emas36 Privacy Policy
This page describes what data we collect when you use emas36 and how we keep that information protected. We collect personal information — email, identity documents, payment details — to verify your identity, process deposits and withdrawals, and comply with anti-money-laundering regulations. Your data is encrypted and stored on secure servers; we do not sell your information to third parties without your consent.
We at emas36 operate in jurisdictions across Southeast Asia, including Jakarta, Surabaya, Bandung, Medan, and Semarang. Our servers may be located outside your home country. By using emas36, you consent to data processing in these locations and agree to the security measures we describe below.
This policy covers data collection, use, storage, retention, your rights, and how to contact us with privacy concerns.
What Data We Collect on emas36
When you create an account on emas36, we collect your email address and username. During identity verification, we request a government-issued ID (passport, national ID card, or equivalent) and proof of address (utility bill, rental agreement, or bank statement). We scan and store these documents on encrypted servers. We do not request or store biometric data.
When you deposit or withdraw, we collect payment information — the account number, e-wallet ID, or bank details you provide. We do not store plaintext payment credentials. Instead, we use tokenisation: your payment details are converted to a reference token, which we retain. The actual credential is held by our payment partner (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet), not by emas36.
We collect session data — IP address, device type, browser information, and login timestamps. This data helps us detect fraud and unauthorised access. We also log game outcomes, bets placed, and account transactions for regulatory compliance and dispute resolution. This activity log is retained for 12 months.
We do not actively collect location data, but your IP address may reveal approximate geographic information. We use this to verify that you are accessing from a supported jurisdiction. We do not sell, share, or disclose your IP address or location to advertisers.
How We Use Your Data
We use your email to send account confirmations, password-reset links, security alerts, and withdrawal notifications. We do not send marketing emails unless you opt in. You can unsubscribe from marketing communications at any time via your account settings.
We use identity documents to verify your identity, prevent fraud, and comply with Know Your Customer (KYC) and anti-money-laundering (AML) regulations. If your documents appear fraudulent or cannot be verified, we deny account access and close your account without refund.
We use payment information to process deposits and withdrawals. Our payment partners — mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment — handle the actual transfer; we do not have direct access to your bank account or e-wallet credentials.
We use session data (IP, device, browser) to detect fraudulent access attempts, prevent account takeover, and identify geographic anomalies. If we detect access from an unusual location or device, we may require you to re-verify your identity via email before allowing withdrawal.
We use game outcome logs to resolve disputes. If you contest a hand result or payout, our compliance team reviews the video record (for live tables) or RNG logs (for slots) and compares these against the transaction record to verify the outcome.
-
1
Account verificationPrimary use
We use identity documents and email to confirm who you are and prevent duplicate accounts.
-
2
Deposit and withdrawal processingPayment flow
We share tokenised payment details with our payment partners to execute transfers.
-
3
Fraud detectionSecurity
We analyse session data and transaction patterns to identify and block fraudulent activity.
-
4
Dispute resolutionCompliance
We retain game logs and transaction records to investigate account disputes and verify outcomes.
-
5
Legal and regulatory complianceObligation
We report suspicious activity to financial intelligence units and comply with anti-money-laundering laws.
Data Storage and Security on emas36
We store your data on encrypted servers in secure data centres. We use TLS 1.2+ encryption for all data in transit — between your browser/app and our servers. At rest, sensitive data (identity documents, payment tokens, session logs) is encrypted using AES-256 or equivalent. We do not claim "unhackable" or "military-grade" security; all systems are vulnerable to sophisticated attacks, but we maintain industry-standard protection.
We limit employee access to personal data on a need-to-know basis. Support staff can view your email and transaction history but not your identity documents or full payment credentials. Compliance officers have broader access for fraud investigation purposes. All staff sign confidentiality agreements.
Our servers may be located outside your jurisdiction — typically in Singapore, Malaysia, or other Southeast Asian regions. By using emas36, you consent to this cross-border data transfer. Data protection laws in these regions may differ from your home country; we maintain equivalent safeguards regardless of server location.
Third-Party Processors and Data Sharing
We share tokenised payment information with our payment partners (online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) to process deposits and withdrawals. These partners are contractually bound to protect your data and use it only for payment processing.
We may disclose personal information to law enforcement or financial intelligence units if we suspect money laundering, fraud, or other illegal activity. We do not seek your consent before making such disclosures; we comply with legal orders and regulatory obligations.
We do not sell or rent your personal data to advertisers, data brokers, or marketing firms. We do not use your data for targeted advertising on third-party platforms. We do not share your email or identity information with competitors or unrelated businesses.
Your Rights and Data Retention
You have the right to access your personal data. Request a data export via our support team; we provide a downloadable file of your email, phone (if provided), transaction history, and KYC documents within 10 business days. This export is for your records only; we do not restrict your ability to request it multiple times.
You have the right to request correction of inaccurate data. If your identity document has changed or your address has been updated, notify our support team with proof of the new information. We update your records within one business day.
You have the right to request deletion of your personal data after account closure. We delete email and transaction history 12 months after your account closes. Identity documents are deleted after 12 months. Payment tokens are deleted within 48 hours of account closure. We may retain anonymised data (e.g., aggregate game statistics with no identifying information) indefinitely for platform analytics.
We retain active account data indefinitely unless you request deletion. After account closure, we retain data for 12 months to investigate disputes and comply with AML reporting requirements. We do not restore deleted data; deletion is permanent.
Your data protection steps
- Request data export anytime to review what we store about you.
- Update your profile information if your identity or address changes.
- Request account deletion; data is removed per the retention schedule above.
- Enable two-factor authentication (2FA) via email for added account security.
- Contact our privacy officer if you believe we have mishandled your data.
Cookies and Tracking Technologies
We use cookies to remember your login session and store your language preference. These are session cookies (deleted when you close your browser) or persistent cookies (retained for 12 months). We do not use tracking pixels, fingerprinting, or cross-site tracking. We do not allow third-party advertisers to place cookies on our site.
You can disable cookies in your browser settings. Disabling cookies may affect your ability to log in or use certain features. We do not require you to accept non-essential cookies; only session cookies are necessary for functionality.
Contact Us About Privacy on emas36
If you have questions about our privacy practices or wish to exercise your data rights, contact our support team. We respond to data access requests within 10 business days. We respond to privacy inquiries in English and Indonesian via live chat, email, or phone.
For serious privacy concerns, you may escalate to our Data Protection Officer. Submit a formal complaint with details of your concern; our DPO reviews escalations within 5 business days and responds with findings and any corrective actions we undertake.
Summary: emas36 Data Protection Commitments
We collect email, identity documents, and payment information to verify accounts, process transactions, and comply with regulations. We use TLS 1.2+ encryption and AES-256 at rest; we do not store plaintext credentials. We do not sell your data to third parties. We share tokenised payment details with payment processors only to execute transfers.
We retain active account data indefinitely; after closure, we delete personal data within 12 months per regulatory requirements. You have rights to access, correct, and request deletion of your data. Our servers may be outside your jurisdiction, but we maintain equivalent security and privacy standards. We notify you of data breaches within 48 hours.
For privacy questions or to exercise your rights, contact our support team or escalate to our Data Protection Officer. Our response commitment is 10 business days for data requests and 5 business days for escalations.