LEGAL REFERENCE

Your data. Your control. Our commitment.

At hmslot99, protecting how we collect, use and store your account information is non-negotiable. This privacy policy explains exactly what happens to your data when you join us...

Transparent data handlingAccount security firstPayment data protectedYour consent mattersQRIS-ready infrastructure

View Game Library Read FAQ

Privacy Policy — Full Scope

hmslot99 collects personal information to create and manage your account, process transactions via DANA, OVO, GoPay and QRIS, verify your identity, and comply with local regulations in supported Indonesian regions. We store this data securely and only share it with payment partners and compliance teams where legally required. You retain the right to access, correct or request deletion of your information, subject

to regulatory retention obligations. Our privacy practices align with data protection standards applicable where hmslot99 operates. Any material policy changes are communicated to your registered contact.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

PLAYER SUPPORT

Privacy Questions? Reach Us.

Email Support Send privacy concerns to our dedicated data team. Responses typically arrive within 48 hours of submission. Include your account ID for faster tracking.

Account Settings Log in and navigate to your privacy dashboard. View consent preferences, download your data, or adjust communication settings directly without leaving your account.

Live Chat Chat with our support team during lobby hours. Ask about your data rights, payment privacy or policy updates. Available in English and Indonesian language support.

TRUST MARKERS

Why You Can Trust Our Privacy Approach

Encrypted Payment Rails

Every DANA, OVO, GoPay and QRIS transaction is encrypted end-to-end. Your financial details never touch our unprotected servers; payment processors...

Third-Party Audits

We commission independent security reviews of our data infrastructure annually. Audit reports confirm encryption standards and access controls meet industry...

Limited Data Retention

We don't store payment card details. Account logs beyond regulatory minimums are deleted automatically. You control how long marketing data...

Compliance Officers

Our legal team monitors changes to data protection rules across supported Indonesian regions. Policy updates reflect local regulatory shifts within...

Transparent Partner List

Every third party handling your data — payment processors, identity verifiers, analytics firms — is named in this policy. We...

Incident Response Plan

If unauthorised access occurs, we notify affected users within 72 hours with details of the breach, protective steps taken, and...

Consistency Across Our Privacy Docs

Same Data Scope	Whether you're reading our Terms of Service or this Privacy Policy, the definition of 'personal information' stays identical. No hidden surprises between documents.
Unified Consent Model	You make privacy choices once in your account settings. Those preferences apply to email, SMS, in-lobby notifications and our partner communications uniformly.
Aligned Payment Practices	Our payment privacy addendum mirrors this policy. DANA, OVO, GoPay and QRIS handling follows the same encryption and retention rules across all pages.
Connected Cookie Disclosure	Our cookie banner, Terms and this policy reference the same cookie types. No conflicting lists between documents; everything cross-references for clarity.
Version Control Log	Every change to this policy is dated and linked to matching updates in our Terms. You'll always know which document version was current when you joined.
Linked Rights Statements	Your data access, deletion and portability rights are documented here and cross-linked in our legal centre. Same wording, same timelines, one coherent promise.
Single Point of Contact	Privacy requests, data deletions and complaint escalations all route to the same team. No fragmented responses; one contact centre owns the entire lifecycle.

What Defines Our Privacy Standard

Account-First Data Model

We collect only what's necessary to run your account, verify identity and process DANA, OVO, GoPay and QRIS transactions. No behavioural profiling or third-party data purchases for targeting.

Indonesia-Local Compliance

Our policy respects data protection frameworks applicable in supported Indonesian regions. We don't claim jurisdiction outside where we operate; compliance is hyperlocal.

Withdrawal Privacy

When you request a payout to your e-wallet, your details are tokenised immediately after processing. We retain only confirmation records, not your payment credentials long-term.

Browser Cookie Control

You control session, analytics and marketing cookies separately via your account settings or browser preferences. No cookie wall blocks access if you opt out of non-essential tracking.

Dispute & Data Rights

You can request your complete data file, correct inaccuracies or request deletion within 30 days. We'll acknowledge receipt and respond with your data export or confirmation of deletion.

Policy Update Alerts

Material changes to this privacy policy trigger an in-app notification and email alert. You'll see a 30-day review period before any new terms take effect on your account.

Privacy Questions Answered

We don't store these payment credentials at all. During withdrawal, your e-wallet details are encrypted, tokenised and sent directly to the processor. Confirmation records are kept for 12 months for dispute resolution only.

Yes. Submit a deletion request via your privacy settings or contact support. We'll remove account data within 30 days, except transaction records required by law for financial audits, which we retain for 7 years.

Only our account management, compliance and payment teams see your full profile. Identity verifiers, payment processors and fraud-detection vendors see only the data they need to perform their function.

No. We never sell personal data. We share information only with payment partners and regulators where legal obligations require it, and only what's necessary to serve those functions.

Any acquisition or merger triggers a policy update notification to you. You'll have the right to request deletion before data transfer. We don't unilaterally change data uses under new ownership.

We retain login timestamps and IP addresses for 90 days to detect account abuse. After 90 days, aggregated analytics remain, but individual session details are permanently deleted from our logs.

Absolutely. Email, SMS and push notification preferences are independent of your account status. Unsubscribe anytime in your settings—your account stays active and fully functional.