gogoal Platform Privacy Notice
This page describes what we collect when you use gogoal and how we keep that data protected. Your privacy matters to us. We collect only the information necessary to operate our platform, verify your identity, process your payments, and settle your bets fairly. We do not sell your data to advertisers or third parties. We store it securely, encrypt it in transit, and delete it when no longer needed.
When you create a gogoal account, we ask for your email, name, phone number, and password. When you deposit via DANA, e-wallet, mobile banking, or a bank virtual account, payment processors local paymentefly access your transaction details. When you place bets on Liga 1 matches, Piala AFF tournaments, or live-dealer tables, we log your activity. All of this data is held on encrypted servers and accessed only by our staff, legal partners, and fraud-prevention systems. This notice explains what we do with each category of data and your rights regarding it.
What we collect on gogoal
We collect data in three categories: account information, transaction information, and activity logs. Account information includes your email, real name, phone number, password (hashed), and any optional profile data you add. We collect this when you create your gogoal account and update it if you change your contact details or security settings.
Transaction information includes deposits, withdrawals, and bet records. When you deposit our welcome offer via QRIS or e-wallet virtual account, our payment processor logs the amount, method, date, and time. We retain this for accounting and fraud prevention. When you withdraw to mobile banking or local payment, we confirm your identity and log the transaction. We keep withdrawal records for regulatory compliance and to help you dispute chargebacks if they occur.
Activity logs record your bets, game plays, and login history. If you place a bet on a Champions League match or spin a slot game, we log the time, amount, game ID, and result. We use activity logs to detect fraud, settle disputes, and calculate your account balance. We retain activity logs for 7 years to comply with financial regulations, then delete them.
KYC documents and identity verification on gogoal
Before you withdraw above certain thresholds, we request Know Your Customer (KYC) documents: a photo ID, proof of address, and sometimes a selfie. We collect these to verify you are who you claim and to comply with anti-money-laundering laws. We store these documents encrypted and separately from your account, accessible only to our compliance team and legal authorities when required. We do not share them with payment processors or third parties unless compelled by law.
If your ID expires or your address changes, we may ask you to re-verify. You can delete your account and request that we destroy all KYC documents, though we may retain encrypted backups for 7 years for legal and regulatory purposes.
- Account Data
- Email, name, phone, password hash, profile settings. Retained as long as account is open; deleted 30 days after closure.
- Transaction Data
- Deposits, withdrawals, payment method details. Retained for 7 years for regulatory compliance.
- Activity Logs
- Bets, game plays, login history. Retained for 7 years; older logs are deleted automatically.
- KYC Documents
- Photo ID, proof of address, selfie. Retained 7 years after collection; encrypted and access-restricted.
How we use your data on gogoal
We use account information to authenticate you, send you account notifications, and help you recover a lost password. We use transaction data to process payments, detect fraud, and handle chargebacks. We use activity logs to calculate your balance, settle bets, and investigate disputes. We use KYC documents to verify your identity and comply with financial regulations.
We also use anonymized, aggregated data to understand how our platform is used. For example, we may analyse which payment methods are most popular in Jakarta, Surabaya, Bandung, and Medan, or which slot games generate the highest engagement. This aggregated analysis does not identify you personally and helps us improve our service.
We do not use your data to target you with unsolicited marketing. If you opt in to promotional emails, we send you updates about new games, Liga 1 betting markets, Piala AFF tournaments, or seasonal promotions. You can opt out of these emails at any time from your account settings.
Cookies and tracking on gogoal
We use cookies to remember your login session, remember your preferred language and settings, and detect fraud. Essential cookies are required for the platform to function. Preference cookies remember your language choice and any accessibility settings. Analytics cookies track page views and button clicks so we can understand which features are used most. You can disable non-essential cookies in your browser settings without losing core functionality.
We do not use cookies to track you across other websites. Our cookies are set by gogoal only and expire after a set period (typically 30–90 days). We do not use third-party tracking pixels or beacons.
Third parties and data sharing on gogoal
We share data with the following third parties only as necessary to operate the platform:
- Payment processors: online payment, e-wallet, mobile banking, local payment, online payment, e-wallet, mobile banking, local payment, online payment, e-wallet receive transaction details to process deposits and withdrawals. They are contractually bound to use your data only for payment settlement.
- Fraud detection services: We use third-party systems to detect suspicious activity and prevent money laundering. These services receive transaction data and login patterns but not your KYC documents.
- Customer support tools: Our support platform may store chat history and support tickets. Staff access this data only to help resolve your issues.
- Legal authorities: If required by law, court order, or regulatory authority, we may disclose your data. We notify you of such disclosures unless legally prohibited from doing so.
We do not sell, rent, or lease your personal data to advertisers, data brokers, or marketing companies. Our revenue comes from gaming activity, not from data sales.
Your data rights on gogoal
- You can request a copy of all data we hold about you
- You can request correction of inaccurate data (e.g., wrong phone number)
- You can request deletion of your account and associated data, subject to retention requirements
- You can opt out of promotional emails at any time
- You can disable non-essential cookies in your browser
Data location and security on gogoal
Our servers may sit outside your jurisdiction. Data is encrypted in transit (via HTTPS) and at rest (on our servers). We use industry-standard encryption (256-bit AES for stored data, TLS 1.3 for transmissions). We perform regular security audits and penetration testing. We train our staff on data handling and enforce strict access controls—only employees with a business need can access your data.
If a data breach occurs, we will notify affected users within 72 hours and take immediate remedial steps. We do not store full payment card details on our servers; payment processors handle that. Your password is hashed with a salted algorithm, so even our staff cannot see it.
Data retention and deletion on gogoal
We retain account data as long as your account is active. When you close your account, we delete or anonymise most data within 30 days, except where retention is required by law. Transaction and activity data are retained for 7 years (minimum) to comply with financial regulations. KYC documents are retained for 7 years after collection, then securely destroyed. If you dispute a bet or a payment, we may retain relevant data longer to resolve the dispute.
You can request deletion of your account and data at any time by contacting our support team. We will process your request within 30 days, subject to legal retention requirements.
What we protect
- Encrypted storage of all personal data
- Secure password hashing; staff cannot see passwords
- Limited access to KYC documents; compliance team only
- Regular security audits and breach notifications
What we do not do
- We do not sell data to advertisers or brokers
- We do not use third-party tracking pixels
- We do not share full payment card details externally
Contact and policy updates on gogoal
If you have questions about our privacy practices, want to exercise a data right (access, correction, deletion), or need to report a privacy concern, contact our support team. You can reach us via email, in-app chat, or phone during business hours. We respond in English and Indonesian. For formal data requests, send a written request with your full name, account email, and details of what you're requesting. We will verify your identity and respond within 30 days.
We may update this privacy notice from time to time to reflect changes in our practices, technology, or law. When we make material changes, we will notify all active users via email. Your continued use of gogoal after a change constitutes acceptance. If you do not accept a change, you can close your account and request a data deletion.
Our services are available only where local law permits. Some jurisdictions have specific data-protection regulations (e.g., rights to access, correction, deletion). We comply with applicable laws in all jurisdictions where we operate. If you believe we have violated your privacy rights, you may file a complaint with your local data-protection authority or contact our support team to attempt resolution first.
This privacy notice reflects our current data practices and commitments. For data requests, regulatory inquiries, or privacy concerns, contact [email protected] or use the support form. We aim to respond to all requests within 30 days.