e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking providers, and banks (local payment, online payment, e-wallet, mobile banking) receive your transaction data (name, account number, amount) to process deposits and withdrawals.
Identity verification services: Third-party KYC providers verify your ID and address documents. We share your document images and extracted data only with these services.
Hosting and cloud providers: Our servers may sit outside Indonesia (e.g., in Singapore or Australia). Server operators may access data during maintenance but are contractually forbidden from using it for their own purposes.
Fraud detection services: We use third-party tools to flag suspicious activity. These services may receive your IP address, device data, and transaction history.

Each processor has its own privacy policy. We are responsible only for our own handling of data; processors' practices are their responsibility. Consult their privacy notices if you have concerns about how they use your data.

Cookies and tracking on kotaspin

We use cookies to remember your login session, store your language preference, and track your navigation (which pages you visit, how long you stay). Cookies are small text files stored on your device. You can disable cookies in your browser settings, but doing so may prevent kotaspin from functioning properly (e.g., you may be logged out frequently).

We also use analytics services (such as Google Analytics) to track site-wide usage patterns. These services set their own cookies and may share data with their parent companies. You can opt out of Google Analytics tracking using Google's browser extension.

Your rights regarding your data

Depending on your location, you may have the following rights:

Right to access: You can request a copy of all data we hold about you. Contact our support team via email or chat; standard review windows apply (typically 7–14 days).
Right to correction: If your KYC data is incorrect, you can request correction. We will update our records and may ask for new documents to verify the correction.
Right to deletion: If you no longer use kotaspin, you can request account closure. We will delete your personal data except where legal obligation requires us to retain it (e.g., financial records for tax purposes).
Right to data portability: You can request that we export your data in machine-readable format (e.g., CSV).

To exercise these rights, contact our support team via live chat or email. We will verify your identity before fulfilling your request.

We at kotaspin keep your data protected because your trust is essential; mishandling data erodes the platform's credibility and your confidence in withdrawing winnings.

kotaspin privacy commitment

How long we keep your data

We retain data as follows:

Account and KYC data: Kept for as long as your account exists, plus 5 years after account closure (to comply with financial audit requirements).
Transaction records: Kept for 7 years to satisfy tax and anti-money-laundering regulations.
Wager logs: Kept for 7 years so we can resolve disputes and demonstrate game fairness if questioned.
Cookies and session data: Deleted after your session ends (or after 30 days of inactivity).
Analytics data: Aggregated and anonymized; raw data is deleted after 12 months.

Security measures we employ

We protect your data using the following technical and organizational measures:

SSL/TLS encryption: All data transmitted between your device and our servers is encrypted so third parties cannot intercept it.
Password hashing: Your password is converted to a one-way hash; we never store or see your actual password.
Access controls: Only authorized kotaspin staff can access your personal data; access is logged and monitored.
Two-factor authentication (2FA): Optional additional security layer; enable it in your account settings.
Regular security audits: We test our systems for vulnerabilities and patch them promptly.

Despite these measures, no system is non-specific info secure. If we discover a data breach, we will notify affected users as soon as reasonably practicable and provide guidance on protecting your account (e.g., change your password).

Contact us and file complaints

If you have questions about this privacy policy, want to exercise your rights, or have concerns about how we handle your data, contact our support team via live chat or email. We will respond within 7–14 days.

If you believe we have violated your privacy rights and our support team does not resolve the issue, you may file a complaint with the data-protection authority in your jurisdiction (if one exists). Users in Jakarta, Surabaya, Bandung, and Medan should check whether their regional data-protection office accepts complaints about online platforms.

Updates to this policy

We may update this privacy notice to reflect changes in our practices or legal requirements. We will post the updated version on this page and update the "effective date" at the top. If we make material changes (e.g., we start collecting a new type of data or sharing data with new third parties), we will notify you via email or a banner on our platform.

By continuing to use kotaspin after a policy update, you accept the new terms. If you disagree with changes, you can close your account and request deletion of your data (subject to legal retention obligations).

Effective date: This privacy policy is effective from the date kotaspin first launched. Last updated: 30 May 2026.