kayaPrivacy Policy

This page describes what we collect when you use kaya and how we keep that data protected. We take your privacy seriously because we handle sensitive information—your identity, payment details, and account activity. Our approach is simple: we collect only what we need, we keep it encrypted, and we never sell it to third parties. We use your data solely to operate kaya, verify your identity, process payments, and comply with law.

When you create an account on kaya, sign in from your phone, make a deposit via DANA or e-wallet, or request a withdrawal, we collect data at each step. We explain below exactly what we collect, why we collect it, and how long we keep it. We also explain your rights—you can request access to your data, ask us to correct errors, or request deletion in some cases. Our privacy policy applies to everyone using kaya, whether on Android, iOS, or desktop.

Our servers may sit outside your home jurisdiction, and your data may be processed across multiple locations. We encrypt data in transit and at rest so it's protected wherever it goes. We comply with applicable data-protection laws in all jurisdictions where we operate. If you have questions about how we handle your data, our English-speaking support team can help.

What Data We Collect on kaya

We collect data in several categories. First, account information: your email, password (hashed, never stored in plain text), phone number, and account username. Second, identity information: your name, date of birth, address, and government-issued ID number. We collect this during KYC verification so we can confirm you're who you claim to be. Third, payment information: the payment method you use (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, or e-wallet), and a tokenized reference to that method. We never store full payment details—payment processors handle that securely.

Fourth, activity data: when you log in, which games you play, how much you bet, when you withdraw, and your account balance. We log this for account auditing, fraud detection, and dispute resolution. Fifth, device and network data: your IP address, browser type, device model (Android or iOS), and operating system version. We collect this to detect fraud and to understand which devices our players use so we can optimize kaya for mobile.

Sixth, communication data: any emails or messages you send to our support team, and any messages we send to you about account updates, payment confirmations, or game results. Seventh, optional data: if you contact us through our support form, we collect whatever you tell us. This helps us resolve your issue but is not required for account operation.

We never ask for sensitive information by email

Our support team will never ask you to send passwords, full payment details, or ID numbers by email. If someone claiming to be kaya asks for this, it's a scam.

How We Use Your Data on kaya

We use identity information (name, address, ID number) to verify you're not underage, not on a sanctions list, and not using a fake identity. This is required by law in most jurisdictions. We use payment information to process deposits and withdrawals. We use activity data to settle bets, detect fraud, and help resolve disputes. We use device and network data to prevent unauthorized access and to optimize kaya's performance on Android and iOS.

We use your email to send you account confirmations, payment receipts, and important updates about kaya. We only send marketing emails if you've opted in. You can unsubscribe from marketing emails anytime in your account settings. We use contact information to respond to your support requests and to notify you of account issues (like suspicious login attempts).

We use aggregated, anonymized data to improve kaya. For example, we analyze which games are most popular, which payment methods users prefer, and which devices they use. This analysis helps us add features, optimize the app, and decide which payment partners to support. We never use individual data for this—we strip out identifying information first.

Third Parties and Data Processors

We work with trusted partners who process data on our behalf. Payment processors handle your mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, and local payment transactions. Identity-verification providers check your ID documents during KYC. Hosting providers run our servers. Email providers send our messages. Analytics providers help us understand how kaya is used. All these partners are bound by confidentiality agreements and process data only as we instruct.

We do not sell your data to third parties. We do not share your data with advertisers or data brokers. We share data with law enforcement only when legally required—for example, if a court orders us to. We share data with fraud-prevention services to protect your account and ours.

International transfers: Your data may be processed in countries outside Indonesia. We use standard contractual clauses and encryption to protect it during transfer.

Cookies and Tracking Technology

We use cookies to remember your login so you don't have to enter your password every time you visit kaya on your phone or desktop. We use session cookies (which expire when you close your browser) and persistent cookies (which stay until you log out or clear your cookies). We also use analytics cookies to understand how players interact with kaya—which pages they visit, which games they try, and how long they stay.

You can control cookies through your browser settings. On iOS Safari, go to Settings > Safari and toggle "Privacy-Preserving Ad Measurement." On Android Chrome, go to Settings > Site Settings > Cookies. Disabling cookies may make kaya harder to use, so we recommend allowing them. You can also clear cookies anytime, which logs you out of kaya—you'll need to log back in.

We do not use tracking pixels or invisible beacons to follow you across other websites. Our cookies stay within kaya only. We use Google Analytics to understand aggregate traffic patterns, but this is anonymized and does not identify you personally.

Data Retention and Deletion on kaya

We keep your account data as long as your account is active. If you close your account, we keep account records for legal and fraud-prevention purposes for a set period (typically 3-5 years depending on jurisdiction). We may keep anonymized data longer for analytics. Payment records are kept for accounting and tax purposes.

You have the right to request access to your data, to correct errors, or to request deletion in some cases. To do so, contact our support team and provide your account details. We'll respond within a reasonable timeframe. Note: we may not be able to delete data if it's required for legal compliance or fraud prevention. We'll explain any limitations when we respond to your request.

Security of Your Data on kaya

We encrypt all data in transit using HTTPS (SSL/TLS). Your password is hashed using industry-standard algorithms so we never store it in plain text. Payment details are tokenized—we store only a reference, not the actual details. Our servers use firewalls, intrusion detection, and regular security audits. We require employees to sign confidentiality agreements and log all data access.

No security is perfect. If we discover a breach, we'll notify you and relevant authorities as required by law. We encourage you to use a strong, unique password on kaya and to enable optional two-factor authentication for extra protection.

Your Rights and Contact Information

You have the right to access your data, to correct inaccuracies, to request deletion (subject to legal obligations), and to object to certain uses. You also have the right to data portability—we can export your data in a standard format. To exercise these rights, contact our support team with your account details and your request.

Our data protection contact is available through our support channels on kaya. We aim to respond to data requests within 30 days. Our English-speaking support team can help you understand your rights and submit requests. If you believe we've violated your privacy rights, you also have the right to lodge a complaint with your local data-protection authority.

Summary: Protecting Your Privacy on kaya

We collect data to run kaya—to verify your identity, process payments, detect fraud, and comply with law. We encrypt your data, we don't sell it, and we keep it only as long as needed. We respect your rights: you can request access, request corrections, and request deletion in some cases. Our privacy policy applies to everyone using kaya from Jakarta, Surabaya, Bandung, Medan, or anywhere our services are available.

If you have questions about how we handle your data, our support team is here to help. We're transparent because privacy matters. Your trust is essential to kaya, and we take that responsibility seriously.

Data we collect: Account info, identity (for KYC), payment method, activity, device details, and communications.
How we use it: Account verification, payment processing, fraud detection, and service improvement.
Who we share it with: Trusted payment processors, identity verifiers, and hosting providers. Never advertisers or data brokers.
Your rights: Request access, correction, deletion (with limits), or data export anytime.