sayap Privacy Policy

This page describes what we collect when you use sayap and how we keep that data protected. Our privacy commitments centre on three principles: we collect only the data necessary to operate our platform, we encrypt sensitive information, and we do not sell or trade your personal information to third parties without explicit legal requirement.

When you create a sayap account, deposit funds via DANA, e-wallet, mobile banking, local payment, online payment, or bank transfer, or engage with our games (Aviator, Mahjong Ways, live blackjack, Liga 1 sportsbook), we collect specific data points. This policy explains what we collect, why, how long we retain it, and your rights regarding your information.

Our data handling practices comply with applicable data-protection regulations in jurisdictions where sayap operates. We regularly audit our data security practices and encrypt all sensitive information in transit and at rest. If you have questions about how we handle your data, our support team is available during business hours to clarify.

What data we collect on sayap

We collect data in three categories: account information, transaction information, and platform usage information.

• Account informationYour legal name, date of birth, residential address, email address, phone number, and national identity document (KTP, passport, or driver's licence). We require this for identity verification (KYC) before you can deposit or withdraw funds.
• Transaction informationDeposit and withdrawal records, payment method details (e-wallet account or bank account linked to your transfer), transaction amounts, timestamps, and confirmation statuses. We collect this to verify all financial flows and prevent fraud.
• Platform usage informationYour game activity (tournaments entered, games played, results), account login times and IP addresses, device type and operating system, browser type, and general geographic location (by IP address). We collect this to operate the platform, prevent abuse, and understand user engagement patterns.

We do not collect or store your payment method passwords, e-wallet PINs, or card CVV codes. Payment processing is handled by third-party payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and your bank) who manage sensitive payment credentials on our behalf.

How we use your sayap data

We use your data for five primary purposes:

1. Account operationWe use your name, email, and phone to maintain your account, send notifications about deposits, withdrawals, tournament results, and platform updates.
2. Fraud prevention and complianceWe analyze transaction patterns, IP addresses, and device information to detect suspicious activity. We share identity and transaction data with payment processors and regulatory authorities only as required by law.
3. Game administrationWe record your game activity to settle tournaments, credit winnings, calculate payouts, and enforce our game rules.
4. Service improvementWe analyze platform usage (which games you play, how often you deposit, average session length) to improve sayap's features and user experience. This analysis is aggregated and does not identify you personally.
5. Legal and regulatory complianceWe retain your data to comply with anti-money-laundering (AML) regulations, know-your-customer (KYC) requirements, and other applicable laws in jurisdictions where sayap operates.

We do not use your data for marketing, third-party advertising, or any purpose outside these five categories without your explicit written consent. You can opt out of non-critical notifications (promotional emails, game-feature announcements) via your account settings at any time.

Third-party processors and data sharing on sayap

We share your data with third parties only in these limited scenarios:

• Payment processorsWe share transaction data and payment method information with mobile banking, local payment, online payment, e-wallet, mobile banking, and your bank (local payment, online payment, e-wallet, mobile banking) to process deposits and withdrawals. These processors maintain their own privacy policies.
• Regulatory authoritiesWe may share identity and transaction records with government agencies, tax authorities, and financial-crimes units if legally required to do so.
• Law enforcementWe may disclose data to law enforcement if required by valid legal process (court order, subpoena, or warrant).
• Hosting and infrastructure providersOur servers may sit outside your jurisdiction (for example, in regional data centres in Southeast Asia). We contractually require these providers to maintain the same data-protection standards we do.

We do not sell your personal data to data brokers, marketing agencies, or any commercial third party. We do not use your data for targeted advertising or behaviour tracking beyond what is necessary to operate sayap.

Data retention

We retain account data for the duration of your account plus 5 years after closure, as required by anti-money-laundering regulations. Transaction data is retained for the same period.

Data encryption

All data in transit uses SSL/TLS encryption (HTTPS). Sensitive data at rest (identity documents, payment information) is encrypted using industry-standard AES-256 encryption.

Access controls

Only authorized sayap staff can access your personal data. All access is logged and monitored for unauthorized attempts.

Data breach protocol

If we discover a data breach affecting your information, we will notify you via email within 72 hours and describe the breach, affected data, and remediation steps.

Your rights regarding your sayap data

You have the following rights over your personal data on sayap:

• Right to accessYou can request a copy of all personal data we hold about you. Contact our support team during business hours (Monday–Friday, 09:00–18:00 WIB) to request this.
• Right to correctionIf your data is inaccurate, you can request correction. You can update your email and phone number directly in your account settings; contact support to update your legal name, address, or identity document.
• Right to deletionYou can request deletion of your account and associated data, subject to legal retention obligations. We will delete non-mandatory data within 30 days; mandatory data (transaction records, KYC documents) will be retained for the legal period and then deleted.
• Right to data portabilityYou can request a copy of your data in a portable format (such as CSV). Contact support to arrange this.

To exercise any of these rights, email our support team with a clear description of your request. We will verify your identity and respond within 14 days. Note that some data cannot be deleted due to legal requirements — for example, we cannot delete transaction records or identity documents if they are subject to anti-money-laundering regulations.

Cookies and tracking on sayap

sayap uses essential cookies to maintain your login session, remember your timezone preference, and track fraud signals. These cookies are necessary for the platform to function and cannot be disabled without impairing core features (login, account access, tournament participation).

We do not use third-party tracking pixels, retargeting cookies, or analytics cookies that identify you personally. Our analytics are aggregated and anonymized — we track general traffic patterns and feature usage but not individual user behaviour.

You can control cookies via your browser settings. Disabling all cookies may prevent you from using sayap; we recommend allowing essential cookies while blocking non-essential third-party cookies if your browser supports this distinction.

Data security practices on sayap

We employ industry-standard security measures to protect your data:

• All connections to sayap use SSL/TLS encryption (HTTPS).
• We use strong password hashing (bcrypt) for account passwords.
• We support optional two-factor authentication (2FA) for additional login security.
• Our servers are protected by firewalls, intrusion-detection systems, and regular security audits.
• We do not store payment card information; payment processors handle all card data.
• Staff access to sensitive data is logged, monitored, and restricted to authorized personnel only.

While we implement robust security, no online service is absolutely risk-free. We encourage you to use a strong password, enable 2FA, and avoid sharing your account credentials with others. If you suspect unauthorized access to your sayap account, contact our support team immediately.

Data and regional jurisdictions

Our servers operate in Southeast Asia, and your data may be processed or stored in multiple jurisdictions. By using sayap, you consent to cross-border data transfer and processing. We comply with applicable data-protection laws in each jurisdiction where we operate, but laws vary by region. If you are in Jakarta, Surabaya, Bandung, Medan, or Semarang, Indonesia-specific data-protection rules apply to your account.

sayap services are available only where local law permits. If your jurisdiction has specific data-protection or privacy requirements that conflict with our practices, you are responsible for verifying compliance before using our platform. We do not represent that sayap's data handling meets all privacy requirements in all jurisdictions.

Changes to our sayap privacy policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or in-platform notification at least 30 days before changes take effect. Your continued use of sayap after changes are published constitutes acceptance of the updated policy.

We maintain a version history of this policy on our website so you can review how it has evolved. If you disagree with updated terms, you have the right to close your account before changes take effect.

Contact us about your sayap privacy

If you have questions about our privacy practices, wish to exercise your data rights, or suspect a privacy violation, contact our support team:

• In-platform chatAvailable Monday–Friday, 09:00–18:00 WIB (responses within 2 hours during business hours).
• EmailSend privacy inquiries to our support address (listed in your account dashboard). We respond within 24 hours.
• PhoneCall during business hours for urgent privacy concerns.

We take privacy concerns seriously and will investigate any reports of data misuse. If we discover that your data has been compromised or misused, we will notify you within 72 hours and describe remediation steps.

This privacy policy reflects our commitment to transparent, secure data handling on sayap. We respect your privacy and operate with the principle that your personal information belongs to you. If you have additional questions or concerns after reviewing this policy, our support team is here to help clarify our practices during our standard business hours.