bumi128 Privacy Policy

This page describes what we collect when you use bumi128 and how we keep that data protected. When you create an account, deposit via DANA or e-wallet, enter slot tournaments (Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways), or place sportsbook bets on Liga 1, we collect personal information. We treat that data with care, follow encryption standards, and never sell it to third parties for marketing.

Our privacy commitments align with international data-protection principles. We store your information securely, limit access to staff who need it, and give you rights over your own data. This policy applies to all bumi128 users across supported jurisdictions, whether you access via desktop browser, mobile app, or payment gateway integration.

Below, we explain what data we collect, why we collect it, who has access, how long we keep it, and what rights you have. If questions remain after reading, our support team is available via live chat (8am–11pm Jakarta time daily) or email.

What Data We Collect on bumi128

We collect data in three categories: account registration, transaction records, and activity logs.

Account Registration: When you sign up, we collect your email address, chosen username, and password (which we hash and never store in plain text). During account setup, we also ask for your full name, date of birth, and mobile phone number. This information helps us verify your identity and contact you about account matters.

KYC Verification: Before your first withdrawal, we request government-issued identification (national ID card, passport, or driver's licence), proof of address (utility bill, lease agreement, or bank statement), and sometimes a recent bank statement. We photograph or scan these documents and store them encrypted on our secure servers. We retain these documents only as long as required by anti-money-laundering law (typically 5–7 years after account closure).

Transaction Records: Every deposit, withdrawal, and bet is logged. We record the payment method used (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet), amount, date/time, and status. We also log tournament entries, spin outcomes, and sportsbook wagers. These records are used for settlement, dispute resolution, and regulatory compliance.

Activity Logs: We track login times, IP addresses, device information (browser type, operating system), and pages visited. This helps us detect fraud, prevent unauthorised access, and improve platform performance.

Note: We do not store full payment card details. Payment processors (mobile banking, local payment, etc.) handle card encryption; we store only a token referencing your payment method on file.

How We Use Your Data

We use collected data for specific purposes:

  • Account administration: Creating and managing your account, resetting passwords, and sending you account notifications.
  • Payment processing: Facilitating deposits and withdrawals through our payment partners, and verifying your identity to comply with anti-money-laundering regulations.
  • Game operation: Recording tournament entries, spins, and betting outcomes so we can settle prizes accurately and resolve disputes.
  • Fraud prevention: Monitoring for suspicious activity (multiple accounts, stolen credentials, unusual bet patterns) to protect you and our platform.
  • Legal compliance: Responding to regulatory requests, reporting to financial authorities, and maintaining records required by law.
  • Customer support: Responding to your inquiries, troubleshooting technical issues, and investigating complaints.

We do not use your data for marketing or sell it to third parties. We do not create detailed profiles for behaviour tracking. We do not send unsolicited promotional emails unless you opt in.

KYC (Know Your Customer)
The process of verifying your identity using government documents. Required before withdrawal to comply with anti-money-laundering regulations.
Encrypted storage
Your sensitive data (ID documents, bank details) is encoded using cryptographic standards so it cannot be read without a decryption key.
IP address
A unique number assigned to your internet connection, used to identify your device and detect fraud or unauthorised access.

Third-Party Data Processors

We do not store or process all data ourselves. We use trusted third-party providers:

Payment Processors: online payment, e-wallet, mobile banking, local payment, online payment, and our banking partners (e-wallet, mobile banking, local payment, online payment) process your payment information. They comply with their own privacy policies and payment-card security standards (PCI DSS). We do not share more information with them than necessary to complete transactions.

Cloud Storage: We store encrypted account data and documents on cloud servers managed by international providers. These providers undergo security audits and sign data-processing agreements with us, committing to the same privacy standards we maintain.

Compliance Services: We use anti-money-laundering and identity-verification services to check your documents and screen you against sanctions lists. These services follow legal requirements and do not retain your data beyond verification.

Customer Support Tools: Our live-chat platform and email system are hosted by external providers. We limit what account data is visible to support staff (they do not see payment card details or full ID documents).

Data Retention and Deletion

We keep your data only as long as necessary. Here are our retention windows:

  • Active accounts: Account data (name, email, transaction history) is kept while your account is open and for 12 months after closure.
  • KYC documents: Stored for 5–7 years after your final withdrawal or account closure, as required by financial regulations.
  • Transaction logs: Retained for 7 years to comply with tax and anti-money-laundering laws.
  • Login/activity logs: Typically deleted after 6 months unless needed for dispute investigation.
  • Support tickets: Kept for 2 years unless they involve disputes or legal claims.

You have the right to request deletion of your personal data, subject to legal obligations. If you request account closure, we delete your account profile and associated personal information within 30 days, except where we must retain records for legal compliance (tax, AML, dispute resolution). Contact our support team to request data deletion.

Your Rights Under Our Privacy Policy

We recognise your rights to your own data. You can:

  • Access your data: Request a copy of all information we hold about you by contacting support. We provide this within 30 days at no charge.
  • Correct inaccuracies: If your name, address, or contact information is wrong, update it in your account settings or ask support to correct it.
  • Request deletion: Ask us to delete your personal data (subject to legal retention obligations). We respond within 30 days.
  • Withdraw consent: If you consented to optional data uses (marketing emails, analytics), you can withdraw at any time via account settings.
  • Object to processing: Challenge how we use your data for specific purposes (e.g., fraud detection profiling) and request human review.

To exercise these rights, email our support team with your request and account username. We verify your identity before providing data or making changes, to prevent unauthorised access.

Security and Data Protection

We protect your data using multiple layers of security. All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. This means even if someone intercepts your internet connection, they cannot read your login, payment, or personal information.

Our servers are hosted in secure data centres with 24/7 physical security, backup power, and redundant cooling. We conduct regular security audits and penetration testing to identify and fix vulnerabilities. Our staff access systems using multi-factor authentication, and we log all access to sensitive data.

We maintain incident response procedures. If a data breach occurs, we investigate immediately, notify affected users, and contact relevant authorities as required by law. We maintain cyber insurance to cover potential losses from security incidents.

Our Data Protection Measures
  • Encryption in transit and at rest
  • Limited staff access with multi-factor authentication
  • Regular security audits and vulnerability testing
Your Responsibility
  • Keep your password and 2FA codes secret
  • Use a secure device and trusted network
  • Report suspected unauthorised access immediately

Cookies and Tracking Technologies

When you visit bumi128, we use cookies and similar technologies to improve your experience. Cookies are small text files stored on your device that help us recognise you on return visits, remember your preferences, and track general usage patterns.

Essential Cookies: We use these to keep you logged in, process payments, and prevent fraud. These are necessary and cannot be disabled.

Analytics Cookies: We track which games are popular, which page features work well, and how users navigate the platform. This helps us improve design and performance. You can disable analytics in your browser settings.

Advertising Cookies: If you click a bumi128 link from an external website, we track this to measure marketing campaign effectiveness. You can opt out via your browser privacy settings.

We do not use cookies to profile you or create detailed behavioural models for sale. We use them only to operate and improve our own service.

Cross-Border Data Transfers

Our servers may sit outside your jurisdiction. Your data may be stored or processed in Singapore, the United States, or other countries. By using bumi128, you acknowledge and consent to this. These countries have data-protection laws, though they may differ from Indonesian law. We ensure that third-party processors sign agreements (Standard Contractual Clauses or Binding Corporate Rules) committing to the same privacy standards we maintain.

If you object to cross-border data transfers, you may request that we delete your account and data (subject to legal retention obligations). Contact our support team to discuss your options.

Children and Minors

Our services are not intended for users under the age of majority in their jurisdiction. We do not knowingly collect data from minors. If we discover a user is underage, we close the account and refund any remaining balance. If you are aware of a minor using bumi128, please report it to our support team immediately.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. When we make material changes, we notify you via email or in-app notice at least 30 days before the change takes effect. Your continued use of bumi128 after notification constitutes acceptance of the updated policy.

Contact bumi128

If you have questions about our privacy practices, want to exercise your data rights, or suspect a data breach, contact us:

  • Live Chat: Available 8am–11pm Jakarta time, seven days a week. Use this for urgent issues like suspected account compromise.
  • Email: Send your data request, complaint, or privacy inquiry to our support address. We respond within 30 days.
  • In-app messaging: Use the help section within bumi128 to submit privacy questions. We respond within 2 business days.

Related guides

Legal
Terms & Conditions
10-min read
Support
Live Chat Support
3-min read
Help
Frequently Asked Questions
5-min read

Your Privacy Matters to bumi128

We recognise that privacy is fundamental. Your personal information is valuable and sensitive. We are committed to handling it responsibly, transparently, and securely. Our privacy practices reflect this commitment across every interaction—from account registration through deposit, tournament participation, sportsbook betting, and withdrawal.

If you feel we have not honoured your privacy rights, or if you have concerns about how we handle your data, reach out. Our support team takes all privacy inquiries seriously and escalates them to our data protection officer for thorough investigation and response.