sapi Platform Privacy Notice

This page describes what we collect when you use sapi and how we keep that data protected. We at sapi handle your personal information carefully—from account creation through deposit and withdrawal—following standard data protection practices. Our commitment is transparency: you'll understand what we collect, why, and who may access it.

When you access our sapi platform through Android app or iOS browser, we collect information necessary to verify your identity, process payments, and prevent fraud. This includes your email, phone number, identity documents (for KYC), payment method details, and transaction history. We do not share this data with third parties except where required by law or where essential to process your payments through DANA, e-wallet, mobile banking, local payment, online payment, or your bank.

Our sapi servers may sit outside your jurisdiction; we use encryption to protect data in transit and at rest. You have rights to access, update, or request deletion of your personal data where legally permitted. Contact us through our support channels if you wish to exercise these rights.

What we collect on sapi

We at sapi collect different categories of information depending on how you use our platform. When you first create an account, we collect your email address, a password you create, and your mobile number. These serve account recovery and communication purposes. We never share your password—it's encrypted and stored securely on our systems.

During KYC (know-your-customer) verification, we collect your legal name, date of birth, identity document type (ID card or passport number), and may request a photo of your document. This verification is a regulatory requirement and protects both you and us from fraud. We store these documents securely and do not share them with external parties unless compelled by law enforcement or regulatory bodies.

When you deposit or withdraw funds, we collect payment method details: your linked DANA account, e-wallet mobile number, bank account number, or virtual account reference. We use this data only to process your transactions. Your payment provider (mobile banking, local payment, online payment, etc.) may also collect data on their end—their privacy policies govern that data separately. We cannot control how they handle your information once you authorise the transaction.

We collect transaction history—amounts, dates, payment methods, game activity—for account integrity and fraud prevention. We also collect device information (mobile phone model, operating system version, unique identifiers) to detect unusual access patterns and protect your account from unauthorised login.

Key takeaways

  • We collect email, phone, identity documents, and payment method data
  • KYC verification is regulatory; we store documents securely
  • Payment providers (e-wallet, mobile banking, local payment, etc.) handle their own data collection
  • We do not sell personal data to advertisers or third-party marketers
  • You can request access to, update, or delete your data where legally permitted

How we use and protect your sapi data

Data use on our sapi platform

We use your data for six primary purposes: account creation and maintenance, KYC compliance, payment processing, fraud detection, customer support, and platform analytics. We do not use your data for targeted advertising, marketing to third parties, or any purpose beyond what we've disclosed. When you contact our sapi support team via live chat or email, we retain your correspondence to resolve issues and improve our service—you can request that we delete support tickets at any time.

Our analytics practices are privacy-respecting. We track aggregated, anonymised data (how many users from Jakarta vs Surabaya, which games are popular during Liga 1 season, general traffic patterns), but we never create profiles linking your game activity to your name or contact information. This helps us understand platform performance without compromising your privacy.

Data retention and deletion

We retain your account data while your sapi account is active. If you request account closure, we delete most personal data within 90 days, with exceptions: transaction records may be retained for regulatory compliance (typically 7 years), and we may retain anonymised fraud-detection data indefinitely to protect against future abuse. We notify you of any retention exceptions when you request closure.

If you wish to delete your data, contact our support team through the sapi app or email. We'll confirm your identity and process your request. Some data (payment records required by Indonesian financial regulators, fraud-detection patterns) cannot be deleted, but we'll explain each exception.

Third-party access and jurisdiction

We do not sell your data. However, certain third parties access limited data for legitimate purposes: payment processors (DANA, e-wallet, bank partners) receive transaction details to complete your deposit or withdrawal; customer support tools may store encrypted copies of account notes; and our hosting provider (servers may be located internationally) handles encrypted data storage and backup. Each of these partners is bound by contractual confidentiality obligations.

We are subject to Indonesian data protection standards and comply with legal requests from Indonesian authorities. If we receive government requests for your data, we evaluate them carefully and notify you where legally possible. Our sapi servers may physically sit in multiple countries, so your data may be processed outside Indonesia—we mitigate this through encryption so data remains inaccessible even to our hosting provider.

Encryption in transit
Data travels securely (HTTPS/TLS) between your phone and our sapi servers; never sent unencrypted over public networks
Password security
We hash and salt your password; we never store it in plain text and cannot retrieve it even if you ask
Device identifiers
We track your Android or iOS device ID to detect logins from unusual locations or devices and alert you
KYC documents
Identity documents you upload are encrypted at rest and accessed only by our fraud-prevention team

Cookies and tracking on sapi

Our sapi app uses session cookies to keep you logged in during your gaming session. When you close the app or manually log out, the session ends. On our sapi website (accessed via browser), we use persistent cookies to remember your login preference if you choose—this is optional and you can disable cookies in your browser settings. These cookies contain only your session token, not personal data like your name or payment methods.

We do not use third-party tracking pixels or analytics cookies that follow you across other websites. Our internal analytics track only behaviour within sapi—which games you view, which tables you access—without identifying you personally. This helps us understand usage patterns and improve our platform.

Your rights and contact information

You have the right to access all personal data we hold about you on sapi. You can request a copy through our support team; we'll provide it within 30 days. You also have the right to request correction of inaccurate data—if your phone number changed or your name was misspelled during KYC, contact us to update it. You can request deletion of non-essential data, though some records (transactions, fraud flags) may be retained for legal reasons.

If you have privacy concerns or believe we've mishandled your data, contact our support team via live chat in the sapi app or email us. We respond to privacy inquiries within 5 business days. We're committed to addressing your concerns transparently and working toward resolution.

This privacy notice may change as our sapi platform evolves or regulatory requirements shift. We'll notify you of material changes through the app or email. Your continued use of sapi after updates constitutes acceptance of the revised policy.