LEGAL REFERENCE

How bimaplay Handles Your Account Data

This is our privacy policy page. We've written it so you can see exactly what bimaplay records when you open an account, what we keep on file for...

Data we collectStorage windowsYour access rightsCookie postureContact channels
Explore Games Read FAQ
bimaplay How bimaplay Handles Your Account Data

Our Privacy Posture for Indonesia Accounts

bimaplay processes personal data only where local law permits and only for the supported regions our brand serves. When you register, we record your name, contact details, device fingerprint and the payment instrument you link — DANA, OVO, GoPay or QRIS — so your deposits and withdrawals can be matched to your account. We retain identity records for the period required by

Indonesian financial-conduct rules, then archive or delete them. We don't sell your data to third parties. Marketing consent is opt-in, separate from account consent, and you can pull it back at any time from your dashboard or by writing to our privacy desk.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

SUPPORT

Privacy Contact Paths

If you have a question about your data, reach us through any of these channels. Our privacy desk handles access requests, deletion...

Privacy Desk Email Write to our dedicated privacy mailbox for access...
Live Chat Escalation Open chat from your account header and ask...
Account Dashboard Tools Inside your dashboard you can download a copy...
WHY THIS PLATFORM

How We Review This Policy

Our privacy policy is reviewed on a fixed cycle so it tracks current Indonesian regulation and our internal practice. The signals below show how we keep this page...

Quarterly Review

Every three months our compliance team reads this page line by line against current operations. If a data flow has...

Named Data Officer

A named data protection officer sits behind every privacy decision. Their remit covers consent records, retention windows and breach response...

Vendor Audits

Payment processors, KYC providers and analytics vendors sign data-processing agreements before any account information reaches them. We audit those contracts...

Breach Protocol

If a data incident affects your account, we notify you and the relevant Indonesian authority within seventy-two hours. The protocol...

Plain-Language Drafting

We draft this policy in plain English first, then legal review tightens it. The aim is a page you can...

Version History

Each revision carries a date stamp and a short note describing what moved. You can request prior versions from the...

PLATFORM COMPARISON

Consistency Across Our Policy Pages

Our privacy policy reads the same way as our cookie notice, terms and KYC page. Here's how the wording lines up so you don't get conflicting answers depending on which page you...

01

Data Categories

The same categories — identity, contact, device, payment, gameplay — appear in identical wording on every policy page across the bimaplay site.

02

Retention Windows

Retention periods quoted here match the figures in our terms and KYC pages exactly, so there's no gap between what one page says and another.

03

Consent Language

Consent wording stays consistent: opt-in for marketing, separate from account creation, withdrawable at any time through the same dashboard control.

04

Vendor Disclosure

The list of processor categories — payments, KYC, analytics, hosting — appears the same on cookie and privacy pages, with no mismatched additions.

05

Contact Routing

Every policy page directs privacy questions to the same desk email and chat queue, so your request lands in one place regardless of entry point.

06

Update Cadence

Quarterly review applies to this page, the cookie notice and terms together. Updates ship as a bundle so dates align across the policy set.

07

Jurisdiction Scope

Each page repeats the same scope phrase: bimaplay serves supported regions where local law permits, and that line is identical site-wide.

AT A GLANCE

What This Policy Page Covers

This privacy page is structured around six visible blocks so you can scan to the part that answers your question. Each block below corresponds to a section of the policy you'll find as you...

01
Collection Notice The opening block lists every data point we record at registration and during account use, written as a flat list rather than buried inside paragraphs of legal prose.
02
Purpose Mapping Each data point is tied to a specific purpose — account security, payment matching, regulatory reporting — so you can see why we hold it, not just that we hold it.
03
Retention Table A retention table shows how long each category stays on file, measured in months or years, with the trigger event that starts the clock for deletion.
04
Your Rights Panel A rights panel summarises access, correction, deletion, portability and objection rights, with the exact dashboard path or email subject line that triggers each request.
05
Cookie Cross-Link A short cross-link block points to the dedicated cookie notice for browser-storage detail, keeping this page focused on account-level data rather than tracking technology.
06
Update Log The footer block carries the update log: revision date, summary of change and a contact line if you want the prior version on file for your records.

Privacy Questions We Hear Most

We record your name, date of birth, contact details, device fingerprint and the payment rail you link — DANA, OVO, GoPay or QRIS. Each item ties to a specific account-security or regulatory purpose listed above.

Identity and transaction records stay on file for the period Indonesian financial rules require, typically five years after account closure. Marketing data drops off within ninety days once you withdraw consent through your dashboard.

Yes. Open your account dashboard, head to the privacy panel and request an export. We package your records as a structured file and email the download link within thirty calendar days.

We share only with processors needed to run your account: payment providers, KYC vendors, hosting and analytics. Each signs a data-processing agreement. We don't sell your data or pass it to advertisers.

Toggle the marketing switch off in your dashboard preferences, or reply STOP to any message. The change applies immediately and your account access stays unaffected — marketing consent is separate from service consent.

We notify affected account holders and the relevant Indonesian authority within seventy-two hours of confirming an incident. The notice describes what was exposed, what we've done to contain it and what you should do next.

Write to the privacy desk email shown in the support block above. If our response doesn't resolve your concern, you can escalate to the Indonesian data protection authority using the contact details we'll include in our reply.