biru Privacy Policy
This page describes what we collect when you use biru and how we keep that data protected. When you register an account, deposit funds via DANA or e-wallet, place a bet on Liga 1, or play a live casino table, we collect certain information about you. We keep that information encrypted, use it only for account management and fraud prevention, and do not sell it to third parties.
Our privacy approach centres on transparency and your control. You can view, update, or request deletion of your personal data anytime through your biru account menu. We comply with international data-protection standards and local Indonesian regulations. If you have questions about how we handle your information, contact our support team through the Help Centre.
Services on biru are available only where local law permits. By creating an account, you acknowledge that you have read and accept this privacy policy.
What information we collect on biru
When you register a biru account, we collect your email address or phone number, your chosen password, and your full name. If you deposit funds, we record the payment method you used (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or your bank account details). We store your transaction history—every deposit, withdrawal, bet, and payout—with timestamps and amounts in Rupiah.
Before your first withdrawal, we ask you to verify your identity by uploading a photo of your national ID, passport, or driver's license. We scan this document automatically and store a copy encrypted on our secure servers. We also record your IP address (the identifier assigned to your internet connection), your device type (Android, iOS, web browser), and which pages you visit on biru. This information helps us detect fraud, prevent account takeovers, and improve our platform.
How we use your information on biru
We use your email or phone number to send you account confirmations, deposit and withdrawal receipts, and password-reset links. We use your identity documents to comply with anti-money-laundering (AML) and know-your-customer (KYC) regulations. We use your transaction history to settle bets, calculate payouts, and provide you with account statements. We use your IP address and device information to detect suspicious activity and prevent fraud.
We do not use your personal data for marketing emails unless you explicitly opt in. We do not sell your data to third parties. We may share your encrypted identity information with our payment processors (mobile banking, local payment, online payment processors) only to the extent needed to process your deposits and withdrawals. We may disclose your information if required by law—for example, if a court orders us to assist a criminal investigation.
Your data on biru
- We collect: email, phone, name, ID photo, payment methods, transaction history, IP address, device type
- We use it for: account management, fraud prevention, KYC verification, legal compliance
- We do not: sell it to third parties or use it for unsolicited marketing
- We encrypt: all sensitive data transmitted and stored on our servers
- You can: view, update, or request deletion anytime via your account menu
Third-party processors and data location
Our payment processors (e-wallet, mobile banking, local payment, and your bank) receive your payment details when you deposit or withdraw. These processors have their own privacy policies and data-protection standards. We recommend you review their policies. Our servers may be located outside your jurisdiction (we may use cloud infrastructure in Singapore, the Philippines, or other regions). Data stored outside Indonesia remains encrypted and subject to our privacy commitments.
We use email service providers to send you notifications. We use analytics providers to understand how users interact with biru. These third parties access only anonymised or aggregated data—they do not see your personal ID information or transaction amounts. We do not share your betting history (which Liga 1 matches you bet on, which slots you play) with third parties.
Cookies and tracking on biru
Our website uses cookies—small text files stored on your device—to remember your login session and your preferences (language, dark mode, favourite sports). These cookies expire after a set period (typically 30 days for session cookies). We also use cookies to measure how many users visit biru and which pages are most popular. You can disable cookies in your browser settings, though this may prevent some biru features from working properly.
We do not use cookies to track you across other websites. We do not sell your browsing data to advertisers. If you log out of biru, your session cookie is deleted and you are logged out on all devices. If you clear your browser cookies, you will need to log in again next time you visit.
Your rights and account access on biru
You have the right to access all information we hold about you. Log in to your biru account, go to Account Settings, and select "Download My Data" to receive a file containing your personal information, transaction history, and identity documents. You have the right to correct any inaccurate information—if your name or email is wrong, update it in your Account Settings.
You have the right to request deletion of your account. Go to Account Settings and select "Delete Account". Your account will be closed, but we may retain anonymised data (betting volumes, timestamps without personal identifiers) for legal and fraud-prevention purposes for up to seven years. You can request account recovery within 30 days of deletion; after that, deletion is permanent.
We encrypt all data transmitted to and from biru using SSL protocols. Your password is hashed and never stored in plain text. Payment card details are never stored on our servers—they are processed directly by payment gateways.
Data retention and security on biru
We keep your transaction history for at least seven years to comply with Indonesian financial regulations. We keep your identity documents (national ID photo, passport scan) encrypted on secure servers. We delete inactive accounts after two years of no login—you can reactivate an inactive account by logging in. We conduct regular security audits and penetration testing to ensure our systems are protected against unauthorised access.
All communication between your device and biru's servers is encrypted using SSL/TLS protocols. Your password is hashed using industry-standard algorithms and cannot be recovered—if you forget it, we send you a reset link rather than revealing the original password. We do not use your password for any purpose other than authentication. If you suspect your biru account has been compromised, contact our support team immediately through the Help Centre.
Policy updates and contact information
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. If we make material changes, we will notify you via email or a prominent notice on biru. Your continued use of biru after such updates indicates your acceptance of the new policy. We encourage you to review this policy regularly.
If you have questions about our privacy practices, how we handle your data, or your rights under this policy, contact our support team via the Help Centre in your biru account menu, or email us directly. We will respond to your inquiry within standard business hours. If you believe we have violated your privacy rights, you may lodge a complaint with your local data-protection authority or contact our compliance team for assistance.
This privacy policy applies to all users of biru across supported jurisdictions. By using biru, you consent to our collection, use, and storage of your personal information as described in this policy. Services on biru are available only where local law permits. If you reside in a jurisdiction where biru services are prohibited, please do not register an account.