LEGAL REFERENCE

Your Data. Our Responsibility.

We built 388hero around Indonesia's payment flows and your account security. This policy shows exactly how we handle your personal information, payment details and gameplay data across our...

Data ProtectionPayment SecurityAccount PrivacyTransparencyYour Control

Browse the Lobby Read FAQ

Policy Scope & Jurisdiction

388hero operates under applicable gaming regulations in supported regions. We collect and process your personal data — name, contact details, payment information and gameplay history — to deliver account services, process DANA, OVO, GoPay and QRIS transactions, and comply with local legal obligations. Your data is stored securely and shared only with payment processors and regulatory bodies where required by law. We

do not sell your information to third parties.

Service availability is jurisdiction-dependent. Users are responsible for checking local law before access.

24/7 SUPPORT

Privacy Questions & Support

TRUST MARKERS

Why This Policy Matters

Encrypted Transactions

Every DANA, OVO, GoPay and QRIS payment is encrypted end-to-end. Your financial details never touch our servers unprotected.

No Third-Party Sales

We do not monetise your data. Your gameplay history, account balance and personal details stay within 388hero unless law requires disclosure.

Regular Audits

Our security infrastructure undergoes quarterly third-party audits to verify encryption, access controls and compliance with data protection standards.

Transparent Logging

Every access to your account — login, payment, withdrawal — is logged and visible to you in your activity history for full transparency.

Deletion Rights

You can request permanent deletion of your account and associated data at any time. We process requests within 30 days where legally permitted.

Compliance Ready

Our policy aligns with data protection frameworks applicable in Indonesia and supported regions, including local gaming regulations.

How We Stand on Privacy

Data Minimisation

We collect only what's needed to run your account, process payments and meet legal obligations — nothing extra.

Payment Isolation

DANA, OVO, GoPay and QRIS credentials are tokenised. We never store full payment details on our systems.

User Control

You control what data we hold. Opt out of marketing emails, adjust privacy settings and request exports anytime.

Breach Response

If a security incident occurs, we notify affected users within 48 hours and provide guidance on account protection steps.

Cookie Transparency

Our site uses functional cookies for account login and analytics cookies (optional). No tracking cookies follow you off-site.

Child Safety

388hero is for adults only. We do not knowingly collect data from anyone under 18 and delete such data immediately if discovered.

Policy Updates

When we change this policy, we notify you 30 days in advance. Continued use means you accept the updated terms.

PLATFORM SNAPSHOT

What Protects Your Account

Two-Factor Authentication Enable 2FA in your account settings to add a second verification layer. Your login and withdrawals stay locked to your phone.

Session Timeout Your account automatically logs out after 15 minutes of inactivity. This prevents unauthorised access if you step away from your device.

Withdrawal Verification Every withdrawal request triggers a confirmation email or SMS. You must approve it before funds leave your 388hero account.

IP Whitelisting Recognise and lock your account to specific devices or IP addresses. Logins from new locations require additional verification.

Activity Alerts Get instant notifications when your account is accessed, a payment is processed or your password is changed.

Secure Password Reset Forgot your password? We verify your identity through email and security questions before letting you create a new one.

Privacy Policy Questions

We retain your data for as long as your account is active plus 7 years for regulatory compliance. After account deletion, we purge personal data within 30 days unless law requires longer retention.

Yes. Go to Account Settings > Privacy & Security > Data Export. We'll email you a complete file of your personal information, gameplay history and transaction records within 5 business days.

Absolutely. Payment details are tokenised and encrypted. We never store full card or wallet credentials. All transactions use industry-standard SSL encryption and PCI compliance protocols.

Only when necessary: payment processors handle DANA, OVO, GoPay and QRIS transactions; regulators receive data where legally required. We never sell your information to marketers or data brokers.

We notify you within 48 hours, explain what data was affected and provide steps to secure your account. We also report to relevant authorities and work with security experts to prevent recurrence.

Yes. Request permanent deletion in Account Settings > Privacy & Security > Delete Account. We remove all personal data within 30 days, though transaction records may be retained for regulatory purposes.

We use functional cookies for login and session management, plus optional analytics cookies to improve your experience. No tracking cookies follow you off-site. You can disable non-essential cookies anytime.

Your Data. Our Responsibility.

Policy Scope & Jurisdiction

Privacy Questions & Support

Why This Policy Matters

Encrypted Transactions

No Third-Party Sales

Regular Audits

Transparent Logging

Deletion Rights

Compliance Ready

How We Stand on Privacy

What Protects Your Account

Privacy Policy Questions

How long do you keep my personal data?

Can I download a copy of my data?

Is my DANA, OVO, GoPay or QRIS information safe?

Do you share my data with third parties?

What happens if there's a data breach?

Can I delete my account and all my data?

How do you use cookies on 388hero?