mega7 Platform Privacy Notice
This page describes what we collect when you use mega7 and how we keep that data protected. We gather information necessary to verify your identity, process your deposits and withdrawals, and provide customer support. All personal data collected on mega7 is encrypted, stored securely, and never sold to third parties.
Our privacy practice is designed around a simple principle: we collect only the minimum data needed to operate safely, and we hold that data only as long as you maintain your account or law requires us to retain it. We do not track your gaming behaviour for marketing purposes, do not sell your contact details, and do not share your account information with unrelated businesses.
If you have questions about how we use your data, how long we keep it, or your rights to access or delete it, this notice answers those questions. We also explain how our third-party partners (payment processors, live-studio providers, email services) handle data on our behalf.
What data we collect on mega7
When you register an account on mega7, we collect your email address and phone number. We use these to send account confirmations, password-reset links, and withdrawal notifications. During account verification (Know Your Customer, or KYC), we ask you to upload a photo of your identity card (KTP) and proof of address (utility bill, bank statement, or government notice). We store these documents encrypted and separate from your gaming activity.
When you deposit or withdraw funds on mega7, we collect transaction records: the amount, payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer), timestamp, and outcome (success or failed). We do not store your banking credentials—your bank or wallet provider handles authentication, and we receive only a confirmation that the transaction cleared.
We log your login history (date, time, IP address, device type) for security monitoring. If you use two-factor authentication (2FA), we store the phone number or email associated with your 2FA method. We do not log which games you play, your bet sizes, or your account balance history—that information lives in your account but is not used for profiling or marketing.
How we use your data
We use your email and phone to send account-related messages: registration confirmation, password resets, deposit receipts, and withdrawal confirmations. During peak seasons (Liga 1 playoffs, Piala AFF tournaments, Idul Fitri, or other major events), we may send optional notifications about new game releases or promotional offers. You can disable these at any time in your account preferences.
Your identity documents are used only for KYC verification. Once verified, we retain them in encrypted storage for regulatory compliance—Indonesian financial regulations require us to keep KYC records for a set period after account closure. We do not use your documents to profile you or market to you.
We use your transaction history to detect fraud (unusual deposit patterns, rapid withdrawals, or activity from multiple countries in short timeframes trigger manual review). We also use it to enforce our terms (detecting bonus abuse or account manipulation). Payment data is shared with our settlement partners only—the bank or wallet provider processes your transaction, and our partner confirms completion to us.
Your login history and device information help us secure your account. If we detect a login from an unusual location or device, we may ask for additional verification (e.g., a code sent to your email) before allowing access.
Third-party partners and data sharing
We work with external providers to operate mega7. These partners process your data on our behalf under strict contracts:
- Payment processors: mobile banking, local payment, online payment, e-wallet, mobile banking, local payment gateways, and banks (online payment, e-wallet, mobile banking, local payment) handle your deposit and withdrawal transactions. They receive your name, account number, and transaction amount. We do not control how they use or retain this data—their own privacy policies govern that.
- Live-studio providers: Our live-dealer tables are streamed from third-party studios. These providers may log your connection timestamp and IP address for video delivery purposes. They do not collect your identity or account data.
- Email service provider: We use a third-party email platform to send confirmations and password-reset links. Your email address is shared with this provider, but they do not use it for marketing.
- Cloud hosting provider: Our servers are hosted with a third-party infrastructure company. Your encrypted data sits in their data centre, but they do not have keys to decrypt it.
Where your data lives
Our primary servers may sit outside Indonesia. Data is encrypted at rest and in transit, so even if stored offshore, it is protected by encryption keys you control (via your password). If you prefer your data to remain within Indonesia, contact our support team; we will note your preference, though we cannot guarantee local-only storage due to our infrastructure setup.
How long we keep your data
As long as your mega7 account is active, we retain all account data (email, phone, transaction history, login records). After you close your account, we delete non-regulatory data (login history, optional marketing preferences) within thirty days. However, we retain your identity documents, transaction records, and account closure reason for five to seven years, as required by Indonesian financial regulations and anti-money-laundering laws.
You can request a copy of all data we hold on you, or ask us to delete non-regulatory data earlier, by contacting our data protection contact (see below). We will respond within thirty days.
Your rights regarding your data
Under Indonesian data protection norms and international standards, you have rights:
-
Right to access
You can request a complete copy of your personal data held on mega7. We will provide it in a readable format within thirty days.
-
Right to correct
If any data is inaccurate (e.g., wrong email or phone), you can ask us to correct it. We will update it within seven days.
-
Right to delete
You can request deletion of non-regulatory data (login history, device logs). Regulatory data (KYC documents, transaction records) must be retained per law.
-
Right to data portability
You can ask us to provide your data in a structured, portable format so you can transfer it to another service if you wish.
How we protect your data
We encrypt all personal data in storage using industry-standard encryption (AES-256). Data in transit between your device and our servers is encrypted via TLS/SSL. We do not store passwords—we store only encrypted hashes, so even our team cannot see your password. We regularly audit our systems for vulnerabilities and patch security flaws promptly.
Our data centres have physical security (access cards, video monitoring, climate control). Our staff sign confidentiality agreements and have access only to the data their role requires. We do not tolerate data breaches; if we detect unauthorized access to your information, we will notify you within forty-eight hours and report the breach to relevant authorities.
Changes to this notice and contact
We may update this privacy notice if our practices change or law requires it. Updates are posted on this page with a new effective date. Continued use of mega7 after an update means you accept the new terms.
If you have questions about this privacy notice, wish to exercise your data rights, or believe we have mishandled your data, contact our data protection team at: [email protected]We will respond within thirty days.
For complaints about our data handling that we cannot resolve, you may file a formal complaint with the Indonesian data protection authority (if applicable) or your local data protection regulator.