onestepwinPrivacy Policy

This page describes what data we collect when you use onestepwin and how we keep that data protected. We at onestepwin take privacy seriously. Your personal information—name, identity number, address, payment details—is encrypted, stored securely, and used only for account verification, regulatory compliance, and customer support. We do not sell your data to third parties.

onestepwin operates across multiple jurisdictions. Our servers may be located outside your home country, but all data transfers comply with standard encryption and security protocols. When you deposit via DANA, e-wallet, mobile banking, or a bank account, payment details are tokenised and never stored in plain text on our systems. Your account history, bet records, and transaction logs are retained for audit and dispute resolution purposes and are accessible only to authorised onestepwin staff and compliance teams.

Read this policy to understand our data practices. If you have questions, contact our support team. By using onestepwin, you consent to this privacy policy.

What Data We Collect on onestepwin

Account and identity information

When you open an account on onestepwin, we require your full name, date of birth, email address, phone number, and residential address. We also request a government-issued identity document (KTP, passport, or driving licence) and a selfie holding your document to verify you match the ID. This process (Know Your Customer, or KYC) is a legal requirement in most jurisdictions where onestepwin operates and protects against fraud, money laundering, and account takeover.

We store this identity data securely with encryption. Your KYC documents are processed by automated systems and reviewed by our compliance team if needed. We retain these documents for the duration of your account and for a period after closure (typically 5–7 years) to comply with anti-money-laundering regulations.

Payment and financial data

onestepwin collects payment information when you deposit or withdraw. For e-wallet deposits (DANA, e-wallet, mobile banking, local payment, online payment), we record the wallet provider, the transaction amount, and a token reference (not your actual wallet credentials). For bank transfers (e-wallet, mobile banking, local payment, online payment), we record the bank name, virtual account number (unique to your onestepwin account), and transfer amounts. We do not store your full credit card, bank account number, or wallet password.

All payment transactions are logged with timestamps and are available in your onestepwin account history. This record is used for dispute resolution, regulatory reporting, and your own reference. We retain transaction logs for a minimum of seven years to satisfy financial compliance obligations.

Betting, game, and activity data on onestepwin

We record all your activity on onestepwin: bets placed, game outcomes, wins, losses, balance changes, and session timestamps. This includes live-dealer table sessions (which dealer, which table, which baccarat or Dragon Tiger hand), slot game spins (which game, which bet size, outcome), and sportsbook wagers (which match, which outcome, odds). We log this data to prevent fraud, resolve disputes, and generate audit trails for regulators.

Your bet history is available in your account dashboard on onestepwin and can be filtered by date, game, or bet type. This transparency helps you track your activity and dispute any incorrectly settled bets. We retain detailed bet records indefinitely (or for the period required by law in your jurisdiction) so that past disputes can be investigated at any time.

Technical and usage data

We collect technical data when you use onestepwin: your IP address, browser type, device type (mobile, tablet, desktop), operating system, and pages visited. We also log login times, session duration, and features used. This data helps us detect suspicious login patterns (e.g., simultaneous logins from different countries), troubleshoot technical issues, and improve our platform performance.

We use cookies and similar tracking technologies on onestepwin to remember your preferences, keep you logged in, and measure site performance. Our cookies do not collect sensitive data; they are session-based (expire when you close your browser) or persistent (remain for weeks or months to enable auto-login and preference saving). You can disable cookies in your browser settings, but some onestepwin features may not function properly without them.

How We Use and Protect Your Data on onestepwin

Data usage and third-party sharing

We use your data on onestepwin for: account verification and KYC compliance; processing deposits and withdrawals; settling bets and resolving disputes; detecting and preventing fraud; responding to support requests; and complying with legal and regulatory obligations. We do not use your data for marketing to third parties, affiliate programs, or promotional campaigns outside onestepwin.

We may share your data with third parties only in specific circumstances: (1) payment processors (DANA, e-wallet, mobile banking, bank partners) to complete your transactions; (2) regulatory authorities and law enforcement when required by law (e.g., anti-money-laundering investigations); (3) fraud prevention services to verify transactions and detect suspicious patterns; (4) our support and compliance teams within onestepwin. All third-party processors sign data processing agreements obligating them to protect your information.

We do not sell your personal data. We do not share your betting history with advertisers or other commercial entities. Your data remains within the onestepwin ecosystem except where legal or contractual obligations require disclosure.

Data retention and deletion on onestepwin

We retain your onestepwin account data for as long as your account is active and for a period after closure (typically 1–2 years) to handle post-account disputes and comply with legal holds. Identity documents and KYC records are kept for 5–7 years per anti-money-laundering requirements. Transaction logs and bet history are retained indefinitely for audit purposes.

You can request deletion of non-essential personal data (e.g., phone number, communication preferences) by contacting support. However, we cannot delete identity, payment, or transaction records if they are required for legal or regulatory compliance. If you request permanent account closure, we disable login access but retain records for the retention periods outlined above.

Security measures protecting onestepwin users

We encrypt all data in transit (using TLS/SSL) and at rest (using AES encryption). Our servers are protected by firewalls, intrusion detection systems, and regular security audits. Access to user data is restricted to authorised staff via multi-factor authentication. We conduct periodic penetration testing and vulnerability assessments to identify and remediate security gaps.

Despite these measures, no security system is entirely immune to breach. If onestepwin experiences a data compromise, we notify affected users and relevant authorities within the timeframe required by law (typically 72 hours). We take responsibility for our users and work with payment providers and regulators to mitigate harm.

Your rights regarding your data on onestepwin

You have the right to access, correct, and port your personal data. Log in to your onestepwin account to view and update your profile information. If you need a data export (all your personal data and betting history), contact support with a formal request; we provide this within 30 days in a machine-readable format.

You have the right to object to processing of your data for marketing purposes (though onestepwin does not market to third parties). You also have the right to lodge a complaint with your local data protection authority if you believe onestepwin has mishandled your data. Our support team can provide guidance on how to file such a complaint.

Jurisdiction-specific data handling

onestepwin users span multiple regions (Jakarta, Surabaya, Bandung, Medan, Semarang) and countries. Our primary data centre may be located outside Indonesia; however, we comply with Indonesian data protection laws where applicable and honour requests from regulatory authorities. If you are located in the European Union or another jurisdiction with data protection laws equivalent to GDPR, we apply equivalent protections to your data on onestepwin.

Certain data may be backed up or processed outside your home country for redundancy and compliance purposes. All transfers are encrypted and comply with international data protection standards. By using onestepwin, you acknowledge and consent to this cross-border data handling.

Policy updates and contact information

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes are communicated via email or in-app notification. Continued use of onestepwin after an update constitutes acceptance of the updated policy.

If you have questions about how onestepwin handles your data, contact our support team via the live chat in your account, email, or the contact form on our website. Our privacy team reviews all inquiries and responds within 5 business days. You can also visit our legal notice page for additional information.

Our services are available only where local law permits. Users are responsible for verifying that their use of onestepwin complies with their own jurisdiction's privacy and data protection laws.