mpoapiPrivacy Policy
This page describes what we collect when you use mpoapi and how we keep that data protected. We operate our platform across multiple jurisdictions, so your information may be processed and stored in locations outside your home country. We are transparent about our data practices and committed to safeguarding your personal information throughout your account lifecycle.
Our mpoapi platform handles sensitive data—identity documents, bank account details, payment method information, and betting history. We treat this data with care and use industry-standard encryption to prevent unauthorised access. This policy explains what we collect, who we share it with, how long we retain it, and what rights you have over your information.
We collect data for three main reasons: account verification and fraud prevention, payment processing and settlement, and service improvement. We do not sell your data to third parties. We do share limited information with payment processors, banks, and regulators where required by law.
Data We Collect on mpoapi
When you register an account on mpoapi, we collect your full legal name, email address, phone number, and date of birth. During verification, we ask you to upload a government-issued ID (passport, national ID card, or driver's licence). We scan this document using optical character recognition (OCR) software to extract your identity details and verify authenticity.
Once verified, we collect payment information—bank account numbers, e-wallet account details, and linked card information—from DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet. We do not store your banking passwords or PIN codes. We encrypt all payment data at rest and in transit.
We collect behavioural data as you use mpoapi—your betting history (wagers placed, amounts, outcomes), game preferences (Liga 1 football markets, live blackjack, Sakong tables), session times, device type, and IP address. We use this data to personalise your experience, detect fraud, and improve our platform. We also collect page-visit data through standard web analytics (Google Analytics, Hotjar)—this shows us which pages users visit most frequently and where they encounter difficulties.
Third-Party Data Processors on mpoapi
Our mpoapi platform relies on third-party services to process your data:
- Payment processors: Stripe, PayPal, and local payment aggregators connect mpoapi to mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and Indonesian banks. These processors see your transaction details (amounts, dates, linked account identifiers) but not your full banking credentials.
- Analytics providers: Google Analytics and Hotjar track your site behaviour anonymously. They see aggregated patterns, not individual identity information.
- Email and SMS providers: SendGrid (email) and Twilio (SMS) send you verification codes and account notifications. They see your email address and phone number but no betting data.
- ID verification services: IDology and Au10tix scan and verify your identity documents. They perform OCR extraction and liveness checks. We do not retain their copies of your ID indefinitely—verification results are stored on our servers for 90 days, then deleted.
- Regulators and law enforcement: We may disclose account and transaction data to Indonesian authorities if required by court order, warrant, or legal process.
How Long We Keep Your Data
We retain your identity information (name, date of birth, ID scan results) for as long as your mpoapi account remains active, plus seven years after account closure. Indonesian financial regulations require this seven-year retention for transaction records. Your betting history is retained for five years to support account statement requests and dispute resolution.
We delete payment method records 90 days after you unlink them from your account, unless you initiate a chargeback or dispute—in which case, we retain the data for the duration of the dispute plus two years. Payment processor records (transaction receipts, settlement confirmations) are retained for ten years to comply with banking regulations.
Analytics data (page visits, session times, device type) is aggregated and anonymised. We retain aggregated reports indefinitely, but individual session IDs are deleted after 24 months. If you request account deletion, we remove your name, email, phone, and betting history within 30 days—but we retain anonymised transaction records for seven years as required by law.
Your Rights on mpoapi
You have the right to request a copy of all personal data we hold about you. Contact our support team to submit a Subject Access Request (SAR). We will compile your data and send it to you within 30 days. We also support data portability—we can export your betting history, account statements, and transaction records in standard formats (CSV, PDF).
You have the right to correct inaccurate data. If your name, address, or phone number is wrong on your mpoapi account, navigate to Account Settings and update it yourself. If you believe your identity data was entered incorrectly during verification, contact us to file a correction request—we will re-verify your identity with a new document upload.
You have the right to request erasure of certain data (the "right to be forgotten"), subject to legal holds. We cannot delete transaction records if they are required for regulatory compliance or active disputes. You can request deletion of your browsing history (analytics data) and optional marketing preferences.
We operate under Indonesian and jurisdiction-specific data laws.
Our servers are located in Indonesia and Singapore. Data transfers to third-party processors may cross borders. By using mpoapi, you consent to this international processing.
Cookies, Security, and Contact
Our mpoapi platform uses cookies to maintain your login session, remember your preferences (preferred payment method, favourite game categories), and measure traffic patterns. Cookies are small text files stored on your device. You can disable cookies in your browser settings, but this may prevent you from logging into mpoapi or completing transactions.
We do not use third-party cookies for tracking or advertising. We use only first-party functional cookies (essential for login and payment) and analytics cookies (Google Analytics, Hotjar—optional, can be disabled). We do not set retargeting or behavioural advertising cookies.
Our mpoapi servers use TLS 1.2+ encryption for all data in transit. Stored data is encrypted using AES-256 encryption at rest. We conduct annual security audits and penetration testing. We maintain firewalls, intrusion detection systems, and regular backup procedures. However, no security system is perfect—if you believe your mpoapi account has been compromised, change your password immediately and contact our support team.
If you have questions about this privacy policy, requests to access your data, or concerns about our practices, contact us:
- Email: [email protected]
- Support chat: Available in-app during business hours (Jakarta time, Monday-Friday 9 AM–6 PM, Saturday-Sunday 10 AM–4 PM)
- Mailing address: Available on request via email
We last updated this policy in the current calendar year. We will notify you of material changes via email to your registered address. Your continued use of mpoapi after policy changes indicates acceptance of the updated terms. Services on mpoapi are available only where local law permits—you are responsible for verifying compliance with your jurisdiction's regulations.