cumi Casino & Sportsbook Data Care

This page describes what we collect when you use cumi and how we keep that data protected. We gather information to verify your identity, process deposits and withdrawals, settle sports bets and game outcomes, prevent fraud, and comply with anti-money-laundering law. All data tied to your account—your name, payment details, gaming history, IP address, and activity logs—is encrypted and stored securely on servers maintained by cumi and our trusted processors.

We do not sell your personal data to third parties. We share information with payment processors (DANA, e-wallet, mobile banking, local payment, and others) only to complete your transactions, and with relevant authorities only when required by law. You have rights to access, correct, and (in some cases) delete your data; this page explains how to exercise those rights.

Our data practices comply with privacy law in jurisdictions where cumi operates. Services are available only where local law permits; by using our platform, you confirm you have verified the legality of your access.

What we collect and why

We collect data in several categories. First, account information: your legal name, date of birth, email address, phone number, mailing address, and government-issued ID (passport, national ID card, or driver's license). We use this data for Know Your Customer (KYC) verification, which is required under anti-money-laundering law before you can withdraw funds.

Second, payment data. When you deposit or withdraw via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, or e-wallet, we collect your e-wallet ID, bank account number, transaction amount, date, and status. We use this to process payments, reconcile your account balance, and detect fraud.

We do not store card details directly.

All card and bank-account processing is handled by our payment processors. We do not retain your full card number or bank credentials; we store only a reference ID and the last four digits.

Third, gaming and betting data. Every time you place a bet on Liga 1, Piala AFF, Champions League, or any esports market, we record your stake, the odds offered, the outcome, and your balance before and after. For slot games and live-dealer tables, we log your spin, bet per spin, payout, and cumulative balance. All outcomes are timestamped and stored indefinitely for dispute resolution and compliance.

Fourth, technical data. We collect your IP address, device type (mobile app or web browser), operating system, browser type, and clickstream data (which pages you visit, which games you access, how long you stay). We use this to improve our platform, debug technical issues, and detect suspicious login attempts or account takeovers.

How we use your data on cumi

KYC and AML compliance
We verify your identity to meet regulatory requirements and to process withdrawals.
Payment processing
We share account and payment data with processors to authorize deposits and withdrawals.
Game settlement
We store all bet outcomes and game results to settle winnings, handle disputes, and provide your history archive.
Fraud prevention
We analyse login patterns, IP addresses, and betting behaviour to detect unauthorized access and bonus abuse.
Platform improvement
We use anonymized aggregate data (how many users play Liga 1, peak hours, game popularity) to improve cumi.

We do not use your data for marketing to third parties. We may send you service updates and account notices via email or SMS, but we do not sell your contact details to advertisers. If you wish to opt out of non-essential messages, you can adjust your notification settings in Account > Preferences on cumi.

Data retention and deletion

We retain account and payment data indefinitely for regulatory compliance. Gaming history (all your bets and game outcomes) is retained indefinitely so you can access your Result Archive and so we can resolve disputes that may arise months or years later.

If you request deletion of your data under privacy law (such as GDPR), we will delete personal information (name, address, ID) that is not required by law, but we retain anonymized transaction records and gaming outcomes as required by anti-money-laundering law. Deletion of your personal data results in account closure; you cannot recover an account once its personal data is deleted.

To request deletion, contact our privacy team via the Help button on cumi or the email address in our Legal Notice page. We respond to deletion requests within 30 days, unless a longer period is permitted by law.

Your rights and our security practices

Your rights on cumi

You have the right to access all personal data we hold about you. You can request a copy of your data by contacting our support team; we provide this within 30 days, usually as a downloadable file. You also have the right to correct inaccurate or incomplete data: if your phone number is wrong or your address has changed, update it in Account > Settings on cumi, or contact us to make the change.

You have the right to request deletion of your personal data, subject to legal holds. Some data (KYC documents, payment records, gaming outcomes) may be retained indefinitely under anti-money-laundering law, even if you request deletion. You also have the right to data portability: we can export your account data and gaming history in a machine-readable format (CSV or JSON) so you can migrate to another platform, if permitted by our Terms and Conditions

How we protect your data on cumi

  • Encryption in transit: All communication between your device and cumi's servers uses TLS (Transport Layer Security), a standard encryption protocol. Your password, payment details, and gaming history are encrypted as they travel.
  • Encryption at rest: Personal data and payment information stored on our servers are encrypted using AES-256 encryption.
  • Access controls: Only authorized cumi staff can access your data, and only when necessary. We maintain role-based access controls: support staff see only your account and payment history, not your password or government ID.
  • Regular security audits: We conduct periodic security assessments and penetration tests to identify vulnerabilities.
  • Data breach response: If we detect unauthorized access to your data, we will notify you promptly and take steps to mitigate harm. We also notify relevant regulatory authorities as required by law.

You are responsible for keeping your login credentials secure. Do not share your password or recovery codes with anyone. Log out after each session, especially on shared or public devices. If you suspect unauthorized access to your cumi account, change your password immediately and contact our security team.

Third-party processors and data location

Our payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, and others) receive your payment and identity information when you deposit or withdraw. These processors have their own privacy policies and security practices. We recommend reviewing their policies before transacting.

cumi's servers may be located in jurisdictions outside your country. Your data may be transferred, stored, and processed outside your jurisdiction. By using cumi, you consent to this data transfer. If your jurisdiction restricts cross-border data transfers, consult a legal advisor before accessing cumi.

Cookies and tracking

We use cookies to store your session ID, language preference, and account settings. These cookies allow you to stay logged in and personalize your cumi experience. You can disable cookies in your browser settings, but doing so may prevent you from logging in or accessing certain features.

We also use analytics tools to measure traffic, track user behaviour (which games are popular, how long users play), and detect fraud. These tools may use cookies or pixel tags. All analytics data is aggregated and anonymized; we do not track individual users across external websites.

cumi does not place tracking pixels or analytics tags on external websites. We do not use your cumi data for behavioural advertising on social media or third-party sites. If you have questions about our cookie policy, contact our support team.

Legal and jurisdiction information

We at cumi offer our services—including sportsbooks (Liga 1, Piala AFF, Champions League), live-dealer tables, slot games, and esports markets—only in jurisdictions where such services are legally permitted under applicable law. We do not market cumi to, and we do not knowingly accept accounts from, regions where gaming or sports betting is prohibited. Our registration and access systems include geolocation checks designed to prevent account creation in restricted jurisdictions.

Gaming regulations vary widely across jurisdictions and regions. Some locations permit all forms of wagering (sports betting, live-dealer games, slots), while others permit only certain types or none at all. Regulations change frequently and differ between provinces, states, or municipalities within a single country. We make no representation about which specific jurisdictions are "legal" or "illegal"—that determination is beyond our scope and requires consultation with local authorities or legal counsel.

If we detect that a user is accessing cumi from a jurisdiction where our service is not permitted, we may restrict, suspend, or close that account without notice. This is not punitive; it is a legal compliance obligation. We encourage all users to verify the legality of cumi's services in their location before account creation or fund transfer.

We at cumi require all account holders to meet the legal age and legal-capacity requirements of their jurisdiction. These thresholds vary globally—some jurisdictions set the legal age for gambling at 18, others at 21 or older. We do not impose a single fixed age across all regions because the actual requirement is determined by local law. During account registration, you confirm that you meet your jurisdiction's legal-age requirement. We collect your date of birth and verify it during Know Your Customer (KYC) checks before you can withdraw funds.

We do not knowingly permit accounts held by minors, individuals lacking legal capacity to enter contracts, or persons otherwise barred by law from wagering in their jurisdiction. If we discover that an account holder does not meet eligibility criteria, we close the account immediately and return any balance to the original payment method.

Parents and guardians are encouraged to monitor children's internet access and to report any unauthorized account creation on cumi to our support team. We cooperate with law enforcement and regulatory authorities investigating suspected underage or fraudulent accounts. Account holders represent that they meet all legal requirements by creating an account.

We operate cumi on the premise that all account holders have independently verified that their access and use comply with local law. We do not provide legal advice, and we cannot determine for you whether cumi's services are lawful in your jurisdiction. That responsibility is entirely yours. Before you open an account on cumi, deposit funds, place bets on Liga 1 or Piala AFF, or use any service, you must verify that such activity is legal in your location.

If a user accesses cumi from a jurisdiction where gaming or sports betting is prohibited, that user's conduct—not cumi's provision of the service—may violate local law. While we implement geolocation controls to prevent such access, we cannot guarantee non-specific info detection in all cases. Users who access cumi unlawfully do so at their own legal risk and assume full responsibility for consequences, including legal action or financial penalties.

We strongly recommend that all prospective users consult their local regulations, a local regulatory authority, or a qualified legal advisor to clarify the legality of cumi and the specific services offered (sports betting, live-dealer tables, slots, esports) in their jurisdiction. The availability of cumi does not constitute legal permission or legal advice.

This Privacy Policy describes what personal data we collect, how we use it, and your rights. We collect account information (legal name, date of birth, address, government ID), payment data (e-wallet and bank details), gaming history (all bets, spins, outcomes), and technical data (IP address, device information, clickstream logs). This information is collected for Know Your Customer (KYC) compliance, anti-money-laundering (AML) verification, payment processing, fraud prevention, and platform improvement.

We store all personal data encrypted on servers maintained by cumi and trusted third-party processors. We do not sell personal data to third parties. We share KYC and payment information with payment processors (DANA, OVO, BCA, Mandiri, BRI, BNI, ShopeePay, LinkAja, and others) only as necessary to complete your transactions. We share data with government authorities, law enforcement, or regulatory bodies only when required by law (court order, subpoena, regulatory summons).

You have rights to access, correct, and (in some cases) delete your data. To request access or deletion, contact our privacy team via the Help button on cumi or the email listed in our Legal Notice page. We respond within 30 days. Certain data (KYC documents, payment records, gaming outcomes) may be retained indefinitely under anti-money-laundering law, even if you request deletion. Deletion of your personal data results in account closure.

If you have privacy, legal, or compliance questions regarding cumi's data practices, you may contact us via the channels listed in our Legal Notice page. We maintain a dedicated email for privacy and legal inquiries; we aim to respond within five business days for straightforward questions and within 15–30 business days for complex matters requiring investigation or legal review.

To report a data breach, suspected unauthorized access to your account, or concerns about data security, contact our security team immediately via the Help button on cumi. Mark your message "SECURITY INCIDENT" to ensure priority routing. We investigate all reports and notify you of findings. If a breach affects your data, we notify you and relevant authorities as required by law.

Inquiries and requests from government agencies, law enforcement, or regulatory authorities are handled separately by our legal and compliance team. We comply with all lawful requests (court orders, regulatory summons, law-enforcement subpoenas) as required by applicable law. Such inquiries are not subject to notification to the user unless permitted by law. Response times to official inquiries are determined by legal deadlines and procedural requirements.