under 2.25 Platform Privacy Notice

This page describes what we collect when you use under 2.25 and how we keep that data protected. We collect information necessary to operate our sportsbook (Liga 1, Piala AFF, Champions League markets), live-dealer tables, slots, and esports markets, as well as to process your deposits and withdrawals through DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet.

We take data protection seriously. Your personal information is encrypted, stored securely, and accessed only by under 2.25 staff who need it to serve your account. We do not sell your data or use it for purposes beyond operating our platform and complying with Indonesian financial regulations.

This notice explains what data we collect, how we use it, who may access it, your rights regarding your data, and how to contact us if you have questions.

What Data We Collect on under 2.25

When you create an account on under 2.25, we collect your email address, mobile phone number, full name, and date of birth. During identity verification, we request a photograph of your Indonesian KTP (identity card) and store both the image and the details extracted from it (KTP number, address, issue and expiry dates). This verification is mandatory and required by Indonesian financial regulations.

When you deposit funds, we collect information about your payment method: your DANA user ID, e-wallet phone number, mobile banking account number, local payment email, online payment account, e-wallet identifier, or bank account number (for mobile banking, local payment, online payment, e-wallet virtual accounts). We store this information to process your deposits and link withdrawals to the correct account.

During gameplay, we collect records of your sportsbook bets, live-dealer sessions, slot spins, and esports market activity. This includes bet selections, stakes, odds, settlement details, and outcomes. We also log your login times, device type (mobile, desktop, browser version), IP address, and general location (city or region level, not street address).

We collect customer support interactions: your emails, chat transcripts, and any documents you provide to resolve disputes or verify transactions. These records are kept for five years to comply with regulatory requirements and to review complaints if needed.

How We Use Your Data

We use your personal data primarily to operate your under 2.25 account: to verify your identity, process your deposits and withdrawals, settle your bets, and manage your account balance. We use your email and phone to send you transaction confirmations, withdrawal updates during processing, and support responses.

We analyze your gameplay activity in aggregate to detect fraud, money laundering, and bonus abuse. If your activity triggers fraud flags—for instance, multiple accounts from the same device, rapid deposits and withdrawals, or betting patterns inconsistent with legitimate play—we may request additional verification or suspend your account pending investigation.

We use your location data to enforce jurisdiction restrictions: we block access from jurisdictions where under 2.25 cannot legally operate. We do not track your precise location in real time; we use your IP address to determine your approximate region (city or province level).

We do not use your data for marketing unless you explicitly opt in. We do not sell your personal data to third parties for any purpose. We do not use your data to build profiles for behavioral advertising or to share with data brokers.

Data retention: We retain your account data (name, KTP details, contact information) for the lifetime of your account plus five years after closure to comply with anti-money-laundering regulations. Gameplay history is retained for three years for dispute resolution and audit purposes.

Third-Party Data Processors

Our payment processing partners (mobile banking, local payment, online payment, e-wallet, mobile banking, local payment gateway operators, and banks) receive your payment method information directly from you when you authorize a deposit or withdrawal. We do not transmit your payment details to these providers; instead, you authorize the payment directly through their secure interfaces, and they inform us of the transaction result.

We use cloud hosting services to store our databases and backups. These servers may be located outside Indonesia. We encrypt all personal data before storage, so the hosting provider cannot read it without our encryption keys.

We use anti-fraud and compliance services to screen your data against sanctions lists and known fraud patterns. These services operate on encrypted data and do not store it; they return a result (match / no match) only.

We do not share your data with marketing partners, social media platforms, or analytics firms. We do not use Google Analytics or similar tracking tools that would send your personal data to external services.

Your Rights Regarding Your Data

You have the right to request a copy of all personal data we hold about you. Contact our support team via email and we will compile and send you your data within 14 business days. The data is provided in a standard format (CSV or JSON) for your records.

You have the right to request deletion of your account and associated data. We will delete your account records and close your balance within one business day of your request. However, we retain KYC records (name, KTP details) and transaction history for five years per Indonesian financial regulations, even after account deletion.

You have the right to correct inaccurate data. If your name, email, or phone number in our system is incorrect, contact support with proof of the correct information and we will update it within two business days.

You have the right to withdraw consent for non-essential processing. For instance, if you opted into marketing emails, you may opt out at any time. However, we cannot cease processing data that is mandatory for account operation (identity, payment method, transaction history).

Personal data
Information that directly identifies you: name, email, phone number, KTP details, payment method information.
Gameplay data
Records of your bets, gaming sessions, and account activity on under 2.25; retained for dispute resolution and audit.
Device and location data
Your device type, browser, IP address, and approximate location (city or region); used for fraud detection and jurisdiction enforcement.
Encryption
Mathematical transformation of your data so it cannot be read without a secret key; we encrypt all personal data at rest and in transit.

Cookies and Tracking Technologies

Our under 2.25 website and mobile app use session cookies to keep you logged in and to remember your preferences (language, market view). These cookies expire when you close your browser or app. We do not use persistent tracking cookies.

We do not use third-party analytics or tracking pixels. We do not share browsing behavior with Google, Facebook, or other platforms. Our internal analytics are anonymized: we track aggregate metrics (page views, game popularity) without associating them to individual users.

If you prefer not to use cookies, you can disable them in your browser settings. However, disabling cookies may prevent you from logging in or viewing account features properly on our site.

How We Secure Your Data

We use industry-standard encryption (TLS 1.2 or higher) to protect data transmitted between your device and our servers. Your password is hashed (one-way encrypted) and cannot be recovered; if you forget it, we issue you a password reset link rather than displaying your existing password.

Our servers are protected by firewalls, intrusion detection systems, and access controls. Only authorized under 2.25 staff can access personal data, and their access is logged and monitored. We conduct annual security audits and penetration testing to identify vulnerabilities.

We cannot guarantee absolute security; no system is non-specific info secure. However, we follow security best practices and maintain appropriate safeguards for the data we hold. If we discover a data breach affecting your personal information, we will notify you via email within 72 hours and advise you of steps to protect yourself.

International Data Transfer

Our under 2.25 platform operates in Indonesia, and most of your data is stored on servers within Indonesia. However, some backup or archival data may be stored on cloud servers outside Indonesia for redundancy and disaster recovery. All such data is encrypted; the hosting provider cannot access it without our encryption keys.

If you are a resident of Jakarta, Surabaya, Bandung, Medan, or another Indonesian city, your data is primarily processed within Indonesian legal jurisdiction. International storage is for backup purposes only and does not change your rights or our obligations under Indonesian law.

We process your personal data based on contract (your agreement to our terms when you create an account) and legal obligation (Indonesian financial regulations require us to verify identity and maintain records). We process gameplay data to fulfill our service contract with you and to detect fraud as permitted by law.

We process payment method data to execute your deposit and withdrawal instructions. We process location data to comply with jurisdiction restrictions and prevent illegal access.

We process any data you provide in support tickets or dispute reports to investigate your complaint and resolve disputes fairly. This is necessary to perform our service contract and to comply with consumer protection regulations.

Contact Us About Your Data

If you have questions about this privacy notice, wish to request a copy of your data, or want to file a complaint about our data practices, contact our support team via email. We respond to privacy inquiries within 10 business days.

You may also contact the Indonesian Data Protection Authority (Otoritas Jasa Keuangan / OJK) if you believe our handling of your data violates Indonesian data protection law.

  • 1
    Your data is encryptedSecurity

    All personal and payment data is encrypted at rest and in transit using TLS 1.2 or higher encryption standards.

  • 2
    We do not sell your dataPrivacy

    We never sell, rent, or share your personal information with third parties for marketing or any other commercial purpose.

  • 3
    You can request your data anytimeControl

    Contact support to request a copy of all data we hold about you; we provide it within 14 business days.

  • 4
    We comply with Indonesian regulationsLegal

    We retain KYC and transaction records for five years as required by Indonesian financial law and anti-money-laundering rules.

Our under 2.25 Privacy Commitment

We at under 2.25 respect your privacy. We collect only the data necessary to operate our platform and comply with Indonesian law. We encrypt your data, limit access to authorized staff, and never sell or misuse your information. When you join under 2.25, your personal information is protected by encryption, secure storage, and clear policies about who can access it and why.

If you have concerns about how we handle your data or wish to exercise your rights as described in this notice, contact our support team. We respond to privacy requests within 10 business days and take all data protection matters seriously.