esha Platform Privacy Notice

This page describes what we collect when you use esha and how we keep that data protected. We collect personal information to verify your identity, process your deposits and withdrawals via DANA, e-wallet, mobile banking, local payment, and bank transfers, settle your bets on Liga 1 and other markets, and provide customer support. Your data is encrypted in transit and at rest, and we share it only with payment processors, KYC verification services, and other third parties necessary to operate our platform.

We do not sell your personal information to advertisers or data brokers. We do not use your account history to profile you for marketing purposes outside esha. We retain your account data for seven years after closure to comply with anti-money-laundering obligations, then delete it securely. You have rights to access, correct, and request deletion of your data subject to legal and compliance holds.

Our servers may sit outside your jurisdiction; data transfers across borders are protected by encryption and contractual safeguards. If you have questions about how we handle your information, contact our privacy team at the address in the footer; we respond within ten business days.

Data Collection and Use on esha

We collect information in three categories when you use esha: account data, transaction data, and behavioral data.

Account Data We Collect

When you register on esha, we collect your email address, phone number, and a password of your choice. During KYC verification, we collect your full name, date of birth, national ID number (or passport number), and photos of your ID and face. We also collect your physical address for compliance purposes.

We use this data to verify your identity, prevent fraud and account takeover, comply with anti-money-laundering and counter-terrorism-financing regulations, and deliver customer support. We share your ID data with third-party KYC verification services that cross-check your documents against government databases. We do not share your contact information with marketing firms or advertisers.

Transaction Data We Record

We record every deposit, withdrawal, bet, and game outcome on esha. This includes the amount, timestamp, payment method used, and settlement status. For deposits via DANA, e-wallet, or mobile banking, we log the transaction reference provided by your e-wallet. For bank transfers, we log your virtual account number and the sending bank name. We do not store your full bank account number or card details; payment processing is handled by PCI-compliant third-party processors.

We retain transaction logs for seven years after account closure

This retention is required by Indonesian anti-money-laundering law and international compliance standards. After seven years, we delete transaction records securely.

We use transaction data to settle your bets and withdrawals, prevent fraud, detect suspicious patterns (e.g., rapid large transfers), and respond to regulatory requests from law enforcement. We share transaction data with our payment processors, banks, and government authorities only when legally required.

Behavioral Data and Game History

We record which games you play, how long you play, your win and loss history, and the markets you access (Liga 1, Piala AFF, Champions League, etc.). We use this data to improve our platform, detect technical issues, and personalize your experience (e.g., showing you relevant sports markets or games based on your prior activity).

We do not use behavioral data to create psychographic profiles or to target you with addictive game mechanics. Your game history is yours to download or request deletion of at any time, subject to compliance holds (e.g., if an investigation is underway).

Your Rights and Our Data Protection Practices on esha

We collect and process your data only with your consent and in accordance with applicable data protection law. You have the right to access all personal data we hold about you. You can request a copy of your account data, KYC documents, and full transaction history by contacting our privacy team; we provide this within ten business days.

You have the right to correct inaccurate data. If your name, address, or contact information is wrong, you may update it directly in your account settings or request our support team to correct it. You have the right to request deletion of your personal data, except where we are required by law to retain it (e.g., anti-money-laundering records, ongoing disputes).

  • Encryption in transit: All communication between your device and esha servers uses TLS 1.3 encryption. Your login credentials, payment details, and personal information are never transmitted in plain text.
  • Encryption at rest: Your data on our servers is encrypted using AES-256. Password hashes are salted and bcrypt-hashed; we cannot decrypt your password even internally.
  • Access controls: Only authorized staff can access your personal data, and only for specific business purposes (e.g., customer support, fraud investigation). Access is logged and audited quarterly.
  • Data breach response: If we discover a security incident affecting your data, we will notify you within 72 hours and describe the incident, the data involved, and the steps we are taking to remediate.

Cookies and Tracking on esha

esha uses session cookies to maintain your login state while you play. These cookies expire after 24 hours of inactivity. We use analytics cookies to count visitors, track page load times, and identify technical errors; these cookies do not identify you personally and are deleted after 90 days. We do not use third-party tracking pixels or cross-site advertising cookies.

You may disable cookies in your browser settings; however, this may prevent esha from functioning properly. We do not require cookies for basic browsing, but they are necessary for account login and payment processing.

Third-party processors: We share data with payment processors (DANA, e-wallet, mobile banking, local payment, bank gateways), KYC verification services, and fraud-detection providers. These processors are bound by data protection agreements and are prohibited from using your data for their own marketing.

Cross-Border Data Transfer and Jurisdiction

esha's servers are located outside Indonesia. When you create an account, your personal data is transferred to and stored on our servers. This transfer is protected by encryption and contractual safeguards (Standard Contractual Clauses) that ensure your data receives equivalent protection to Indonesian data protection law.

Our services are available only in jurisdictions where online gaming is lawful. If we discover that you are accessing esha from a jurisdiction where our services are prohibited, we will suspend your account and may close it permanently. We comply with all applicable local, national, and international data protection regulations.

This privacy notice is current as of the date shown in the footer. We may update this notice to reflect changes in our practices or applicable law. We will notify you of material changes by email or by posting a notice on esha. Continued use of esha after updates constitutes acceptance of the revised privacy notice.