doraplay Casino & Sportsbook Data Care

This page describes what we collect when you use doraplay and how we keep that data protected. Our privacy framework balances operational necessity (knowing who you are, where funds flow, settlement audits) with your right to privacy and data minimisation.

We at doraplay collect only the personal information needed to run our platform, comply with anti-money-laundering regulations, and settle your bets and casino activity. We do not sell, rent, or share your data with advertisers. We do not use your gaming history to profile you for third-party marketing. We encrypt sensitive fields, segment KYC documents in secure vaults, and delete data once your account is closed and any legal hold expires.

This policy applies to all users of doraplay, regardless of geography. If you access our service from Jakarta, Surabaya, Bandung, Medan, Semarang, or elsewhere, these principles hold. We recognise that privacy laws vary by jurisdiction; where your local law grants you stronger rights (for example, GDPR in the EU or equivalent protections in your region), we honour those rights in addition to what this policy states.

What Data We Collect on doraplay

Our data collection on doraplay falls into four categories: account basics, identity verification, financial transactions, and activity logs.

Account Basics

When you open a doraplay account, we ask for a mobile number (used for OTP login and support contact), email address (account recovery and promotional notifications), username, and password hash. We do not store plain-text passwords; we hash them irreversibly so even our staff cannot read your password. Your mobile number and email are encrypted at rest.

Identity Verification (KYC)

Before you can withdraw funds from doraplay, we require identity verification. We ask for a government-issued ID (KTP, passport, or driver's licence), date of birth, full legal name, and residential address. For higher-value withdrawals or suspicious activity patterns, we may request a recent utility bill, bank statement, or selfie holding your ID. These documents are stored in encrypted, segregated vaults accessed only by compliance staff. We retain them for the duration your account is active plus any applicable legal hold period; after that, they are securely deleted.

Financial Transactions

Every deposit and withdrawal on doraplay is logged with a transaction ID, timestamp, amount, payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet), and status (pending, cleared, cancelled). We do not store full payment credentials; payment processors (e.g., mobile banking's servers, local payment's gateway) handle card and bank details directly. We receive only a confirmation token and account reference from them. This data is retained for anti-money-laundering compliance and audit purposes.

Activity Logs

We log all doraplay activity: bet slips placed, casino game rounds played, promotions claimed, tier points earned, cashback credited. Each log entry includes a timestamp, game or market ID, stake amount, outcome, settlement time, and any promotion applied. We use these logs to calculate your weekly cashback, track tier progression, detect fraud, and audit disputes. They are retained for seven years to satisfy regulatory and litigation-readiness requirements.

We also log technical data: IP address of your login, device type (mobile, desktop, tablet), browser user-agent, and geographic location (inferred from IP). This helps us detect account takeover (e.g., a login from Jakarta followed by one from Medan seconds later) and enforce jurisdiction restrictions. We delete technical logs after 90 days unless a dispute or investigation requires them to be retained longer.

Data collection summary

  • Account basics (email, mobile, username) — encrypted at rest, retained while account is active.
  • KYC documents (ID, address proof) — stored in segregated vaults, deleted after account closure and legal hold expires.
  • Financial transactions (deposits, withdrawals) — retained for 7 years for anti-money-laundering compliance.
  • Activity logs (bets, casino plays, cashback) — retained for 7 years for audit and dispute resolution.
  • Technical data (IP, device, location) — deleted after 90 days unless a dispute is under review.

How We Use Your Data on doraplay

We use data on doraplay for four core purposes: account administration, payment processing, compliance, and fraud prevention.

Account administration: We use your email and mobile to send account notifications (login alerts, password reset, promotion credits), calculate your tier status and weekly cashback, and respond to support queries. You can opt out of promotional emails at any time via your account settings; we will respect that preference immediately.

Payment processing: We share minimal data with payment processors (online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet). When you deposit via mobile banking, we send only your local payment account ID and the amount to online payment's API; we do not send your KYC documents or betting history. When you request a withdrawal to e-wallet, we send your mobile banking account details and the amount to our bank partner; the bank processes the rest. We do not have access to your bank password or OTP.

Compliance: We are required by anti-money-laundering (AML) regulations to verify identities and monitor for suspicious patterns (e.g., rapid deposit-and-withdrawal cycles, unusually large stakes, activity from restricted jurisdictions). We use your KYC documents and transaction logs for these checks. If we detect a red flag, we may temporarily freeze your account and request additional information or documentation.

Fraud prevention: We analyse login patterns, bet sizes, and device fingerprints to detect account takeover and cheating. If we identify anomalies, we may lock your account and ask for verification before restoring access. We also cooperate with law enforcement if we detect illegal activity (e.g., money laundering, match fixing) and will provide data as legally required.

Your Rights and Data Subject Requests on doraplay

Depending on your jurisdiction, you may have rights to access, correct, or delete your data on doraplay. We honour these requests within a reasonable timeframe (typically 14–30 days).

  • Right to access: You can request a copy of all data we hold about you. We will provide it in a standard, portable format (e.g., CSV or PDF).
  • Right to correct: If your KYC details are wrong (misspelled name, outdated address), contact support and we will update them after verifying the correction.
  • Right to delete: You can request account deletion. We will delete your account and related data, except activity logs required by law (7-year AML retention) and data needed to settle outstanding disputes or withhold.
  • Right to object: You can opt out of promotional communications at any time via account settings. You can also object to certain data uses (e.g., profiling for fraud detection) though some uses are necessary to operate the platform.

To submit a data subject request, email our support team with the details. Include your account ID, the right you are exercising, and any supporting documentation. We will confirm receipt and provide a timeline for response.

We at doraplay believe data protection is not a legal checkbox—it is a core practice. We minimise collection, encrypt sensitive fields, and delete data when no longer needed.

doraplay Editorial Team

Cookies and Tracking on doraplay

We use cookies on doraplay to maintain your login session, store your language preference, and remember your betting slip selections between page loads. These are functional cookies necessary for the platform to work. We do not use advertising or analytics cookies to track you across the web or sell your behavioural data.

Our payment partners (payment gateways, banks, e-wallet providers) may set their own cookies as part of the payment flow. We do not control those cookies; consult their privacy policies for details. You can disable cookies in your browser settings, but doing so may break core doraplay functionality (logins, bet slips).

International Data Transfers

Our servers may sit outside your jurisdiction. We store encrypted backups in multiple geographic regions for disaster recovery. When we transfer your data across borders, we apply standard encryption in transit (TLS 1.2+) and at rest (AES-256). We do not transfer personal data to third-party cloud providers without contractual safeguards; any third party we use signs a data-processing agreement binding them to the same confidentiality standards we apply.

Policy Changes and Contact

We may update this privacy policy if our practices change or regulations require it. We will notify you of material changes by email at least 30 days in advance. Your continued use of doraplay after the effective date means you accept the updated policy.

If you have questions or concerns about privacy on doraplay, contact our support team. You can reach us via the contact form on the platform, email, or live chat. We aim to respond to privacy inquiries within 24 hours. If you are not satisfied with our response, you may lodge a complaint with your local data-protection authority (if one exists in your jurisdiction).

Our commitment is simple: we collect what we need, protect it fiercely, use it only for stated purposes, and delete it when no longer necessary. We do not monetise your data, sell it to third parties, or use it for hidden profiling. doraplay operates with the same principles whether you are a Liga 1 bettor in Jakarta, a slot player in Surabaya, or an esports enthusiast anywhere else. Your privacy matters to us.