kursi Privacy Policy

This page describes what data we collect when you use kursi and how we keep that data protected. We collect only information necessary to operate our platform, verify your identity, process payments, and comply with legal requirements. We do not sell your personal data to advertisers or marketing agencies.

Our privacy commitments apply across all kursi services—sportsbook (Liga 1, Piala Indonesia, Piala AFF, Champions League, MotoGP, badminton), live-dealer tables (blackjack, roulette, baccarat, Dragon Tiger), slots (Aviator, Fortune Tiger, Sweet Bonanza, Gates of Olympus, Mahjong Ways), and esports markets (Mobile Legends, Free Fire, PUBG Mobile). They also apply regardless of where you access kursi—mobile app, web browser, or tablet.

By registering a kursi account, you consent to the data practices described in this policy. If you do not agree with any part of this policy, you should not use kursi.

What Data We Collect on kursi

We collect your personal data in three categories: account information, transaction data, and device / behavioural data.

Account information. When you register with kursi, we collect your email address, phone number, full name, date of birth, and residential address. During identity verification, we collect copies of your government-issued ID (KTP, passport, or driver's licence) and a selfie. We store this data securely for as long as your kursi account exists, plus 7 years after account closure, to comply with anti-money-laundering law.

Transaction data. Each time you deposit via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer (mobile banking, local payment, online payment, e-wallet), we log the amount, timestamp, and payment method. Each withdrawal is logged similarly. Each wager on our sportsbook, live-dealer tables, or slots is logged with your bet amount, game type, outcome, and timestamp. We use this data to detect fraud, track your account balance, and respond to disputes.

Device and behavioural data. We log your device type (mobile, tablet, desktop), operating system, browser, IP address, and approximate geographic location (derived from IP address). We also log which games you access, how often you log in, and when you log out. This helps us troubleshoot technical issues, detect unauthorized access, and optimize kursi performance.

Cookies: We use cookies to maintain your session, remember your preferences (language, bet size), and track your account activity. You can disable cookies in your browser settings, but doing so may break kursi functionality. We do not use cookies for third-party advertising.

How We Use Your kursi Data

We use your data for six purposes: account operations, payment processing, fraud prevention, legal compliance, customer support, and service improvement.

  • Account operations: We use your email, phone, and identity documents to create and verify your kursi account. We use your transaction logs to calculate your balance and process withdrawals.
  • Payment processing: We share your name, account number, and transaction amount with our banking partner to process deposits and withdrawals. Our banking partner stores this data in accordance with banking-sector privacy law.
  • Fraud prevention: We analyse your transaction patterns, device history, and login behaviour to detect suspicious activity (e.g., multiple rapid withdrawals, logins from geographically distant locations). If we detect fraud, we may freeze your account pending investigation.
  • Legal compliance: We retain transaction records and identity documents to comply with anti-money-laundering law and respond to law-enforcement requests. We may disclose your data to regulators, tax authorities, or courts if legally required.
  • Customer support: If you contact our support team via live chat with a question or complaint, we use your account data to help resolve your issue quickly.
  • Service improvement: We analyse aggregated (non-identifying) data about game usage, payment methods, and platform performance to improve kursi's design and stability.

Third-Party Processors and Data Transfers

We do not sell your personal data. However, we share your data with third parties who help us operate kursi:

  • Banking partner: We share your deposit and withdrawal data with our banking partner to process payments. They store your data in secure data centres, some of which may be located outside Indonesia.
  • Payment processors: mobile banking, local payment, online payment, e-wallet, mobile banking, and your bank receive your transaction instructions directly from you. We do not store your payment credentials (card numbers, e-wallet passwords); we only store transaction records.
  • Identity verification provider: We use a third-party service to verify your ID and selfie. This service stores your documents temporarily (48 hours) and then deletes them. We retain a encrypted copy of your verification result.
  • Game providers: Our slot games and live-dealer tables are provided by licensed third-party content partners. These partners receive your bet data and wager outcomes but do not receive your identity or payment information.
  • Hosting provider: Our servers are hosted by a cloud provider. Your data (account information, transaction logs) is stored in encrypted form on their infrastructure.

All third-party processors are contractually obligated to keep your data confidential and use it only for the specific purpose for which we share it. We do not share your data with marketers, advertisers, or data brokers.

Your Rights and Data Requests on kursi

You have the right to access, correct, and request deletion of your personal data on kursi. To exercise these rights, contact our support team via live chat. We respond within 14 days.

You can request a copy of all data we hold about you. We will compile your personal information (account details, transaction history, device logs, identity documents) and send it to you in a portable format (PDF or CSV) within 30 days. If you believe any data is inaccurate, you can request correction. We will update your kursi account and notify relevant third parties (e.g., your bank) if necessary.

You can request deletion of your account and associated data. Deletion is subject to a 30-day cooling-off period. After the cooling-off period, we delete your personal data within 90 days, except for transaction records and identity documents which we must retain for 7 years to comply with anti-money-laundering law.

We cannot delete data if it is subject to legal holds or if you have an outstanding balance on your kursi account. In such cases, we retain your data until the hold is lifted or your balance is settled.

Key privacy commitments

  • We collect only data necessary to operate kursi, verify your identity, and process payments.
  • We encrypt all data in transit (TLS 1.2+) and at rest (AES-256) using industry-standard standards.
  • We do not sell your personal data to advertisers or data brokers.
  • We share your data only with third parties who help us operate kursi (banking partner, payment processors, hosting provider).
  • You have the right to access, correct, and request deletion of your data by contacting our support team.
  • We retain transaction records and identity documents for 7 years after account closure to comply with anti-money-laundering law.

Data Security and Breach Notification

We encrypt all data transmitted between your device and kursi servers using TLS 1.2 or higher. We encrypt data stored on our servers using AES-256 encryption. We restrict access to your personal data to kursi employees and contractors who have signed confidentiality agreements. We conduct annual security audits and penetration testing to identify vulnerabilities.

If we discover a data breach—unauthorized access to your personal information—we notify you within 72 hours via email to the address on your kursi account. We will also notify relevant regulators and, if required by law, law enforcement. We undertake to cooperate fully with any investigation.

Policy Updates and Contact

We may update this privacy policy at any time by posting updated terms on kursi. We will notify registered users of material changes via email at least 7 days before they take effect. Your continued use of kursi after the update date constitutes acceptance of the new policy.

If you have questions about our privacy practices, how we handle your data, or how to exercise your data rights, contact our support team via live chat. We respond in English during business hours. You can also reach us by email; we respond within 48 hours.

Our services are available only where local law permits. Your personal data may be processed, stored, and transferred in jurisdictions with different privacy laws than your own. By using kursi, you consent to cross-border data transfer. If you are not comfortable with this, you should not use kursi.