boss500 Privacy Policy

What Data We Collect on boss500

We collect different categories of data depending on how you use boss500. Account registration requires email address, username, and password. KYC verification requires government ID number (scanned copy), proof of address (utility bill or rental agreement), and contact confirmation (phone or email). Payment method setup requires banking details (BCA, e-wallet, mobile banking, local payment account numbers) or e-wallet identifiers (online payment, e-wallet, mobile banking, local payment reference).

When you deposit, we record the amount, payment method, timestamp, and transaction reference. When you place an order (football, live-dealer, slot, or esports), we log the game type, stake amount, odds or bet details, settlement outcome, and result timestamp. When you withdraw, we record the amount, destination payment method, compliance review status, and processing timestamp. All this data is retained for a minimum of 7 years per financial record-keeping standards.

We also collect device and session data: IP address, browser type, operating system, login timestamp, and geographic location (city-level). This helps us detect fraudulent access and prevent account takeover. We do not collect biometric data or sell browsing behavior to advertisers.

How We Use Your Data on boss500

We use your data primarily for account security and regulatory compliance. Email is used for login recovery, withdrawal notifications, and platform announcements. Government ID is cross-checked against registry data to verify you are who you claim. Payment method data is used only to process deposits and withdrawals—we never store full card numbers or full banking credentials; we store only tokenized references.

Order history is used to calculate settlement, detect patterns of fraud or money laundering, and provide account reconciliation. IP address and device data are used to flag unusual login locations or repeated failed password attempts. We analyze aggregate gameplay data (without identifying you personally) to understand platform usage patterns and improve service availability.

We do not use your data for marketing emails or third-party advertising without your explicit consent. If you opt in to promotional emails, you can opt out at any time via account settings or the unsubscribe link in the email.

Third-Party Processors and Data Sharing

We share your data with third-party processors to operate boss500. Payment processors (local payment provider, online payment, e-wallet, mobile banking, bank gateways) receive deposit and withdrawal instructions; we share only the amount, timestamp, and tokenized payment reference—never your full credentials. Identity-verification providers receive your government ID and proof of address to validate KYC; they use this data only for verification and discard it after confirmation.

We may share data with regulators or law enforcement where required by local law or court order. We do not sell your data to advertisers, data brokers, or third-party marketers. Affiliate partners or promotional partners never receive your personal data. If we partner with another service (e.g., a sportsbook for odds feeds), we do not share your account information with them—only aggregated, anonymized usage statistics if needed.

All third-party processors are contractually required to maintain data confidentiality and security standards equivalent to our own. We audit processor compliance annually and reserve the right to terminate relationships with processors that fail to meet our standards.

How We Protect Your Data on boss500

All data transmitted to boss500 is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Password hashes use bcrypt with salt, not plain-text storage. Passwords are never sent in plaintext, even to our support team. If you forget your password, we send you a time-limited reset link; you set a new password yourself.

Our servers are hosted in secure data centers with physical access controls, firewalls, and intrusion detection. Backups are encrypted and stored in geographically redundant locations. Database access is restricted to authorized personnel only; we maintain audit logs of all database access attempts.

We conduct regular security audits and penetration testing. If we discover a security breach affecting your data, we notify you within 72 hours via email and provide guidance on protective steps you can take. We also notify relevant regulators as required by law. You can enable optional two-factor authentication (SMS or authenticator app) for additional login security.

Cookies and Tracking on boss500

We use cookies to maintain your login session and remember your preferences (language, theme). Session cookies expire when you close your browser. Persistent cookies (if enabled) last up to 30 days and help you stay logged in across sessions. We do not use cookies to track your behavior across other websites.

We use analytics tools (such as server logs) to understand how users navigate boss500—which pages are visited, how long sessions last, which games are popular. This data is aggregated and anonymized; we do not track individual users across sessions using cookies or fingerprinting. You can disable cookies in your browser settings; this may affect functionality (e.g., you will need to log in each time).

We do not use third-party advertising cookies or allow advertisers to track you on boss500. If you see targeted ads for boss500 on other websites, this is not due to tracking from our site—it is standard retargeting by the advertising platform itself.

Your Rights Regarding Your Data on boss500

You have the right to access your personal data. Log into your boss500 account and download your account history, KYC records, and transaction history. You can also request a complete data export via support—we provide it within 30 days in a readable format.

You have the right to correct inaccurate data. If your address or contact information has changed, update it in account settings. If you believe your government ID record is incorrect, contact our KYC team with updated documentation.

You have the right to request deletion of your data. We delete non-financial data (browsing history, session logs) after 90 days of account inactivity. Financial records (deposits, withdrawals, order history) are retained for 7 years per law; we cannot delete these, but we can anonymize them once the legal hold expires. If you wish to delete your account entirely, contact support; we will close the account and schedule data deletion per legal requirements.

Your data on boss500 is protected by encryption, access controls, and compliance audit. We do not sell your information.

Data Locations and Jurisdictions

Our servers are located outside Indonesia. Data transfers between your device and our infrastructure cross international borders. Specifically, your data may be processed and stored in jurisdictions with different data-protection laws than Indonesia. By using boss500, you consent to your data being transferred and processed internationally.

If you are accessing boss500 from Jakarta, Surabaya, Bandung, or Medan, your data may be transferred to servers in Singapore, Australia, or other regional data centers. We maintain the same security and confidentiality standards globally; however, you acknowledge that law enforcement in those jurisdictions may have different access rights than Indonesian law enforcement.

If you do not consent to international data transfer, you should not use boss500. We cannot provide services without processing your data outside Indonesia.

Contacting Us About Privacy

If you have questions about our privacy practices, wish to exercise your data rights, or want to report a privacy concern, contact our support team via the platform's help channel. Include your account email, the nature of your request, and any relevant details. We respond to privacy inquiries within 10 business days.

If you believe we have mishandled your data or violated your privacy rights, you also have the right to file a complaint with your local data-protection authority (if applicable in your jurisdiction).

Updates to This Privacy Policy

We update this privacy policy from time to time to reflect changes in our data practices or applicable law. We post updates on this page and update the "last modified" date. Material changes (such as new data sharing with third parties) are communicated to users via email before they take effect.

By continuing to use boss500 after policy updates are published, you agree to the new terms. If you do not agree with updated terms, you may close your account. Your historical data is handled according to the privacy policy in effect at the time it was collected, unless you explicitly agree to new handling practices.

We undertake to keep this policy clear, up to date, and aligned with industry best practices and applicable law. If you have feedback on how we handle privacy, contact our support team.