istana404Privacy Policy

What data we collect on istana404

When you create an account on istana404, we collect your full name, email address, phone number, and date of birth. We use this information to verify your identity and prevent fraud. Before your first withdrawal, we ask you to upload a government-issued ID (KTP, passport, or driver's license) and proof of residential address (utility bill or bank statement dated within three months).

We also collect transaction data—deposit amounts, payment methods, withdrawal requests, and timestamps. This information helps us process your payments, detect suspicious activity, and comply with financial regulations. We do not store your full payment card details; payment processors handle that information securely on their own servers.

When you use istana404, we collect technical data: your IP address, browser type, device type, and pages you visit. We use this data to improve our platform, diagnose technical issues, and protect against fraud and unauthorized access.

How we use your data

We use your personal data to verify your identity, process deposits and withdrawals, and comply with anti-money-laundering (AML) and know-your-customer (KYC) regulations. We also use it to detect and prevent fraud, investigate disputes, and respond to account recovery requests.

We use transaction data to maintain your account balance, generate statements, and monitor for suspicious patterns. If we detect unusual activity—such as rapid deposits followed by large withdrawals, or access from multiple countries in a short timeframe—we may flag your account for review or request additional verification.

We use technical data to improve istana404's performance, fix bugs, and enhance security. We may also use aggregated, anonymized data for analytics and business planning—for example, understanding which payment methods are most popular in Jakarta, Surabaya, Bandung, or Medan.

Third-party processors and data sharing

We share your data with payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) to process deposits and withdrawals. These processors have their own privacy policies and security practices. We do not control how they handle your data beyond what our contracts require.

We may share your data with identity verification services to confirm your government ID and address. We also share data with financial authorities and law enforcement if required by law or court order. We do not share your data with marketing partners, advertisers, or other third parties without your explicit consent.

"We at istana404 encrypt your data, limit access to authorized staff, and monitor for unauthorized activity—protecting your privacy is central to how we operate."

Data retention and deletion

We retain your personal data for as long as your account is active and for a period after closure to comply with financial regulations and resolve disputes. Typically, we keep data for at least five years after account closure. We do not delete data earlier unless you request it and we have no legal obligation to retain it.

If you request account closure, we stop processing your data for marketing or analytics purposes. However, we retain transaction records and identity documents as required by law. You may request a copy of your data or ask us to delete it where legally permitted by contacting support.

Cookies and tracking

We use cookies to remember your login session, store your language preference, and track your activity on istana404. Cookies are small files stored on your device. You can disable cookies in your browser settings, but this may affect your ability to use istana404 fully.

We do not use cookies to track you across other websites. We do not sell cookie data to third parties. We use cookies only to improve your experience on istana404 and to detect fraud.

Your rights regarding your data

You have the right to access your personal data, request a copy of it, and ask us to correct inaccuracies. You may also request that we delete your data where legally permitted. To exercise these rights, contact our support team through your account settings.

We respond to data access and deletion requests within standard business hours. If we cannot delete data due to legal obligations, we inform you of the reason and the retention period. You also have the right to lodge a complaint with your local data protection authority if you believe we've mishandled your data.

Data security and encryption

We use industry-standard encryption (HTTPS/TLS) to protect data transmitted between your device and our servers. Your account password is hashed and salted, meaning we do not store your actual password—only a cryptographic representation of it. If you forget your password, you can reset it via email or phone verification.

Our servers are located in secure data centers with physical access controls, firewalls, and intrusion detection systems. We limit access to your data to authorized staff who need it to perform their jobs. We conduct regular security audits and penetration testing to identify and fix vulnerabilities.

Data breach notification

If we discover a data breach that compromises your personal information, we notify you via email or in-app notification as soon as possible. We also inform relevant authorities where required by law. We take immediate steps to contain the breach, investigate the cause, and prevent future incidents.

International data transfers

Our servers may be located outside your jurisdiction. By using istana404, you consent to your data being transferred to and stored in countries outside Indonesia. We ensure that data transfers comply with applicable privacy laws and that your data receives the same level of protection as it would in your home country.

Changes to this privacy policy

We may update this privacy policy at any time. If we make material changes, we notify you via email or in-app notification. Your continued use of istana404 after changes take effect means you accept the updated policy. If you disagree with changes, you may close your account.

Contact us about privacy

If you have questions about this privacy policy, want to exercise your data rights, or believe we've mishandled your data, contact our support team through your account settings. We respond within standard business hours. For urgent privacy concerns, mark your message as priority.

Related pages