LEGAL REFERENCE

How magic138 Handles Your Account Data

This is our privacy policy in plain language. We're magic138, and this page tells you exactly what we collect when you open an account, why we store it...

Plain-language policyIndonesia-awareAccount data onlyUpdated regularlyContactable team
magic138 How magic138 Handles Your Account Data

Our Privacy Posture and Jurisdiction Notes

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

SUPPORT

Privacy Contact Paths

Privacy Desk Email Send privacy questions, data-access requests and correction notices to our dedicated inbox. We acknowledge within one business day and provide a full response inside the statutory window required by Indonesia.
Live Chat Privacy Channel Open the lobby chat widget and ask for the privacy team. The agent routes your case to the data officer handling account records, not the general support queue, so your request stays confidential.
Postal Address For formal data-subject requests requiring a signed letter, our registered correspondence address is published in your account footer. Include your username and verification reference so we can locate your file quickly.
EDITORIAL CLARITY

How We Review This Policy

Quarterly Legal Review

Our compliance team rereads this policy every quarter against current Indonesian regulation. If something shifts, we update the wording here and notify account holders before the new clauses take effect on your record.

Named Data Officer

A named privacy officer signs off every revision. That person is reachable through the contact paths above and is accountable for how magic138 stores, processes and shares your personal information internally.

Vendor Audits

Third-party processors handling your KYC and payment data are audited annually. We verify their certifications, encryption posture and breach-notification timelines before renewing any contract tied to your account flow.

Breach Notification

If a security incident touches your record, we tell you directly through your registered email and in-account inbox within seventy-two hours of confirmation. No silent patches, no buried disclosures hidden in updates.

Document Versioning

Every edit to this policy is dated and archived. You can request the previous version that applied when you opened your account, and we'll send it across so you can compare clauses line by line.

Independent Counsel

Outside legal counsel reviews material changes before publication. That second pair of eyes keeps the wording honest and consistent with how regulators interpret data handling for licensed Indonesia-facing platforms.

Consistency Across Our Policy Pages

Privacy vs TermsThis policy covers data handling only. Account conduct, wagering rules and dispute paths sit in our Terms page and use the same defined terms, so nothing contradicts between the two documents.
Privacy vs CookiesCookie behaviour, tracking pixels and session tokens are described separately on the Cookies page. The data those tools collect feeds into the categories defined here, with matching retention windows applied consistently.
Privacy vs KYC NoticeIdentity verification deserves its own page because the document list changes by region. The legal basis for collecting those documents, however, comes straight from this policy and stays aligned everywhere.
Privacy vs AMLAnti-money-laundering screening uses transaction data described in section two of this policy. The AML notice explains the screening logic; this page explains the underlying data rights you hold.
Privacy vs MarketingOpt-in marketing preferences are toggled in your account settings. This policy explains what data feeds those communications and how to withdraw consent without affecting your ability to keep using the lobby.
Privacy vs ComplaintsIf you disagree with how we handled your data, the Complaints page details escalation. The internal response window quoted here matches the one published there — no conflicting timelines between documents.
Privacy vs Cross-BorderWhen data moves outside Indonesia to a licensed processor, the safeguards listed in our Cross-Border notice match the contractual clauses summarised in this policy's vendor-sharing section.
AT A GLANCE

What Defines Our Policy Page Layout

Clause Anchors Each section of this policy has a clickable anchor in...
Version Stamp The footer of this page carries the effective date and...
Plain-Language Summaries Every dense paragraph gets a one-line summary above it. Skim...
Request Buttons Inline buttons let you trigger an access request, correction request...
Change Log A dated change log sits at the bottom of this...
Print-Friendly View A clean print stylesheet strips navigation and chrome so you...

Privacy Policy Questions

We collect your name, date of birth, contact details, identity documents, device information and transaction records tied to your wallet. Nothing beyond what's required to run your account and meet Indonesian regulatory checks gets stored on our servers.

Yes. Send an access request through the privacy desk email or the in-lobby chat channel. We compile your full record and deliver it through a secure link within the statutory response window applied to your region.

Active accounts retain data for the life of the account. After closure, we hold records for the period required by tax and anti-money-laundering law in supported regions, then delete or anonymise everything beyond that retention window.

Only with licensed processors — payment partners handling DANA, OVO, GoPay and QRIS, KYC vendors and fraud-screening providers. Each is contracted to our standards. We don't sell data to advertisers or unrelated commercial parties.

Toggle off marketing preferences inside your account settings, or reply STOP to any message. Withdrawal takes effect immediately for new campaigns and doesn't affect transactional messages tied to your wallet activity or account security.

We notify affected account holders within seventy-two hours of confirming an incident, through your registered email and in-account inbox. The notice explains what was exposed, what we've done, and what action you should take.

Material changes trigger an in-account notification before they take effect. Minor edits are logged in the change log at the bottom of this page, with the effective date stamped against the new revision number.