Privacy Policy 1xBet

This notice outlines how we process and protect personal data for players residing in Indonesia. It complies with local privacy regulations and the internal standards of 1xBet.

Types of Personal Data We Collect and the Reasons

Below we list the main data categories, together with the lawful purposes for which each set is processed.

• Cookies & tokens — session IDs and preference cookies. Purpose: maintain log-ins, remember language settings, and measure site traffic.
• Identification details — full name, date of birth, and government-issued ID. Purpose: mandatory Know-Your-Customer (KYC) checks and prevention of money-laundering.
• Contact information — email, mobile number, and residential address. Purpose: account activation, service notifications, and security alerts.
• Credentials & balances — username, hashed password, and other 1xBet account information such as wallet balances and transaction logs. Purpose: deliver core betting services, monitor fraud, and generate audit trails.
• Payment data — masked card numbers, e-wallet IDs, and crypto addresses. Purpose: process deposits, withdrawals, and chargebacks in line with financial regulations.
• Technical identifiers — IP address, device model, browser type, and operating system. Purpose: protect logins, detect suspicious activity, and tailor site performance.
• Usage metrics — betting history, game sessions, and preference settings. Purpose: personalise offers, manage bonuses, and compile internal analytics.

How Your Data Is Used and Who May Access It

The following points clarify internal processing routines and outline which parties may legitimately view user records, as required by our privacy policy.

• Service provision — back-end systems reference identification details, contact points, and transactional logs to execute wagers, settle outcomes, and display balances in the 1xBet app.
• Risk and fraud monitoring — a dedicated security team analyses device fingerprints, IP patterns, and betting behaviour to detect account takeover and money-laundering attempts.
• Payment settlement — finance personnel and licensed processors handle masked card digits and e-wallet IDs solely to approve deposits, issue withdrawals, or resolve chargebacks.
• Regulatory reporting — anonymised or pseudonymised extracts may be shared with gambling authorities and tax bodies to demonstrate compliance with AML and KYC regulations.
• Customer support — verified agents access limited profile snapshots (username, recent transactions, bonus status) to answer queries and troubleshoot issues raised via chat or email.
• Marketing personalisation — consent-based segments use activity metrics to deliver tailored promotions; users can opt out at any time in profile settings.
• Data-hosting partners — ISO-27001-certified data centres store encrypted backups, enabling disaster recovery without reading plaintext records.

Our Security Practices and Data Protection Policy

The platform relies on a multi-layer architecture to keep personal records confidential and maintain secure betting conditions at every stage of the session.

• End-to-end encryption — all traffic travels through TLS 1.3 with forward secrecy; sensitive fields such as payment tokens are additionally sealed using AES-256 at rest.
  
• Segregated environments — production databases run in isolated VPCs, while test data is generated synthetically to prevent bleed-through of real identities.
  
• Role-based access control — staff credentials map to granular privileges; no individual can view full profiles and payment details simultaneously.
  
• Continuous monitoring — SIEM dashboards aggregate logs, flag anomalous IP clusters, and trigger automated account locks on suspected intrusion.
  
• PCI-DSS compliance — card information is tokenised by certified processors; the core system never stores raw PAN data.
  
• Regular penetration tests — external auditors perform quarterly black-box assessments, and findings feed directly into patch cycles.
  
• Incident response plan — a 24/7 security unit follows ISO 27001 playbooks, including user notification protocols and data-recovery checkpoints.
  
• Data minimisation — only fields required for KYC, payments, and account recovery are collected; anything older than statutory retention windows is purged.
  
• Staff training — engineers and support agents complete annual secure-coding and privacy workshops to stay aligned with evolving threat models.

Your Rights Regarding Personal Information

Below we outline the controls you hold over stored records and the safeguards applied if our privacy obligations are breached.

• Right of access — you may request a copy of all data held on your profile at any time; exports are provided in machine-readable format within 30 days.
  
• Correction and update — inaccurate fields can be amended through the account dashboard or by contacting the data-protection officer; confirmed changes propagate to backups during the next synchronisation cycle.
  
• Erasure (“right to be forgotten”) — upon verified request, personal identifiers are deleted or irreversibly anonymised unless retention is mandated by anti-money-laundering rules.
  
• Processing restriction — you can limit use of specific datasets (e.g., marketing preferences) without affecting core service access.
  
• Data portability — structured exports (JSON or CSV) allow transfer of wallet history and identity tokens to another operator on demand.
  
• Objection to profiling — algorithmic risk scoring used for fraud detection can be reviewed manually if you contest an automated decision.
  
• Consent withdrawal — opt-out toggles in the dashboard instantly halt promotional communications.
  
• Liability measures — if a breach occurs, the company must notify affected users and regulators within 72 hours, launch a root-cause investigation, suspend implicated staff credentials, and, where local law requires, compensate proven financial loss. These protocols help answer the common question, is 1xBet safe, by enforcing accountability whenever policy terms are violated.