cipit Privacy Policy

This page describes what we collect when you use cipit and how we keep that data protected. We operate an online entertainment platform offering football markets, live-dealer tables, slot games, and esports coverage. Your privacy is central to how we handle your account information, transaction history, and personal documents.

We collect only the information necessary to verify your identity, process your deposits and withdrawals, and comply with applicable law. We do not sell your data to third parties, and we do not use it for marketing without your explicit consent. Every piece of data you provide to cipit is encrypted, logged, and accessible only to authorized staff members who need it to serve your account.

Our infrastructure spans multiple secure data centres. Some of our servers may sit outside your jurisdiction, but all data transfers are encrypted and subject to the same protection standards regardless of location. This policy explains our practices in detail and your rights under applicable privacy law.

What We Collect and Why

When you open an account on cipit, we collect your full name, email address, phone number, and date of birth. We use this information to create your account, send you transaction confirmations, and contact you if we detect unusual activity or need to verify your identity.

Before you can deposit, we require KYC (Know Your Customer) verification. We ask you to upload a copy of your identity document — passport, national ID, or driver's licence — and proof of your residential address, such as a utility bill or bank statement. We use these documents only to confirm that you are who you claim to be and that you are not on any sanctions list. Once verified, we store these documents securely and do not share them with external parties unless required by law.

We also collect transaction data: every deposit, withdrawal, bet, and game outcome is logged with a timestamp, amount, and outcome. This audit trail helps us detect fraud, resolve disputes, and comply with financial reporting obligations. We retain this data for the period required by law, then securely delete it unless you request otherwise.

How We Use Your Data

Our primary use of your data is to operate your account on cipit. We verify your identity, process your deposits via DANA, e-wallet, mobile banking, local payment, online payment, or direct bank transfer (e-wallet, mobile banking, local payment, online payment), and handle your withdrawal requests. We also use your data to:

  • Send you account statements, transaction confirmations, and security alerts.
  • Investigate disputes, fraud claims, or account recovery requests.
  • Comply with anti-money-laundering (AML) and counter-terrorism-financing (CTF) regulations.
  • Improve our platform's security and performance through anonymized analytics.
  • Contact you about service updates or changes to our terms (not marketing, unless you opt in).

We do not use your data to profile you, build a credit score, or sell insights to advertisers. We do not share your personal information with third parties except where required by law or to process your transactions (e.g., payment processors, identity verification vendors). All third-party processors are bound by confidentiality agreements and must meet our security standards.

Note: We may contact you during major holidays such as Idul Fitri or Idul Adha if we detect account activity that requires verification, but we do not send promotional messages without your consent.

Cookies and Tracking

When you access cipit on your mobile device or desktop browser, we use cookies and similar tracking technologies to remember your login session, store your preferences, and measure how you use our platform. These cookies are essential for security and functionality — they help us prevent unauthorized access and detect suspicious login attempts.

We do not use cookies to track you across other websites or to build a profile for advertising purposes. You can disable cookies in your browser settings, but doing so may prevent you from logging into your cipit account or using certain features.

Your Rights and Data Access

You have the right to request a copy of all personal data we hold about you. Contact our support team with your account number, and we will provide a complete export of your profile, transaction history, and verification documents within 14 days. You also have the right to request corrections if any information is inaccurate.

If you wish to close your cipit account and have your data deleted, we will remove your personal information from our active systems within 30 days. We retain transaction records and verification documents only as long as required by law, then securely destroy them. Some data may be retained in backup systems for a limited period for security and compliance purposes.

Data Security and Breach Notification

We protect your data using industry-standard encryption, firewalls, and access controls. Our servers are monitored 24 hours a day for unauthorized access attempts. We conduct regular security audits and penetration testing to identify and fix vulnerabilities before they can be exploited.

If we discover a data breach that affects your personal information, we will notify you within 72 hours and explain what happened, what data was compromised, and what steps we are taking to prevent recurrence. We will also provide guidance on how to protect your account — for example, by resetting your password or enabling two-factor authentication.

Our support team responds to security concerns within 24 hours. If you suspect unauthorized access to your cipit account, contact us immediately via the channels listed on our website. We can freeze your account, review your transaction history, and help you recover access.

Jurisdiction and Legal Compliance

Our services are available only where local law permits. We comply with the privacy and data-protection laws of the jurisdictions in which we operate. If you are accessing cipit from Jakarta, Surabaya, Bandung, or Medan, your data is subject to Indonesian privacy standards and our own internal policies, which meet or exceed those standards.

If you have a privacy complaint or believe we have mishandled your data, you can contact our support team or lodge a formal complaint with the relevant data-protection authority in your jurisdiction. We will investigate and respond within 30 days.

Key privacy commitments

  • We collect only data necessary to operate your account and comply with law.
  • We encrypt all data in transit and at rest; we do not sell your information.
  • We retain transaction records and verification documents only as long as required by law.
  • You can request a copy of your data or request deletion within 30 days of account closure.
  • We notify you of any data breach within 72 hours and provide guidance on account recovery.

This privacy policy is current as of the date shown on our website. We review and update it periodically to reflect changes in our practices or applicable law. If we make material changes, we will notify existing users via email or in-app notification.

For questions about how we handle your data or to exercise your privacy rights, contact our support team. We respond to data-access requests and privacy inquiries within 14 days.