korblox Privacy Policy

This page describes what we collect when you use korblox and how we keep that data protected. We collect personal information—such as your email, name, phone number, and identity document—only to verify your account, process payments, and comply with legal obligations. We do not sell your data to third parties or use it for marketing without your explicit consent.

On korblox, your account data remains private and visible only to you and our staff during security audits or fraud investigations. Your transaction history—deposits, withdrawals, and gameplay entries—is encrypted and stored on our servers. We use industry-standard encryption (TLS 1.2 or higher) on all data in transit between your phone and our platform.

This policy applies to all korblox users accessing our platform via Android app, iOS browser, or desktop. We update this policy periodically and notify you of material changes via email or in-app notification. Your continued use of korblox after updates signifies acceptance of the revised terms.

What data we collect on korblox

We collect your email address and password when you create your korblox account. We also collect your full name, date of birth, phone number, and identity document (KTP, passport, or driving license) during account verification before you can withdraw funds. This verification is required by Indonesian financial regulations and helps us prevent fraud and money laundering.

When you deposit or withdraw on korblox, we record the payment method (e.g., DANA, e-wallet, mobile banking, local payment, online payment, or bank account), the transaction amount, timestamp, and status. We store your linked payment account details securely and use them only to process transactions. We never store your full payment credentials—only a tokenized reference that allows us to initiate transfers.

During gameplay on korblox, we log every bet, spin result, entry confirmation, and payout. This data is stored permanently in your account history and remains visible to you anytime. We also log your device type, IP address, login timestamps, and approximate location (city or region) for security and fraud detection purposes.

• Account data: Email, password hash, full name, date of birth, phone number, identity document.
• Payment data: Payment method, tokenized account reference, transaction amounts, dates, and status.
• Gameplay data: All bets, entries, results, and payouts timestamped and linked to your account.
• Device and security data: Device type, IP address, login history, location (city/region), and login attempts.
• Cookies and identifiers: Session cookies, device identifiers, and analytics tokens to keep you logged in and track platform usage.

We do not collect your credit card number in full. If you deposit via bank transfer using e-wallet, mobile banking, local payment, or online payment, we receive only a virtual account code and confirmation from the bank—never your full banking credentials.

How we use your data and your rights on korblox

We use your personal data for these purposes: verifying your identity and account, processing deposits and withdrawals, detecting fraud and unauthorized access, complying with financial regulations, and improving our korblox platform through anonymized analytics. We do not use your data for marketing, profiling, or algorithmic decision-making without your consent.

Your password is salted and hashed using a one-way cryptographic function—we never store or access your plaintext password. If you forget your password, our reset flow sends a verification link to your email. You set a new password yourself; we do not recover or reset it for you directly.

We use cookies and session tokens to keep you logged in on korblox. These cookies are httpOnly (not accessible to JavaScript) and secure (only transmitted over HTTPS). We also use analytics tokens to track aggregate platform usage—how many players log in daily, which games are popular, how long sessions last. This data is anonymized; we do not tie analytics to individual user identities.

Data retention

We keep your account data indefinitely while your account is active. After account closure, we retain transaction records for seven years per financial regulations, then delete them.

Third-party access

We share your data only with payment processors (DANA, e-wallet, etc.), our hosting provider, and regulatory authorities if legally required. We never sell or share your data for marketing.

Your access rights

You can request a copy of your personal data or ask us to delete non-essential information. Contact us via in-app support or email, and we'll respond within 30 days.

Data breach notification

If we discover unauthorized access to your korblox account, we notify you by email and in-app notification within 48 hours. You can reset your password and enable 2FA to secure your account.

During major events like Liga 1 matches, Piala AFF tournaments, or Idul Fitri celebrations, our servers handle increased traffic. We may retain temporary logs (IP addresses, request timestamps) for debugging purposes. These logs are encrypted and deleted after 30 days unless a security investigation is underway.

We maintain two-factor authentication (2FA) to protect your account. When you enable 2FA on korblox, you receive a one-time code via SMS or authenticator app each time you log in from a new device. This code is valid for ten minutes and cannot be reused. We recommend enabling 2FA even if you're the only person with access to your phone.

If you have questions about how we handle your data on korblox, contact our privacy team via in-app chat or by visiting our support page. We respond to privacy inquiries within five business days. You also have the right to lodge a complaint with your local data protection authority if you believe we've mishandled your information.