eksa Casino & Sportsbook Data Care

This page describes what we collect when you use eksa and how we keep that data protected. We are transparent about data handling — we collect information needed for account security, payment processing, and regulatory compliance, but we do not sell your personal information or use it for unrelated marketing without your consent.

Our eksa privacy policy covers what data we collect (email, phone, date of birth), how we store it (encrypted, on secure servers), who has access (our team and authorised payment processors), your rights (access, correction, deletion), and how long we retain it. We comply with data-protection laws in all jurisdictions where we operate. Your data is your right — we treat it with respect.

When you open an account on eksa or deposit funds via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, or e-wallet, you share personal and financial information with us. We explain how we use, protect, and share that information below. Read this policy carefully to understand our data practices.

What Data We Collect on eksa

We collect several types of data when you create an account on eksa. Your email address is mandatory — we use it to authenticate your login and send account notifications (password resets, withdrawal confirmations, terms updates). Your phone number is required for two-factor authentication and account recovery if you lose access to your email. Your full legal name and date of birth are collected during account creation and verified during KYC (Know Your Customer) checks before withdrawal.

Your payment data includes bank account numbers or e-wallet IDs (for DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet). We do not store raw card numbers or bank passwords. Instead, payment gateways issue us secure tokens — references that allow us to process transactions without storing sensitive financial details. Your nationality and jurisdiction (city or region) are collected to confirm you reside in a jurisdiction where our services are lawful.

We also collect behavioural data — your game history (stakes, outcomes, timestamps), login times, device type (Android, iOS, desktop), IP address, and session duration. This data helps us detect fraud, analyse usage patterns, and improve our platform. We do not track your location in real time beyond your registered jurisdiction during account verification.

Account data: email, phone, full name, date of birth, nationality.
Payment data: tokenized payment references (not raw account numbers or passwords).
Behavioural data: game history, login times, device type, IP address, session logs.
Verification data: government ID copies (passport, national ID, driver's license) for KYC.

How We Use Your Data on Our eksa Platform

We use your email and phone for account authentication and security. If you forget your password, we send a password-reset link to your email; if you enable two-factor authentication, we send a code to your phone. We use your name and date of birth to verify your identity during KYC and to ensure only one account per person exists on eksa.

Your payment information (tokenized references) is used solely to process deposits and withdrawals. We do not use your payment data for any other purpose — we do not charge you for unrelated services or share it with marketers. Your game history is analysed to calculate your balance, settle payouts, and detect fraud. We also use aggregate game data (non-identifiable) to improve our games and understand player behaviour.

Your behavioural data (login times, IP address, device type) helps us protect your account against unauthorised access. If your account is accessed from an unusual location or device, we may send you a security alert or ask for verification. We use this data to block automated attacks and prevent account takeover.

Data usage note: We do not use your personal data for marketing campaigns unless you opt in. You can adjust your notification preferences anytime from your account settings.

Where We Store Your Data and How We Protect It

We store your data on encrypted servers in secure data centres. Our servers may be located outside your jurisdiction — for example, servers may be in Singapore or Australia even if you access eksa from Jakarta, Surabaya, Bandung, or Medan. We encrypt data in transit (when you send it to us) using TLS (Transport Layer Security) and at rest (when it sits on our servers) using AES-256 encryption. This means even if someone gains unauthorised access to our servers, your data remains unreadable.

Your personal data (name, date of birth, phone) is stored separately from your gaming activity. Payment data is further isolated — we do not keep raw card numbers or bank passwords; only tokenized references that our payment processors can use. We limit access to your data to eksa employees who need it for account support, compliance, or fraud prevention. All staff sign confidentiality agreements.

We perform regular security audits and penetration testing to identify and fix vulnerabilities. Our systems are monitored 24/7 for suspicious activity. If we detect a breach, we notify affected users and regulators as required by law. We maintain backup copies of your data in case of server failure — these backups are also encrypted and stored securely.

We share your data with third parties only when necessary and under strict contracts. Payment processors (mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment) receive your tokenized payment reference and transaction amount to process deposits and withdrawals. We do not share raw account numbers with them. These processors have their own privacy policies — review them to understand how they handle your data.

We may share anonymised data (non-identifiable statistics) with game developers and analytics partners to improve our platform. This data does not include your name, phone, or personal ID — it is aggregate information like "many active users wagered on Liga 1 matches this week" or "average session duration is subject to verification". Such sharing helps developers optimise game performance.

We may disclose your data to legal authorities if required by law (court order, regulatory investigation, anti-money-laundering compliance). We will notify you of such disclosures unless legally prohibited. We do not voluntarily sell your data to marketers, advertisers, or other commercial entities.

Your data rights on eksa are non-negotiable.

You can request to see what data we hold, correct inaccuracies, or request deletion (subject to legal retention requirements). Contact our support team to exercise these rights.

How Long We Keep Your Data

We retain your account data (name, email, phone, date of birth) for as long as your account is active. If you close your account, we retain this data for a legal retention period (typically 3–5 years) to comply with anti-money-laundering and tax regulations. We then delete it. We cannot delete data faster even if you request it, as local law may require us to maintain records for compliance.

Your game history and transaction logs are retained for similar periods — typically 5 years minimum. This allows us to respond to disputes, regulatory inquiries, or legal proceedings. After the retention period expires, we anonymise or delete these records. Your payment token references are deleted as soon as a transaction settles; we do not keep historical payment tokens unless legal requirements mandate it.

Backup copies of your data are retained for shorter periods to ensure disaster recovery. If we restore from a backup, we purge older backups after a safe period. We do not retain backups indefinitely. Any data you request to delete is removed from active systems immediately (within 24 hours); it may remain in backups online paymentefly until those backups expire, then it is purged.

Cookies and Tracking on eksa

We use cookies on eksa to maintain your login session, remember your preferences (e.g., language, notification settings), and analyse site performance. A cookie is a small text file stored on your browser. When you log into eksa, your session cookie remains active so you stay logged in across pages — you do not need to re-enter your password on every click. This cookie expires when you close your browser or manually log out.

We use analytics cookies to measure how players interact with our platform — which games are popular, where drop-off occurs, how long sessions last. These cookies do not store personal information; they track behaviour anonymously. We use this data to improve game design and user experience. You can disable analytics cookies in your browser settings; this does not affect your ability to play on eksa, but it prevents us from seeing your activity patterns.

We do not use third-party tracking cookies to follow you across other websites. Our cookies stay within the eksa domain. If you access eksa on mobile via our Android app, we do not use cookies — the app maintains authentication via secure tokens instead.

Your Privacy Rights on Our eksa Platform

You have the right to access all data we hold about you. Request a data export anytime from your account settings or by contacting our support team. We provide your data in a machine-readable format (typically JSON or CSV) within 10 business days. You can review what we collect, correct inaccuracies, or request deletion of specific fields (subject to legal retention requirements).

You have the right to correct inaccurate data. If your registered phone number or email is wrong, update it anytime from account settings. If we hold an incorrect date of birth or nationality, contact support to correct it. We will update our records within 24 hours and confirm the change via email.

You have the right to be forgotten — you may request deletion of your personal data. We will delete your account and associated data subject to legal retention windows. Some data (for anti-money-laundering and tax compliance) must be retained for 3–5 years by law — we cannot delete this data faster, but we will anonymise it so it is not linked to you personally.

Right to access: Request a full export of your data anytime.
Right to correct: Update your personal information anytime.
Right to deletion: Request account and data deletion (subject to legal holds).
Right to restrict processing: Ask us to limit how we use your data for specific purposes.
Right to data portability: Receive your data in a format you can transfer elsewhere.

Changes to This eksa Privacy Policy

We may update this privacy policy anytime to reflect changes in our practices, technology, or local regulations. Material changes (e.g., new data sharing) are communicated via email at least 30 days before they take effect. Non-material changes (e.g., clarifications) may be posted without notice. Your continued use of eksa after any update constitutes acceptance of the revised policy.

This privacy policy was last updated on the date shown at the top of the page. If you have questions about our data practices, contact our support team via in-app chat or email. We respond to privacy inquiries within 5 business days. If you are unsatisfied with our response, you may lodge a complaint with your local data-protection authority.

We are committed to protecting your privacy on eksa. We do not sell your data, we encrypt it rigorously, and we comply with all applicable privacy laws. Your trust is central to our platform — we take that responsibility seriously.