tupai Platform Privacy Notice

This page describes what we collect when you use tupai and how we keep that data protected. We at tupai take your privacy seriously. We collect only the information we need to run our platform, verify your identity, process your payments, and comply with applicable law.

Our servers process data related to your account, deposits, withdrawals, game activity, and communication with our support team. We use industry-standard encryption and security practices. We do not sell your data to third parties. We share data only with payment processors, fraud-detection services, and legal authorities when required by law.

This notice explains our data practices in plain language. If you have questions about how we handle your information, contact our support team through your tupai account dashboard.

What data we collect on tupai

We collect several categories of information when you use tupai. First, account information — your name, email address, phone number, and date of birth. Second, identity verification documents — a copy of your national ID and proof of address. Third, payment information — the bank account or e-wallet details you use to deposit and withdraw.

We also collect gameplay and betting data — which games you play, your stakes, your account balance, your transaction history, and the outcomes of your entries. This data helps us detect fraud, resolve disputes, and comply with regulatory requirements. We log your IP address and device information for security purposes.

Additionally, we collect communication data when you contact our support team — the messages you send, the issues you report, and our responses. This helps us improve our service and maintain a record of your requests.

How we use your data on tupai

We use your data to operate tupai and deliver our services. Specifically:

  • Account management: We use your name, email, and phone to set up your account, verify your identity, and manage your profile.
  • Payment processing: We share your bank account or e-wallet details with our payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) to execute deposits and withdrawals.
  • Fraud detection: We analyse your gameplay patterns and transaction history to detect suspicious activity and prevent unauthorized access.
  • Legal compliance: We retain records to comply with anti-money-laundering (AML) regulations and other Indonesian legal requirements.
  • Support: We use your communication history to answer your questions and resolve disputes.
  • Marketing: We may send you promotional emails or SMS about new games or payment options, but only if you have opted in. You can unsubscribe anytime.

We do not sell your data

We do not sell or rent your personal information to third parties for marketing purposes. We share data only with service providers (payment processors, fraud-detection tools) and legal authorities when required.

Third-party processors

We use third-party service providers to operate tupai. These include:

Payment processors
Companies that process your mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and bank-transfer transactions. They receive your payment details only.
Cloud hosting
Our servers may sit outside Indonesia. Data is encrypted in transit and at rest. We maintain security agreements with hosting providers.
Fraud detection
Third-party tools analyse transaction patterns to prevent fraud and account takeover.
Email & SMS
We use providers to send you account notifications, verification codes, and promotional messages.

All third-party processors are contractually bound to use your data only for the purpose we specify. They cannot share your data further or use it for their own marketing.

Your rights regarding data on tupai

You have several rights under Indonesian data-protection law. You can request a copy of the data we hold about you. You can request corrections if your information is inaccurate. You can request deletion of your data once your account is closed, subject to legal retention requirements.

To exercise these rights, contact our support team through your tupai account. We will respond to your request within standard timeframes. Some data we are required to retain by law — for example, AML records must be kept for a specified period even after your account closes.

Data retention on tupai

We retain your data for as long as your account is active. After you close your account, we delete most personal information within standard windows. However, we retain transaction records and identity documents for regulatory compliance — typically five to seven years, as required by Indonesian AML regulations.

If we suspect fraud or if you are subject to a legal investigation, we may retain data longer to cooperate with authorities.

Cookies and tracking on tupai

We use cookies to keep you logged in and to remember your preferences. These are session cookies (they expire when you close your browser) and persistent cookies (they stay on your device). You can disable cookies in your browser settings, but some tupai features may not work correctly.

We use basic analytics to understand how players in Jakarta, Surabaya, Bandung, and other regions use our platform. We do not track you across other websites. We do not use cookies for advertising or marketing targeting.

Security practices on tupai

We encrypt all data in transit using TLS (Transport Layer Security). Your password is hashed — we do not store it in plain text. Your payment details are encrypted at rest. We conduct regular security audits and penetration testing.

We recommend enabling two-factor authentication (2FA) on your tupai account. 2FA requires you to enter a code from your phone when logging in from a new device. This significantly reduces the risk of account takeover.

Data breaches and incident response

If we discover a data breach that may expose your personal information, we will notify you without unreasonable delay. We will explain what happened, what data was affected, and what steps you should take to protect yourself. We will also report the breach to relevant authorities as required by law.

International data transfers

Our servers may be located outside Indonesia. When your data is transferred internationally, we use encryption and contractual protections (Standard Contractual Clauses) to ensure it remains secure. You acknowledge that your data may be processed outside your home jurisdiction.

Children and tupai

Our services are not intended for minors. We do not knowingly collect information from individuals under the age of majority in their jurisdiction. If we discover we have collected data from a minor, we will delete it immediately.

Contact us about privacy

If you have questions about our privacy practices, contact our support team through your tupai account dashboard. We respond in English and provide clear answers to your concerns.

You can also request to exercise your data rights — access, correction, deletion — through the same channel. We will process your request promptly.

Changes to this policy

We may update this privacy notice occasionally to reflect changes in our practices or legal requirements. We will notify you of material changes by email or by posting a notice on tupai. Your continued use of our platform after changes means you accept the updated policy.

This policy was last updated and applies to all users of tupai. It reflects our commitment to protect your privacy while delivering a secure, transparent gaming platform across Indonesia and supported jurisdictions.