twomad Privacy Policy

What Data We Collect and Why

We collect personal information in two categories: what you provide directly, and what we gather through your use of twomad.

Information you provide: When you open an account, we ask for your full name, date of birth, ID number (e.g., KTP or passport), email address, phone number, and residential address. We collect this during KYC (Know Your Customer) verification, which is mandatory under Indonesian financial regulations and applies to all users regardless of location. Your email and phone are used for account recovery, login verification, and payment confirmations. Your ID number is verified against partner identity databases to confirm you are who you claim to be.

Information we gather automatically: When you use twomad on your Android phone, iOS browser, or desktop, we log your IP address, device type, browser version, and approximate location (city or region level). We track which games you play, how long you're online, and when you log in and out. We record every deposit, bet, and withdrawal with timestamps. This data helps us detect fraud, investigate disputes, and understand platform usage patterns.

Account data

Name, email, phone, ID number, date of birth, address. Collected during account opening and KYC verification.

Payment data

Deposits via DANA, e-wallet, mobile banking, or bank transfer are logged with amount, timestamp, and settlement status. We never store payment card details.

Usage data

IP address, device info, login timestamps, games played, bets placed, withdrawals requested.

Communication data

Emails, messages, and support tickets you send us are kept for dispute resolution and customer service records.

How We Use Your Data

Our use of your data is limited to these purposes:

• Account verification: We verify your identity to prevent fraud and comply with anti-money-laundering (AML) rules.
• Payment processing: Your deposit and withdrawal requests are processed through our payment partners (local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment). We share only the minimum data needed to complete the transaction.
• Regulatory compliance: We maintain records of your account activity to comply with Indonesian and international financial regulations. We may disclose data to government authorities if legally required.
• Fraud and security: We analyse your login patterns, bet history, and device information to detect suspicious activity and protect your account from unauthorised access.
• Customer support: If you contact us about a deposit issue, a game dispute, or account access, we use your data to investigate and respond to your request.
• Platform improvement: We use aggregated, anonymised data to understand how users interact with twomad and identify bugs or performance issues.

We do not use your data for marketing, advertising, or profiling beyond what's necessary to operate your account and comply with law. We do not sell your personal information to third parties.

Third-Party Processors and Data Sharing

Our operations involve third-party service providers. When you deposit via online payment or e-wallet, your transaction data flows through those companies' secure APIs. We share your name and account number (not your full ID or password) with them so they can confirm the deposit. Similarly, when you withdraw, we send your payment method and amount to your bank or e-wallet provider.

We also work with identity-verification partners to confirm your KYC information. These partners access your name, ID number, and date of birth during verification, then discard the data after confirmation. We contractually require all third parties to keep your data confidential and use it only for the purpose we specify.

How Long We Keep Your Data

We keep your account data for as long as your account is active. If you close your account, we retain your data for six years to comply with Indonesian financial record-keeping requirements. After that, we delete or anonymise your personal information unless we're required by law to keep it longer.

We retain transaction records (deposits, bets, withdrawals) for a minimum of five years. This is standard in the gaming and financial services industry and helps us respond to disputes and regulatory inquiries. We may also retain communication records (emails, support tickets) for one year after your last interaction with customer support.

Your Rights Regarding Your Data

We recognise your right to know, access, correct, and request deletion of your personal data. Here's how to exercise these rights on twomad:

• Right to access: You can view your account data, transaction history, and settings at any time in your twomad account dashboard.
• Right to correct: If your name, email, or phone number is incorrect, you can update it through your account settings. Changes to protected fields (ID number, date of birth) may require re-verification.
• Right to deletion: You can request deletion of your account and associated data. We will honour deletion requests subject to our legal obligation to retain transaction records for five years.
• Right to data portability: You can request a copy of your account data in a portable format (e.g., CSV). We will provide this within 30 days of your request.

To exercise any of these rights, contact our support team through our FAQ page or send a formal request to the email address on our legal notice page. We will respond to requests within 30 days.

How We Protect Your Data

We encrypt all data in transit using HTTPS (TLS 1.3) and at rest using AES-256 encryption. Your password is hashed and salted; we never store it in plain text. We do not store your payment card details—all card data is processed directly by our payment partners and never touches our servers.

Our data centres are protected by physical security controls, firewalls, and intrusion detection systems. We limit employee access to personal data to those who need it for their job. We also offer two-factor authentication (2FA) on your account; we recommend enabling it for added security.

Cookies and Tracking

We use cookies to keep you logged in to your twomad account and to remember your preferences (e.g., language, theme). Essential cookies are necessary for the platform to function and cannot be disabled. Optional cookies (e.g., for analytics) can be declined.

We also use session tokens to track your login state on your phone and browser. These expire after 24 hours of inactivity, and we recommend logging out on shared devices after each session. If you suspect unauthorised access, reset your password immediately, and we will log out all active sessions.

How to Contact Us About Privacy

If you have questions about this privacy policy, your data, or how we handle your information, you can reach us through our support team. Visit our FAQ for general inquiries or contact us directly using the information on our legal notice page. We will respond to privacy-related questions within 30 days.

Policy Changes and Your Responsibility

We may update this privacy policy from time to time as our practices evolve or regulations change. When we make material changes, we will notify you through your twomad email address or by posting a notice on our homepage. Your continued use of twomad after such changes constitutes your acceptance of the updated policy.

You are responsible for keeping your account credentials confidential. Do not share your password with anyone, and never provide your ID number or payment details to third parties claiming to represent twomad. If you suspect a privacy breach or unauthorised access to your account, contact us immediately. Our team will investigate and take corrective action.

Our services are available only where local law permits. By using twomad, you confirm that your access complies with your jurisdiction's privacy and data-protection laws. For more information about our terms of service and legal obligations, see our terms and conditions and legal notice