grahaspin Platform Privacy Notice

This page describes what data we collect when you use grahaspin and how we keep that data protected. We collect your email address, identity documents, proof of address, payment information, and activity logs to operate our platform securely and comply with regional gaming regulations. Your data is stored on servers located outside your jurisdiction and processed according to international security standards.

Our privacy practices reflect our commitment to transparency. We do not sell your personal information to third parties. We share data only with payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and banks including mobile banking, local payment, online payment, e-wallet) and compliance partners where necessary to process your deposits, withdrawals, and account verification. All processors are bound by confidentiality obligations.

This notice applies to all grahaspin users across supported jurisdictions including Jakarta, Surabaya, Bandung, Medan, and Semarang. If you have questions about your data or grahaspin's privacy practices, our support team is available to clarify.

What Data We Collect on grahaspin

We collect personal data in stages. During account signup, we request your email address, password, and basic profile information (name, date of birth). For account verification, we collect identity documents (KTP, passport, or regional ID) and proof of address (utility bill, rental agreement, or recent bank statement).

When you deposit funds on grahaspin, we receive payment information from your payment provider. We do not store your full card numbers or e-wallet credentials on our servers; payment processors retain that sensitive data and share only confirmation tokens with us. We record the deposit amount, method, date, and your account balance before and after each transaction.

When you play on grahaspin—whether live-dealer tables, sportsbook markets, or slot games—we record your bets, game outcomes, session duration, and balance changes. We also log your IP address, device type, browser, and approximate geographic location derived from your IP. This activity data helps us detect fraud, investigate disputes, and understand usage patterns.

We may also collect communications you send us via support channels, live-table chat, or email. These messages help us resolve your issues and improve our service. We retain this communication history for one year after your final interaction, then delete it unless a dispute is pending.

Data minimisation on grahaspin: We collect only data necessary to operate the platform, process payments, and comply with regulations. We do not request additional personal information beyond what is needed for these purposes.

How We Use Your Data

We use your identity documents to verify your account. Our compliance team reviews your KTP or passport to confirm your legal identity and check against sanctions lists or known fraud databases. We compare your proof of address to confirm your residential status. This verification protects your account from takeover and ensures grahaspin remains a compliant platform.

We use your payment information to process deposits and withdrawals. When you request a withdrawal, we verify that the withdrawal destination matches your original deposit source. We share your deposit and withdrawal records with payment processors to complete transactions and meet their compliance obligations.

We use your activity logs to detect fraud and investigate disputes. If your account shows unusual patterns—sudden large withdrawals, rapid betting, or bets from unusual locations—we may flag the account and contact you to verify. If you report a disputed bet, we review your activity logs and the dealer's records to settle the dispute.

We use your email to send account notifications, deposit confirmations, withdrawal status updates, and important policy changes. We do not send marketing emails unless you explicitly opt in. You can disable non-critical notifications at any time in your account settings.

Third-Party Data Processors

We do not sell your data to third parties. However, we share your data with the following categories of processors for operational purposes:

  • Payment processors: DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet. They receive your name, account details, and transaction amounts to execute deposits and withdrawals.
  • Identity verification services: Third-party compliance companies verify your documents against sanctions lists. Your KTP or passport image is shared with these vendors only.
  • Live-dealer studios: Our broadcast partners (not affiliated with grahaspin directly) receive your username and betting data during live sessions. They do not receive your personal identity or payment information.
  • Data hosting providers: Our servers are hosted by cloud infrastructure companies. These providers have access to your encrypted data but are contractually bound to confidentiality.

Data Security and Storage

We employ industry-standard encryption (TLS 1.2+) for all data in transit between your device and our servers. Data at rest is encrypted using AES-256 standards. Our servers perform daily backups; backup copies are encrypted and stored in geographically separated locations.

Our servers may sit outside your jurisdiction—typically in Southeast Asia or international cloud regions. This global infrastructure helps us maintain service availability during regional outages. You acknowledge that data processed outside your country may be subject to different legal protections than your local laws provide.

We conduct annual security audits and penetration testing to identify vulnerabilities. We maintain a security incident response plan; if a data breach occurs, we will notify affected users within 30 days and inform relevant authorities as required by law.

Your Rights and Data Access

You have the right to request a copy of all personal data we hold about you. Submit a data access request via our support email, including your account email and a government-issued ID copy for verification. We will provide your data within 30 days in a portable, machine-readable format (typically CSV or JSON).

You may request correction of inaccurate data. If you believe your identity information or contact details are incorrect, contact our support team with evidence of the correction. We will update your records within five business days.

You have the right to request account closure. When you close your account, we retain your data for seven years to satisfy gaming regulatory requirements and fraud-prevention obligations. After seven years, we delete your personal information unless a dispute or investigation is pending.

Regulatory retention requirements

We retain your data for seven years after account closure to comply with gaming regulations and anti-money-laundering obligations. This retention period may be extended if a dispute is active or an investigation is underway.

Cookies and Tracking

We use session cookies to maintain your login state while you browse grahaspin. These cookies expire when you close your browser or log out. We do not use persistent cookies to track you across sessions without your consent.

Our website may use analytics tools to monitor page traffic, user behaviour, and technical errors. These tools may set cookies to track repeat visitors anonymously. You can disable analytics tracking via your browser's privacy settings or opt-out mechanisms on our website.

Jurisdiction and Legal Basis

grahaspin operates in supported jurisdictions where online gaming complies with local law. Our privacy practices comply with regional data protection standards. Users are responsible for verifying that their use of grahaspin complies with their own jurisdiction's regulations.

We may disclose your data if required by law—for example, if a court orders us to provide information for a legal proceeding or if we are required to report suspected fraud to authorities. We will notify you of such legal demands unless prohibited by law from doing so.

Contact Us About Privacy

If you have questions about our privacy practices, data handling, or grahaspin's policies, contact our support team via in-app messaging, email, or live chat. We respond to privacy inquiries within five business days. For formal data access requests or complaints, include "Privacy Request" in your subject line.

grahaspin Privacy – Secure, Transparent, Compliant

We at grahaspin collect only essential data to operate our platform, process payments, and comply with regulations. We protect your data with encryption, secure storage, and annual audits. We do not sell your information to third parties; we share data only with payment processors and compliance partners where necessary.

Your privacy rights are central to our relationship with you. You can request access to your data, correct inaccuracies, and close your account at any time. Our support team is available to answer questions about your data or our privacy practices across all supported regions including Jakarta, Surabaya, Bandung, Medan, and Semarang.