mimic Privacy Policy

This page describes what we collect when you use mimic and how we keep that data protected. Our privacy commitments cover account information, payment details, betting history, and device data. We do not sell your personal information. We share data only with payment processors, fraud-detection systems, and regulatory authorities when legally required.

We process data across multiple jurisdictions. Your account may be hosted on servers outside Indonesia; however, we maintain the same encryption and access controls regardless of server location. Our data-retention policy balances player transparency with regulatory compliance. Account information is retained for as long as your account is active, plus a retention period thereafter for dispute resolution and audit purposes.

Our services are available only where local law permits. By using mimic, you acknowledge that you have read this policy and agree to our data practices as described below. If you have questions about how we handle your data, contact our support team via the channels listed at the end of this page.

What data we collect on mimic

We collect information in three main categories: account identity, payment details, and behavioral data.

Account and identity information: During signup, we ask for your email address, legal name, national ID number, and date of birth. We also collect your phone number if you provide it. This data is required for account verification (KYC) and compliance with anti-money-laundering regulations.

Payment information: When you deposit or withdraw, we record the payment method, amount, timestamp, and transaction ID. If you use DANA, e-wallet, mobile banking, local payment, or a bank virtual account (online payment, e-wallet, mobile banking, local payment), we store the transaction reference but not your full payment credentials. Payment processors (online payment, e-wallet, etc.) retain their own records separately.

Behavioral data: We log your betting activity—which markets you view, which bets you place, when you play, how long you stay logged in, and which device you use. We also store your IP address, browser type, and operating system. This data helps us detect fraud, prevent account abuse, and understand usage patterns. We do not sell this data to third parties.

We do not store full payment card details

If you use e-wallets (mobile banking, local payment, online payment), we store only the transaction reference. Your card or account credentials remain with the payment processor. We comply with PCI-DSS standards for any payment data we do handle.

How we use your data on mimic

We use your data for the following purposes:

  • Account administration: We verify your identity, process deposits and withdrawals, and manage account access.
  • Fraud prevention and compliance: We analyze behavioral patterns to detect unusual activity, money laundering, and account abuse. We share this analysis with fraud-detection partners and regulatory bodies when legally required.
  • Customer support: We review your account history and transaction logs to resolve disputes, answer questions, and investigate complaints.
  • Service improvement: We analyze aggregated, anonymized usage data to improve our platform performance, user experience, and game selection. This analysis never includes individual betting details linked to your name.
  • Legal and regulatory obligations: We retain data to comply with anti-money-laundering laws, tax authorities, and law enforcement requests.

Third parties who access your data

We share your data with the following types of organizations:

Payment processors: e-wallet, mobile banking, local payment, online payment providers, and banks (e-wallet, mobile banking, local payment, online payment) receive your transaction requests. They process payments and retain their own records. We do not control their privacy policies.

Fraud-detection and identity-verification services: We use third-party tools to verify your identity during KYC and to monitor for suspicious activity. These partners receive your ID number and name; they do not retain this data longer than necessary for verification.

Cloud and hosting providers: Our servers may be hosted by third-party providers in multiple countries. Your data is encrypted in transit and at rest. Hosting providers have contractual obligations to protect your information and cannot access it without authorization.

Regulatory and law enforcement authorities: We disclose data to government agencies, tax authorities, and law enforcement only when legally required by court order or regulatory request. We do not voluntarily share data with authorities; we require a legal document before disclosure.

Data retention on mimic

We retain your data for different periods depending on its type and purpose. Account identity information (name, ID number, date of birth) is retained for as long as your account is active, plus five years after account closure—to comply with financial record-keeping requirements. Transaction logs (deposits, withdrawals, bets) are retained for seven years to support dispute resolution and regulatory audit. Behavioral data (IP address, device type, session logs) is retained for one year, then deleted.

If you request account deletion, we anonymize your personal information but retain transaction records in aggregated, non-identifying form for compliance purposes. We cannot delete data that is legally required to be retained (e.g., for tax or anti-money-laundering compliance). We will explain any data we cannot delete and the legal reason we must retain it.

Your rights and data access on mimic

You have the right to request access to your personal data. Contact our support team to submit a data-access request. We will provide you with a copy of all data we hold about you within 20 business days. Your access request includes account information, transaction history, and any notes from customer support interactions.

You have the right to request correction of inaccurate data. If your address, contact details, or other information on file is incorrect, contact support and we will update it. You also have the right to object to certain uses of your data (such as marketing communications), though this does not affect our ability to process transactions or comply with legal obligations.

You cannot request deletion of data that we are legally required to retain. However, you can request that we stop processing your data for non-essential purposes (such as service improvement). We will honor such requests unless the data is needed for account administration or legal compliance.

Cookies and tracking on mimic

We use cookies to keep you logged in, remember your preferences, and prevent fraud. Our cookies include session cookies (deleted when you log out) and persistent cookies (retained for up to one year). We use these cookies to recognize your device and prevent unauthorized access to your account.

We also use analytics tools to track aggregated usage patterns—which pages are visited, how long users stay on each page, and which features are used most. This data is anonymized and does not identify you personally. We do not share this analytics data with third parties for marketing purposes.

Most browsers allow you to disable cookies in your settings. However, disabling cookies may prevent mimic from functioning properly (e.g., you may be logged out unexpectedly). We do not recommend disabling cookies; instead, you can clear your browser history and cookies periodically if you prefer.

Security measures we maintain

We protect your data using industry-standard encryption (TLS 1.2 or higher) for all data in transit. Account information, transaction logs, and payment data are encrypted at rest on our servers. We limit employee access to personal data; only staff members with a legitimate business need can view your information. All employee access is logged and audited.

We conduct regular security assessments and penetration testing to identify vulnerabilities. If we discover a data breach, we will notify affected users within 30 days and cooperate with law enforcement. We maintain cyber liability insurance to cover potential losses from unauthorized access.

However, no security system is perfect. We cannot guarantee that unauthorized parties will never access your data. If you suspect unauthorized access to your mimic account, contact support immediately and change your password.

Data breaches: If mimic experiences a data breach, we will notify affected users within 30 days and advise you of steps to take (such as changing your password). We will also notify relevant regulatory authorities and cooperate with law enforcement investigation.

International data transfer

Your data may be processed on servers located outside Indonesia. We transfer data internationally only where necessary for payment processing, fraud detection, or server infrastructure. When we transfer your data across borders, we use encryption and contractual safeguards to protect it. Our data-processing agreements require international partners to maintain the same privacy and security standards we do.

If we transfer your data to a country with weaker privacy laws, we add extra contractual protections (such as Standard Contractual Clauses) to ensure your data remains protected. You acknowledge and accept these international transfers by using mimic. If you do not consent to international data transfer, you should not use our services.

Policy changes and contact

We may update this policy as our operations change or as we adopt new security practices. We will notify you of material changes by email (using the email address on file) or by posting a notice on the mimic site. Continued use of your account after a policy update constitutes acceptance of the new policy. If you disagree with changes, you may request account closure.

If you have questions about our privacy practices or wish to exercise your rights (access, correction, objection), contact our support team. We offer live chat during extended hours and email customer support. You can also use the FAQ section to find contact details. Email requests typically receive a response within 2–4 hours. For data-access requests, we allow up to 20 business days for compilation.

Our services are available only where local law permits. Your use of mimic constitutes acceptance of this privacy policy and our data practices. If local law in your jurisdiction provides stronger privacy protections than this policy, those protections apply in addition to our commitments above.