LEGAL REFERENCE

Your Privacy, Our Priority

Q: What if I suspect my data has been compromised?

Contact support@surya69.app immediately. We'll freeze your account, reset your password, review login history and provide 24 months of free credit monitoring. Breach notification is sent within 72 hours per Indonesian law.

We handle your account details, payment records and personal data with encryption-first infrastructure. This policy explains exactly what we collect, how we use it, and the protections we've...

Data SecurityPayment ProtectionTransparent PracticesIndonesia CompliantAccount Control

Tour the Lobby Read FAQ

What We Collect and Why

surya69 collects your registration details — email, phone number, identity verification data — to create and secure your account. When you deposit via DANA, OVO, GoPay or QRIS, we record transaction logs for reconciliation and fraud prevention. We track your gameplay activity, winnings and account balance to deliver accurate reporting and comply with local gaming regulations in supported Indonesian regions. We never

sell your personal data to third parties. All information is encrypted in transit and at rest.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

HELP CHANNELS

Questions About Your Data

Email Support Reach our privacy team at [email protected] with any data concerns. We respond within 24 hours to requests for access, correction or deletion of your personal information.

Account Settings Log in and visit Settings > Privacy to review what data we hold, download your account history, or request a complete data export in a portable format.

Live Chat Our chat team can walk you through privacy settings, explain how your payment data is stored, or help you understand your data rights under Indonesian law.

WHY THIS PLATFORM

Privacy Standards We Meet

SSL Encryption

All data between your device and our servers travels through 256-bit SSL encryption. This includes login credentials, payment details and gameplay records at every step.

PCI DSS Compliance

Our payment processing partners meet PCI Data Security Standard requirements. DANA, OVO, GoPay and QRIS transactions are tokenized and never stored on our primary database.

Annual Audits

We commission third-party security audits each year to verify encryption protocols, access controls and data isolation. Results inform our ongoing security roadmap.

Data Retention Rules

Account data is kept for 7 years to meet regulatory timelines in supported regions. After closure, we retain only anonymized transaction records for financial audit purposes.

Staff Access Limits

Only our compliance and technical teams can view personal data, and only when required by law or to resolve account issues. All access is logged and monitored.

Incident Response Plan

If a breach occurs, we notify affected players within 72 hours and provide free identity monitoring. We maintain cyber insurance and have tested incident protocols quarterly.

How Our Privacy Stance Compares

Data Sale Policy

We do not monetize your data. Competitors often sell behavioral or demographic profiles to marketing networks; we keep your account completely separate from any third-party advertising.

Payment Tokenization

Your DANA, OVO, GoPay and QRIS details are tokenized immediately. We never store full card or wallet credentials — only a secure reference tied to your account ID.

Opt-Out Granularity

You can disable marketing emails, gameplay analytics and promotional tracking independently. Most platforms force an all-or-nothing choice; we let you control each preference separately.

Transparent Retention

We publish exact retention timelines for each data category. Gameplay logs, payment records and identity docs each have a defined lifespan; we don't keep anything 'just in case.'

Indonesian Jurisdiction

Our privacy policy aligns with Indonesian consumer protection law. You retain the right to request data deletion under local regulations, not just GDPR — which doesn't apply here.

Breach Notification Speed

We aim to notify you within 72 hours of discovering any data incident. The industry average is 4–6 weeks; our protocol prioritizes your ability to act fast.

Account Deletion Permanence

When you close your account, personal data is deleted within 30 days. We don't archive it in backup systems or 'restore' closed accounts without explicit written consent.

Core Privacy Commitments

Zero Third-Party Sales

Your personal information is never sold to advertisers, data brokers or marketing firms. We earn revenue from gaming activity, not from commodifying your identity or behaviour.

Encrypted Payment Rail

Every DANA, OVO, GoPay and QRIS deposit flows through isolated payment gateways with tokenization. We see only a transaction reference, not your wallet or card number.

Portable Data Export

Open your account dashboard and request a complete data export in JSON or CSV format. You can download your full history — account details, gameplay logs, payment records — anytime.

Audit Trail Transparency

Log in to view a complete timeline of who accessed your account and when. If suspicious activity appears, you can flag it immediately and we'll investigate within 24 hours.

Immediate Account Erasure

Close your account and we begin permanent data deletion within 24 hours. Personal files, gameplay records and payment history are securely wiped; no 'hidden' archives are retained.

Cookie & Tracking Control

Visit Settings > Tracking to disable non-essential cookies, web analytics and cross-site ad tracking. We retain only essential session cookies needed to keep you logged in securely.

Privacy & Data Questions

Your payment credentials never touch our servers. When you deposit, your wallet or bank app handles the authentication. We receive only a tokenized transaction ID, plus your account is credited instantly. No full card or wallet data is stored.

Yes. Log in, go to Settings > Account > Data Export, and request your full history in JSON or CSV. We send a download link within 4 hours. It includes gameplay records, deposits, identity info and account activity logs.

Deletion begins immediately. Personal data is permanently erased within 30 days. We retain anonymized transaction records for 7 years for regulatory compliance, but no personal identifiers are kept. Your account cannot be reactivated after day 30.

No. We do not sell, rent or lease your personal data. We share information only with payment processors, security partners and law enforcement — only when legally required. Marketing is never sold externally.

Data is backed up every 6 hours to encrypted servers in secure data centers. Backups are geo-redundant and comply with Indonesian data residency requirements. Backup data is encrypted with the same standards as live records.

Yes, independently. Go to Settings > Preferences and disable promotional emails, gameplay analytics, or in-app notifications separately. You remain a full account holder; opting out affects only messaging and tracking preferences.

Contact [email protected] immediately. We'll freeze your account, reset your password, review login history and provide 24 months of free credit monitoring. Breach notification is sent within 72 hours per Indonesian law.