xo363 Privacy Policy

This page describes what we collect when you use xo363 and how we keep that data protected. We collect personal information during account registration, verification, deposits, and withdrawals. We use this information to verify your identity, process payments via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and bank virtual accounts (mobile banking, local payment, online payment, e-wallet), and to comply with local law.

We do not sell your data to advertisers or brokers. We may share limited information with payment processors and fraud-prevention services. Our servers may sit outside your jurisdiction; we protect your data using encryption and standard security practices. This policy outlines your rights and our responsibilities when you use xo363.

Our services are available only where local law permits. Users are responsible for verifying that access and use comply with their own jurisdiction's law.

What Data We Collect on xo363

Account registration

When you create an xo363 account, we collect your email address, phone number, full name, and date of birth. We use your email for login, password resets, and account notifications. Your phone number is used for two-factor authentication (2FA) if you enable it. Your name and date of birth are stored as part of your profile and verified during KYC (know-your-customer) checks.

Identity verification (KYC)

Before your first deposit, we ask for identity documents: a photo of your national ID card, passport, or driver's license; a selfie showing your face; and proof of address (utility bill or bank statement dated within three months). We collect these to verify you are who you claim to be and to comply with anti-money-laundering regulations. Our verification team reviews these documents and stores them encrypted. Once verified, your account is flagged "KYC Complete." We retain these documents for as long as your account is active plus a retention period set by local law (typically one to three years after closure).

Payment information

When you deposit or withdraw via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank virtual accounts (mobile banking, local payment, online payment, e-wallet), we collect transaction records: the amount, date, time, payment method, and transaction ID. We do not store your full mobile banking PIN, local payment password, or bank login credentials—those are handled by the payment processor. For bank transfers, we store only the destination bank account name and the last four digits of the account number. We use this information to reconcile deposits, process withdrawals, and detect fraud.

Gameplay and account activity

We log your account login times, device type (Android phone, iOS browser, desktop), IP address, and game activity (spins on slots, live-dealer table sessions, sports-betting selections). We record your account balance, wins, losses, and bet history. This data is used to detect unauthorized access, prevent cheating, and provide account statements. We retain gameplay logs for one to two years for audit and dispute resolution.

Data retention: We keep your account data as long as your account is active. After you close your account, we retain essential records (transaction history, KYC docs) for one to three years per local law. Gameplay logs and session data are typically deleted after one to two years. You can request data deletion after account closure, subject to legal hold requirements.

Cookies and tracking

We use cookies to keep you logged in, remember your language preference, and track which pages you visit. A session cookie expires when you log out; persistent cookies remain for up to one year. We use Google Analytics to count unique visitors and track page traffic—we do not link Analytics to your personal data. You can disable cookies in your browser settings, but this may affect xo363 functionality (login, account settings).

Support and contact data

When you contact our support team via in-app chat, email, or live chat, we collect your message, timestamp, and the issue category. We store these interactions to resolve your problem and improve our service. Support staff may access your account details to help you. We retain support tickets for two years for quality assurance and dispute handling.

How We Use and Protect Your Data on xo363

Data use and sharing

We use your data for six purposes: account management (login, password resets, KYC verification), payment processing (deposits and withdrawals), fraud prevention (detecting unusual activity), legal compliance (anti-money-laundering reporting), customer support (resolving your issues), and service improvement (analyzing traffic patterns, fixing bugs). We do not sell your personal data to third parties for marketing or advertising. We may share limited information with:

  • Payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) to process your deposits and withdrawals.
  • Fraud-prevention services to detect money-laundering and unauthorized access.
  • Our hosting provider (may be located outside your country) to store your data securely.
  • Legal authorities if required by a court order or local law.

We do not disclose your data to advertisers, data brokers, or social-media platforms.

Data security

We encrypt your data in transit using HTTPS and at rest using AES-256 encryption. Our servers are located in secure data centres with restricted physical access. We use firewalls, intrusion-detection systems, and regular security audits to protect against unauthorized access. Our team undergoes background checks and confidentiality training. If we discover a data breach affecting your account, we will notify you within 72 hours and provide details of the breach and mitigation steps. Note that no security method is absolute; we cannot guarantee zero risk.

Your rights on xo363

You have the right to access, correct, and delete your personal data. Log into your xo363 account and navigate to Account Settings > Profile to review and edit your name, email, and phone number. To request a copy of all your data (data export), contact our support team. To request data deletion, email support; we will delete non-essential data (gameplay logs, cookies) within 30 days, but we retain KYC documents and transaction records as required by law. You can disable marketing emails by unchecking "Marketing Notifications" in your account settings. You have the right to withdraw consent for processing your data; however, this may prevent you from using xo363 if we cannot verify your identity or process payments without that data.

Cross-border data transfers

Our servers may be located outside Indonesia. We may transfer your data to countries outside your jurisdiction to process payments, store backups, and provide service. These transfers comply with applicable data-protection laws. We ensure all processors sign data-processing agreements committing to the same level of protection as xo363.

Policy changes and contact

We may update this policy to reflect legal changes or service improvements. We will notify you via email if material changes occur. If you disagree with the updated policy, you may close your account. For questions about this policy, contact us via the support centre in your xo363 account. Users in Jakarta, Surabaya, Bandung, Medan, Semarang, and Yogyakarta can access the same support team. We aim to respond to privacy inquiries within five business days.

Two-factor authentication protects your account

Enable 2FA in your Account Settings > Security to require a one-time code from your phone each time you log in from a new device. This prevents unauthorized access even if someone obtains your password.

Third-party services and links

xo363 may contain links to external websites (payment processors, sports data providers, esports tournament sites). We are not responsible for the privacy practices of these third parties. Review their privacy policies separately. Our website may embed content from Google Analytics, which uses cookies to track your behaviour. Google's privacy policy describes how they use your data.

Children and age restrictions

xo363 is not intended for persons under the legal age of majority in their jurisdiction. We do not knowingly collect data from children. If we discover a minor has created an account, we will delete it immediately. Parents or guardians who believe a child has accessed xo363 should contact support.

Data breach notification

If we discover your data has been compromised (e.g., password leaked, unauthorized login), we will notify you via email and phone within 72 hours. We will ask you to reset your password immediately and offer two-factor authentication setup if not already enabled. We will also inform you of what data was accessed and our mitigation steps.