mitra Platform Privacy Notice

This page describes what we collect when you use mitra and how we keep that data protected. We take your privacy seriously. We collect only the information we need to operate our platform, verify your identity, process your deposits and withdrawals, and provide customer support. We do not sell your personal data to third parties, and we encrypt all sensitive information.

When you access mitra from your Android phone, iOS browser, or desktop computer, we collect certain details — your email, name, address, and ID number for verification purposes. We also collect payment information (like your e-wallet or bank details) solely to process your deposits via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, or e-wallet. We track your gaming activity so we can settle bets fairly and detect fraud.

This notice explains what data we collect, how we use it, who we share it with (if anyone), how long we keep it, and what rights you have. We also cover cookies, device information, and how we handle your data across different jurisdictions. If you have questions after reading this, our support team in English and Indonesian is available to help.

What data we collect on mitra

We collect data in several categories. First, account information: your email address, password (hashed for security), full name, date of birth, phone number, and physical address. We ask for these when you register on mitra. Second, identity documents: a photo of your national ID (KTP, passport, or driver's license) and a selfie holding that ID. This is required for Know Your Customer (KYC) verification under Indonesian and international gaming regulations.

Third, payment information: details about your deposit and withdrawal methods (e-wallet accounts, virtual bank account numbers, or bank details). We store this securely in encrypted vaults, separate from our main database. We do not store your full card numbers or bank passwords — we only keep tokens that let us process transfers with your authorization.

Fourth, gaming and transaction data: every bet you place, game you play, deposit you make, and withdrawal you request. We log the date, time, amount, game type (football on Liga 1, live-dealer blackjack, slots like Sweet Bonanza, esports), and outcome. We use this data to settle bets, detect cheating or fraud, and provide you with transaction history. We also collect device information: your phone's operating system (Android or iOS), browser type, IP address, and approximate location (city level, not exact GPS). We use this to detect unauthorized account access and prevent fraud.

How we use your data on mitra

We use your data for specific purposes. We use your email and phone number to send you account notifications — when your deposit arrives, when your withdrawal is approved, when verification completes, and when our support team responds to your queries. We use your identity documents to verify your age and confirm you are not on any sanctions lists. We use your payment information to process deposits and withdrawals — we send it to your bank or e-wallet provider only when you request a transaction.

We use your gaming and transaction data to settle bets fairly, calculate payouts, and provide you with accurate transaction history. We monitor this data for fraud — if we see unusual betting patterns (like impossible odds or collusion between accounts), we flag it and investigate. We use your device information to detect login attempts from unexpected locations and trigger security alerts. If someone tries to log into your mitra account from Jakarta when you usually log in from Surabaya, we send you a verification code before granting access.

We do not use your data for marketing without your consent. We do not sell your personal information to advertising companies. We do not profile you based on your gaming activity to target you with unsolicited promotions.

mitra security: We encrypt all data sent between your device and our servers using TLS 1.3 encryption. Your password is hashed so even our team cannot see it in plain text.

Who we share your data with

We share your data only when necessary. We share payment information with your bank or e-wallet provider (DANA, e-wallet, mobile banking, local payment, online payment, or the issuing bank for e-wallet and mobile banking, local payment, online payment, e-wallet transfers) only when you request a deposit or withdrawal. We do not initiate sharing — you trigger it by requesting a transaction. Your bank or e-wallet then handles the transfer and confirms it back to us.

We may share your identity and transaction data with law enforcement or financial regulators if required by a court order or valid legal process. We comply with Indonesian regulations and laws in jurisdictions where mitra operates. We do not proactively share this data with authorities — sharing only happens if we receive a valid legal demand.

We may use third-party service providers for specific functions — for example, a payment processor to handle bank transfers, or a fraud-detection company to analyze suspicious patterns. These processors sign contracts agreeing to keep your data confidential and use it only for the services we hire them for. We do not allow them to use your data for their own marketing or sales.

Data retention: We keep your account and transaction data for seven years after account closure, as required by financial regulations. After that, we delete or anonymize it.
Cookies on mitra: We use cookies to keep you logged in across sessions and to remember your preferences (language, notification settings). We do not use cookies for third-party tracking.
Cross-border data transfers: Our servers may sit outside Indonesia. We ensure data protection meets international standards wherever your data travels.
Third-party links: We do not control privacy practices of external websites. This notice applies only to mitra — always check other sites' privacy policies.

Your rights under our mitra privacy policy

We recognize your rights to your own data. You have the right to access all personal information we hold about you. You can request a copy of your account data, gaming history, and transaction logs anytime by contacting our support team. We will provide it in a readable format within a few business days.

You have the right to correct inaccurate information. If your name, address, or ID details are wrong in our system, tell us and we will update them. You have the right to request deletion of your personal data — we will delete or anonymize your account if you close it, subject to legal retention requirements (we must keep records for seven years for regulatory compliance).

You have the right to opt out of non-essential communications. You can disable push notifications, email marketing, and SMS alerts in your account settings anytime. You will still receive essential notifications (withdrawal approvals, fraud alerts, account security issues) because these are necessary to keep your account safe. If you believe we are misusing your data or violating this policy, you can lodge a complaint with our support team. We will investigate and respond within five business days.

Mobile app privacy and device permissions

Our mitra Android app requests certain device permissions when you install it. We ask for internet access (to connect to our servers), storage access (to cache game graphics and speed up loading), and notification permission (to alert you about deposits, withdrawals, and support responses). We do not request permission to access your contacts, camera, or microphone unless you use a feature that needs it (like video verification during account recovery).

Our iOS version runs in your browser, so it uses Safari or Chrome's privacy settings. We do not collect biometric data (fingerprints or face ID) unless you enable optional biometric login for convenience. If you enable it, your biometric data stays on your phone only — we never receive or store it. We only receive a confirmation that biometrics verified successfully.

We do not track your location continuously. We detect your approximate location (city level via IP address) only to monitor for unusual login patterns. If you normally log in from Jakarta but suddenly log in from Medan, we flag it as a security precaution and ask you to verify the login attempt.

Cookies and tracking on mitra

We use cookies to keep you logged in across sessions on our app and website. These cookies last as long as your session — they expire when you log out or close your browser. We also use cookies to remember your preferences: your language choice (English or Indonesian), notification settings, and theme preference (light or dark mode). These preference cookies persist for one year so you do not reset them every time.

We do not use third-party tracking cookies or pixels that follow you across the internet. We do not use your mitra activity to build a profile for sale to advertisers. We do not partner with data brokers. Our cookies serve only mitra operations — keeping you logged in and remembering your settings.

You can disable cookies in your browser settings if you want, but doing so may make mitra harder to use — you might have to log in every time, or your preferences might reset. We recommend enabling cookies for the best experience.

Jurisdiction and data protection laws

We comply with Indonesian data-protection regulations and the laws of jurisdictions where mitra operates. Our servers may be located outside Indonesia — we use cloud hosting in multiple regions for reliability. Wherever your data travels, we ensure it is protected under encryption and meets international privacy standards.

If you are located in a jurisdiction with specific data-protection laws (like the European Union's GDPR), those laws may apply to your data. We comply with applicable laws in your location. If there is a conflict between Indonesian law and your local law, we follow whichever is stricter to protect you.

We review this privacy notice periodically and update it as our practices evolve. We notify you of material changes via email or in-app notification. Your continued use of mitra after a change means you accept the updated notice. If you do not accept a change, you can close your account anytime without penalty.

Contacting us about privacy

If you have questions about this privacy notice, our data practices, or your rights, contact our support team. We respond in English and Indonesian. You can reach us via live chat in the mitra app, email to our support address, or phone during our operating hours. We aim to respond to privacy queries within five business days.

If you are not satisfied with our response or believe we are violating data-protection laws, you can lodge a complaint with your local data-protection authority. We respect your privacy and remain committed to handling your data transparently and securely.