inapgPrivacy Policy

What we collect and why

When you create an inapg account, we collect your email address, password (encrypted), and basic contact information. During account verification, we request a national ID (KTP for Indonesian nationals or equivalent), proof of address (utility bill, bank statement, or rental agreement), and sometimes a selfie for identity confirmation. We do this to comply with Know Your Customer (KYC) regulations and to prevent fraud and money laundering.

When you use inapg services — placing markets on Liga 1 or Piala AFF, playing Aviator or Sweet Bonanza, or joining a live-dealer table — we log your session data: timestamp, game or market type, bet amount, outcome, and balance change. This logging is essential for dispute resolution, regulatory compliance, and player protection.

Payment information is handled separately. When you deposit via DANA, e-wallet, mobile banking, local payment, or a bank virtual account (online payment, e-wallet, mobile banking, local payment), we collect the transaction details: date, amount, payment method, and transaction ID. We do not store your full payment credentials (card numbers, account passwords); our payment processors handle that encryption. We retain transaction records for seven years to meet regulatory requirements.

How we use your data on inapg

We use your email address to send account notifications: login alerts, password resets, deposit confirmations, and withdrawal status updates. We may also send service announcements about platform maintenance, security updates, or new features. You can opt out of non-essential emails through your account settings, but you cannot disable critical account notifications.

We use your KYC documents to verify your identity once, then we archive them securely. We do not re-scan or re-verify documents unless you request account changes (address update, name correction) or regulatory circumstances require it.

We do not use your data to build user profiles for ad targeting, nor do we sell session logs or KYC documents to data brokers. Your data stays within inapg systems and is accessed only by authorised staff, security auditors, and regulatory bodies when legally required.

Third-party processors and data location

We work with vendors to deliver inapg services. Our payment processors (the firms managing online payment, e-wallet, mobile banking, local payment, and bank transfers) receive transaction data but do not access your KYC documents or session logs. Our email provider sends your account notifications but receives only your email address and the message content — not your identity documents or gameplay history.

Our servers may sit outside your jurisdiction. We operate data centres in Southeast Asia and potentially in other regions for redundancy and performance. This means your data may cross international borders. However, we apply the same security standards regardless of location: encryption in transit (TLS 1.2+), encryption at rest (AES-256), and access controls limiting who can view your information.

We do not transfer your data to countries with weaker data-protection laws. All processors we engage (payment partners, email providers, cloud-storage vendors) sign Data Processing Agreements (DPAs) committing to the same confidentiality and security standards we maintain.

Your rights and data access on inapg

You have the right to access your own data. Log into your inapg account, navigate to Settings > Data, and download a copy of your account information, KYC documents, and session history. This export happens automatically; no support request needed.

You have the right to correct inaccurate data. If your name, address, or email is wrong, contact our support team through your account settings or legal notice page. We correct the data and re-verify if required — typically within 2-3 business days.

You have the right to object to certain processing activities. For example, if you do not want anonymised session analytics, you can opt out through Settings > Privacy. This does not affect gameplay or account functionality; we simply stop using your aggregated data for platform improvements.

We at inapg do not sell your data. We do not build advertising profiles. We do not share your session logs with third parties. Your information funds only the operation of inapg itself.

Cookies and tracking on inapg

We use cookies to keep you logged in and to remember your preferences (language, theme, default payment method). These are essential cookies; disabling them will log you out. We also use analytics cookies to track which pages users visit, how long they stay, and where they drop off — this helps us identify bugs and improve the user experience. You can disable analytics cookies in your browser settings without affecting inapg functionality.

We do not use third-party tracking pixels or ad-network cookies. We do not track your behaviour across other websites. Analytics data is aggregated and anonymised; we cannot link it back to your individual account.

If you visit inapg from a public or shared device, clear your cookies and log out when you are done. This prevents other users from accessing your account.

Data retention and security practices

We retain your account data (email, KYC documents, preferences) for as long as your account is active, plus seven years after closure for regulatory compliance. Session logs are kept for three years; older logs are archived and eventually deleted unless we are involved in an active dispute.

Payment records are retained for seven years per Indonesian tax and anti-money-laundering requirements. We encrypt all stored data using AES-256. We do not write unencrypted passwords; we hash them using bcrypt. We audit access to sensitive data monthly and scan our systems for vulnerabilities quarterly.

If we discover a data breach, we will notify affected users within 72 hours, detail what was compromised, and explain the steps we took to secure systems. We will not attempt to downplay or hide breaches.

Contact and policy updates

If you have questions about our privacy practices, data access requests, or complaints about how we handle your information, contact our data protection team. Use the channels listed in our legal noticeor email the address listed in your account settings. We aim to respond to data requests within 30 days.

We may update this privacy policy from time to time to reflect legal changes, platform updates, or security improvements. We will notify you of material changes by email and by displaying a notice on inapg when you next log in. Your continued use of inapg after an update constitutes acceptance of the new policy.

We at inapg remain committed to handling your data with care, transparency, and respect. Your privacy is not a secondary concern — it is central to how we operate.