mpojaya Privacy Policy

This page describes what we collect when you use mpojaya and how we keep that data protected. We collect personal information only when you create an account, deposit funds, or request a withdrawal. Our policy explains how we use your data, who may access it, and what rights you have over your information.

We at mpojaya encrypt your data in transit and at rest, store it on secure servers with restricted access, and never share it with third parties except where required by law or with your explicit consent. Your account security depends on strong passwords and two-factor authentication; we provide the tools, and you control their use.

This policy applies to all mpojaya users across supported jurisdictions, including players in Jakarta, Surabaya, Bandung, and Medan. If you have questions about how we handle your data, contact our support team using the details at the end of this page.

What data we collect on mpojaya

We collect personal information in three main stages: account creation, deposit, and withdrawal. During account creation, we collect your email address, phone number, and a username of your choice. We use this information to send you account notifications, password reset links, and withdrawal confirmations.

When you deposit funds via DANA, e-wallet, mobile banking, local payment, online payment, or traditional bank transfer, we collect transaction records showing the amount, date, and payment method. We do not store your full payment credentials (card numbers, bank account numbers); instead, we store a reference token that allows us to process future transactions without re-entering your details.

When you request a withdrawal, we collect additional information for KYC (Know Your Customer) verification: a government-issued ID photo, proof of residential address, and confirmation of your registered payment method. We encrypt this information and store it separately from your account login credentials. We use this data only to verify your identity, prevent fraud, and comply with anti-money-laundering regulations.

Data we collect

Email address, phone number, username (account creation)
Transaction records for deposits and withdrawals
Government ID and proof of address (KYC verification)
IP address and device information (security and fraud prevention)
Cookies and session tokens (login persistence and analytics)

How we use your data

We use your email and phone number to send account notifications: password reset links, deposit confirmations, withdrawal status updates, and security alerts. You can control notification frequency in your account settings on mpojaya. We never send marketing emails unless you explicitly opt in.

We use transaction records to settle your account balance, generate your transaction history, and comply with financial reporting requirements. We use KYC data to verify your identity before processing withdrawals and to detect suspicious activity that might indicate fraud or money laundering.

We use your IP address and device information to detect unauthorized login attempts and to prevent account takeover. If we detect a login from an unusual location or device, we may require additional verification (such as a code sent to your phone) before granting access.

We use cookies and session tokens to keep you logged in on mpojaya across page refreshes and app restarts. These tokens expire after a period of inactivity, so you must log in again if you leave the app idle for several hours. We do not use cookies to track your activity across other websites.

We use third-party payment processors to handle deposits and withdrawals on mpojaya. These processors receive only the information necessary to complete your transaction: your name, payment method, and transaction amount. We have contracts with these processors requiring them to protect your data and use it only for payment processing.

Our servers may sit outside your jurisdiction. We store account data on encrypted servers in multiple regions to ensure availability and disaster recovery. Your data remains encrypted regardless of server location, and we maintain the same security standards across all regions.

We may disclose your data if required by law, court order, or government request. We will notify you of such requests whenever legally permitted to do so. We do not sell your data to advertisers or data brokers.

Payment processors: Third-party companies that handle e-wallet, mobile banking, local payment, online payment, e-wallet, and bank transfers on our behalf.
Data encryption: Process of converting your data into unreadable code so only authorized systems can decrypt it.
KYC verification: Know-Your-Customer process where we confirm your identity using government ID and proof of address.
Session token: Temporary credential that keeps you logged in on mpojaya without storing your password.

Your rights and data access

You have the right to access, correct, and delete your personal data on mpojaya. You can view your account information, transaction history, and KYC verification status anytime in your account settings. If you find an error in your personal information, you can update it directly in your settings or contact our support team for assistance.

You have the right to request deletion of your account and associated data. If you request account deletion, we will close your account, process any outstanding withdrawals, and delete your personal information within 30 days. We may retain transaction records for a longer period if required by law or for fraud prevention purposes.

You have the right to opt out of non-essential communications. You can disable push notifications, email alerts, and SMS messages in your account settings on mpojaya. We will continue to send essential notifications (such as withdrawal confirmations and security alerts) regardless of your notification preferences.

Cookies and tracking

We use cookies to keep you logged in on mpojaya and to remember your preferences (such as language and notification settings). These cookies are essential for the platform to function and do not track your activity across other websites.

We use analytics tools to understand how players use mpojaya: which games are popular, how long sessions last, and where players encounter difficulties. This data is aggregated and anonymized, so we cannot identify individual players. We use these insights to improve our platform and fix bugs.

You can disable cookies in your browser settings, but doing so may prevent you from logging in to mpojaya or may cause features to malfunction. We recommend keeping cookies enabled for the best experience.

Policy updates and contact

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or by displaying a notice on mpojaya. Your continued use of the platform after such notice constitutes your acceptance of the updated policy.

If you have questions about this privacy policy or how we handle your data, contact our support team. We maintain support offices in major Indonesian cities including Jakarta, Surabaya, Bandung, and Medan. Our team can assist with data access requests, account deletion, and privacy concerns.

We at mpojaya are committed to protecting your privacy and handling your data responsibly. We encrypt your information, restrict access to authorized personnel only, and never share your data with third parties except where required by law. Your account security depends on strong passwords and two-factor authentication; we provide the tools, and you control their use. Our services are available only where local law permits. Users are responsible for verifying that access and use comply with their own jurisdiction's law.