max389 Privacy Policy
You access max389 via a mobile browser on Android or iPhone, or through a desktop browser on Windows and macOS. When you create an account, fund your balance with DANA, e-wallet, mobile banking, local payment, or a bank virtual account (online payment, e-wallet, mobile banking, local payment), or place orders on Liga 1, Piala AFF, or other markets, we collect personal data. This page describes what we collect at max389, how we use it, who we share it with, and what rights you have over your information.
Our approach to privacy is straightforward: we collect only what we need to run the platform securely, verify your identity for anti-money-laundering (AML) compliance, process your payments, and settle your orders. We do not sell your data to advertisers or third-party marketers. We encrypt sensitive information and restrict access to our team members who have legitimate need-to-know.
We undertake to keep this policy updated as our services evolve. If we make material changes, we notify you via email and in-app messaging at least 30 days in advance. Your continued use of max389 after a policy change constitutes acceptance of the updated terms.
What We Collect and How We Use It
We collect different categories of data depending on how you use max389. When you register, we collect your email address and a username. When you fund your account for the first time, we collect your full name and date of birth to verify your identity and comply with AML regulations across our operating jurisdictions, including Jakarta, Surabaya, Bandung, and Medan.
Before you withdraw funds, we require proof of identity (a government-issued photo ID) and proof of address (a utility bill or lease agreement dated within the last three months). We use this Know-Your-Customer (KYC) data solely to verify that you are who you claim to be and that you are not on any sanctions lists. We do not use KYC information for marketing or credit scoring.
- Account Data
- Email, username, phone number, account preferences. Used to manage your account and send transactional notifications.
- Payment Data
- Bank account or wallet identifiers (last 4 digits only; we do not store full card or account numbers). Used to process deposits and withdrawals.
- KYC Data
- Photo ID, address proof, full legal name. Encrypted and stored separately from transaction logs. Retained for 7 years to satisfy regulatory requirements.
- Betting and Order History
- All orders placed, markets selected, stakes, settlements. Used to investigate disputes and prevent fraud.
- Device and Session Data
- IP address, browser type, device type. Used to detect unusual account access and prevent account takeover.
Third-Party Processors
We engage third-party service providers to operate max389. Our payment processor handles all DANA, e-wallet, mobile banking, and bank transfer flows; they see only the data necessary to complete the transaction and do not have access to your KYC documents. Our cloud hosting provider stores our servers in secure data centres; they operate under strict data-processing agreements and cannot access user data. Our customer-support system logs all chats and emails for quality assurance and dispute resolution; only our support team and managers have access.
We do not share your data with marketing partners, affiliate networks, or data brokers. We may disclose data to government agencies or law enforcement if required by court order or where we reasonably believe disclosure is necessary to comply with law.
Cookies and Tracking
We use session cookies to keep you logged in on max389. We use analytics cookies to understand which features are popular and where users encounter errors. These cookies do not track you across other websites. You can disable non-essential cookies in your browser settings; this may impact functionality but will not prevent you from betting or withdrawing funds.
Your Rights and Our Commitments
You have the right to request a copy of all personal data we hold about you. You may request correction of inaccurate data, deletion of data no longer needed (subject to legal retention requirements), or restriction of processing. To exercise these rights, contact our privacy team via in-app support or email (details below). We will respond within 30 days.
We undertake to protect your data against unauthorised access, alteration, and disclosure. We use encryption for data in transit and at rest. We conduct annual security audits and maintain cyber-liability insurance. In the event of a data breach affecting your personal information, we will notify you without undue delay and inform relevant authorities where required by law.
Data Retention and Deletion
We retain account data and transaction history for as long as your account is active, plus 7 years thereafter to satisfy anti-money-laundering regulations. KYC documents are encrypted and stored separately; we delete them 7 years after your last transaction or account closure, whichever is later. If you close your account, we anonymise your betting history and delete non-regulatory data within 90 days.
We retain logs of customer-support interactions (emails, chat transcripts) for 3 years to investigate disputes and prevent fraud. Payment processor records are retained per their privacy policies, which you can access through your payment provider's website.
Contacting Us About Privacy
If you have questions about this privacy policy, how we handle your data, or wish to exercise your data rights, contact our privacy team at [email protected] or via the in-app support chat (available during business hours). We aim to respond to all privacy inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data-protection authority.
Our customer-support team also handles general account and payment questions. During holiday periods (Idul Fitri, Idul Adha, Imlek), response times may extend to 48 hours. All support communications are logged for quality and compliance purposes.