maha Casino & Sportsbook Data Care

This page describes what we collect when you use maha and how we keep that data protected. Our privacy commitments centre on transparency—we explain exactly which information we gather, who processes it, and how long we retain it. We do not sell your personal data to advertisers or marketing firms, and we comply with Southeast Asian data-protection standards in every jurisdiction where we operate.

When you open a maha account on your Android phone, iPhone browser, or desktop, we collect your email, phone number, and identity documents (government ID card and selfie) for Know Your Customer verification. We also collect transaction records—every deposit via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank virtual accounts; every withdrawal request; every bet on Liga 1, live blackjack, or Mobile Legends esports. This data stays encrypted on our servers and is shared only with processors who help us settle payments, detect fraud, and comply with legal obligations.

Our approach reflects a data-conscious angle: we collect only what we need for account operation, fraud prevention, and regulatory compliance. We never track your behaviour outside maha, we do not use cookies for profiling, and we delete your data upon request or account closure. This policy sets out every detail of our data practices.

What Data We Collect and Why

We collect several categories of information when you use maha. First, we gather your account credentials: email address, password (hashed, never stored in plain text), phone number, and a unique account identifier. Second, we collect identity documents for Know Your Customer compliance—a clear photo of your government ID (national ID card, passport, or driver's licence) and a selfie taken on your phone to verify your identity matches our records. This step prevents fraud and ensures we serve only users in jurisdictions where our services are legally available.

Third, we log all financial transactions. When you deposit through DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or mobile banking, local payment, online payment, e-wallet virtual accounts, we record the amount, payment method, timestamp, and confirmation. When you request a withdrawal, we log the destination account, amount, and our processing decision. These records are essential for detecting suspicious activity (like rapid deposits and withdrawals from different accounts) and for tax and regulatory reporting in your jurisdiction.

Fourth, we collect gameplay data. We record every bet you place on Liga 1 football, every hand you play at our live blackjack and roulette tables, every spin on our Aviator or Sweet Bonanza slots, and every esports pick on Free Fire or PUBG Mobile tournaments. This data helps us calculate payouts accurately, audit game results, and investigate disputes. We also log your device type, operating system version, and mobile connection type to optimise performance on Android and iOS browsers.

Minimal collection: We collect only data necessary for account operation, fraud detection, and legal compliance. We do not collect your browsing history, location data, or contacts without explicit consent.

We may also log interaction data: which game categories you browse, when you log in and out, how long your sessions last, and which features you use most. This helps us improve maha's design and understand where to focus development effort. However, this data is aggregated and anonymized—we never link individual gameplay patterns to your name or identity in reports shared with our development team.

Our maha Data Protection and Retention Practices

We undertake several commitments to protect your data on maha. All personal information—ID documents, payment details, transaction records—is encrypted in transit (using industry-standard TLS) and at rest (using AES-256 encryption). Our servers sit in secure data centres with restricted access, backup systems, and regular security audits. We limit employee access to your data strictly—only customer support staff who handle disputes, verification specialists who process KYC documents, and fraud analysts can view personal information, and only for their specific job functions.

Our maha backend uses third-party processors to help us operate. Payment processors handle your DANA, e-wallet, and bank deposits and withdrawals—we do not store their infrastructure details but we trust them with transaction information necessary to settle your funds. Fraud-detection services scan transaction patterns to identify and block suspicious activity. Email and SMS providers deliver our account notifications and password-reset codes. We ensure all processors sign data-processing agreements requiring them to protect your information to the same standard we do.

We retain your data for as long as necessary. Account credentials, transaction records, and gameplay history stay on our servers while your maha account is active and for seven years after closure (to comply with financial reporting laws across Southeast Asia). Identity documents (ID photos, selfies) are stored for the duration of your account plus three years. You can request deletion of your account and associated data anytime through your maha settings—we process such requests within standard business windows and delete your information within 30 days, except where law requires us to retain it longer.

We encrypt all your personal data and store it on secured servers with restricted access.
We do not sell, rent, or share your data with advertisers or marketing companies.
We share data with payment processors, fraud services, and legal authorities only when necessary and lawful.
We delete your account data within 30 days of your deletion request, except where legal requirements mandate longer retention.
We never use cookies to track your behaviour outside maha or build advertising profiles.

Our maha servers operate in multiple jurisdictions across Southeast Asia—primarily in data centres serving Indonesia, Singapore, and Thailand. This means your data may physically sit outside your home jurisdiction, but we apply the same encryption and access controls regardless of server location. If we move your data to a different country, we ensure that destination has legal frameworks comparable to your home country's data-protection standards.

Your rights: You have the right to access, correct, or delete your personal data on maha. You can request a full export of your data in machine-readable format. Contact our support team through your maha app to exercise these rights.

We undertake to respond to data-subject requests (access, correction, deletion) within 30 days. If we deny a request—for example, if deleting data would breach legal obligations—we explain our reasons. You also have the right to lodge a complaint with your local data-protection authority if you believe we have violated your privacy rights.

Our maha privacy policy may change to reflect new laws, technologies, or business practices. We notify all users of material changes via email and through push notifications in our app. We never make changes that weaken your privacy protections retroactively—any stricter controls take effect only for future data collection. This page always reflects our current practices, and you can review change history at the bottom of this section.

For questions about your data on maha, privacy requests, or concerns about our practices, contact our support team through your maha app's Chat feature or visit our FAQ sectionOur team responds during business hours and can assist with data access, deletion requests, or complaints. We also invite users in Jakarta, Surabaya, Bandung, and Medan to reach out directly—we treat all privacy inquiries with equal priority regardless of location.