deimos Platform Privacy Notice

This page describes what we collect when you use deimos and how we keep that data protected. We collect personal information to verify your identity, process your deposits and withdrawals, and provide customer support. Our commitment is to handle your data transparently and securely, following industry standards and applicable Indonesian data-protection law.

We store your information on encrypted servers and limit access to authorised staff only. We do not sell your personal data to third parties. We share information only with payment processors, identity-verification services, and regulatory authorities when required by law. This notice explains our practices in detail so you understand what happens to your information on deimos.

Our services are available only where local law permits. Users are responsible for verifying that access and use comply with their own jurisdiction's law.

What data we collect on deimos

When you create an account on deimos, we collect the following information:

• Account registration data: Your email address, password (encrypted), full name, date of birth, and phone number.
• Identity documents: During KYC verification, we collect scans or photos of your national ID, passport, or driver's license, plus proof of address (utility bill, bank statement, or lease agreement).
• Payment information: When you deposit or withdraw, we collect transaction details—the amount, date, payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer), and your bank account or e-wallet identifier.
• Account activity: We log your gameplay history, tournament participation, wins and losses, and account balance changes. This data helps us detect fraud and resolve disputes.
• Device and browser information: We collect your IP address, device type, operating system, and browser type to improve security and platform performance.
• Communication data: If you contact our support team, we keep records of your messages, emails, and any attachments you send.

We collect this data to operate deimos, verify your identity, process payments, prevent fraud, and provide customer support. We do not collect data beyond what is necessary for these purposes.

How we use your data

We use the information we collect on deimos for the following purposes:

• Account management: We use your email and phone to send account notifications, password resets, and security alerts.
• Identity verification: We verify your identity documents to comply with KYC regulations and prevent fraud.
• Payment processing: We share your payment details with our payment processors (e.g. mobile banking, local payment, online payment, bank partners) to complete deposits and withdrawals.
• Fraud detection: We analyse your account activity, IP address, and device information to detect suspicious behaviour and protect your account.
• Customer support: We use your communication history to resolve disputes, answer questions, and improve our service.
• Legal compliance: We may share data with Indonesian regulatory authorities if required by law or court order.
• Platform improvement: We use anonymised data to understand how players use deimos and improve our games, tournaments, and features.

We do not use your data for marketing purposes without your explicit consent. We do not send promotional emails or SMS unless you have opted in.

Third-party processors and data sharing

We work with third-party service providers to operate deimos. These partners have access to your data only to the extent necessary to perform their functions:

• Payment processors: e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, and Indonesian banks (local payment, online payment, e-wallet, mobile banking) receive your payment details to process deposits and withdrawals.
• Identity verification services: We use third-party KYC providers to verify your identity documents. These services are bound by confidentiality agreements.
• Cloud hosting providers: Our servers may be located outside Indonesia. Your data is encrypted in transit and at rest.
• Customer support platforms: We use third-party tools to manage support tickets and communication history.
• Regulatory authorities: We may share data with Indonesian financial regulators, tax authorities, or law enforcement if required by law.

All third-party processors are contractually obligated to protect your data and use it only for the purposes we specify. We do not sell your data to advertisers, data brokers, or other commercial entities.

KYC (Know Your Customer)

The process of verifying a customer's identity and address. Required by law to prevent fraud and money-laundering.

Encryption

A security method that converts your data into a code that only authorised parties can read. We use SSL encryption for data in transit and AES encryption for data at rest.

Data processor

A third party (e.g. payment provider, cloud host) that processes your data on our behalf under a contract.

Anonymised data

Data that has been stripped of identifying information so it cannot be linked back to you. We use this for analytics and platform improvement.

Your rights and data access

You have the following rights regarding your data on deimos:

• Right to access: You can request a copy of all personal data we hold about you. Contact our support team with your account email.
• Right to correction: If your data is inaccurate, you can update it through your account settings or request our help.
• Right to deletion: You can request deletion of your account and associated data, subject to legal retention requirements (e.g. we may retain transaction records for tax purposes).
• Right to data portability: You can request your data in a portable format (e.g. CSV) so you can transfer it to another service.
• Right to object: You can opt out of non-essential communications (e.g. promotional emails) at any time.

To exercise any of these rights, contact our support team through your deimos account. We respond to requests within 30 days. Some requests may take longer if they require investigation or involve third-party processors.

Cookies and tracking

We use cookies and similar tracking technologies on deimos to improve your experience:

• Session cookies: These keep you logged in while you use deimos. They expire when you close your browser.
• Preference cookies: These remember your language, theme, and other settings so you do not have to reset them each visit.
• Analytics cookies: We use these to understand how players navigate deimos, which games are popular, and where we can improve.
• Security cookies: These help us detect fraud and protect your account from unauthorised access.

You can control cookies through your browser settings. Disabling cookies may affect your ability to use deimos fully. We do not use third-party advertising cookies or share your browsing data with advertisers.

Data retention and deletion

We retain your data for as long as your account is active and for a period after closure to comply with legal obligations. Here is our retention schedule:

• Account data: Retained while your account is active. After closure, we retain it for 7 years for tax and regulatory purposes.
• Transaction records: Retained for 7 years to comply with Indonesian financial regulations.
• Identity documents: Retained for 3 years after account closure, then securely deleted.
• Support communications: Retained for 2 years, then deleted unless needed for dispute resolution.
• Device and IP logs: Retained for 90 days for security purposes, then deleted.

If you request account deletion, we delete your data according to this schedule. Some data may be retained longer if required by law or if there is an active dispute or investigation.

Security measures on deimos

We protect your data using industry-standard security practices:

• SSL encryption: All data transmitted between your device and our servers is encrypted using SSL/TLS protocols.
• Password encryption: Your password is hashed and salted so we cannot read it even if our servers are compromised.
• Two-factor authentication: You can enable 2FA on your deimos account for additional security.
• Access controls: Only authorised staff can access your data, and access is logged and monitored.
• Regular audits: We conduct security audits and penetration testing to identify and fix vulnerabilities.
• Incident response: If we detect a data breach, we notify affected users and authorities as required by law.

While we take security seriously, no system is completely risk-free. We encourage you to use a strong password, enable 2FA, and keep your login credentials confidential.

Contact and complaints

If you have questions about our privacy practices on deimos, contact our support team through your account dashboard. We respond during business hours (Monday–Friday, 09:00–17:00 UTC+7).

If you believe we have mishandled your data or violated your privacy rights, you can file a complaint with us or with the Indonesian Data Protection Authority. We take all complaints seriously and investigate them promptly.

Policy updates

We may update this privacy notice from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or through a prominent notice on deimos. Your continued use of deimos after such changes constitutes your acceptance of the updated policy.

This privacy notice was last updated in 2026. We review it annually and update it as needed.

Summary of our deimos privacy commitment

We collect personal data on deimos only to operate the platform, verify your identity, process payments, and provide support. We encrypt all data, limit access to authorised staff, and do not sell your information to third parties. We share data only with payment processors and regulatory authorities as required by law.

You have the right to access, correct, and delete your data. We retain data according to legal requirements and delete it securely when no longer needed. We use industry-standard security measures to protect your account and encourage you to enable two-factor authentication.

Our services are available only where local law permits. Users are responsible for verifying that access and use comply with their jurisdiction's law. If you have questions about our privacy practices, contact our support team through your deimos account.