haha Platform Privacy Notice

This page describes what data we collect when you use haha and how we keep that information protected. Our privacy practices apply to all users accessing haha's football markets, live-dealer tables, slot games, and esports offerings, regardless of whether you access via web browser or mobile app. We operate under jurisdiction-restricted access, meaning our data handling follows the legal frameworks of regions where our services are available.

We take data protection seriously. We do not sell your personal information to third parties, and we limit disclosure to processors who help us operate our platform—payment gateways, identity-verification vendors, hosting providers, and customer-support systems. Our commitment is to be transparent about what we collect, why we collect it, and how long we store it.

If you have questions about your data on haha, contact our support team in English or Indonesian via email or live chat. We respond to data-access and deletion requests within the timeframe required by applicable law.

What Data We Collect and How We Use It

Account and identity information

We collect your full legal name, date of birth, email address, and phone number when you register on haha. We also request a government-issued ID (national ID, passport, or driver's licence) and proof of address (utility bill or bank statement) to verify your identity before you can deposit or withdraw funds. This information is mandatory for our know-your-customer (KYC) compliance obligations. We store identity documents securely and use them only for verification and fraud prevention. We do not share your ID scan or address proof with third parties except where legally required.

Payment and transaction data

When you deposit or withdraw via DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer (mobile banking, local payment, online payment, e-wallet), we collect transaction details: the amount, the date, the payment method, and your payment provider's transaction ID. We do not store your full bank account number or e-wallet password. Payment processing is handled by third-party gateways; we retain transaction records for accounting, fraud detection, and regulatory compliance. Transaction history remains on your haha account for your reference and for our records—typically retained for seven years in accordance with financial regulations.

Game and betting history

We collect data on every action you take on haha: slot spins, live-dealer table sessions, football market orders, esports wagers, and game outcomes. This includes spin cost, result, and timestamp for slots; bet amount, odds, and settlement for football markets; and buy-in and cash-out for live-dealer games. We use this data to generate your account statement, settle disputes, detect fraud, and comply with regulatory audits. Your game history is stored on our servers and is accessible to you anytime via your account dashboard. We retain this data for at least seven years.

Technical and device information

When you access haha via web or app, we collect technical data: your IP address, device type, operating system, browser version, and approximate location (based on IP geolocation). We use this to detect unauthorized access, prevent account abuse, provide customer support, and improve platform performance. We do not track your precise physical location unless you explicitly grant permission. This technical data is retained for up to 90 days unless needed for fraud investigation or legal compliance.

Communication and support data

When you contact our support team via email, live chat, or support portal, we collect your message, any attachments, and our response. We use this data to resolve your issues, improve our support quality, and maintain a record of our interactions. Support conversations are stored for at least two years. If you opt in to promotional emails or SMS, we also collect your communication preferences and track whether you open or click links in our messages.

We keep your data protected through encryption, access controls, and regular security audits. We do not share personal information with advertisers or data brokers.

Data Storage, Third Parties, and Your Rights

Where we store your data

Our servers may be located outside your jurisdiction. We maintain data centres in secure facilities with redundancy and backup systems to prevent data loss. We encrypt data in transit (using TLS/SSL) and at rest (using AES-256 or equivalent). Our hosting provider and database administrators have limited access to your data and are bound by confidentiality agreements. If we transfer data internationally, we implement safeguards to meet the legal standards of both the origin and destination jurisdiction.

Third-party processors and partners

We share your data with select third parties only as necessary to operate haha:

• Payment processors: DANA, e-wallet, mobile banking, local payment, online payment, e-wallet networks, and your bank (mobile banking, local payment, online payment, e-wallet) receive transaction details to process your deposits and withdrawals.
• Identity verification vendors: Third-party KYC providers verify your ID and address documents on our behalf.
• Customer support platform: Our support system may be hosted by a third-party vendor who handles email and chat data.
• Analytics and fraud detection: We use third-party tools to analyse traffic patterns and detect fraudulent activity.
• Legal and regulatory compliance: We disclose data to authorities if legally required by court order, subpoena, or applicable regulation.

We do not sell your data to advertisers, data brokers, or marketing firms. All third-party processors sign data-processing agreements committing them to protect your information and use it only for the purposes we specify.

Cookies and tracking

We use cookies to remember your login session, store your preferences (language, theme), and track your behaviour on haha (which games you view, how long you stay in a session). These are essential for platform functionality and to prevent fraud. Most cookies expire when you close your browser; session cookies persist until you logout. We do not use third-party tracking pixels or cross-site cookies to follow you across other websites. You can disable non-essential cookies in your browser settings, but this may limit some haha features.

Your data rights

You have the right to request access to all personal data we hold about you, free of charge. You can also request correction if your data is inaccurate, deletion if it is no longer necessary, or restriction of processing under certain conditions. To exercise these rights, contact our support team with your request and account ID. We respond within 30 days or within the timeframe mandated by your jurisdiction's data-protection law.

If you believe we have violated your privacy rights, you may lodge a complaint with our support team. You also have the right to escalate to your local data-protection authority if your jurisdiction has one.

Data retention and account closure

When you close your haha account, we retain certain data for legal and regulatory reasons: financial records for seven years, fraud investigation records for three years, and support interactions for two years. Some data (like your email and phone number) may be retained to prevent re-registration under a false identity. We delete non-essential data (technical logs, device information) after 90 days unless needed for an ongoing investigation. We do not delete your game history or transaction records because these form part of your account audit trail and may be needed for dispute resolution.

This privacy notice is effective as of today's date and subject to change. Material changes are notified via email and in-app notice at least 14 days before taking effect. Continued use of haha after a change becomes effective constitutes your acceptance of the updated privacy notice.