mahajituPrivacy Policy

This page describes what we collect when you use mahajitu and how we keep that data protected. We at mahajitu collect personal information—your legal name, date of birth, national ID number, email, phone number, and payment details—only to verify your identity, process deposits and withdrawals, and comply with local regulations. We do not sell your data to third parties, and we encrypt all sensitive information using industry-standard protocols.

Our platform operates in jurisdictions where online gaming is legally permitted. We process your data in accordance with privacy regulations applicable in those jurisdictions. Your data may be stored on servers outside your country—for example, our Jakarta operations may use cloud infrastructure located regionally. We undertake to protect your information regardless of server location through encryption and access controls.

Our privacy practices centre on account security, regulatory compliance, and your right to know how your information is used. This policy outlines our data handling, your rights, and how to contact us with privacy concerns.

What data mahajitu collects

We collect information in two categories: identity data and transactional data. Identity data includes your legal name, date of birth, national ID number (KTP, passport, or driver's license), email address, and phone number. We gather this during account creation and verification. We use identity data to confirm you are who you claim to be and to comply with anti-money-laundering (AML) and know-your-customer (KYC) regulations.

Transactional data includes deposits, withdrawals, game sessions (spins, bets, outcomes), login history, and IP addresses. We collect transactional data automatically when you use mahajitu. This data helps us detect fraud, verify legitimate accounts, and generate your transaction history—which you can review anytime in your account.

We do not collect voice or video recordings from your device. We do not track your location beyond your IP address. When you use mahajitu's live-dealer tables, our studios record the table stream for quality assurance and dispute resolution—you consent to this when you join a table. We do not record your personal device audio or video.

How mahajitu uses your data

We use your identity data to verify your account and prevent fraud. During verification, we compare your ID photo to your legal name and date of birth. We may cross-reference your details against regulatory watchlists (sanctions lists, PEP databases). If verification fails, we notify you with the reason.

We use transactional data to create your account history, process withdrawals, and monitor for suspicious activity. For example, if you attempt to withdraw significantly more than you deposited in a short timeframe, our system flags the transaction for manual review. This protects you and mahajitu from fraud.

We use your email and phone number to send account notifications (login alerts, withdrawal confirmations, password resets). We send these notifications only for account security or regulatory compliance—never for unsolicited marketing. If you request to opt out of non-essential notifications, we honor that request.

Third-party processors and data sharing

We use third-party payment processors to handle deposits and withdrawals. When you pay via DANA, e-wallet, mobile banking, or local payment, your payment data flows to those providers' systems—not directly to mahajitu. We do not store your credit card or bank account numbers. Payment processors handle that data under their own privacy policies.

We may share your identity data with regulatory authorities if required by law—for example, if local gambling regulators request account details during an investigation. We do not voluntarily share your data with law enforcement unless legally compelled. We do not share your data with other gaming operators or third-party advertisers.

We may use third-party service providers for account hosting, email delivery, and fraud detection. These providers are contractually obligated to protect your data and use it only for mahajitu's services. We do not permit them to use your data for their own purposes.

Cookies and tracking

mahajitu uses cookies to maintain your login session and remember your preferences (language, font size, notification settings). Session cookies expire when you log out. Persistent cookies remain on your device for up to one year and allow you to stay logged in across sessions (if you enable "Remember me").

We do not use cookies to track you across other websites. We do not sell cookie data to advertisers. Our cookies do not contain personally identifiable information—they contain session tokens that reference your account number, not your name or ID.

If you disable cookies in your browser, mahajitu will function but you'll need to log in each session. Most mahajitu features (live tables, slot games, withdrawal processing) require cookies to work properly.

Your rights on mahajitu

You have the right to access your personal data. You can request a copy of all data mahajitu holds about you by contacting our support team. We provide this copy within 30 days at no cost. You can use this data to verify accuracy or port it to another service.

You have the right to correct inaccurate data. If your legal name is misspelled in our system, contact support with proof of correction (government-issued ID). We update your record within one business day.

You have the right to request deletion of your account and data. We close your account immediately and anonymize your data after the legal retention period (typically seven years for gaming transactions). You cannot undo account closure—confirm this step carefully.

Data security on mahajitu

We encrypt all data in transit using TLS 1.2 or higher. Your login credentials, payment details, and personal information are encrypted before they leave your device. We store sensitive data (ID numbers, payment methods) in encrypted form on our servers. Access to encrypted data requires additional authentication beyond your password.

Our team members access your data only when necessary (e.g., during account verification or fraud investigation). We log all access attempts and review logs quarterly for unauthorized access. If a team member improperly accesses your data, we take disciplinary action.

We test our security annually through independent penetration testing. If a vulnerability is discovered, we patch it immediately and notify affected account holders. We have never experienced a data breach. If a breach were to occur, we would notify all affected users within 48 hours.

Contact mahajitu about privacy

If you have questions about our privacy practices, your rights, or how we handle your data, contact our support team. We respond to privacy inquiries within 48 hours. You can reach support via email or phone (English and Indonesian support available).

If you're not satisfied with our response, you may escalate your concern to our data protection officer (DPO). Contact support for DPO contact details. In some jurisdictions, you also have the right to lodge a complaint with your local data protection authority.

This privacy policy may be updated as regulations change or our practices evolve. We notify you of material changes via email or in-app notification. Continued use of mahajitu after a policy update constitutes acceptance of the new policy. Your privacy is central to our commitment to account holders. We undertake to protect your data, respect your rights, and remain transparent about our practices.