apibet Platform Privacy Notice

This page describes what we collect when you use apibet and how we keep that data protected. We at apibet operate under the principle of transparency—you own your information, and we process it only for legitimate purposes tied to your account, payments, and service delivery.

We collect personal data (email, password hash, phone number), identity information (for KYC verification), payment details (e-wallet or bank account data), and usage data (game history, login times, IP addresses). We do not sell this information to third parties for marketing. We do not share it with advertisers. We encrypt all data in transit (via SSL) and at rest, and we audit access regularly.

Our privacy commitments are grounded in practical security—not marketing language. We explain where your data sits, who can access it, how long we keep it, and what rights you have. This notice covers users across supported jurisdictions, including Jakarta, Surabaya, Bandung, Medan, and Semarang.

What We Collect on apibet

We collect data in four categories. Account data includes your email address, chosen password (stored as a hash, never in plain text), phone number, and optional language preference. Identity data—collected only for account verification (KYC)—includes your government ID number, name, date of birth, and proof of residence. Payment data includes the payment method you use (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank account details) and transaction history. Usage data includes your login times, IP address, device type, game activity (which games you play, when, and for how long), and any support messages you send.

We do not collect biometric data, location data beyond your IP address, or any information outside these categories. We do not store your full payment card number—payment processors (mobile banking, local payment, online payment, e-wallet, mobile banking, and bank gateways) handle card tokenization, and we receive only a transaction confirmation. Your password is hashed irreversibly; we cannot retrieve it. If you forget it, you reset it via a time-limited email link.

Account data

Email, hashed password, phone number, language preference. Used to authenticate you and deliver service.

Identity data (KYC)

ID number, name, DOB, proof of residence. Used for verification and anti-money-laundering compliance.

Payment data

Payment method and transaction history. Used to process deposits and withdrawals. We do not store full card numbers.

Usage data

Login times, IP address, device type, game activity. Used to detect fraud and improve service.

How We Use Your Data on apibet

We use your data for five core purposes. Service delivery means we authenticate you at login, process your deposits and withdrawals, track your balance, and maintain your account. Fraud prevention means we monitor for suspicious activity—unusual withdrawal patterns, multiple rapid login attempts, or requests to change your registered payment method. Compliance means we store KYC data to meet anti-money-laundering and know-your-customer regulations. Support means we use your account history to help resolve your queries. Analytics means we count aggregate usage patterns (for example, "how many users access apibet via Android versus iOS") to improve our platform, but we do not profile individuals.

We do not use your data for direct marketing unless you explicitly opt in. We do not share your email with third-party marketers. We do not sell your game history or betting patterns to data brokers. During peak periods such as Liga 1 season, Piala AFF tournaments, Idul Fitri, Idul Adha, Imlek, or Nyepi holidays, we may retain slightly more usage data to manage server load, but this data is deleted after the period ends.

Where We Store Your Data and How We Protect It

Our servers are located outside Indonesia. This means your data may sit in data centres in other jurisdictions, subject to the privacy laws of those countries as well as our own commitments. We encrypt all data in transit using SSL/TLS (the same standard banks use). At rest, we encrypt sensitive fields (password hashes, KYC documents, payment method details) using industry-standard encryption. We do not store unencrypted passwords or full card numbers.

We undertake regular security audits and penetration testing. Our infrastructure uses firewalls, intrusion detection, and access controls. Only authorised apibet staff can access user data, and their access is logged. If a staff member leaves the company, their access is revoked immediately. We maintain daily backups encrypted and stored separately from live systems.

We at apibet treat encryption and access control as non-negotiable—not optional security theatre, but the foundation of how we operate.

Third Parties Who Handle Your Data

We work with third-party processors who are bound by confidentiality agreements. Payment processors (the companies behind local payment, online payment, e-wallet, mobile banking, local payment, online payment, and bank gateways) handle payment details and settlement. We do not pass your account password or email to them. We pass only the transaction amount and a reference ID. Cloud infrastructure providers host our servers and maintain backups; they are contractually prohibited from accessing user data. Customer support platforms store your messages and account interactions; we retain these for up to 12 months to resolve disputes.

We do not authorize third parties to market to you or use your data for their own purposes. If a third-party processor is compromised, we notify affected users according to our incident response plan. We choose processors based partly on their security certifications (ISO 27001, SOC 2).

Your Rights on apibet

You have several rights regarding your data. Access means you can request a copy of all data we hold about you; contact our support team and we will provide it within 14 days. Correction means if your data is inaccurate (for example, a wrong phone number), you can request we update it. Deletion means you can request deletion of your account and associated data after any open disputes are resolved; we retain some data (transaction history) for 7 years to meet legal obligations. Data portability means you can request your data in a standard format suitable for transfer to another service. Objection means you can object to certain processing (for example, promotional emails if you opted in); we will honour this within 7 days.

To exercise any of these rights, contact our support team with your account email and a description of your request. We verify your identity before processing. We do not charge for these requests unless they are manifestly unfounded or excessive.

Cookies and Tracking on apibet

We use cookies to maintain your login session and remember your language preference. These are session cookies (deleted when you close your browser) or persistent cookies (lasting up to 12 months). We do not use tracking pixels or cross-site cookies to follow you on other websites. Analytics cookies on our website count page views and user flows to improve navigation; they do not identify you personally. You can disable cookies in your browser settings, but this may affect apibet functionality.

How Long We Keep Your Data

We retain account data (email, phone) for as long as your account is active. We retain KYC data for 3 years after account closure to meet regulatory requirements. Transaction history is retained for 7 years to support dispute resolution and regulatory audits. Usage logs (login times, IP addresses) are retained for 12 months. Support tickets are retained for 12 months. You can request deletion of your account at any time; we will delete non-essential data within 30 days, subject to legal retention periods.

Our apibet Privacy Commitments: Summary

We at apibet collect only data necessary for account operation, payment processing, fraud prevention, and regulatory compliance. We encrypt all data in transit and at rest. We do not sell your information to marketers or advertisers. We do not use cookies to track you across other websites. We grant you access, correction, deletion, and portability rights over your data. We retain data only as long as necessary, and we delete it securely when your account closes.

Our infrastructure sits outside Indonesia, but we apply the same security standards regardless of jurisdiction. We audit access regularly and respond to security incidents according to a documented incident response plan. If we experience a data breach, we notify affected users and relevant authorities within 72 hours. Our privacy policy is updated whenever we change data practices; we publish the updated version here and notify users via email if changes affect their rights significantly.

For questions about our privacy practices or to exercise your rights, contact our support team. We respond to data subject requests within 14 days. Our service is available only where local law permits; you are responsible for verifying that your use of apibet complies with your jurisdiction's regulations.

Related pages