pony Platform Privacy Notice

This page describes what we collect when you use pony and how we keep that data protected. We gather information necessary to verify your identity, process your deposits and withdrawals through DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, and e-wallet, and deliver our sportsbook and live-dealer services. Our commitment is to handle your personal data transparently and securely, restricting its use to legitimate operational and regulatory purposes.

We recognise that privacy is foundational to trust. When you fund your pony account, place a wager on Liga 1 or Piala AFF, or join a live blackjack table, you are entrusting us with sensitive financial and personal information. We use industry-standard encryption, segregate your data from operational funds, and do not sell or rent your information to third parties. We comply with applicable data-protection laws where we operate and respond to your requests regarding your information.

This privacy notice sets out our practices in plain language. We have structured it into sections covering data collection, use, storage, third-party processors, your rights, and contact details for questions or concerns.

What Data We Collect on pony

We collect several categories of information to operate pony and serve our account holders. Identity data includes your full name, date of birth, national ID number (or passport number), and residential address. We require this during account verification to comply with anti-money-laundering and know-your-customer regulations. We do not collect this data out of curiosity; we collect it because local law in jurisdictions where we operate mandates identity verification before we can accept deposits or process withdrawals.

Contact information includes your email address, mobile phone number, and any alternate contact methods you provide. We use these to send account notifications, payment confirmations, and support responses. You may opt out of marketing emails, but we will continue to send transactional notices (e.g. withdrawal confirmation, login alerts) as long as your account is active.

Financial data includes your payment method details—e-wallet account identifiers, virtual account numbers assigned to you at BCA, e-wallet, mobile banking, or local payment, or other payment credentials. We use this solely to process deposits and withdrawals. We do not store full credit card numbers; payment processors handle card data according to their own security standards. We also record transaction history: dates, amounts, payment methods used, and settlement status for each deposit or withdrawal.

Behavioral data includes your account activity—games you play, wagers placed on Liga 1 or Piala Indonesia fixtures, live-dealer sessions attended, and login patterns. We use this to detect fraud (sudden unusual activity patterns), enforce account limits if you request them, and improve our platform. We do not sell this data to advertisers.

Sensitive Data: We treat all personal data—especially identity documents and payment credentials—as sensitive. Our servers encrypt this information in transit and at rest using industry-standard protocols.

How We Use Your Data on pony

Our primary use of your data is operational: processing your deposit and withdrawal requests, verifying your identity, settling game outcomes, and managing your account balance. When you deposit via online payment or e-wallet, we pass your transaction details to the payment processor to execute the transfer. When you request a withdrawal to your mobile banking virtual account, we initiate the transfer and record the outcome in your account history.

We use your contact information to send account-related notices. If your withdrawal is delayed due to bank processing, we may email or SMS you with an update. If we detect suspicious login activity, we may contact you to confirm it was you. These communications are transactional and necessary for account security.

We analyse aggregate activity data to improve pony's platform—understanding which games are popular, which payment methods users prefer, and which times of day experience high traffic. We perform this analysis on anonymised data; we do not tie it to individual accounts. This helps us allocate server resources, decide which new games to add, and optimise our payment integrations with local payment, online payment, and others.

We may also use your data for regulatory reporting. If local gambling regulators request information about account holder activity or financial flows on pony, we may be required to disclose anonymised or pseudonymised data. We do this only in response to formal legal requests and do not voluntarily share your data with government bodies.

Third-Party Processors and Data Sharing

Our pony platform relies on third-party service providers to function. Payment processors—the companies operating e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking gateways, and bank virtual-account systems—receive your financial data to execute transfers. We do not control their privacy practices, but we select partners with documented security standards. When you deposit via local payment, online payment's systems handle your e-wallet credentials; we do not store them.

We also engage cloud infrastructure providers to host our servers, store your data, and process game outcomes. Our servers may be located outside Indonesia, meaning your data crosses international borders. We contractually require these providers to maintain security standards equivalent to our own and to use your data only for purposes we specify.

Email service providers send transactional emails on our behalf. Support platforms (if we use third-party ticketing systems) may store copies of your support conversations. Analytics services may collect anonymised information about how you navigate pony (page views, button clicks) to help us identify technical issues or confusing interfaces.

We do not sell your personal data to advertisers, brokers, or other unaffiliated third parties. We do not use your data to build profiles for external marketers. We share data only with processors necessary to operate pony or comply with law.

Payment Processors: e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking systems that execute your deposits and withdrawals.
Cloud Providers: Companies hosting our servers and databases. Data may be stored in multiple geographic regions for redundancy.
Email / Support Services: Third-party platforms delivering transactional emails and managing support tickets.
Analytics Services: Tools tracking anonymised usage patterns (e.g. which games are visited, at what times) to improve platform performance.

Your Rights and Data Access on pony

You have several rights regarding your personal data held by pony. You can request a copy of all data we hold about you, including identity documents, payment history, and account activity logs. You can ask us to correct inaccurate information—for example, if we recorded your address wrongly during verification, we can update it. You can request deletion of your account and associated data, subject to applicable retention rules (we may need to keep transaction records for regulatory purposes).

To exercise these rights, contact our support team using the details provided at the end of this notice. We will respond within a reasonable timeframe, typically within 14 days. If you dispute our response or believe we are mishandling your data, you may escalate your concern to local data-protection authorities in your jurisdiction.

We retain your data only as long as necessary. Identity and financial records are kept for a minimum period (often several years) to comply with anti-money-laundering regulations and tax requirements. Once that period expires and your account is closed, we delete or anonymise your personal data. Anonymised data (e.g. "on day X, a user in Jakarta played slot game Y") may be retained indefinitely for analytics.

Cookies and Tracking Technologies on pony

Our pony platform uses cookies to remember your login session, preferences, and activity. Session cookies (which expire when you close your browser) let you navigate between pages without re-entering your credentials. Persistent cookies (stored longer) remember your preferred language or whether you have dismissed a notice. We do not use cookies to track your browsing across other websites.

We may also use tracking pixels or similar technologies to measure platform usage—for example, confirming that an email notification reached you or tracking which pages users visit most frequently. This data is aggregated and anonymised; it does not identify you personally.

You can control cookies through your browser settings. Disabling cookies may limit pony's functionality (e.g. you may need to log in on each page visit). We recommend accepting essential cookies while declining marketing or tracking cookies if you wish to restrict data collection.

Data Security and Encryption on pony

We protect your data using encryption, access controls, and regular security audits. Data in transit (between your device and our servers) is encrypted using TLS (Transport Layer Security), the same standard used by banks and payment processors. Data at rest (stored on our servers) is encrypted using AES-256 or equivalent algorithms. Only authorised staff with a legitimate business need can access unencrypted personal data.

We monitor our systems for intrusion attempts and unauthorised access. We do not claim absolute security—no system is immune to determined attackers—but we maintain industry-standard practices. If we detect a data breach affecting your account, we will notify you and any relevant authorities within the timeframe required by law.

Data Protection and Jurisdiction

Our services are available only where local law permits. We operate in compliance with applicable data-protection regulations in jurisdictions where we offer pony. If you are in Jakarta, Surabaya, Bandung, or Medan and local law imposes data-protection requirements, we follow them. We also respect EU GDPR principles for any users in GDPR-applicable jurisdictions, though our primary focus is on Indonesia-region operations.

Our servers and data storage may be located outside your country. By using pony, you acknowledge that your data may be processed and stored internationally. We contractually require international processors to maintain security standards equivalent to local requirements.

Changes to Our Privacy Policy

We may update this privacy notice to reflect changes in our practices, new features, or changes in law. We will notify you of material changes by posting the updated notice on this page and updating the date at the top. Your continued use of pony after updates constitute your acceptance of the revised terms. We encourage you to review this notice periodically.

Contact Us About Privacy

If you have questions about this privacy notice, wish to exercise your data rights, or have concerns about how we handle your information, contact our support team. We are available during standard business hours and will respond to privacy inquiries within 14 days. You can reach us through our FAQ page or about pagewhich includes support contact details.

We also respect your choices regarding communications. If you wish to stop receiving marketing emails, you can unsubscribe using the link in any promotional message. Transactional emails (account confirmations, withdrawal notices) will continue so long as your account is active, as these are necessary for account management and regulatory compliance.

Our commitment is transparency and respect for your privacy. We use your data only to operate pony, comply with law, and improve your experience. We do not monetise your personal information, and we keep it encrypted and segregated from operational funds. Thank you for your trust.