spudPrivacy Policy

We collect personal information when you create an account on spud, verify your identity, and use our sportsbook and casino services. This page describes what we collect, how we use it, how we protect it, and what rights you have over your data.

Our commitment is transparency. We do not sell your data to third parties for marketing. We do not track your behaviour beyond what is necessary to operate spud securely and compliantly. We do not use misleading language about data retention or processing. Instead, we explain plainly what happens to your information at every step.

If you have questions about our privacy practices, contact our support team via in-app chat or email. We respond in English and Indonesian and explain how your data is used in practice.

What data we collect when you join spud

When you create an account on spud, we collect your legal name, email address, phone number, and date of birth. You create a password that we hash and store securely — we never store passwords in plain text.

To comply with our KYC (know-your-customer) obligations, we ask for a government-issued identity document (KTP, passport, or driver's licence) and proof of address (utility bill, bank statement, or lease agreement). We store these documents in encrypted form on secure servers. Once we verify your identity, we retain copies for compliance and dispute-resolution purposes for a legal-retention period (typically three to five years), then permanently delete them unless law requires otherwise.

When you deposit or withdraw funds on spud, we log the transaction: date, time, payment method type (e.g., DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment), and amount. We do not log your full payment card or bank account number — our payment processors handle those details under their own security protocols. Your transaction history is available in your spud account dashboard at all times.

Data we don't collect: We do not track your location, browsing history, or device identifiers unless you explicitly enable them. We do not use cookies for behavioural targeting. We only use session cookies to keep you logged into spud.

How we use your data on spud

We use your email address to send account notifications (verification links, password resets, withdrawal confirmations). We use your phone number to enable two-factor authentication if you enable 2FA. We use your identity documents solely for verification and compliance — to confirm you are who you claim to be and to prevent fraud, underage access, and money laundering.

We use your account data to operate spud: process your bets, track your balance, manage deposits and withdrawals, and investigate disputes. We use your transaction history to detect suspicious patterns — for example, multiple identical bets placed instantly, or unusually large deposits followed by immediate withdrawals. If we detect abuse, we freeze your account pending investigation and request additional verification.

We do not use your data for marketing purposes unless you explicitly opt in. We do not send unsolicited promotional emails or SMS messages. If we offer a promotion on spud, we describe it in your account settings, and you can accept or decline it there.

We do not sell or share your data with data brokers, advertisers, or analytics platforms. We share data only with service providers who help us operate spud securely — for example, payment processors, hosting providers, and compliance consultants. These providers are contractually required to protect your data and use it only for the purposes we specify.

Data security and encryption on spud

We encrypt all connections to spud using SSL/TLS (Secure Sockets Layer / Transport Layer Security) protocols. When you log in or submit sensitive information, the data is encrypted in transit — no one can intercept it without the encryption key.

Your passwords are hashed using industry-standard algorithms — we never store them in plain text, and even we cannot retrieve your password if you forget it. If you reset your password on spud, you set a new hash; the old password is discarded.

Our servers are located in secure data centres with physical access controls, redundant power supplies, and backup systems. We do not store your data on consumer-grade hardware or in unsecured locations. Regular security audits test our systems for vulnerabilities, and we patch known issues promptly.

That said, we cannot guarantee absolute security. No online system is immune to determined attackers. If you suspect unauthorized access to your spud account, contact us immediately — we reset your password and review your transaction history for anomalies.

Your password is your responsibility: Never share your spud password with anyone, including our support staff. We will never ask for it via email or chat.

Third-party processors and international data flow

We work with payment processors to handle deposits and withdrawals on spud. These processors may be located outside Indonesia and outside your home jurisdiction. When you deposit via online payment, e-wallet, mobile banking, or a bank transfer, that processor receives your payment details — we do not handle them directly. You can review each processor's privacy policy if you wish.

We also work with hosting providers, email services, and compliance consultants who may store data outside Indonesia. These providers are contractually bound to protect your data and comply with applicable privacy laws. We do not transfer your data without a lawful basis — typically, explicit consent or contractual necessity.

If your home jurisdiction restricts data transfers, be aware that using spud may involve data flowing to other countries. By creating an account on spud, you consent to this international transfer. If this concerns you, contact our support team for details on which specific providers we use and where their servers are located.

Your rights over data on spud

You have the right to request access to your personal data held by spud. You can download a copy of your account information — name, email, phone, identity documents, transaction history — from your account settings or by requesting it via support.

You have the right to correct inaccurate data. If your name is misspelled or your address is outdated, contact us and we update the record. For identity documents, if a document is invalid or expired, you resubmit a corrected version.

You have the right to deletion (also called the "right to be forgotten"). However, we may retain your data longer than you request if law requires it — for example, anti-money-laundering regulations typically require us to keep records for three to five years. We explain any retention requirement when you request deletion.

You have the right to object to specific data uses — for example, if you no longer wish to receive in-app notifications, you can disable them in your account settings. You also have the right to lodge a complaint with your local data protection authority if you believe we mishandle your data.

Cookies and tracking on spud

We use session cookies to keep you logged into spud. These cookies are temporary and expire when you close your browser. They do not identify you across websites or sessions — they are purely functional.

We do not use cookies for behavioural tracking or targeted advertising. We do not allow third-party analytics platforms to track your activity on spud. We do not use cookies to remember your preferences across unrelated websites.

If your browser is set to reject cookies, some features of spud may not work properly — for example, you may be logged out frequently. You can adjust your cookie settings in your browser, but doing so may degrade your experience.

Policy updates and contact information

We may update this privacy policy periodically. We notify you of material changes via in-app messaging or email. Continued use of spud after a policy change constitutes acceptance of the new policy.

If you have questions about our privacy practices or want to exercise your rights, contact our support team via in-app chat or email. We respond in English and Indonesian. We aim to respond to data-access and deletion requests within standard legal timeframes (typically 30 days).

Our support staff are trained on privacy protocols and will explain how your data is collected, used, and protected. They can also clarify which specific third-party processors we use and where data is stored. Players in Jakarta, Surabaya, Bandung, Medan, and across supported regions have access to the same privacy protections and data rights.

Related documents

Legal
Terms and conditions
9-min read
Legal
Legal notice
5-min read
About
About spud
6-min read

Summary: Privacy at spud

We collect personal information to operate spud securely and compliantly. We encrypt data in transit and at rest, hash passwords, and store identity documents for a legal-retention period. We do not sell your data or track your behaviour for advertising. We use data solely to verify your identity, process deposits and withdrawals, detect abuse, and investigate disputes.

You have the right to access, correct, and delete your data — subject to legal-retention requirements. You have the right to opt out of optional communications. You have the right to lodge a complaint with your local authority if we mishandle your information.

Our support team in English and Indonesian can answer your privacy questions and help you exercise your rights. We do not use misleading language about data security or processing. If we use a third-party processor or store data internationally, we explain it. Privacy is not an afterthought on spud — it is built into how we design and operate the platform across Liga 1 season fixtures, Piala AFF tournaments, live blackjack sessions, and all other services we offer.