hienzo Privacy Policy

This page describes what we collect when you use hienzo and how we keep that data protected. We at hienzo collect personal information necessary for account verification, payment processing, and compliance with applicable law. Our data practices reflect commitment to transparency—you understand what we gather, how we use it, and who may access it.

We collect identity documents (KTP for Indonesia residents), email addresses, payment-method details (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank account information), account activity logs, and device identifiers when you access hienzo's slot tournaments (Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, Mahjong Ways), live-dealer tables (blackjack, roulette, baccarat, Dragon Tiger), sportsbook markets (Liga 1, Piala AFF, Champions League, badminton, MotoGP), or esports competitions (Mobile Legends, Free Fire, PUBG Mobile).

Our servers may sit outside your jurisdiction; data transfers to processing locations outside Indonesia occur to support payment settlement, fraud detection, and account verification. By using hienzo, you consent to such transfers where applicable law permits.

What We Collect and How We Use Your Data on hienzo

We collect several categories of data. Account registration data includes email, password hash (never stored in plaintext), name, date of birth, and device type. Identity verification data includes government-issued document images (KTP), address confirmation, and residential location. Payment data includes payment-method details (account numbers, wallet identifiers, payment-processor tokens), deposit amounts, withdrawal requests, and transaction timestamps. Activity data includes login timestamps, game category selections (slots, live dealer, sportsbook, esports), tournament participation history, settlement outcomes, and IP addresses.

We use account data to verify identity, prevent duplicate accounts, and establish account tier eligibility (Standard, Premium, VIP). Verification staff access identity documents for KYC compliance; payment processors access payment details to execute transactions; our risk management team accesses activity logs to detect fraud, account takeover, or coordinated abuse patterns.

We retain identity documents for five years after account closure (or longer if required by applicable law). Payment records are retained for seven years to support audit trails and dispute resolution. Activity logs are retained for two years; older logs are aggregated into anonymised summaries for trend analysis.

Personal data

Information that identifies you—name, email, payment details, identity document. We process this only for account management and legal compliance.

Activity data

Records of your use—games played, settlement outcomes, login times, device type. We use this to detect fraud and improve service reliability.

Inferred data

Data we derive from your activity—player skill level, game preference, risk profile. We use this only internally; we do not share with third parties.

Third-Party Processors and Data Sharing on hienzo

We share data with payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, and bank settlement networks), who access payment details solely to execute transactions. We share data with identity-verification vendors who cross-reference KTP images against government databases (for Indonesia residents). We share data with fraud-detection services that analyse login patterns, device fingerprints, and account behaviour to flag suspicious activity.

We do not sell personal data. We do not share personal data with marketing partners, data brokers, or third-party advertisers. We may share anonymised, aggregated data (e.g., "slot players in Jakarta averaged 4 tournament entries per week") with our internal analytics team and, in limited cases, with academic researchers studying online gaming patterns (under strict confidentiality agreements).

We may disclose personal data if required by applicable law, court order, or legitimate government request. Such disclosures occur only where legally mandated; we do not voluntarily report user activity to authorities absent legal obligation.

Cookies, Device Identifiers, and Browser Data

We use cookies to maintain login sessions and remember account preferences (e.g., language selection, last-accessed game category). Session cookies expire when you close your browser; preference cookies persist for one year. We do not use cookies for cross-site tracking or behavioural advertising. We collect device identifiers (device type, operating system, browser type) to detect account takeover and prevent duplicate access from compromised devices.

Our servers log IP addresses to support fraud detection and geographic compliance (verifying that access originates from permitted jurisdictions where applicable). We do not use IP data for tracking after session conclusion; logs are retained for 30 days then deleted.

We do not employ third-party tracking pixels, web beacons, or analytics frameworks that profile user behaviour across websites. Our analytics are confined to hienzo's own domain and do not integrate with external platforms.

Your Rights on hienzo

You may request access to personal data we hold about you. Submit requests via account support; we provide downloadable data exports (in CSV format) within five business days. You may request correction of inaccurate data (e.g., misspelled name); corrected data takes effect within one business day. You may request deletion of personal data subject to legal-retention obligations—if we must retain data for compliance (e.g., five-year KYC archive), we acknowledge the request but retain data as legally required. Deletion requests are processed within 30 days.

You may opt out of marketing emails at any time by following unsubscribe links in email footers. Opting out does not prevent transactional emails (settlement confirmations, account alerts, support responses). You may disable cookies via browser settings; note that disabling session cookies may prevent login functionality.

Data Security and International Transfer on hienzo

We employ standard encryption (TLS 1.2+) for data in transit—all connections to hienzo use HTTPS. Data at rest (stored on servers) is encrypted using AES-256 standard. Access to encrypted keys is restricted to essential personnel; backups are encrypted separately and stored offline. We undergo annual third-party security audits; audit reports are available upon request.

Our servers are distributed across data centres in multiple countries. Identity documents and payment details may be processed in jurisdictions outside Indonesia (e.g., Singapore, Australia, or the United States depending on third-party vendor locations). We employ Standard Contractual Clauses (SCCs) with international processors to ensure data protection standards equivalent to Indonesian law where applicable.

We cannot guarantee absolute security; no system is impenetrable. If we detect data compromise (unauthorised access to encrypted user data), we notify affected account holders within 72 hours. We do not pay ransom in case of ransomware attacks; compromised data is treated as permanently inaccessible and users are notified promptly.

Policy Changes and Contact Information

We may update this policy at any time. Updates become effective upon publication; we provide notice via account messaging for material changes. Continued use of hienzo following updates constitutes acceptance of new privacy terms. Previous versions are archived for reference.

Contact our privacy team with questions, data-access requests, or concerns regarding our practices. You may submit inquiries via account support during business hours (Monday–Friday, 08:00–18:00 Jakarta time, excluding Indonesian public holidays like Idul Fitri, Idul Adha, Imlek, and Nyepi). We respond to privacy requests within five business days.

If you are unsatisfied with our response to a privacy concern, you may lodge a complaint with applicable data-protection authorities in your jurisdiction. We cooperate with regulatory investigations and provide requested information to support compliance reviews.