Reference

How We Protect Your Account and Payment Information

When you open an account with us and deposit via DANA, OVO, GoPay or QRIS, we collect information needed to verify your identity and process withdrawals safely.

Account verification in secondsEncrypted payment processingClear data retention rules
situs m88 How We Protect Your Account and Payment Information
PRIVACY QUESTIONS

Reach Us About Your Data and Privacy Rights

If you want to know what data we hold on your account, request a correction, or ask us to delete information, our support team can walk you through the process.

Email Support Send privacy requests to our compliance team at [email protected]. Include your account username and the specific data you want to access or modify. We reply within 48 business hours.
Live Chat Open live chat from the account settings page or the lobby footer. Ask for the privacy agent. Available 08:00 to 23:00 daily (Indonesia time). They can explain what's on your account right now.
Account Settings Go to your profile, select Privacy & Data, and request a data report directly. You'll receive a download link via email within 7 days. No support ticket needed.
DATA SECURITY INSIDE

How We Keep Your Account Safe Every Day

Your account password is hashed and never stored in readable form. When you log in, we verify your device against previous login history so we can spot unusual access attempts.

Password & Authentication

We hash passwords using bcrypt and require verification codes for withdrawals. Two-factor authentication is available in your security settings. If you forget your password, identity verification restarts.

Payment Encryption

DANA, OVO, GoPay and QRIS transactions use AES-256 encryption. Card details and bank account numbers are tokenised and never stored on our servers in full.

Withdrawal Verification

Every withdrawal is checked against your account history, identity documents and registered payment method. Manual review takes 24–48 hours. Anomalies trigger a support call to confirm the request.

Data Retention

We keep account data for up to 24 months after your last activity or account closure. Transaction records are held for seven years where local law permits. You can request early deletion via Privacy & Data settings.

Third-Party Sharing

We share data only with payment processors, fraud-detection partners and legal authorities if required by court order. We do not sell your information to marketers or brokers.

Breach Notification

If a security incident affects your data, we notify you via email within 72 hours. We also file a report with your local data authority where required by law.

Common Privacy Questions

Players in Denpasar, Yogyakarta and across Indonesia ask us regularly about what happens to their data after they register and how we handle payment details. Here are the questions we hear most often — and the answers we give to every account holder.

Yes. Go to your account settings, select Privacy & Data, and request a full data report. You'll receive a downloadable file showing your name, email, phone, identity document details, login history, game activity and all deposits and withdrawals. The report is sent to your email within 7 days at no cost.

We retain your DANA, OVO, GoPay and QRIS account details for 24 months after your last transaction. If you close your account, we delete payment data after 12 months unless we're required to keep it longer for fraud prevention or local law compliance.

No. We share data only with payment processors (to verify DANA, OVO, GoPay and QRIS deposits and withdrawals), fraud-prevention services and legal authorities under court order. We never sell or share your information with marketing firms, betting syndicates or third-party advertisers.

Your account is marked inactive. Personal and gameplay data is retained for up to 24 months for compliance purposes. After that period, we delete your name, email and phone number. Transaction records stay for seven years where local law requires it. You can request faster deletion by contacting our privacy team via email.

Yes. In your account settings under Profile, you can update your email address and phone number instantly. Identity information (name, date of birth, ID number) requires verification. Submit a new copy of your ID via the update form, and our compliance team will verify it within 3 business days.

We monitor your login device, location and deposit method for unusual patterns. If you log in from a new device, we send a verification code. Large or frequent withdrawals trigger manual review. DANA, OVO, GoPay and QRIS transactions are checked against your account history and spending limits before processing.

Your account data is stored on encrypted servers in data centres where local law permits. All passwords are hashed, all payment information is tokenised, and all traffic between your device and our servers uses TLS encryption. If there's a breach, we notify you within 72 hours and file a report with your local data protection authority.