master38 Privacy Policy

What data we collect on master38

When you open an account on master38, we collect your email address, a secure password (which you create and we hash), and your full legal name. To comply with Know-Your-Customer (KYC) requirements, we also collect government-issued ID (passport or national identity card) and proof of address (utility bill, bank statement, or official residency document). We scan and store images of these documents securely.

During account use, we collect transaction data — deposits, withdrawals, game entries, and settlement outcomes. We also log your IP address and device type when you access master38 to detect fraud and ensure account security. If you contact our support team, we retain your messages and any additional information you provide (such as account recovery details or dispute documentation).

We do not intentionally collect sensitive personal data beyond what is required for KYC verification and account operation. We do not track your location beyond IP-based routing. We do not collect health information, biometric data, or any other special category of data unless you voluntarily provide it in a support message (in which case we treat it with extra care and discard it once the support issue is resolved).

How we use your data on master38

We use your identity documents and personal information to verify your eligibility and comply with anti-money-laundering (AML) and counter-terrorism financing (CTF) regulations. These requirements protect both you and master38 from fraud and illegal activity. We retain KYC documents for the duration of your account and typically for a defined period after closure, as required by law.

We use your email address and contact preferences to send account notifications (login alerts, withdrawal confirmations, support responses). We do not send unsolicited marketing emails unless you opt in. We use technical data (IP address, device type) to enforce account security — for example, if a login attempt comes from an unrecognized location, we may trigger two-factor authentication (2FA) or temporarily pause the account pending verification.

We may also use your data for internal analytics — such as how many players in Jakarta, Surabaya, or Bandung access master38 during Liga 1 season, or how payment methods like DANA, e-wallet, mobile banking, and local payment are distributed among our user base. These analytics never identify individuals; they are aggregated and used only to improve our platform and service delivery.

Data storage and international transfer

Our servers may sit outside your jurisdiction. When you use master38, your data may be transmitted to, stored in, and processed in countries other than Indonesia. We apply the same security standards globally — all data in transit is encrypted, and all servers use access controls and regular security audits. By opening an account on master38, you consent to this international transfer and processing.

We retain your data for as long as your account is active and for a defined retention period after closure (typically to fulfil legal obligations). For example, we keep transaction records for several years to comply with anti-money-laundering law and to resolve potential disputes. Identity documents are retained for the account duration and a statutory period afterward. If you request deletion of personal data (subject to legal holds), we process your request during business hours and confirm deletion within a reasonable timeframe.

Third parties and data sharing

We do not sell your personal data to marketing companies or data brokers. However, we do share limited information with service providers who help us operate master38 — for example, our payment processor receives your bank account or e-wallet details when you deposit via online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, or e-wallet. These processors are contractually bound to protect your data and use it only for payment processing.

We may disclose personal data to government authorities, law enforcement, or courts if required by law or if we believe such disclosure is necessary to protect the rights and safety of master38, our users, or the public. For example, if we receive a lawful subpoena requesting transaction records for a particular account, we comply with that legal demand.

We use third-party analytics tools (such as web analytics services) to understand how users navigate master38. These tools may collect aggregated data about your device and browsing behaviour, but they do not identify you individually. You can typically opt out of analytics tracking via your browser settings or the analytics provider's privacy options.

Cookies and similar technologies on master38

We use cookies and similar tracking technologies (such as local storage and session tokens) to keep you logged into master38, remember your preferences, and measure how the platform is used. Essential cookies are necessary for security and account functionality — we cannot operate master38 without them. Non-essential cookies help us understand user behaviour and improve our services.

You can control cookies via your browser settings — most browsers allow you to accept, reject, or delete cookies. If you disable essential cookies, some features on master38 may not work correctly. Non-essential cookies can be disabled without affecting core functionality. We do not use cookies to track you across third-party websites; our cookies operate only on the master38 domain.

Your data rights on master38

Under applicable data protection law, you have the right to request access to your personal data, correction of inaccurate information, and deletion of certain data (subject to legal obligations). You also have the right to data portability — we can provide your data in a structured, machine-readable format so you can transfer it to another service if you choose.

To exercise these rights, contact our support team via email or live chat during business hours. Provide clear details of your request (e.g., "I request a copy of all personal data you hold about me"). We verify your identity for security and process requests within the timeframe required by law. If we decline a request (for example, because legal obligations prevent us from deleting transaction records), we explain our reasoning. You have the right to lodge a complaint with your local data protection authority if you believe our handling of your data violates applicable law.

Updates to this policy and your choices

We may update this privacy policy to reflect changes in our practices, technology, or applicable law. When we make material changes, we notify account holders via email or through a banner on master38. Your continued use of the platform after such notification constitutes acceptance of the updated policy. We encourage you to review this policy periodically so you stay informed of how we handle your data.

If you disagree with our privacy practices, you have the right to close your account on master38. Upon closure, we cease new data collection (except as required by law), retain your information for statutory periods, and process your data deletion request if made during the account closure process. Your data rights remain even after account closure — you can still request access, correction, or deletion subject to legal holds.

master38 takes data protection seriously because your trust matters. We encrypt your sensitive information, limit access to staff who need it, do not share data with third parties without consent or legal requirement, and respond to your data requests during business hours. If you have privacy questions or concerns — whether about KYC verification, payment method security, or data retention — contact our multilingual support team. We are here to help you understand our practices and exercise your rights.