How magic138 Handles Your Account Data
This is our privacy policy in plain language. We're magic138, and this page tells you exactly what we collect when you open an account, why we store it...
Our Privacy Posture and Jurisdiction Notes
We collect the data needed to run your magic138 account: your name, contact details, verification documents, device fingerprint and transaction history tied to your wallet. We process this under Indonesian data protection norms and only where local law permits. Where supported regions require stricter handling, we apply the higher standard by default. We don't sell your data to third parties. We share
it only with licensed processors — payment partners, KYC vendors, fraud screeners — who are bound to the same posture. You can request access, correction or deletion of your record at any time, and we respond inside reasonable statutory windows. Retention periods follow account lifecycle and tax-record rules.
Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.
Privacy Contact Paths
How We Review This Policy
Quarterly Legal Review
Our compliance team rereads this policy every quarter against current Indonesian regulation. If something shifts, we update the wording here and notify account holders before the new clauses take effect on your record.
Named Data Officer
A named privacy officer signs off every revision. That person is reachable through the contact paths above and is accountable for how magic138 stores, processes and shares your personal information internally.
Vendor Audits
Third-party processors handling your KYC and payment data are audited annually. We verify their certifications, encryption posture and breach-notification timelines before renewing any contract tied to your account flow.
Breach Notification
If a security incident touches your record, we tell you directly through your registered email and in-account inbox within seventy-two hours of confirmation. No silent patches, no buried disclosures hidden in updates.
Document Versioning
Every edit to this policy is dated and archived. You can request the previous version that applied when you opened your account, and we'll send it across so you can compare clauses line by line.
Independent Counsel
Outside legal counsel reviews material changes before publication. That second pair of eyes keeps the wording honest and consistent with how regulators interpret data handling for licensed Indonesia-facing platforms.
Consistency Across Our Policy Pages
| Privacy vs Terms | This policy covers data handling only. Account conduct, wagering rules and dispute paths sit in our Terms page and use the same defined terms, so nothing contradicts between the two documents. |
|---|---|
| Privacy vs Cookies | Cookie behaviour, tracking pixels and session tokens are described separately on the Cookies page. The data those tools collect feeds into the categories defined here, with matching retention windows applied consistently. |
| Privacy vs KYC Notice | Identity verification deserves its own page because the document list changes by region. The legal basis for collecting those documents, however, comes straight from this policy and stays aligned everywhere. |
| Privacy vs AML | Anti-money-laundering screening uses transaction data described in section two of this policy. The AML notice explains the screening logic; this page explains the underlying data rights you hold. |
| Privacy vs Marketing | Opt-in marketing preferences are toggled in your account settings. This policy explains what data feeds those communications and how to withdraw consent without affecting your ability to keep using the lobby. |
| Privacy vs Complaints | If you disagree with how we handled your data, the Complaints page details escalation. The internal response window quoted here matches the one published there — no conflicting timelines between documents. |
| Privacy vs Cross-Border | When data moves outside Indonesia to a licensed processor, the safeguards listed in our Cross-Border notice match the contractual clauses summarised in this policy's vendor-sharing section. |