gama Privacy Policy

This page describes what we collect when you use gama and how we keep that data protected. We collect personal information to verify your identity, process deposits and withdrawals, comply with anti-money-laundering (AML) regulations, and detect fraud. We store your data securely and do not sell it to third parties. You have rights over your data — you can request access, correction, or deletion subject to legal retention requirements.

Our privacy practices are designed around account security and regulatory compliance. When you open a gama account, you provide your name, date of birth, national ID or passport number, email, phone number, and payment details. We use this information to verify your identity, process your deposits via QRIS, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer, and comply with government anti-money-laundering requirements. We also use your data to detect fraud, investigate disputes, and communicate with you about your account.

Our servers may sit outside your jurisdiction. Your data may be transferred to and stored in countries other than Indonesia. By using gama, you consent to this transfer. We apply the same security standards regardless of server location. If you do not consent to international data transfer, do not open an account at gama.

What We Collect at gama

We collect the following information when you open an account at gama: your full name, date of birth, national ID number (KTP) or passport number, email address, phone number, and residential address. We also collect payment information — the bank account or e-wallet details you use for deposits and withdrawals. This information is mandatory for account verification and regulatory compliance.

We collect transaction data automatically — every deposit, withdrawal, bet, game outcome, and account login. We record the timestamp, amount, payment method, and game or market involved. We also collect device information — your IP address, browser type, operating system, and device identifier. This helps us detect fraud and unauthorized access.

We do not collect your password in plain text; we store only an encrypted hash. We do not collect your credit card number directly; payment processors handle card data separately. We do not track your browsing outside gama or sell your data to advertisers.

How We Use Your Data

We use your personal information to verify your identity (Know Your Customer / KYC compliance), process deposits and withdrawals, settle bets and game outcomes, and comply with anti-money-laundering (AML) regulations. We cross-check your information against fraud databases and regulatory watchlists. We retain transaction records for seven years to satisfy government AML requirements.

We use your data to detect and prevent fraud. If we notice unusual activity — large deposits followed by immediate withdrawals, multiple failed login attempts, or bets inconsistent with your account history — we may freeze your account and investigate. We use your email and phone to send account notifications, withdrawal confirmations, and security alerts. We do not send marketing emails unless you opt in.

We share your data with payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment) to process deposits and withdrawals. We share data with fraud-detection services to verify your identity and detect suspicious activity. We share data with regulatory authorities if required by law. We do not share data with third-party marketers or data brokers.

Data Retention and Security

We retain your personal information for as long as your account is active. After you close your account, we retain your data for seven years to comply with anti-money-laundering record-keeping requirements. After seven years, we delete or anonymize your data unless we are required by law to retain it longer.

We protect your data using encryption (SSL/TLS for data in transit, AES-256 for data at rest), access controls (only authorized staff can view your information), and regular security audits. We do not store your password in plain text; we use salted hashing. We do not store your full payment card number; payment processors handle sensitive card data separately.

If we discover a data breach, we will notify you by email within 72 hours and inform relevant authorities as required by law. We maintain cyber insurance and incident-response procedures to minimize harm.

Cookies and Tracking

We use cookies to keep you logged in, remember your preferences, and detect fraud. These are essential cookies; gama cannot function without them. We do not use cookies for tracking or advertising. We do not share cookie data with third parties.

You can disable cookies in your browser settings, but this will log you out of gama and prevent you from using the platform. We do not use third-party analytics or tracking pixels on gama.

Contact and Policy Updates

If you have questions about our privacy practices, want to exercise your data rights, or believe we have mishandled your information, contact our support team. We speak Indonesian and English and respond within 30 days. You can also review our terms and conditions for information about account policies, or visit our FAQ for common questions.

We may update this privacy policy at any time. Material changes will be communicated via email. Continued use of gama after an update constitutes acceptance of the new policy. We will not reduce your data protection rights without your explicit consent.

Our services are available only where local law permits. Your jurisdiction may have specific data-protection laws (such as Indonesia's Law No. 27 of 2022 on Personal Data Protection). We comply with applicable local laws. If you are in a jurisdiction with stricter data-protection requirements than gama's standard practices, those local laws take precedence. Thank you for trusting gama with your information.