mana777 Casino & Sportsbook Data Care

This page describes what we collect when you use mana777 and how we keep that data protected. We operate an online gaming platform serving supported jurisdictions across Southeast Asia, and we treat your personal information as non-negotiable—not optional. Our approach to data handling is straightforward: we collect only what we need, hold it only as long as required, and share it only with parties directly involved in your account settlement.

We recognise that when you deposit via DANA, e-wallet, mobile banking, local payment, online payment, or e-wallet—or transfer via mobile banking, local payment, online payment, or e-wallet—you are trusting us with sensitive payment and identity details. This page sets out exactly what happens to that information from the moment you register through to your withdrawal and beyond.

Our data architecture is built around one principle: your account and transaction records are yours, and we hold them in trust. Whether you are checking your Liga 1 betting history from Jakarta, playing live blackjack between your Surabaya commutes, or reviewing your slots activity before the Idul Fitri break, your data remains encrypted, audited, and under your control.

Data we collect and why

We collect personal data in three categories: registration data, transaction data, and device data. When you open an account on mana777, we require your full name, date of birth, email, phone number, and residential address. This is our Know Your Customer (KYC) requirement—not a marketing tactic, but a legal obligation that protects both you and us by confirming identity and preventing fraud. We do not share your name or address with payment partners; they see only the account number and transaction amount.

Transaction data includes every deposit, withdrawal, bet, and settlement. When you fund your account via DANA or e-wallet, we record the amount, timestamp, and reconciliation status. When you request a withdrawal to your mobile banking or local payment account, we log the bank details you provide (encrypted), the amount, and the settlement confirmation. This record serves three purposes: it proves what you have deposited and won, it protects you against unauthorized access to your account, and it allows us to detect and prevent money-laundering or fraud. We retain this data for seven years, as mandated by Indonesian financial law.

Device data: Your browser type, IP address, and login timestamps. We use this to detect account takeover and to optimize mana777's mobile experience on Android and iOS.
Cookies: We use session cookies to keep you logged in, and analytics cookies to count page views. No third-party tracking cookies. You can disable cookies in your browser; mana777 will still function, but you will need to log in again on each visit.
Support data: If you email our support team or use in-app help, we store your message, our response, and any attachments (such as a proof-of-identity photo for KYC escalation).

We do not collect data on your sports interests, betting patterns, or game preferences for marketing purposes. We do track your play history within mana777 so that you can review it, so that our fraud team can flag unusual account activity, and so that we can calculate your account balance accurately. We do not sell or license this data to third parties. We do not use it to train machine-learning models or to profile you for external advertisers.

Third parties who access your data

Our payment processors (online payment, e-wallet, mobile banking, local payment, online payment, and the banks e-wallet, mobile banking, local payment, online payment) see only your transaction requests and your account-holder name. They do not see your betting history, login records, or device information. Our hosting provider, located outside Indonesia, stores encrypted copies of your data for backup and disaster recovery. Our KYC verification partner, a third-party compliance firm, receives your identity documents and residential address only, cross-checks them against public records, and returns a yes-or-no result; we instruct them not to retain your documents after verification completes. Our customer-support platform logs your tickets and messages; support staff in our Jakarta, Surabaya, and Bandung offices can access these to resolve disputes, but they cannot access your banking credentials or full payment history.

Your rights and how we protect you

You have the right to request a copy of all personal data we hold on you. Send this request to our data-protection contact (below), and we will provide it within 14 days. You have the right to ask us to correct inaccurate data—for example, if your phone number changes, update it in account settings, and we will store the new number immediately. You have the right to request deletion of your account and all associated records, though we may retain transaction data if required by law. You have the right to object to specific uses of your data, such as analytics cookies; turning these off will not affect your ability to play on mana777.

We protect your data using industry-standard SSL encryption (the same technology banks use) for all data in transit. Data at rest—stored on our servers—is encrypted using AES-256. We do not store your password; we store only a one-way hash of it, meaning that even our staff cannot read your password if you forget it. We enforce two-factor authentication on all withdrawals above our welcome offer. Our servers are monitored 24/7 for unauthorized access. We conduct annual penetration testing and maintain cyber-liability insurance.

Data breach protocol: If we detect unauthorized access to your account or a system breach affecting mana777 users, we will notify you by email within 24 hours, describe what happened, and explain what we are doing to prevent recurrence. We maintain a data-breach log for regulatory purposes and share summary reports with our Indonesian licensing authority annually.

This policy is effective as of January 2025 and reflects our current practice. If we change how we handle your data—for example, if we add a new payment partner or move our servers to a different jurisdiction—we will notify you by email at least 30 days in advance and give you the right to close your account without penalty if you do not accept the change. For questions about this policy or to request your data, contact us at [email protected] or use the contact form in your account dashboard. Our typical response time is 48 business hours.