gigaspin Privacy Policy

This page describes what we collect when you use gigaspin and how we keep that data protected. When you open our Android app, access our mobile site on iOS, or use desktop gigaspin, you share certain information with us—your email, phone number, account activity, payment details, and browsing behaviour. We collect this data to verify your identity, process your transactions, and detect fraud. We take your privacy seriously and follow standard encryption and storage practices to ensure your information stays secure.

Our privacy commitments cover what data we gather, how long we retain it, who has access to it, and what rights you have to access or delete your information. We also explain how we use cookies, how third-party payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) handle your payment data, and what happens if our data suffers a breach.

Our services are available only where local law permits. Users are responsible for verifying that access and use comply with their own jurisdiction's law.

What Data We Collect on gigaspin

Account and identity information

When you create a gigaspin account, we collect your email address, phone number, full name, and date of birth. We use this to verify your identity and ensure compliance with local law. We also ask for your address and government-issued ID (KTP, passport, or driving license) as part of our Know Your Customer (KYC) verification. This information is stored securely on encrypted servers and is used only for account verification and fraud prevention.

We retain your account data for as long as your gigaspin account exists. If you request account deletion, we remove your personal information within 30 days, except where we're legally required to keep records for tax or compliance purposes. In those cases, we anonymize your data and keep only the minimum required by law.

Transaction and payment data

Every deposit and withdrawal on gigaspin creates a transaction record. We log the amount, date, time, payment method (DANA, e-wallet, mobile banking, etc.), and outcome. We do not store your full card number, bank account number, or e-wallet PIN—those details are handled directly by our payment processors and are never sent to our servers. Our systems see only a tokenized reference (a code that stands in for your real payment details), allowing us to process transactions without exposing sensitive data.

Payment processors handle your payment data

When you deposit via local payment, online payment, e-wallet, mobile banking, local payment, or your bank, your payment information goes directly to those providers. gigaspin never sees or stores your full payment credentials.

Behavioural and activity data

We log your activity on gigaspin—which matches you view, which markets you engage with, when you log in, how long you stay, and what device you use (Android, iOS, or desktop). We use this data to detect suspicious patterns (like rapid account changes or unusual login locations), improve our platform performance, and customise your experience. For example, if you frequently access Liga 1 fixtures, we may highlight Liga 1 matches in your feed.

We retain activity logs for up to two years for fraud detection and dispute resolution. After that period, we anonymize the data so it cannot be linked back to you. This helps us understand platform usage trends without exposing individual identity.

Cookies and tracking

Our Android app and mobile website use cookies and similar tracking technologies to remember your login session, language preference, and notification settings. These cookies are stored on your device and are not shared with third parties. You can disable cookies in your browser settings (on iOS or desktop), though this may limit some features like staying logged in.

We do not use cookies to track you across other websites or apps. We use only first-party cookies that are necessary for gigaspin to function. If you have questions about what cookies we use, our support team can provide a detailed list.

Our Data Practices and Your Rights

How we protect your data on gigaspin

We encrypt all data in transit (using HTTPS) and at rest (using industry-standard encryption). Our servers are located in secure data centres with backup power, fire suppression, and restricted physical access. We restrict access to your data to employees and contractors who need it for their job—support staff, compliance officers, and engineers. All staff sign confidentiality agreements and undergo data-protection training.

We regularly test our systems for vulnerabilities and conduct security audits. If we discover a data breach, we notify affected users via email within 72 hours and provide guidance on how to protect themselves. We do not pay ransoms, and we cooperate with law enforcement if requested.

Server locations: Our servers may sit outside your jurisdiction (e.g., in Singapore or the UK). By using gigaspin, you consent to your data being stored and processed in these locations.

Your rights and requests

You have the right to access your personal data, request corrections, or ask us to delete information that is no longer necessary. To make a request, log in to your gigaspin account and go to Account → Privacy Settings, or contact our support team via in-app chat. We respond to all data requests within 30 days.

You also have the right to download a copy of your data in a machine-readable format (e.g., CSV or JSON). This lets you move your data to another platform if you choose. To request a data download, contact support and we'll prepare a file within 15 business days.

You can withdraw consent to use cookies, targeted notifications, and promotional emails at any time via your Account Settings on the app or mobile site. Withdrawing consent doesn't affect transaction processing or platform functionality—it only stops us from sending you promotional messages or using your behaviour to customise your feed.

Third-party data sharing

We do not sell your personal data to third parties. We share data only with: (1) payment processors (DANA, e-wallet, mobile banking, etc.) to process your transactions, (2) our hosting and analytics providers to maintain platform performance, (3) law enforcement or regulators if legally required, and (4) our affiliates if you link your account to another gigaspin partner. In all cases, we require data-processing agreements that restrict how your data is used.

Our partners in Jakarta, Surabaya, Bandung, Medan, and other regions comply with the same privacy standards as gigaspin. If gigaspin is acquired by another company, we'll notify you and give you the option to delete your account before any data transfer occurs.

Updates to this policy

We may update this privacy policy to reflect changes in law, technology, or our practices. If we make material changes, we'll notify you via email or in-app notification. Your continued use of gigaspin after updates take effect means you accept the updated policy. If you disagree with changes, you can request account deletion and data removal at any time.