grapwinPrivacy Policy
This page describes what we collect when you use grapwin and how we keep that data protected. We at grapwin are committed to transparent data handling: we tell you upfront what personal information we collect, why we need it, how we use it, and what rights you have regarding your data.
Our privacy practices apply whenever you create a grapwin account, deposit funds via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank virtual accounts, place wagers on football, live-dealer games, slots, or esports, and communicate with our support team. We never sell your personal data to third parties for marketing. We only share data where required by law or necessary to provide our services.
If you do not agree with our privacy practices, do not open an account. If you have questions about how we handle your data, contact our support team anytime—we respond within one business day. You can also request access to, correction of, or deletion of your personal data by contacting us directly.
What Data We Collect on grapwin
We collect several categories of personal data when you register and use grapwin. First, we collect your account information: email address, phone number, password (encrypted), and a username. This information is required to create and secure your account. We also collect your identity information for know-your-customer (KYC) compliance: full legal name, date of birth, government ID number (national ID, passport, or driver's licence), and sometimes proof of address.
Second, we collect payment information: the payment methods you use to deposit and withdraw (e-wallet account details, bank account details). We do not store full credit card numbers or e-wallet passwords—payment processors tokenize this information so we handle only anonymized reference codes. We also collect transaction history: deposit amounts, withdrawal amounts, dates, and settlement status.
Third, we collect behavioral data: which games you play, wager amounts, session duration, betting history, and account activity logs. This information helps us detect fraud, personalize promotions, and improve our platform. We also collect device information: IP address, device type, browser, operating system, and timestamp of each login. This helps us prevent unauthorized access and detect account compromise.
Finally, we collect communication data: any messages you send to our support team, chat transcripts, email correspondence, and feedback you provide. This allows us to assist you, resolve disputes, and improve our customer service. None of this data is collected without your consent except where necessary for legal compliance or fraud prevention.
Key takeaways
- We collect account, identity, payment, behavioral, and device data to operate grapwin securely
- Payment information is tokenized; we never store full card numbers or wallet passwords
- All data is encrypted in transit and at rest using industry-standard TLS 1.2+ protocols
- We do not sell personal data to third parties for marketing
- You have the right to request access, correction, or deletion of your personal data
How We Use Your Data on grapwin
We use your personal data for several legitimate business purposes. First, we use it to provide our gaming services: creating and maintaining your account, processing deposits and withdrawals, settling wagers, and calculating bonuses and cashback. Second, we use it for compliance and legal obligations: verifying your identity (KYC), detecting fraud, preventing money laundering, and responding to regulatory inquiries from authorities in Jakarta, Surabaya, Bandung, Medan, Semarang, and other jurisdictions.
Third, we use data to protect our platform and users. Our fraud-detection systems analyze transaction patterns and device information to identify suspicious activity—multiple accounts, coordinated betting, bonus abuse. If we detect violations, we may restrict or close your account. Fourth, we use data to communicate with you: sending account notifications, promotional offers, support responses, and security alerts. You can opt out of marketing communications anytime via your account settings, but we continue sending legal and security notices.
Fifth, we use data to improve grapwin: analyzing how players use our platform, which games are popular, what payment methods work best, and where our support team needs improvement. We also conduct periodic audits to verify fairness of game outcomes and accuracy of odds. This analysis is performed on anonymized or aggregated data; individual player details are not exposed to our product team without legitimate need.
Data Sharing & Third-Party Processors
We do not sell your personal data to third parties for marketing or advertising. However, we do share data with certain third-party service providers who assist us in operating grapwin. These include payment processors (who handle DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and bank virtual account transfers), identity verification vendors (who confirm your government ID during KYC), and customer support platforms (who store our chat logs and ticket systems).
We also share data with our hosting provider and security vendors who maintain our servers, detect fraud, and prevent cyberattacks. These third parties are contractually bound to protect your data and use it only for the purpose we specify. We do not share data with unrelated companies without your explicit consent, except where required by law.
If we receive a request from law enforcement or regulatory authorities, we evaluate whether the request is lawful before complying. We do not voluntarily disclose player information to government agencies unless required by valid legal process (court order, warrant, subpoena). We may disclose data without notice only when required by law or when we reasonably believe disclosure is necessary to protect our legal interests, your safety, or public safety.
Data Security & Retention on grapwin
We at grapwin implement comprehensive security measures to protect your data. All data in transit is encrypted using TLS 1.2+ protocols; all data at rest is encrypted using AES-256 encryption. Access to sensitive data (government IDs, payment information) is restricted to authorized staff and requires multi-factor authentication. Our servers are protected by firewalls, intrusion detection systems, and regular security audits conducted by third-party cybersecurity firms.
We retain your data for as long as necessary to provide our services and comply with legal obligations. Account data is retained while your account is active plus seven years after closure (to satisfy regulatory record-keeping requirements). Payment transaction data is retained for a minimum of five years. If you request deletion of your personal data, we delete it from our active systems within 30 days, though backups and archived records may retain it for longer periods for disaster recovery and legal compliance.
Despite our security efforts, we cannot guarantee absolute protection against all cyberattacks or data breaches. If a breach occurs that compromises your personal data, we will notify you within 72 hours and provide guidance on protective steps. We maintain cyber insurance and incident response procedures to minimize harm and notify affected individuals promptly.
Your Rights & Data Subject Requests
You have several rights regarding your personal data on grapwin. You have the right to access: request a copy of all personal data we hold about you in a machine-readable format. You have the right to correction: request that we correct inaccurate or incomplete data. You have the right to deletion: request deletion of your personal data, subject to legal retention requirements. You have the right to object: object to our use of your data for marketing or certain processing activities.
To exercise any of these rights, contact our support team with your account details and request specifics. We respond to requests within 30 days. If your request is complex or requires significant effort, we may extend the response time to 60 days. We will not charge a fee for reasonable requests; however, we may refuse manifestly unfounded or excessive requests, in which case we explain our reasoning.
You also have the right to lodge a complaint with your local data protection authority if you believe we have mishandled your data. We encourage you to contact us first to resolve concerns directly, but you may also escalate to regulatory authorities in your jurisdiction.
Cookies & Tracking Technologies
We use cookies and similar tracking technologies on grapwin to improve your experience. Essential cookies maintain your login session and remember your account preferences—these are required for grapwin to function. Analytics cookies help us understand how players use our platform—which pages are visited, how long sessions last, which games are popular. Marketing cookies track your browsing to show relevant promotional content.
You can control cookies through your browser settings—most browsers allow you to disable cookies or receive a warning before a cookie is set. However, disabling essential cookies may prevent grapwin from functioning properly. We do not use third-party tracking pixels for behavioral advertising; all our analytics are performed internally and not shared with unrelated advertisers.
We also use local storage (browser cache) to store account preferences, such as your preferred language or favorite game category. This data never leaves your device unless you explicitly sync it across devices.
Contact Us About Privacy
If you have questions about our privacy practices, concerns about how we handle your data, or wish to exercise any data rights, contact our privacy team via our standard support channels. You can reach us via live chat (24/7), email (responses within one business day), or in-app ticketing. When you contact us about privacy matters, provide your account details and request specifics.
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or prominent notice on grapwin. Continued use of grapwin after changes take effect constitutes your acceptance of the revised policy. The effective date of the current policy is shown at the bottom of this page.
Data Processing & International Transfers
We process personal data according to principles of fairness, transparency, and accountability. Our legal basis for processing depends on the type of data: account and payment data are processed to perform our service contract with you; identity data is processed for legal compliance (KYC and anti-money-laundering regulations); behavioral and security data are processed for our legitimate interests in fraud prevention and platform improvement.
Your data may be transferred to countries outside Indonesia as part of our international operations. These transfers comply with data protection standards and are encrypted in transit. We ensure that any country receiving your data either has adequate data protection laws (as recognized by local regulators) or we implement standard contractual safeguards (such as data processing agreements) to protect your information.
If you are located outside Indonesia and access grapwin, your data will be processed according to this policy and applicable data protection laws in your jurisdiction. You retain all rights described in this policy regardless of where you access grapwin from, subject to local law permissions.
Children & Minors
grapwin is not intended for users under 21 years of age (or the legal age of majority in your jurisdiction if higher). We do not knowingly collect personal data from minors. If we discover that we have collected data from a minor, we delete it promptly and may close the associated account. If you are a parent or guardian and believe a minor has opened a grapwin account, contact our support team immediately with details.
By opening an account on grapwin, you certify that you are 21 or older and legally permitted to use online gaming services in your jurisdiction. False certification may result in account suspension and forfeiture of funds.