sifu Casino & Sportsbook Data Care

This page describes what we collect when you use sifu and how we keep that data protected. Our commitment is to handle your personal information—email, identity documents, payment details, and game activity—with transparency and security throughout your account lifecycle.

We collect data for specific purposes: account verification (KYC), payment processing, fraud prevention, legal compliance, and service improvement. We do not sell your data to third parties for marketing, nor do we share it beyond the processors necessary to run our platform (payment gateways, hosting providers, fraud-detection systems). Your data remains encrypted and accessible only to our operations and compliance teams during business hours.

The following sections outline our data practices, your rights, and how to contact us if you have concerns about your information on sifu.

What Data We Collect on sifu

Account Registration and Identity Verification

When you create a sifu account, we collect your email address, username, password, phone number, and date of birth. This information is mandatory to set up your account and send you login codes and support messages. Before your first deposit or withdrawal, we require identity verification (KYC): you must upload a government-issued ID (passport, national identity card, or driver's license) and proof of residence (utility bill, bank statement, or recent lease agreement). We store these documents in encrypted form and delete copies after verification is complete, retaining only the verification status in your account record.

We do not store passport numbers or full ID numbers in plain text; these are masked after verification. If you update your identity documents during your account lifecycle (e.g. after a name change), we retain a dated record of the verification history but do not keep superseded documents longer than legally required.

Payment and Transaction Data

We collect payment method details when you link a deposit source (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank account via mobile banking, local payment, online payment, e-wallet). We do not store full card numbers or e-wallet passwords; we store only a tokenized reference that our payment processor returns. This token allows us to process deposits and withdrawals without handling sensitive credentials directly. Transaction records (date, amount, status, receiving account) are kept for audit and dispute resolution, typically for seven years as required by financial regulations.

Game Activity and Betting Records

We log every spin on Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways, and every hand on our live-dealer tables (blackjack, roulette, baccarat, Dragon Tiger). We also record your sportsbook activity (Liga 1, Piala AFF, Piala Indonesia bets, Mobile Legends, Free Fire, PUBG Mobile esports wagers). This data includes your stake, outcome, timestamp, and game identifier. We use this information to calculate cashback, track tournament entry eligibility, detect fraud, and respond to rule disputes. Activity logs are retained for at least three years.

Technical and Device Data

We collect your IP address, device type (mobile, desktop), browser or app version, and approximate location (derived from IP, not GPS). This helps us detect account takeovers, enforce regional access restrictions, and troubleshoot technical issues. We use cookies to store your session token and preferred language. Cookies expire after 30 days of inactivity. We do not use cookies for behavioral advertising.

Communication and Support Logs

When you contact our support team via the in-app help form, email, or live chat, we retain your message, our response, and any attachments (screenshots, transaction IDs) for dispute resolution and service improvement. Support logs are kept for two years. We may use anonymized support inquiries to train our team on common issues but never disclose your name or account details in these analyses.

Tokenization

A process where sensitive data (card number, e-wallet ID) is replaced with a unique reference code so we never handle the raw credential directly.

Encryption

Data is encoded using strong algorithms (AES-256) so that only sifu servers with the decryption key can read it in transit and at rest.

Data retention

How long we keep information: transaction records three to seven years, support logs two years, game logs three years.

GDPR compliance

We comply with privacy principles even outside the EU: data minimization, consent, and the right to access and deletion.

Your Rights and Our Commitments on sifu

Access and Correction

You have the right to access all personal data we hold about you on sifu. Log into your account and visit the "Account Details" section to review your registered email, phone, name, and linked payment methods. To request a full data export (including game history and support logs), contact our team via the in-app help form. We respond within 10 business days. If you spot an error in your account details (e.g. misspelled name or wrong payment method), update it immediately in your account settings or ask our support team to assist.

Deletion and Account Closure

You can close your sifu account at any time. We delete your login credentials and contact history immediately. However, we retain transaction records for the periods required by law (typically three to seven years for financial records) to fulfill our legal obligations and respond to disputes. If you request deletion of data not required by law (such as game activity logs), we process this within 30 days, though some anonymized statistical data may persist for fraud-detection training.

Data Security and Servers

We store sifu data on encrypted servers in secure data centres. Our servers may be located outside your jurisdiction (e.g. in Singapore, Netherlands, or the United States). By using sifu, you consent to data processing and storage in these locations, subject to industry-standard security practices (firewalls, intrusion detection, regular security audits). We conduct penetration testing and vulnerability assessments annually and patch security issues within 48 hours of discovery.

Third-Party Processors

We use the following categories of third-party processors (you can request a detailed list via support):

• Payment processors: DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet payment networks process your deposits and withdrawals. We share only the minimum required (name, account identifier, amount, timestamp).
• Hosting providers: Our application and database run on cloud services. These providers have access to encrypted data but not encryption keys.
• Fraud-detection services: Third-party risk-analysis tools flag suspicious transactions. We share transaction history and device data (not identity or game history).
• Support software: Our ticketing system stores support messages and may be hosted by a third party under a data-processing agreement.

Cookies and Tracking

We use cookies to store your session token (login state) and language preference. We do not use third-party tracking cookies or analytics that identify you personally. Our website may use aggregated, anonymous analytics (page views, bounce rates) to improve performance, but these do not track individual users. You can disable cookies in your browser, but this may limit sifu functionality (e.g. you may be logged out frequently).

Data Breach Notification

If we discover a data breach affecting sifu accounts, we notify affected users within 72 hours via email and in-app message. We provide details of the compromised data, steps we have taken to secure it, and recommended actions (e.g. password reset, two-factor authentication enablement). We do not delay notification to investigate further; user safety is our priority.

Marketing Communications

We send promotional emails and in-app notifications only to users who have opted in. You can disable marketing emails by clicking "Unsubscribe" in any message or updating your notification preferences in your sifu account settings. Disabling marketing does not affect transactional emails (account alerts, deposit confirmations, support replies).

Jurisdiction and Legal Requests

sifu operates in jurisdictions where online gaming is legally permitted. Our services are available only where local law allows. We comply with lawful government requests for data (e.g. court orders, law-enforcement subpoenas) and will notify you unless legally prohibited. Our privacy practices comply with principles similar to GDPR (data minimization, consent, transparency) regardless of jurisdiction.

Contact Us About Your Data

If you have concerns about how we handle your data on sifu, contact our privacy team via the in-app help form with the subject line "Privacy Request" or email support during business hours (9 AM to 6 PM Indonesian time, Monday to Friday). Specify whether you want to access, correct, or delete data. We respond within 10 business days. We are based in Jakarta, Surabaya, and operate support offices in Bandung, Medan, and Semarang for regional coordination.

This privacy policy is effective as of the date posted and may be updated periodically. We notify users of material changes via email and in-app notification at least 30 days before the changes take effect. Your continued use of sifu after the update constitutes acceptance of the revised policy.

sifu is committed to protecting your personal information and operating transparently. Our data practices are centred on user security, legal compliance, and fair treatment. If you have questions about how we handle your data, do not hesitate to reach out to our team.