nobu Privacy Policy

This page describes what data we collect when you use nobu and how we keep that data protected. We treat your personal information — your email, identity documents, payment details, and account activity — as sensitive material that requires encryption, secure storage, and strict access controls.

When you open a nobu account, you provide information voluntarily. We use that information to verify your identity (KYC), process your deposits and withdrawals, and comply with local financial regulations. We do not sell or rent your data to third parties, and we do not use your information for marketing outside our own platform unless you explicitly consent.

Our privacy commitments apply across all nobu access points — whether you log in via mobile app (Android APK or iOS browser), desktop website, or any other interface. If you have questions about how we handle your data, contact our support team before opening an account.

Data Collection and Use on nobu

Personal Information We Collect

When you register on nobu, we collect your email address, mobile phone number, and a password of your choice. During KYC verification, we collect a copy of your government-issued ID (national ID, passport, or driver's license) and proof of residence (utility bill or recent bank statement). We store these documents encrypted on secure servers.

When you deposit or withdraw funds, we collect transaction details including the amount, payment method (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, or bank transfer via mobile banking, local payment, online payment, e-wallet), and the date and time. We do not store full payment card or bank account numbers — we store only a reference token that allows us to process future transactions without re-entering details.

We automatically collect information about your activity on nobu: which games you play, which markets you view, your session duration, your IP address, browser type, and device type. This information helps us understand how you use our platform and allows us to optimize the experience for mobile users accessing nobu from Jakarta, Surabaya, Bandung, Medan, and other regions.

How We Use Your Data

We use your personal information for the following purposes: account verification and KYC compliance, processing deposits and withdrawals, preventing fraud and money laundering, responding to support inquiries, and sending service notifications (such as when your withdrawal is approved or your bonus expires).

We analyze aggregated and anonymized activity data to improve nobu's features, identify popular games and markets, and detect technical issues. We do not use this analysis to profile you or to make decisions that affect your account status — we use it only to enhance the platform.

Third-Party Processors and Data Sharing

We share your data only with third parties who process it on our behalf — payment providers, identity verification vendors, and hosting providers. These processors sign data-processing agreements that obligate them to protect your information and use it only for the purposes we specify.

We may disclose your data if required by law — for example, if a government agency issues a lawful request or if we believe disclosure is necessary to prevent fraud or protect the security of nobu. We will not disclose data to marketing partners, advertisers, or data brokers without your explicit written consent.

Your Rights on nobu

You have the right to request access to all personal data we hold about you. You can contact our support team and request a data export. We provide the export within 30 days in a standard electronic format.

You have the right to request correction of inaccurate data — for example, if your name or address on file is wrong, we will update it upon verification. You also have the right to request deletion of your data, subject to regulatory requirements. Some data (such as KYC documents and transaction records) must be retained for a set period to comply with anti-money-laundering regulations. After the retention period expires, we delete that data securely.

Cookies, Tracking, and Server Location

Cookies and Local Storage

We use cookies and local browser storage to remember your login session, your preferred language, and your notification settings. These are functional cookies — they do not track you across other websites. You can delete cookies from your browser settings at any time. Deleting cookies will log you out of your nobu account on that device.

We do not use third-party analytics cookies or advertising cookies. We do not track your activity outside nobu or build profiles for marketing purposes. All analytics data we collect is aggregated and anonymized before analysis.

Server Location and Data Transfer

Our servers may be located outside your jurisdiction. When you use nobu, your data is transferred to and processed on these servers. By using nobu, you consent to this cross-border data transfer. We implement appropriate safeguards (encryption, access controls, contractual agreements with hosting providers) to protect your data during transfer and storage.

Data Retention

We retain your personal data only as long as necessary to provide nobu's services and comply with regulatory obligations. KYC documents are typically retained for 5–7 years from the date of account closure to satisfy anti-money-laundering requirements. Transaction records are retained for the same period. Your email, password, and account settings are retained for as long as your account is active.

When you request account closure, we stop processing your data for active account purposes. We delete non-regulatory data (such as your session history and browsing activity) within 90 days. Regulatory data (KYC, transaction records) is retained for the full retention period and then securely deleted.

Payment Data and PCI Compliance

We do not store full payment card numbers or full bank account numbers. When you link a payment method on nobu, we tokenize the account and store only a token that allows us to process transactions without re-entering sensitive details. Payment processors (DANA, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet) retain your full payment details and are responsible for their security.

We comply with PCI DSS standards for payment data security. All payment data in transit is encrypted with TLS 1.2 or higher. Our payment processing does not expose your card or account number to nobu staff.

Children and Account Eligibility

We do not knowingly collect personal data from children. Our services are available only to individuals of legal age in their jurisdiction. If we discover that we have collected data from a minor, we delete that data and close the account immediately.

Policy Changes

We may update this privacy policy to reflect changes in our practices or legal requirements. We notify you of material changes by email at least 30 days before the new policy takes effect. Your continued use of nobu after the effective date constitutes acceptance of the updated policy.

Contact nobu

If you have questions about our privacy practices, wish to exercise your data rights, or believe we have mishandled your data, contact our support team. We respond to privacy inquiries within 30 days. If you are not satisfied with our response, you may lodge a complaint with the data protection authority in your jurisdiction.

We take privacy seriously. Your trust is essential to nobu's operations, and we are committed to protecting your personal information throughout your use of our platform — whether you access us during Liga 1 season, Piala AFF tournaments, or any other time. Our privacy controls remain consistent year-round, including during Idul Fitri, Idul Adha, and Imlek holidays. If you have concerns about how your data is handled, do not hesitate to reach out.