xavier Casino & Sportsbook Data Care

This page describes what we collect when you use xavier and how we keep that data protected. We at xavier are committed to transparency about your personal information, how third-party payment processors handle it, and what rights you have to access, correct, or delete your data. Our privacy approach balances your account security with your right to know what information we hold.

Our platform operates across multiple jurisdictions, so your data may be processed and stored in locations outside Indonesia. We use encryption, access controls, and third-party compliance audits to protect your information. This policy applies to all users of xavier, regardless of location, though local laws in your jurisdiction may grant you additional rights.

If you have questions about how we use your data, how long we retain it, or how to exercise your rights, contact our support team. We respond to data inquiries within ten business days.

What we collect and why

We collect information in three categories. First, account setup data: your email, password (hashed), name, date of birth, and phone number. We use this to create and manage your xavier account, communicate with you about account activity, and verify your identity before processing withdrawals.

Second, payment data: we collect your chosen payment method (DANA, e-wallet, mobile banking, local payment virtual account, etc.), your transaction history, and deposit and withdrawal amounts. We do not store full bank account details, credit card numbers, or e-wallet passwords — those are handled by third-party payment processors (online payment, e-wallet, mobile banking, local payment, etc.). Our servers see only a transaction reference and confirmation, not your banking credentials.

Third, usage data: we log your login times, game activity (which markets you view, which slots you play, which live-dealer tables you join), your IP address, and your device type (mobile app, desktop browser, tablet). We use this data to prevent fraud, improve our platform, and personalize your experience. For example, if you frequently play Liga 1 markets, we may highlight Piala AFF fixtures during tournament season.

Account data

Email, name, date of birth, phone number, hashed password. Used for account management, verification, and communication.

Payment data

Payment method type, transaction amount, date. Banking credentials are handled by third-party providers, not stored by us.

Usage data

Login times, game activity, IP address, device type. Used for fraud prevention, platform improvement, and personalization.

Support data

Messages you send to our support team. We retain these to resolve disputes and improve our service.

How we share your data

We share your data with the following categories of recipients. First, payment processors: when you deposit via online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, or e-wallet, those companies receive your payment information directly and process the transaction independently. We see only a settlement confirmation, not your banking details. Each processor operates under their own privacy policy.

Second, our service providers: we use cloud hosting, customer support tools, and fraud-detection software from third parties. These vendors may see portions of your data (name, email, transaction history) to perform their specific function, but we prohibit them from using it for any other purpose. All vendor contracts include data protection clauses.

Third, legal authorities: if a court order or law enforcement inquiry compels us to disclose your data, we will do so after informing you (unless legally prohibited). We do not voluntarily share data with government agencies or third parties without legal process.

Data retention and storage location

We retain your account data for as long as your xavier account is active. If you close your account, we delete personal data (email, phone, name, address) within thirty days, except where we are required by law to retain records (e.g., financial transaction logs for tax or anti-money-laundering compliance). Transaction records may be kept for seven years to comply with financial regulations.

Our servers are located outside Indonesia, in data centres in Southeast Asia and beyond. This means your data may be processed and stored in a jurisdiction different from where you are located. We apply the same security standards to all data, regardless of location. If you have concerns about data being held outside your jurisdiction, contact us and we can discuss options.

Your rights and how to exercise them

We recognize the following rights. You have the right to access: you can request a copy of all personal data we hold about you. We will provide this within ten business days. You have the right to correct: if any of your data is inaccurate (wrong name, wrong email), contact us and we will update it. You have the right to delete: you can request deletion of your account and associated personal data. We will comply within thirty days, except for data we must retain for legal or financial reasons.

You also have the right to object to processing: if we process your data for purposes you disagree with, you can object and we will review your request. To exercise any of these rights, email our support team with a clear description of what you are requesting. Include your account email address or account number.

Cookies and tracking

We use cookies to remember your login status, save your language preference, and track how you navigate xavier. These cookies do not identify you personally — they are session identifiers and preference markers. You can disable cookies in your browser settings, but doing so may limit your experience on our platform (for example, you may be logged out more frequently).

We do not use cookies to build a profile of your behavior outside xavier or to serve you targeted advertisements. Our cookies are used solely to operate our platform.

Security measures we employ

We protect your data using encryption (all data in transit and sensitive data at rest is encrypted using industry-standard protocols), access controls (only authorized staff access personal data), and regular security audits (we hire external firms to test our systems for vulnerabilities). We implement multi-factor authentication on our internal systems so that no single compromised password can expose user data.

However, no security is absolute. If we discover a data breach, we will notify affected users within 48 hours. We maintain cyber-liability insurance to cover losses in case of unauthorized data access.

Changes to this privacy policy

We may update this privacy policy as our practices evolve or as law changes. We will notify you of material changes via email to your registered address. Your continued use of xavier after such notification means you accept the updated policy. This policy was last updated in 2026 and applies to all users regardless of jurisdiction.

Privacy and jurisdiction compliance

We at xavier operate only where local law permits. Different jurisdictions have different data protection requirements. In Indonesia, our practices align with applicable data protection principles. If you are accessing xavier from Jakarta, Surabaya, Bandung, Medan, or elsewhere, local law may give you additional rights beyond this policy. We encourage you to review your local data protection regulations.

Our payment methods (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) are subject to their own privacy policies and compliance obligations. When you deposit via any of these methods, you are also sharing data with those providers. Read their privacy policies before funding your account.

If you have any privacy questions or concerns, contact our support team. We respond to data inquiries and privacy complaints within ten business days.