postalPrivacy Policy
This page describes what we collect when you use postal and how we keep that data protected. Our approach balances transparency with security: we collect only the information needed to verify your identity, process your payments, and operate our platform fairly. We do not sell your personal data to third parties, and we encrypt all sensitive information during transmission and storage.
Our postal privacy commitments reflect regional standards and our responsibility to players across Indonesia. When you create an account, deposit funds via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer, or request a withdrawal, we handle your information according to documented procedures. This policy explains what we collect, who has access to it, how long we retain it, and what rights you have regarding your data.
We reserve the right to update this privacy policy periodically. If we make material changes—such as expanding data collection or adding new third-party processors—we will notify account holders via email or in-app messaging at least 30 days before the change takes effect. Continued use of postal after such notification constitutes acceptance of the updated policy.
What data we collect on postal
We collect personal data in several categories. Account registration requires your email address, a password, and a username. Know Your Customer verification requires your full name, date of birth, government ID number, a photo of your ID document, a residential address proof, and a selfie with your ID. Payment processing requires your banking details or digital wallet credentials depending on which method you choose—DANA account, e-wallet phone number, mobile banking credentials, local payment details, online payment account, e-wallet identifier, or bank account number for mobile banking, local payment, online payment, or e-wallet transfers.
We also collect behavioral data: your login history, the games you play, your bet amounts and outcomes, your payment transactions, and any communications you have with our postal support team. This data helps us detect fraud, monitor account security, and improve our platform's performance. We log your IP address, device type, browser, and connection quality to troubleshoot technical issues and identify unauthorized access attempts.
- Account data: Email, username, password (hashed), phone number if provided, account creation timestamp.
- Verification data: Government ID type and number, full name, date of birth, address, selfie with ID, residential proof document type.
- Payment data: Deposit and withdrawal records, payment method details, transaction amounts and timestamps, settlement confirmations.
- Behavioral data: Login history, game activity, bet records with outcomes, support interactions, device and IP logs.
- Technical data: Device identifiers, browser information, connection speed, error logs, app crash reports.
How we use your data on postal
Our primary use of your data is account operation and verification compliance. We verify your identity to prevent fraud, money laundering, and unauthorized account access. We process your payment data to complete deposits and withdrawals through your chosen regional payment provider. We maintain transaction records to settle bets, process payouts, and comply with audit requirements.
We use behavioral data to detect suspicious patterns—unusual login locations, rapid transaction sequences, or stakes inconsistent with historical behavior—that may signal account compromise or fraud. Our postal fraud team reviews alerts and may request additional verification or temporarily restrict withdrawals pending investigation. We communicate these actions via in-app notification or email.
Third-party processors and data location
Our postal platform relies on third-party service providers for specific functions. Payment processors handle deposit and withdrawal transactions—these vendors receive your banking or wallet details only when you initiate a payment. Cloud infrastructure providers host our servers, which may be located outside Indonesia. Email service providers deliver our account notifications and support responses. Analytics platforms track aggregated usage patterns to improve app performance.
Our servers may sit in data centres outside your jurisdiction. This means your personal data may be transferred to and processed in countries with different data protection laws than Indonesia. We ensure all processors maintain security standards equivalent to our own through contractual data-processing agreements and periodic audits.
We keep your postal account data protected through encryption, access controls, and regular security audits. Your privacy is central to how we operate.
Your rights on postal
You have the right to access your personal data held on our postal platform. Contact our support team to request a copy of your account data, including all verification documents, transaction records, and behavioral logs. We provide this information within 14 business days at no charge.
You have the right to request correction of inaccurate data. If your name, address, or ID details are incorrect in our system, contact support with updated information and supporting documentation. We will update your account and notify relevant third parties if necessary.
You have the right to request deletion of your account and associated data, subject to retention requirements for legal and financial compliance. If you request account closure, we will delete your password and limit access to historical records needed for audit and fraud prevention. Transaction records may be retained for periods mandated by regional financial regulations or in response to legal process.
Cookies and tracking on postal
Our postal app and website use cookies and similar tracking technologies to maintain session security and remember your preferences. Essential cookies allow you to log in and stay authenticated during your session. Optional cookies track your navigation patterns to help us improve the platform's interface. You can disable non-essential cookies through your browser settings without affecting core functionality, though some features may degrade.
Data retention on postal
We retain your account data for as long as your postal account remains active. If you request account closure, we retain transaction records and verification documents for seven years to comply with regional financial record-keeping requirements and to support potential fraud investigations. Behavioral logs and technical data are typically deleted after one year unless legal process requires longer retention.
Security and incident response
We encrypt all data transmission between your device and our postal servers using TLS 1.2 or higher. Stored passwords are hashed with salted algorithms; we never store plaintext passwords. Access to your personal data is restricted to postal employees and contractors who require it for their role, and all staff sign confidentiality agreements.
If we discover a security breach affecting your personal data, we will notify you within 14 days via email to your registered address. We will disclose the nature of the breach, the types of data affected, and steps we have taken to remediate the vulnerability. We will also provide guidance on steps you can take to protect your account, such as changing your postal password.
Contact us about privacy
If you have questions about our postal privacy policy, wish to exercise your data rights, or want to report a security concern, contact our support team via in-app messaging, email, or the contact portal. We respond to privacy inquiries within 14 business days. For specific issues regarding your personal data on postal, include your account email and a description of your request so we can locate your records quickly.