cola Platform Privacy Notice

This page describes what we collect when you use cola and how we keep that data protected. We at cola gather your email, phone number, identity documents, payment information, and game activity to operate our platform, process deposits and withdrawals, and comply with anti-fraud and anti-money-laundering regulations. We encrypt sensitive data, limit access to authorized personnel, and do not sell your personal information to third parties outside our payment and compliance partners.

Our privacy practices apply to all cola services—live-dealer tables, sportsbook markets, slots, and esports coverage—across all supported jurisdictions including Jakarta, Surabaya, Bandung, Medan, and Semarang. We recognize that privacy regulations differ by location, so we explain our practices in general terms that comply with regional standards. If you are in a specific jurisdiction, local data protection law may grant you additional rights beyond what this notice describes.

We update this privacy notice periodically. Continued use of cola after an update means you accept the revised terms. If you have questions about how we handle your data, contact our cola support team through the help centre.

What Data We Collect on cola

When you create an account on cola, we collect your email address and password. We use your email to send account notifications, deposit confirmations, and withdrawal updates. Your password is hashed before storage so we cannot read it—only you know your cola login password.

We collect your phone number during account setup. We use it to send account verification codes, support messages, and critical alerts (e.g., unusual login activity). We do not share your phone number with marketing partners; it is used only for your cola account security and notifications.

For deposits and withdrawals, we collect payment method details. If you use QRIS, e-wallet, mobile banking, local payment, online payment, or e-wallet, we store a tokenized reference so you do not re-enter those details every time. If you use mobile banking, local payment, online payment, or e-wallet bank transfers, we record your account number and transaction history. Payment card data is never stored on our cola servers; it is processed directly by your bank or e-wallet provider.

For Know Your Customer (KYC) verification, we collect your government-issued photo ID, proof of address, and may request additional documents. These are stored in encrypted form on secure servers separate from your game activity data. Our compliance team reviews them once and then stores them for regulatory audit purposes only.

Game activity and transaction logs on cola

We record every bet, win, loss, and game outcome on your cola account. This allows you to review your session history, dispute transactions, and verify fair play. Your game data is tied to your account ID, not your name; the cola system references you internally by account number, not personal identifier.

We log deposit and withdrawal transactions with timestamps, amounts, payment methods used (e.g., "mobile banking" or "local payment transfer"), and confirmation status. This transaction history is available in your cola account dashboard anytime. We retain these records for regulatory compliance, typically 5–7 years depending on jurisdiction.

We collect your IP address and device information (browser type, operating system) when you access cola. This helps us identify unauthorized access attempts and detect fraud. If you access cola from multiple locations (e.g., Jakarta office and Medan home), that is normal and expected. If your account suddenly shows login attempts from unusual countries with unusual stakes, our fraud detection may temporarily restrict your account pending verification.

Email & password: We use email for notifications and password for authentication. Your password is hashed, never stored in plain text.
Phone number: Used for verification codes and critical account alerts. Not shared with marketing or third parties.
Payment data: Tokenized and stored securely. Card data never touches our cola servers directly.
Identity documents: Encrypted and stored separately from game data. Used for KYC compliance only.
Game activity: All bets and outcomes logged by account ID for transparency and dispute resolution.

How We Use Your Data on cola

Our primary use of your cola data is to operate the platform: authenticate your login, process your deposits and withdrawals, execute your game transactions, and display your balance. Every function depends on the data you provide; without it, we cannot deliver our service.

We use your data for anti-fraud and anti-money-laundering (AML) compliance. We check deposits against sanctions lists, monitor for suspicious patterns (e.g., rapid deposit-and-withdrawal cycles), and verify identity documents match your account profile. This protects you from account theft and protects our platform from regulatory violations. If we flag activity as suspicious, we may ask for additional verification before processing large withdrawals.

We use transaction data to generate your session history, tax documents (if applicable), and dispute evidence. During major sporting events (Liga 1 season, Piala Indonesia, Piala AFF), we may analyze game patterns to adjust table availability and payment processing priority. We do not use your data to build marketing profiles or sell segment information to advertisers.

We may contact you via email or SMS during Idul Fitri, Idul Adha, Imlek, or Nyepi holidays if your account has activity or pending transactions requiring attention. We do not send promotional messages unless you explicitly opt in through your cola account settings.

Third-party processors and data sharing on cola

We share payment data with our cola payment partners (e.g., online payment processor, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) only to complete your transactions. They receive your payment method and transaction amount; they do not receive your game history or identity documents.

We share identity documents with our compliance partner only for KYC verification and regulatory reporting. We do not share your game activity with anyone outside cola.

Our servers may be located outside Indonesia, so your data may be stored and processed in other countries. We contractually require any such processors to meet encryption and access control standards equivalent to or exceeding Indonesian data protection law.

Data retention on cola: We retain your account data as long as your account exists. After account deletion, we retain transaction records for regulatory compliance (typically 5–7 years) but delete personal identifiers and game history within 30 days.

Your Rights and Our Commitments

You have the right to access your data anytime. Log into your cola account and view your profile, transaction history, and game records. You have the right to correct inaccurate data; if your email or phone number changes, update it through your cola account settings immediately.

You have the right to request data export. Contact our cola support team and we provide your account information in a standard format within standard timelines. You have the right to request account deletion; we delete personal identifiers and game history within 30 days, though we retain transaction records for regulatory compliance.

We commit to protecting your cola data with industry-standard encryption (SSL/TLS for transport, AES-256 for storage). We limit access to your data to authorized cola staff on a need-to-know basis. We do not sell your data, rent it, or share it with advertisers. We do not build behavioral profiles for manipulation or discrimination.

If a security incident occurs on our cola platform, we notify affected account holders within legal timeframes and provide guidance on protective steps. We maintain cyber insurance and conduct regular security audits. If you believe your cola account has been compromised, change your password immediately and contact our support team.

Cookies and tracking on cola

We use cookies to maintain your cola login session and remember your preferences (e.g., preferred language, table limits). These are essential for platform operation; without them, you would re-authenticate on every page load. We do not use cookies to track your behavior across other websites or build advertising profiles.

We do not use third-party analytics cookies that link your cola activity to your off-platform browsing. Our internal analytics are anonymized—we count session counts and button clicks, not individual user profiles.

You can disable cookies in your browser settings, but this may prevent you from using cola effectively. We recommend keeping cookies enabled for your cola account.

Privacy policy updates and contact

We update this privacy notice when our practices change. We announce material updates via email to active cola accounts. Continued use of cola after an update means you accept the revised terms. If you disagree with a policy change, you can request account deletion and data removal.

If you have questions about our privacy practices, contact our cola support team through the help centre. We respond to data requests and privacy inquiries within standard business timelines. If you believe we have violated this privacy notice or applicable data protection law, you can file a complaint with your local data protection authority or request escalation through our cola legal channels (see the legal notice page for dispute procedures).

Related policies

Legal