castle Casino & Sportsbook Data Care

This page describes what we collect when you use castle and how we keep that data protected. Our privacy policy explains the types of information we gather, the purposes we use it for, and the safeguards we employ to prevent misuse. We believe transparency about data handling builds trust with our account holders across Jakarta, Surabaya, Bandung, Medan, and Semarang.

We at castle collect information necessary to operate our platform: your identity details for account verification, payment information to process deposits and withdrawals via DANA, e-wallet, mobile banking, local payment, and bank transfers, and gameplay data to maintain tournament leaderboards and account history. We do not sell your personal data to marketing companies or use it for purposes outside our core service.

This guide walks through our data practices in plain language. We explain what we collect, who has access to it, how long we keep it, and what rights you have under applicable law. If you have specific questions about your data or how castle handles privacy, our support team is available during business hours.

What information we collect on castle

When you create a castle account, we collect your email address, password, full name, date of birth, phone number, and address. We use these details to verify your identity, comply with financial regulations, and contact you about your account if needed.

We also collect payment information. When you deposit via DANA, e-wallet, mobile banking, or local payment, we record the transaction details, amount, and timestamp. For bank transfers (online payment, e-wallet, mobile banking, local payment, online payment), we store your virtual-account details and transfer records. This information helps us process withdrawals, prevent fraud, and maintain transaction history for your account.

During gameplay, we log your session activity: which games you play, stakes you place, round outcomes, and leaderboard rankings. We track this data to calculate tournament positions, display your history, and detect unusual account behaviour that might indicate fraud or account compromise.

Identity verification documents

Our castle platform requires identity verification (KYC) before your first withdrawal. You upload a photo of your ID (KTP, passport, or driver's license) and proof of address (utility bill, bank statement, or lease agreement). We store these documents securely and use them only to confirm your identity and comply with anti-money-laundering regulations. We do not share them with third parties except where required by law.

Cookies and technical data

We use cookies on castle to maintain your login session, remember your preferences, and measure how you interact with our platform. These are session cookies (deleted when you close your browser) and persistent cookies (stored for up to one year). You can disable cookies in your browser settings, though this may limit some castle features.

We also collect technical data: your IP address, device type, browser version, and the pages you visit. This helps us detect fraud, troubleshoot technical issues, and understand which games and features are most popular. We do not use this data to identify you personally — only to maintain platform security and performance.

Our servers may sit outside your jurisdiction

We at castle process some data on servers located outside Indonesia. By using our platform, you consent to this data transfer. We apply the same security standards to all servers regardless of location.

How we use and share your data

We use your data for core platform functions: processing deposits and withdrawals, verifying your identity, calculating tournament leaderboards, and maintaining your account history. We also use it to prevent fraud, detect suspicious activity, and comply with financial regulations.

We share data only with third-party processors who help us operate castle. Payment providers (e-wallet, mobile banking, local payment, online payment, and our banking partners) receive transaction details to process your payments. Our hosting provider receives technical data to maintain server performance. Our identity verification service receives your KYC documents to confirm your identity. All processors are bound by confidentiality agreements and may not use your data for their own marketing.

We may disclose data to law enforcement or regulatory bodies if required by legal process. We do not sell personal data to marketers or data brokers. We do not use your information to create profiles for targeting advertisements outside our platform.

Data retention on castle

We retain your account data (email, name, address) as long as your account is active. If you request account closure, we delete personal data within 90 days unless we are required by law to retain it longer (e.g., for anti-money-laundering compliance, which typically requires 5 years).

Transaction records and gameplay history are retained for 7 years to support withdrawal processing, dispute resolution, and regulatory compliance. After 7 years, this data is deleted except where we are obligated to retain it further.

Key takeaways

  • We collect personal data (name, email, address) for account verification and payment processing.
  • We use payment information to process deposits via e-wallet, mobile banking, local payment, online payment, and bank transfers, plus withdrawals.
  • We store gameplay data to maintain tournament leaderboards and account history.
  • We do not sell personal data to third parties outside our payment and service processors.
  • We retain account data during account lifetime; transaction records for 7 years for compliance.

Your rights and our commitments on castle

You have the right to access your personal data stored on castle. You can request a copy of your information through our help portal or by emailing our support team. You also have the right to correct inaccurate data — if your address or phone number changes, you can update it directly in your account settings or ask our team to help.

You can request deletion of your personal data, though we may retain it for the retention periods described above if required by law. You also have the right to object to our use of your data for specific purposes, such as marketing communications (though we do not currently send marketing emails without your explicit consent).

We at castle are committed to protecting your data against unauthorized access, theft, or misuse. We use encrypted connections (HTTPS) for all transmission of sensitive information. Our servers are protected by firewalls and regular security audits. We limit access to personal data to castle employees and third-party processors who need it for their function, and we require them to maintain confidentiality.

Contacting us about privacy

If you have questions about our privacy practices, want to exercise your data rights, or believe we have mishandled your information, contact our support team. We offer English-language assistance during standard business hours via our help portal, email, or in-app chat. We aim to respond to privacy requests within 30 days.

Changes to this policy

We may update this privacy policy from time to time as our practices evolve or laws change. We will notify you of material changes by email or by posting a notice on castle. Your continued use of the platform after such notification constitutes acceptance of the updated policy.

Our services are available only where local law permits. We encourage you to review this policy alongside your jurisdiction's data-protection laws to understand your full rights. Users are responsible for verifying that their data practices align with local regulations before opening a castle account.