ormas Platform Privacy Notice

This page describes what we collect when you use ormas and how we keep that data protected. We collect personal information only to operate our platform, process your payments, verify your identity, and comply with legal obligations. We do not sell your data to third parties, and we do not use it for marketing purposes beyond account notifications.

Our privacy practices are designed around transparency. We explain what we collect, why we collect it, how long we keep it, and who has access to it. You have rights over your data—you can request access, correction, or deletion subject to legal and operational constraints. This notice applies to all users of ormas, whether you access our platform from Jakarta, Surabaya, Bandung, Medan, or any other supported jurisdiction.

If you have questions about our privacy practices, contact our support team via email or live chat. We respond to all privacy inquiries within standard compliance timelines.

What Data We Collect on ormas

We collect data in several categories. First, account information: your email address, password (encrypted), full name, date of birth, phone number, and residential address. We require this information to create your ormas account and verify your identity before you can withdraw funds. Second, payment information: when you deposit via DANA, e-wallet, mobile banking, local payment, or bank virtual accounts (online payment, e-wallet, mobile banking, local payment), we record the payment method, amount, timestamp, and transaction ID. We do not store your payment credentials (card numbers, wallet passwords) on our servers; payment processors handle that data directly.

Third, identity verification documents: when you submit your government ID and proof of address, we store scanned copies securely. We use these documents only to verify your identity and comply with anti-money-laundering (AML) regulations. Fourth, gameplay data: we record every bet, spin, withdrawal, and account action. This data helps us detect fraud, resolve disputes, and audit our systems. Fifth, device and access data: we log your IP address, browser type, device type, and login timestamps. This helps us secure your account and detect unauthorized access.

Account information: Email, name, date of birth, phone, address — required for account creation and identity verification.
Payment data: Transaction records, amounts, timestamps, and payment method type — stored for reconciliation and compliance.
Identity documents: Scanned government ID and proof of address — stored securely for AML verification only.
Gameplay records: All bets, spins, withdrawals, and account actions — retained for dispute resolution and fraud detection.
Access logs: IP address, browser type, device type, login timestamps — used for security and account recovery.

How We Use Your Data

We use your data for specific, lawful purposes. First, account operation: we use your email and password to authenticate you and maintain your account. Second, payment processing: we use your payment information to process deposits and withdrawals. Third, identity verification: we use your documents to confirm your identity and comply with AML and know-your-customer (KYC) regulations. Fourth, fraud prevention: we analyze your gameplay patterns, access logs, and transaction history to detect suspicious activity and protect your account.

Fifth, dispute resolution: if you dispute a bet or withdrawal, we review your account history and gameplay records to investigate. Sixth, legal compliance: we retain data to comply with tax, anti-money-laundering, and gambling regulations. We may disclose your data to government agencies if required by law. Seventh, customer support: our support team accesses your account information to help resolve issues. We do not use your data for marketing, profiling, or any purpose beyond what is necessary to operate ormas.

Data Retention and Deletion

We retain your data for as long as necessary to operate your account and comply with legal obligations. Account information (email, name, address) is retained for the lifetime of your account plus 7 years after closure, as required by financial regulations. Payment records are retained for 7 years for tax and AML compliance. Gameplay records are retained for 5 years to support dispute resolution and fraud investigation. Identity documents are retained for 7 years and then securely deleted.

You can request deletion of your account and associated data subject to legal constraints. If you request deletion, we will close your account and delete personal information that is not required by law. However, we must retain payment records, identity documents, and gameplay history for the retention periods above to comply with regulations. We will confirm deletion timelines when you submit a deletion request.

Third-Party Data Processors

We use third-party service providers to operate ormas. Our payment processors (online payment, e-wallet, mobile banking providers, and bank partners) handle payment data directly; we do not pass your payment credentials to them—you authenticate directly with them. Our hosting provider stores our servers and databases; our servers may be located outside Indonesia, which means your data may be processed in other jurisdictions. Our email provider sends account notifications and password reset links. Our identity verification provider (third-party KYC service) processes your documents to verify your identity; we share only the documents you submit, not your gameplay data.

All third-party processors are contractually bound to protect your data and use it only for the purposes we specify. We do not sell your data to advertisers, data brokers, or any other third parties. We do not share your gameplay history or account balance with anyone outside ormas except where required by law.

We at ormas treat your data as a trust. We collect only what we need, protect it with industry-standard encryption, and delete it when no longer required.

ormas privacy team

Your Rights and Data Subject Requests

You have rights over your data under applicable privacy laws. You can request access to all data we hold about you; we will provide a copy within 30 days. You can request correction of inaccurate data; we will update it and confirm the change. You can request deletion of your data subject to legal retention requirements; we will delete what we can and explain what must be retained. You can request restriction of processing; we will limit how we use your data while we investigate your request.

To exercise these rights, contact our support team with your request. Include your account email and a clear description of what you are requesting. We will verify your identity before processing your request. We do not charge fees for these requests unless they are excessive or repetitive. We respond to all data subject requests within 30 days or notify you if we need more time.

Cookies and Tracking

We use cookies to operate ormas. Session cookies store your login token so you remain authenticated while using our platform; these expire when you close your browser. Persistent cookies remember your preferences (language, theme) across sessions; you can delete these via your browser settings. We do not use tracking cookies for advertising or analytics beyond what is necessary to operate our platform.

You can disable cookies in your browser settings, but this may prevent ormas from functioning correctly. We do not use third-party tracking pixels or analytics services that profile your behavior across websites. Our analytics are limited to aggregate usage data (total logins, total transactions) that does not identify you personally.

Data Security

We protect your data using industry-standard encryption and security practices. All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security). Your password is hashed and salted; we do not store it in plain text. Your identity documents are encrypted at rest and accessible only to authorized staff. Our servers are protected by firewalls, intrusion detection, and regular security audits.

We cannot guarantee absolute security; no system is immune to attack. If we discover a data breach, we will notify affected users within 72 hours and provide guidance on protective steps. We maintain cyber insurance and incident response procedures to minimize harm.

International Data Transfers

Our servers and data processors may be located outside Indonesia. This means your data may be transferred to and processed in other jurisdictions. By using ormas, you consent to this transfer. We ensure that all international transfers comply with applicable data protection laws and are protected by contractual safeguards (data processing agreements) that require the same level of protection as Indonesian law.

Changes to This Privacy Notice

We may update this privacy notice from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or by posting a notice on ormas. Your continued use of ormas after changes take effect constitutes acceptance of the updated notice. We encourage you to review this notice periodically.

Contact ormas

If you have questions about our privacy practices, want to exercise your data rights, or have a privacy concern, contact our support team. We are available via email and live chat in English and Indonesian. We respond to all privacy inquiries within 5 business days. You can also contact us if you believe we have violated your privacy rights; we will investigate and take corrective action if necessary.

Our commitment to privacy is fundamental to how we operate ormas. We believe that protecting your data builds trust and allows you to use our platform with confidence. Thank you for entrusting us with your information.