boss89 Platform Privacy Notice
This page describes what we collect when you use boss89 and how we keep that data protected. We take your privacy seriously — your personal information is encrypted, stored securely, and shared only with trusted partners who help us operate the platform. We do not sell your data to third parties, and we comply with data-protection principles that apply across Indonesia and internationally.
When you register on boss89, we ask for your email address, a password you create, and identity documents (national ID, passport, or driving licence) plus proof of residence. We use these to verify who you are — a legal requirement that protects both you and our platform from fraud and unauthorised access. Your payment methods (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank-account details) are tokenised, meaning we don't store full card numbers or e-wallet credentials in our systems. Instead, we store encrypted references that our payment processors use to complete transactions.
This notice covers what data we collect, how we use it, who we share it with, how long we keep it, and what rights you have. If you have questions about your data or how we handle it, our support team can help — contact us through the channels listed at the end of this page.
What We Collect and How We Use It
We collect several categories of data when you use boss89. Your account data includes your email address, password (hashed, never stored in plain text), username, and account settings like language preference and notification choices. Your identity data includes the government-issued ID and address proof you upload during KYC verification — we retain these for regulatory compliance, typically for six years after your account closes. Your payment data includes the payment methods you register (e-wallet accounts or bank details) and transaction history showing deposits, withdrawals, and settlement records. Your activity data includes every game session you play — which game, your stake, the outcome, your balance before and after, and the timestamp. We also log login attempts, device information (operating system, browser type, IP address), and any support tickets you open.
We use this data for several purposes. Account management and verification are foundational — we need your identity documents to confirm you are who you say you are and to comply with anti-money-laundering regulations. Payment processing requires your payment-method details so we can complete deposits and withdrawals. Fraud prevention and security monitoring use your activity patterns and login history to detect unusual behaviour — if we spot a login from an unexpected location or a sudden large withdrawal, we may pause the transaction and contact you to verify. Customer support uses your account history and communication records to help resolve issues. Legal compliance requires us to retain certain records for tax, regulatory, and dispute-resolution purposes. We also use aggregated, anonymised data (data stripped of personal identifiers) to understand platform usage patterns and improve our services — for example, which games are popular or what times of day see the most activity.
- KYC verification
- Know Your Customer — the process where we confirm your identity using government-issued documents and address proof.
- Tokenisation
- A security method where we store encrypted references to your payment methods instead of full card or account numbers.
- Hashing
- A one-way encryption where your password is converted into a unique code; we never store or see your actual password.
Third-Party Processors and Data Sharing
We work with trusted partners to operate boss89. Payment processors (the companies that handle DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and bank transfers) receive your payment-method details and transaction information — they need this to complete deposits and withdrawals. We share only the minimum data required; we do not give them access to your game history or personal preferences. Identity-verification services may receive your KYC documents to confirm authenticity — again, only what's necessary. Our hosting provider stores our servers and databases; they have access to all platform data but are contractually bound to use it only for hosting and maintenance. We do not share your data with marketing companies, data brokers, or any third party for commercial purposes. We may disclose data if required by law — for example, if a court orders us to provide records for a legal investigation — but we will notify you of such requests unless legally prohibited from doing so.
We encrypt your data in transit (using HTTPS) and at rest (using industry-standard algorithms), so even if someone gains unauthorised access to our servers, your information remains protected.
Cookies and Tracking
We use cookies to remember your login session, your language preference, and your notification settings. These are functional cookies — they make the platform work better for you. We do not use tracking cookies to follow your behaviour across other websites. When you access boss89 on your Android phone via our app or on iOS through Safari, we may collect device identifiers (like your device ID or advertising ID) to send you push notifications about upcoming draws or promotions — you can disable these notifications in your account settings at any time. We do not use this data for profiling or targeted advertising outside boss89.
Your Rights and Data Retention
You have the right to access your data. You can view your account information, transaction history, and session logs at any time in your Account menu on boss89. You have the right to correct inaccurate data — if your address or contact details change, you can update them in your account settings. You have the right to request deletion of your account and associated data. When you request account deletion, we remove your personal information from active systems, though some records may be retained for legal, tax, or anti-fraud purposes as required by law. You have the right to object to certain uses of your data — for example, if you don't want to receive promotional emails, you can opt out in your notification settings. You have the right to data portability — we can provide your data in a structured, machine-readable format if you request it.
We retain your data for different periods depending on the type. Account data (email, password, settings) is kept as long as your account is active. KYC documents are retained for six years after your account closes, as required by anti-money-laundering regulations. Transaction records are kept for seven years for tax and regulatory compliance. Session logs (game history) are kept for two years for dispute resolution and fraud investigation. If you close your account, we begin the deletion process immediately, though some data may remain in backups for a limited time. If you have questions about how long we keep specific data, contact our support team.
We are committed to protecting your privacy and complying with data-protection principles. Our platform is accessible to users in jurisdictions where local law permits — if you're based in Jakarta, Surabaya, Bandung, Medan, or other supported regions, our privacy practices apply to you. If you have concerns about how we handle your data or if you believe your privacy has been violated, please contact us immediately. We take all privacy concerns seriously and will investigate and respond promptly.
Contact and Support
- For privacy questions or data-access requests, contact our support team through the boss89 platform or email us directly.
- For account security concerns, enable two-factor authentication in your Account > Security settings and contact support if you suspect unauthorised access.
- For payment-related data questions, review your transaction history in Account > Payments or contact support for clarification.