istana1Privacy Policy

This page describes what we collect when you use istana1 and how we keep that data protected. We operate on the principle that your personal information belongs to you—we collect only what is necessary to deliver our service, comply with regulations, and maintain platform security.

When you create an account on istana1, download our Android APK, log in via iOS browser, or access our desktop site, we gather specific data points. These include your email, phone number, identity document, proof of address, payment details, and account activity logs. We process this information through encrypted channels and store it on servers that may be located outside your jurisdiction. We use your data for account verification (KYC), deposit and withdrawal processing, fraud prevention, and compliance reporting.

We do not sell your personal data to third parties for marketing purposes. We may share data with payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet), compliance authorities, and fraud-prevention partners only when necessary to deliver our service or meet legal requirements.

What Data We Collect on istana1

Account registration data

When you sign up for istana1, we collect your email address, mobile phone number, chosen username, and password. Your password is hashed using industry-standard encryption—we do not store plain-text passwords and cannot retrieve them. If you forget your password, you reset it via email verification. We use your email and phone number to verify your identity, send account notifications, and facilitate account recovery if needed.

Identity verification (KYC) documents

Before you can deposit funds on istana1, we require identity verification. You upload a government-issued ID (passport, national identity card, or driver license) and proof of address (utility bill, bank statement, or rental agreement dated within three months). We store these documents securely and use them to confirm your identity and prevent fraud. Our compliance team reviews these documents during business hours. After verification is complete, we retain these documents for compliance and dispute-resolution purposes, subject to applicable data protection laws.

Payment and transaction data

We collect details about every deposit and withdrawal you make on istana1. For e-wallet transactions (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet), we receive confirmation codes and transfer details from your payment provider. For bank virtual accounts (mobile banking, local payment, online payment, e-wallet), we log the transfer amount, timestamp, and confirmation from the receiving bank. We store your payment destination (e-wallet account, bank account number) to process future transactions. We never store full credit card numbers—our systems do not accept direct credit card input.

Payment data is encrypted in transit and at rest

We use TLS encryption for all payment communications. Sensitive payment details are tokenized—we store only secure tokens, not raw account numbers.

Account activity and gameplay logs

We log every action you take on istana1—selections you make, stakes you place, draw results, payouts, account logins, and password changes. We maintain these logs to verify game outcomes, dispute resolution, fraud detection, and compliance audits. Your account history is accessible to you anytime via your istana1 dashboard. We retain activity logs for a minimum of five years to satisfy regulatory requirements.

Device and technical data

When you access istana1 via Android APK, iOS browser, or desktop, we collect information about your device type, operating system version, and IP address. We use this data to optimize our app performance, detect unauthorized access attempts, and comply with geographic restrictions. We may also collect information about your internet connection speed and data-usage patterns to improve our mobile experience. We do not collect personal information from your device beyond what is necessary to deliver istana1 services.

How We Use Your Data and Your Rights on istana1

Data usage and processing

We use the data we collect on istana1 for the following purposes:

  • Account management: Verifying your identity, facilitating login, processing password resets, and managing your account settings.
  • Payment processing: Confirming deposits via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank virtual accounts; processing withdrawals; and detecting payment fraud.
  • Game administration: Recording your selections, stakes, and game results; settling outcomes; and maintaining accurate account balances.
  • Compliance and legal obligations: Meeting regulatory requirements, reporting to authorities, and supporting dispute resolution.
  • Security: Detecting unauthorized access, preventing fraud, and maintaining platform integrity.

We do not use your data for direct marketing without your explicit consent. We may send you transactional emails (deposit confirmations, withdrawal notifications, account security alerts) as part of normal account operations. If you wish to unsubscribe from non-essential communications, you can manage notification preferences in your istana1 account settings.

Data retention on istana1

We retain your personal data for as long as necessary to deliver our service and comply with legal obligations. Account registration data and transaction logs are retained for a minimum of five years. KYC documents may be retained longer if required by regulatory bodies. If your account is closed, we retain your data for dispute resolution and compliance purposes. We do not delete historical account data on request unless required by law.

Your rights and data access

You have the right to access, review, and download your personal data from istana1. Your account statement includes all transactions, game history, and account activity. You can export this data anytime via your account dashboard. If you believe our records contain inaccurate information, contact our support team to request correction. We will update incorrect data within a reasonable timeframe. You do not have the right to request deletion of account data that is required for compliance purposes or ongoing dispute resolution.

Account closure: If you request account closure, we will disable your account but retain your data for compliance and audit purposes. We cannot delete historical transaction records.

Third-party data sharing on istana1

We share your data with trusted third parties only when necessary to deliver istana1 services:

  • Payment processors: mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, and local payment receive transaction details needed to process your deposits and withdrawals.
  • Compliance and regulatory authorities: We may disclose data to government agencies, financial regulators, and law enforcement when required by law or court order.
  • Fraud-prevention services: We use third-party fraud detection tools that analyze your account activity for security threats. These services operate under strict confidentiality agreements.

We do not sell or license your personal data to marketing firms, advertisers, or data brokers. Any third-party relationship is governed by data-processing agreements that require the same level of protection we provide.

Cookies and tracking on istana1

We use cookies and similar technologies to optimize your istana1 experience. Essential cookies maintain your login session and remember your preferences (language, notification settings, payment method). Performance cookies collect anonymous analytics—page load times, feature usage patterns, and user-journey flows—to help us improve our platform. We do not use cookies for targeted advertising. You can disable non-essential cookies in your browser settings; however, this may affect istana1 functionality. We honor browser "Do Not Track" signals, though we still collect essential technical data for security and compliance.

Data breach notification and jurisdiction notice

If we discover a data breach affecting your personal information on istana1, we will notify you via email within a reasonable timeframe. We will describe the nature of the breach, the data affected, and steps you should take to protect yourself. We maintain incident-response procedures to contain breaches and prevent recurrence.

Your data on istana1 may be stored on servers located outside Indonesia. By using istana1, you consent to the transfer and processing of your data internationally, subject to the same protections outlined in this policy. Some jurisdictions may have different data protection laws than Indonesia. We are not responsible for the legal framework of countries where our servers are located.

Contact and privacy inquiries

If you have questions about how we collect and use your data on istana1, or if you wish to exercise your rights under this policy, contact our support team through the in-app messaging feature or via email. We respond to privacy inquiries within 14 business days. This policy was last updated in the current year and may be amended at any time. Continued use of istana1 after policy updates constitutes your acceptance of the new terms. We will notify you of material changes via email or in-app notice.