LEGAL REFERENCE

Privacy Policy at nagawi

This page explains how we handle the personal data you share when you open a nagawi account, browse our slot rooms, place sportsbook selections or settle a session...

Plain-English policyIndonesia-awareAccount dataSession logsLast reviewed 2025
Account access Read FAQ
nagawi Privacy Policy at nagawi

How We Handle Your Data

Where local law permits, we collect the basics needed to run your account — your name, contact details, device fingerprint, and the wallet reference tied to your DANA, OVO, GoPay or QRIS top-up. We process this to verify identity, settle balances, fight fraud and meet record-keeping duties in supported regions. We don't sell your data. Third parties only see what's needed to

clear a payment or host a game round, under written contracts. You can request a copy, a correction, or deletion subject to retention rules. Cookies cover login state and lobby preferences; you can clear them from your browser at any time. Questions about this notice should reach our privacy desk first, before any external escalation.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

HELP CHANNELS

Privacy Contact Paths

If something in this policy isn't clear, or you want to exercise a data right, here's how to reach the team that owns the answer. Each channel routes straight to a privacy handler — not a generic lobby agent — so the response carries the right context for your account and the data you're asking about.

Team online

Privacy Email

Send privacy requests, correction notices or deletion asks to our policy inbox. We log every message, acknowledge within one business day, and close the loop in writing once the change is applied to your record.

In-App Ticket

Open a ticket from the account menu and tag it Privacy. The thread stays attached to your profile, which speeds verification and keeps the audit trail tidy when we action a data export or removal.

Data Officer

For formal complaints or regulator-facing matters, our data officer takes the file directly. Use the privacy email and write Attention: DPO in the subject so it's routed without bouncing through general queues.

PLATFORM TRUST SIGNALS

How This Policy Is Maintained

We treat this notice as a living document. The signals below show who reviews it, how often, and what evidence sits behind each clause so you're not reading boilerplate that nobody updates.

Legal Review

Indonesian counsel reads every clause before it ships and signs off on the final wording. Reviews are scheduled twice a year, plus an extra pass whenever a payment partner or game provider changes scope.

Version History

Each edit gets a dated entry at the bottom of this page. You can see what changed, when it changed, and which section was touched, so nothing slips in quietly between visits.

Named Owner

Our data protection officer owns this notice end-to-end. The role isn't shared across a committee, which means accountability is clear if a clause is wrong or a request is mishandled on our side.

Vendor Audits

Payment processors handling DANA, OVO, GoPay and QRIS flows are audited annually. Game studios that touch session data sign data processing addenda before a single round is dealt or spun on your behalf.

Retention Schedule

We keep account records only as long as Indonesian financial rules require, then purge. The schedule is documented internally and summarised in the retention clause further down this privacy notice.

Breach Protocol

If something goes wrong, we follow a written incident plan: contain, assess, notify regulators where required, and email affected account holders directly with the facts and the remediation steps taken.

Consistency Across Our Policy Pages

Our privacy notice, cookie statement and terms all live in the same family. Below is how this page lines up with its siblings so you don't have to...

ScopeThis privacy page covers personal data only. Cookies have a dedicated notice, and commercial terms sit in the T&Cs — the wording is harmonised so definitions don't drift between documents.
DefinitionsAccount, session, wallet reference and device identifier carry identical meanings across all three notices. We update them in one place and propagate, never edit a single page in isolation.
JurisdictionAll three documents name Indonesia as the governing market and use the phrase supported regions when access is conditional, keeping the legal reading consistent for any reviewer.
Update CadencePrivacy, cookies and terms refresh on the same calendar. When one moves, the others are checked the same week to prevent stale clauses sitting next to current ones.
Contact RoutingPrivacy questions land with the DPO; commercial questions land with support. The address blocks at the foot of each notice mirror this split so messages don't bounce.
RetentionRetention windows quoted here match the figures in our terms. If a clause shortens or extends, both pages are revised together and the version history reflects the linked change.
Plain LanguageEach notice is written at the same reading level. We avoid latinisms, footnotes and nested cross-references so the three documents read as one consistent voice rather than three drafters.
AT A GLANCE

What You'll See On This Notice

The policy page is laid out so the parts you actually need are easy to find. Here are the visible blocks that make up this notice and what each one is for, so you...

01
Summary Banner A short banner at the top tells you the last review date and the headline change since the previous version, so returning readers can confirm in seconds whether anything material has shifted.
02
Data Categories A labelled block lists exactly which fields we hold — identity, contact, device, wallet reference, session log — and pairs each with the lawful basis we rely on under Indonesian rules.
03
Retention Table A compact table shows how long each category stays on file. The rows are sorted by data type so you can find the relevant window without reading prose paragraphs end to end.
04
Rights Panel The rights panel spells out access, correction, deletion and objection in plain wording, alongside the route to exercise each one and the response window we commit to in writing.
05
Cookie Cross-Link A small cross-link sends you to the cookie notice for browser storage details. Keeping cookies in their own document stops this privacy page from bloating with technical tracker tables.
06
Version Footer The footer carries the dated changelog and the DPO contact block. It anchors the page so every clause above is tied to a specific revision you can reference in a request.

Privacy Policy Questions

We collect the identity fields needed to verify you, your contact details, a device fingerprint for fraud checks, and the wallet reference tied to your DANA, OVO, GoPay or QRIS top-up. Nothing extra is requested at signup.

No. We don't sell personal data. Sharing is limited to processors that clear payments, host game rounds or deliver email — each bound by a written data processing contract and audited on a defined annual cycle.

Active account data stays while your profile is open. After closure, we hold financial records for the period Indonesian rules require, then purge. The exact windows are listed in the retention table further up the page.

Yes. Email the privacy desk from the address on your account, state whether you want access, correction or deletion, and we'll respond within the window quoted in the rights panel, subject to legal retention duties.

Wallet references are tokenised before they reach our systems. We store a reference, not your full credentials, and the processors handling DANA, OVO, GoPay and QRIS settlements operate under their own certified security regimes.

Material changes trigger an in-app notice and an email to the address on file. Minor edits — typos, formatting, clarifications — are logged in the version footer at the bottom rather than pushed as a notification.

Start with the privacy email listed in the contact section above. If the matter is formal or regulator-facing, mark it Attention: DPO in the subject so our data officer picks it up directly without internal rerouting.