surgalotre Privacy Policy
This page describes what we collect when you use surgalotre and how we keep that data protected. Payment data flows through multiple channels—e-wallets like DANA and e-walletbank virtual accounts with mobile banking and local payment, and online payment scan-to-pay—yet your personal information stays secure across all pathways.
We at surgalotre operate under the understanding that your data is your own. We collect only what we need to run your account, process your transactions, and comply with local law. We do not sell your information, trade it with marketing partners, or use it beyond the scope you expect.
By using surgalotre, you consent to this policy. If you have questions, contact us directly—we respond to all data inquiries.
What We Collect and Why
Account and identity data on surgalotre
We collect your email address, phone number, and password when you register. We also require a valid government ID (KTP, passport, or driver's licence) and address verification. This is not optional—Indonesian law and our anti-fraud standards require identity verification before any deposit or withdrawal.
We store your full name, ID number, date of birth, and residential address. We use this data to verify your identity, prevent underage access, and comply with local regulations. Once verified, your identity remains on file even if you change your password.
Payment and transaction data
When you deposit via DANAe-wallet, mobile banking, local payment, online payment, or a bank virtual account (e-wallet, mobile banking, local payment, online payment), we record the transaction. We log the amount, payment method, timestamp, and outcome. This data helps us match deposits to your account, process withdrawals, and detect fraud.
We retain transaction history for at least two years. This record is essential for dispute resolution and for complying with Indonesian financial reporting requirements. We do not store your e-wallet password, PIN, or full card number—payment processors handle that separately.
Activity and device data
We track your login timestamp, device type (Android phone, iOS browser, etc.), IP address, and game selections. We use this to detect unusual account behaviour, prevent unauthorised access, and improve platform performance. If you access surgalotre from Jakarta one day and Surabaya the next, we flag this but do not block it unless it shows signs of fraud.
How We Share Your Data
Payment processors
When you fund your surgalotre account via e-wallet, mobile banking, local payment, or other e-wallets, or via online payment and other banks, those providers handle your transaction. We do not receive or store your payment credentials. The e-wallet or bank receives your amount, confirms the transfer, and reports it to us. We then credit your account.
We share only your transaction ID, amount, and account ID with payment processors—not your full ID or address. Each processor maintains their own privacy policy.
Law enforcement and compliance
We may disclose your data to Indonesian law enforcement, financial regulators, or tax authorities if required by law. We will not volunteer information without a valid legal order. If we receive a request, we will attempt to notify you unless the law forbids it.
We share your data only where law requires it or where you explicitly ask us to—never for marketing, never for profit, never for convenience.
Cookies and Tracking
We use cookies to keep you logged in, remember your preferences, and detect bot activity. We do not use cookies to track you across other websites. When you close your browser, some cookies expire. Others persist for up to one year so we can recognise returning users and improve their experience.
You can disable cookies in your browser settings, but some surgalotre features may not work without them. We do not use third-party advertising cookies or analytics trackers that follow you outside surgalotre.
Your Rights and Data Retention
Your rights on surgalotre
You have the right to access your data, request corrections, and ask us what we hold about you. To exercise these rights, contact us with your account email. We will respond within 14 days.
You can request deletion of your account, but we may retain transaction records for legal or regulatory reasons. If your account has an outstanding balance, we will hold enough data to settle it or process a refund. Once the balance is resolved, we delete personal information where law allows.
You cannot delete payment history if it relates to a dispute or regulatory inquiry. We keep that data for the investigation period plus two additional years.
Data retention
We keep your identity data (name, ID, address) as long as your account is active. After you close your account, we retain it for six years to comply with Indonesian financial law. Transaction history is kept for two years minimum. Game logs are kept for one year.
We delete login sessions after 90 days of inactivity. We purge device logs after six months. If you do not access surgalotre for two years, we may deactivate your account and begin retention-period data deletion.
Data security and overseas transfers
We encrypt data in transit (HTTPS) and at rest (AES-256). We do not guarantee that our servers sit only in Indonesia—some servers may be in other countries. By using surgalotre, you consent to this overseas processing where necessary for platform stability and security.
We limit staff access to your data and use two-factor authentication internally. If we detect a breach, we will notify you within 72 hours and explain what data was exposed.
Contact and updates
If you have privacy questions, email us or use the contact form on surgalotre. We aim to respond within 48 hours. We may update this policy from time to time. Material changes will be announced via email. Your continued use of surgalotre after notification means you accept the update.