mobaPrivacy Policy

This page describes what we collect when you use moba and how we keep that data protected. We take your privacy seriously because your account contains sensitive information — government ID, payment details, gaming history, and correspondence with our team. We've designed our data practices to be transparent and comply with regional data protection standards.

When you register for moba, deposit funds via QRIS, e-wallet, mobile banking, local payment, or bank transfer, or participate in live-dealer tables, sportsbook markets, or slot games, you provide us with personal information. We use that data to verify your identity, process transactions, prevent fraud, and deliver our service. This privacy policy explains exactly what we collect, how we use it, who has access to it, and what rights you have.

We update this policy periodically to reflect operational or legal changes. We notify users of material updates via email; continued use of moba after notification signifies your acceptance of the updated policy.

Data We Collect on moba

We collect the following categories of data when you use moba:

Registration data: Email address, phone number, full name, date of birth, and username.
Verification data (KYC): Government-issued ID (passport, national ID card), proof of address (utility bill, bank statement), and in some cases, a selfie for facial verification.
Payment data: Payment method details, transaction history, deposit and withdrawal records, and QRIS or bank routing information.
Gaming data: Game history, bet amounts, outcomes, live-dealer session logs, and chat interactions with dealers.
Device and access data: IP address, device type, operating system, browser type, and approximate geographic location based on IP.
Support data: Messages sent to our customer service team, account issue reports, and any correspondence related to disputes or security concerns.

We do not collect your financial institution account numbers directly; payment processors (e-wallet providers, bank partners) handle that sensitive layer. We receive only confirmation that a transaction succeeded or failed.

Your moba data is encrypted in transit and at rest

We use SSL/TLS encryption for all data moving between your device and our servers. Stored data is encrypted using industry-standard algorithms.

How We Use Your Data

We use moba account data for the following purposes:

Account verification and compliance: We verify your identity using your government ID and address proof to meet regulatory requirements and prevent fraud.
Payment processing: We use your payment details to process deposits and withdrawals via mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and your bank.
Gaming operations: We track your gaming history to calculate accurate payouts, prevent collusion, and detect unusual betting patterns.
Customer support: We access your account history when you contact us to resolve disputes, reset passwords, or investigate security concerns.
Fraud and security: We monitor for unauthorized access attempts, duplicate accounts, and suspicious transactions.
Legal and regulatory compliance: We may disclose your data to government agencies or law enforcement if required by applicable law.

We do not sell your personal data to third parties. We do not share your data with marketing firms or data brokers. Our payment processors, hosting providers, and support contractors access your data only as necessary to deliver our service, and we require them to maintain equivalent data protection standards.

Your Data Rights on moba

Under applicable regional data protection standards, you have the following rights:

Right to access: You can request a copy of all data we hold about you. Log in to your moba account and navigate to Settings > Data & Privacy to view and download your account information.
Right to correction: If your registered name, address, or other details are inaccurate, contact our support team and we will update them.
Right to deletion: You can request account closure and data deletion, subject to regulatory retention requirements. We may retain transaction records for a minimum period (typically 5 years) to comply with financial regulations.
Right to object: You can opt out of non-essential data processing — for example, we may email you about gaming updates, which you can disable in your notification settings.

To exercise any of these rights, contact us via live chat or email. We respond to all requests within 30 days. If you believe your data has been mishandled, you may file a complaint with your local data protection authority.

Note: We cannot delete your transaction history while your account holds an active balance or pending withdrawals. You must complete all financial transactions and close your account before we can delete associated payment records.

Third-Party Processors and Data Sharing

Our operations involve third-party service providers who access your data as needed:

Payment processors: online payment provider, bank partners (e-wallet, mobile banking, local payment, online payment), and mobile wallet networks (e-wallet, mobile banking, local payment, online payment, e-wallet) process your deposits and withdrawals.
Cloud hosting provider: Our servers may sit outside Indonesia; we select providers with data protection certifications equivalent to Indonesian standards.
Live-dealer studios: Our live-dealer tables are broadcast from partner studios; those studios receive video feeds and gaming data but not your account credentials.
Customer support platform: Our support ticketing system stores your messages and account history to help us assist you.

We contractually bind all third parties to maintain your data confidentiality and use it only for the purposes we specify. We do not permit them to sell or repurpose your data.

Cookies and Tracking

We use cookies and similar tracking technologies on moba for the following purposes:

Session authentication: We store a session token in a cookie so you remain logged in while browsing moba.
Preference storage: We remember your language preference, table-view settings, and notification choices.
Fraud detection: We use device fingerprinting (non-personally identifiable) to detect suspicious login patterns.

You can disable non-essential cookies in your browser settings, though doing so may limit moba functionality. We do not use third-party analytics cookies; we do not track your activity across other websites.

Data Retention and Deletion

We retain your data according to the following schedule:

Active account data: Kept as long as your account is active plus 12 months after closure.
Transaction records: Retained for a minimum of 5 years for regulatory compliance (anti-money laundering requirements).
KYC documents: Retained for 5 years after account closure or document expiry.
Gaming history: Retained for 2 years for dispute resolution and fraud investigation.
Support correspondence: Retained for 1 year after your last contact or account closure, whichever is later.

Cross-Border Data Transfer

Our hosting infrastructure may involve servers located outside Indonesia. When your data is transferred internationally, we ensure the receiving country offers equivalent data protection safeguards to those required in Indonesia. We use standard contractual clauses and data processing agreements to protect your information during transit and storage.

Security Practices on moba

We employ industry-standard security measures to protect your data from unauthorized access, alteration, or disclosure. Our practices include SSL/TLS encryption, password hashing, regular security audits, and penetration testing. Our development team follows secure coding practices, and we maintain incident response procedures in case of a breach.

However, no security system is perfect. If we detect a data breach, we will notify affected users via email within 72 hours and disclose what data may have been exposed. We recommend changing your moba password immediately if you receive such notification.

Jurisdiction and Updates

This privacy policy is governed by the laws of the jurisdiction in which moba is registered. It applies to all users accessing moba from supported jurisdictions — including Jakarta, Surabaya, Bandung, Medan, and Semarang. Users are responsible for verifying that their access and use of moba comply with their own jurisdiction's data protection and gaming laws.

We update this policy to reflect changes in our operations, technology, or legal requirements. We notify users of material changes at least 30 days before they take effect. Your continued use of moba after notification constitutes acceptance of the updated policy. If you have questions about our privacy practices, contact our support team via live chat or email.