istana168 Casino & Sportsbook Data Care
This page describes what we collect when you use istana168 and how we keep that data protected. We process personal information—your email, identity documents, payment details, and account activity—to verify your identity, process deposits and withdrawals, and provide customer support. Our data practices comply with applicable privacy standards in the jurisdictions where we operate.
We understand that your privacy matters. We do not sell your personal data to third parties, and we limit access to your information to authorized staff and trusted service providers. This policy explains our collection, use, and protection practices in straightforward terms.
Services are available only where local law permits. Users are responsible for verifying that access and use comply with their own jurisdiction's law.
What Data We Collect on istana168
Account information and identity verification
When you open an account on istana168, we collect your full name, email address, phone number, and date of birth. We also request a government-issued identity document—your KTP, passport, or driver's license—to verify that you are who you say you are. This is part of our anti-money-laundering compliance and fraud prevention. We store this information securely using encryption, and we do not share it with third parties except as required by law.
Your identity documents are uploaded during account verification. We scan these documents automatically to confirm they are valid and match the personal details you provide. If verification fails, we notify you and ask you to resubmit. We retain your identity documents for as long as your account remains open, plus a retention period afterward to meet legal requirements.
Payment and transaction data
We collect information about every deposit and withdrawal you make on istana168. This includes the payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank virtual account via mobile banking, local payment, online payment, or e-wallet), the amount, the date, and the status (completed or pending). We use this data to reconcile your account, detect fraud, and provide transaction history to you and our compliance team.
We do not store your full payment card details or e-wallet credentials. Instead, our payment processors handle these sensitive details directly, and we receive only confirmation that the transaction succeeded. If you use a bank virtual account, we see the account number and bank name, but not your full banking credentials.
Activity and gameplay logs
We log your activity on istana168, including when you log in, which games you play, how long you spend in each session, and your betting patterns. We use this data to detect account abuse, unauthorized access, and suspicious behavior. Our systems also record game outcomes and account balance changes to ensure accurate record-keeping.
Activity logs help us investigate disputes and complaints. If you report a missing deposit or incorrect withdrawal, we can review our logs to confirm what happened. These logs are stored in our secure systems and are accessible only to authorized staff members and our compliance team.
Technical and device information
When you access istana168, our servers log your IP address, device type, browser information, and approximate location (derived from your IP). We use this data to detect login anomalies, protect against account takeover, and improve our service performance. If you log in from an unusual location or device, we may ask you to re-verify your identity.
We also use cookies and similar tracking tools to remember your preferences, keep you logged in, and understand how you navigate our platform. You can control cookie settings in your browser, though some cookies are necessary for istana168 to function properly.
How We Use and Protect Your Data
Data use and third-party processors
We use your data to operate istana168—to verify your identity, process your payments, resolve disputes, and provide customer support. We do not use your data to sell products, send unsolicited marketing, or profile you for purposes unrelated to our platform. If you receive promotional emails from istana168, it is because you have explicitly opted in or because you are an existing user receiving service updates.
We engage third-party service providers to help us operate. These include payment processors (who handle your deposits and withdrawals), cloud hosting providers (who store our servers and your data), identity verification vendors, and customer support platforms. We require all processors to sign data-protection agreements promising not to use your data for their own purposes.
Our servers may be located outside Indonesia. Your data may be transferred to countries where data protection laws differ from your own jurisdiction. By using istana168, you consent to this transfer. If you do not wish your data to be transferred internationally, you should not open an account with us.
Your rights on istana168
You have the right to access the personal data we hold about you. You can request a copy of your information by contacting our support team. We will provide this within a reasonable timeframe, typically within 14 days.
You also have the right to request that we correct inaccurate data. If your email address or phone number changes, you can update it in your account settings. If we hold an outdated identity document, contact support and we will guide you through the update process.
You may request deletion of your account and associated data, subject to our retention obligations for legal and anti-money-laundering compliance. Once your account is deleted, we will remove personal data that is no longer legally required, though we may retain transaction records in anonymized or aggregated form.
Data security and breach notification
We protect your data using industry-standard encryption, firewalls, and access controls. Our staff members can access your information only if they need it to perform their role. We conduct regular security audits and penetration testing to identify vulnerabilities.
If we discover that your data has been compromised—for example, through a security breach or unauthorized access—we will notify you as soon as possible. We will explain what happened, what data was affected, and what steps you should take to protect yourself. We will also comply with any legal notification requirements in your jurisdiction.