xiaoPrivacy Policy

This page describes what we collect when you use xiao and how we keep that data protected. Our commitment is simple: we collect only what is necessary to operate the platform, verify your identity, process payments, and settle your games. We do not sell your personal information to third parties.

When you register an xiao account, we ask for your email, full name, date of birth, and a copy of your identification document (for KYC). We also track your deposits, withdrawals, and gaming activity. This information is encrypted at rest and transmitted securely over TLS 1.2 or higher. We retain it only as long as necessary to comply with regulations and fulfill your requests.

Our privacy practices apply globally; however, our servers may sit outside your jurisdiction. If you are a resident of Jakarta, Surabaya, Bandung, or Medan, be aware that your data may be processed and stored outside Indonesia. By using xiao, you consent to this international data transfer. Our services are available only where local law permits; you are responsible for verifying compliance with your own jurisdiction's data protection laws.

What data we collect on xiao

We collect data in three categories: registration data, transaction data, and behavioural data.

Registration data: Your email address, full name, date of birth, phone number (optional), and a copy of your national ID or passport. We use this to create your xiao account, verify your identity (KYC), and comply with anti-money-laundering regulations.

Transaction data: Every deposit, withdrawal, and game bet is recorded. This includes the amount, timestamp, payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment), and outcome (win/loss, settlement amount). We keep this data to resolve disputes, detect fraud, and comply with financial reporting requirements.

Behavioural data: Your login times, device type (mobile or desktop), browser fingerprint, and IP address. We use this to detect unauthorized access, prevent account takeover, and identify patterns that might indicate fraud or problem gambling (which we report to you, not to third parties).

We do not track your location or browsing history

Our xiao platform does not request location permission; we infer your general region only from IP address (used for jurisdiction verification). We do not track your activity outside xiao or monitor which websites you visit.

How we use your data on xiao

We use your data for five purposes: account administration, payment processing, game settlement, fraud detection, and legal compliance.

Account administration: We use your email to send login alerts, password-reset requests, and account notifications (e.g., "Your withdrawal is pending" or "Your KYC verification is complete"). We never send unsolicited marketing emails.

Payment processing: Your payment method information (online payment account, e-wallet account, mobile banking VA number) is shared with our payment processor only during the transaction. We do not store your credit card or e-wallet password; payment providers handle that securely.

Game settlement: Your bet history, game outcomes, and balance updates are recorded to ensure accurate settlement and to allow you to review past activity in your xiao account history.

Fraud detection: We analyse your login patterns, device information, and transaction history to flag suspicious activity. If we detect potential fraud (e.g., rapid login from two different countries, unusual withdrawal amounts), we may temporarily lock your account and ask you to verify your identity.

Legal compliance: We may disclose your data to law enforcement or regulators if required by law or court order. We will not do this voluntarily; disclosure occurs only under legal compulsion.

Third-party processors and our xiao commitment

We work with trusted third parties to operate xiao securely. Our payment processors (local payment, online payment, e-wallet providers), cloud infrastructure providers, and fraud-detection vendors receive only the minimum data necessary to perform their role. Each processor signs a data-processing agreement committing them to confidentiality and security standards.

We do not grant any third party the right to use your data for their own marketing or analytics. If a processor is acquired or their service is deprecated, we migrate your data to a new processor under the same confidentiality terms.

Our live-dealer studios (which operate blackjack, roulette, baccarat, Dragon Tiger, and other table games) may record gameplay for dispute resolution and to ensure game integrity. Your face may appear in these recordings if you use a camera-enabled device; however, recordings are kept private and never shared publicly.

Key takeaways

  • We collect email, name, date of birth, ID copy, and transaction history to create and secure your xiao account.
  • We encrypt all data at rest and in transit; we never sell personal information to third parties.
  • Payment processors receive only transaction-specific data; they cannot use it for their own purposes.
  • We may disclose data to law enforcement only under legal compulsion or court order.
  • Your data may be processed outside your jurisdiction; you consent to this by using xiao.

Cookies, tracking, and your xiao session

We use cookies to maintain your xiao login session. When you log in, we store a session token in your browser; this token is used to verify your identity on subsequent requests and expires after 30 days of inactivity. You can clear your cookies, which will log you out of xiao.

We do not use cookies for tracking or analytics. We do not embed third-party analytics scripts (e.g., Google Analytics) on xiao; we have no visibility into your broader internet activity.

If you disable cookies, you will not be able to log into xiao. No workaround is available; cookies are mandatory for session management.

Your rights under our xiao privacy policy

You have the right to access, correct, or delete your personal data on xiao. To request a data export, send an email to our support team with your xiao account ID and a description of your request. We will respond within 10 business days with your data in a portable format (CSV or JSON).

If you request deletion of your xiao account, we delete all personal data except transaction records required by law (e.g., for tax or anti-money-laundering compliance). These records are retained for a minimum period set by regulation, then destroyed.

You may object to certain processing (e.g., fraud-detection monitoring) by contacting support. We will evaluate your objection and respond within 5 business days. Some processing cannot be objected to without closing your account (e.g., KYC data is mandatory to use xiao).

Data retention and security on xiao

We retain your personal data only as long as necessary. Registration data (name, ID copy, email) is kept for as long as your xiao account is active plus one additional year after closure. Transaction data is kept for seven years to comply with financial regulations and dispute-resolution requirements.

Our servers use encryption, firewalls, and intrusion detection to prevent unauthorized access. Our staff members access your data only when necessary and sign confidentiality agreements. We conduct annual security audits; if a vulnerability is discovered, we patch it immediately and notify affected users if their data is at risk.

If we detect a data breach, we will notify you within 72 hours with details of what data was exposed and what steps we are taking to contain it. We are also required to notify relevant regulators.

Contact xiao about your privacy

If you have questions about our privacy practices, contact our support team via in-app chat or email. We respond to privacy inquiries within 5 business days. If you are unsatisfied with our response, you may escalate the issue to our data protection officer (contact details provided by support on request).

This privacy policy applies to xiao globally and is available in English. If xiao operates in your jurisdiction under different privacy laws (e.g., GDPR in the EU), those specific requirements apply in addition to this policy.

We may update this policy to reflect changes in our practices or applicable law. We will notify you of material changes via email or in-app alert. Your continued use of xiao after such notification constitutes acceptance of the updated policy.