raftPrivacy Policy

This page describes what we collect when you use raft and how we keep that data protected. We take your privacy seriously and handle your personal information according to data protection standards applicable in your jurisdiction. When you register on raft, deposit via DANA or a Virtual Account, or play games on our platform, we collect specific information to verify your identity, process payments, and provide support.

We do not sell your data to third parties for marketing purposes. We share information only with payment processors, compliance partners, and regulators where required by law. Our privacy practices are designed to keep your account secure while meeting legal obligations in the jurisdictions where we operate.

This policy explains what data we collect, how we use it, your rights regarding that data, and how to contact us if you have questions.

What We Collect and How We Use It

When you create a raft account, we collect your email address, phone number, full legal name, date of birth, and residential address. We use this information to verify your identity through KYC (Know Your Customer) documentation, process your deposits and withdrawals, and provide account support. We do not use your email for marketing unless you explicitly opt in to promotional communications.

Account and payment data on raft

When you deposit funds, we collect transaction information: the payment method used (DANA, e-wallet, mobile banking, local payment, online payment, or Virtual Account), the amount, the date and time, and your bank or e-wallet account identifier. We do not store your full banking credentials or card numbers on our servers. Instead, we use tokenisation — we store only a reference ID provided by your bank or payment processor. Your actual banking details remain with your bank or e-wallet provider.

We also collect gameplay data: which games you play, how long you play, your win/loss outcomes, and your final account balance. This data helps us understand game performance, detect fraud, and improve our platform. It does not identify you personally — it is linked to your account ID, not your name.

Data we collect on raft

  • Account details: email, phone, name, date of birth, residential address
  • Payment information: transaction history, payment method type, transfer amounts
  • Gameplay data: games played, session duration, win/loss outcomes
  • Device and connection information: device type, operating system, IP address, browser type
  • Support interactions: messages you send to our support team

KYC verification documents

We require a government-issued ID (national ID, passport, or driver's licence) and a recent utility bill (electricity, water, or internet) to verify your identity. We store these documents in encrypted form within secure data facilities. We retain them only as long as required by law — typically three to seven years depending on jurisdiction. We do not share KYC documents with third parties without your explicit consent, except where required by financial regulators or law enforcement.

Device and technical data

We collect information about your device when you use raft: your device type (Android or iOS), operating system version, IP address, browser type, and connection type (WiFi or mobile data). We use this data to detect fraud, optimise our platform for different devices, and diagnose technical problems. We do not sell this data to third parties.

Data Protection, Third Parties, and Your Rights

How we protect your data

We encrypt all raft connections using SSL/TLS protocols. Your password is stored using one-way hashing, a cryptographic method that prevents anyone — including our staff — from viewing your original password. We maintain automated backups and disaster recovery systems. Our data centres employ 24/7 physical security, redundant power supplies, and environmental controls. Access to your data is restricted to authorised staff who need it for account management, fraud detection, or legal compliance.

  1. Encryption in transit

    We use SSL/TLS to encrypt data between your device and our servers.

  2. Encryption at rest

    Your stored data — account details, transaction history, documents — is encrypted in our databases.

  3. Access controls

    Only authorised staff can access your data, and all access is logged and audited.

  4. Regular security audits

    We undergo quarterly security testing by independent third-party firms.

Third-party processors and international transfers

We use third-party payment processors to handle deposits and withdrawals. These processors have their own privacy policies and security standards. We require them to comply with data protection regulations. Our servers may sit outside your jurisdiction — for example, in data centres in other countries. By using raft, you consent to your data being transferred to and stored in these locations. We undertake to ensure the same level of protection as if your data remained in your home country.

We share your data with regulators and financial authorities where required by law. During holidays like Idul Fitri, Idul Adha, or Imlek, or during fraud investigations, our response times may be longer, but we maintain the same privacy standards.

Data location: Our servers may be located outside your jurisdiction. We maintain encryption and access controls regardless of physical location. Your data is subject to both our privacy policy and the laws of your jurisdiction as well as those where our servers are hosted.

Your privacy rights on raft

We recognise your right to access, correct, or delete your personal data. You can request a copy of your data by contacting our support team. You can update your account details (email, phone, address) directly through your raft settings. If you wish to delete your account, you can do so through your settings; we will anonymise your data after a retention period required by financial regulations.

You have the right to opt out of promotional emails at any time. You can also request that we restrict how we use your data for purposes other than account management and legal compliance. To exercise these rights, contact our support team via in-app chat or email.

Cookies and tracking

We use cookies on our website and in-app features to remember your login status, language preference, and settings. These are functional cookies — they help raft work better for you. We do not use tracking cookies for third-party advertising. You can disable cookies in your browser settings, though some features of raft may not work properly without them.

Contact and data requests

If you have questions about our privacy practices, want to request a copy of your data, or wish to exercise your privacy rights, contact our support team. Use the in-app chat, email our support address, or visit our FAQ page. We respond to data requests within 30 days. For players in Jakarta, Surabaya, Bandung, and Medan, we offer regional support during standard business hours. During peak periods or holidays, response times may extend to 48 hours.

We update this privacy policy periodically to reflect changes in our practices or legal requirements. Changes take effect when posted. Your continued use of raft constitutes acceptance of the updated policy. If you have concerns about our privacy practices or believe we have mishandled your data, contact our compliance team immediately.

Platform security layers

We at raft implement comprehensive security measures to protect your account and personal information throughout every workflow — registration, deposit, gameplay, and withdrawal. Every connection between your mobile device or desktop and our servers is encrypted using SSL/TLS protocols, the same encryption standard employed by banks for online transactions. This encryption is automatic and transparent; you do not need to enable any settings. Your account password is stored using one-way cryptographic hashing, ensuring that even our internal staff cannot view or reverse-engineer your original password. If you forget your password, we initiate a secure reset workflow: we send a verification link to your registered email or phone number, and you create a new password through that secure link. We never transmit passwords via email or in plaintext communications. Two-factor authentication (2FA) adds an additional security layer: once enabled, logging into raft from a new device or after logout requires a one-time verification code sent to your email or SMS. This prevents unauthorised access even if someone obtains your password through phishing, social engineering, or data breach elsewhere. Our account security workflow includes automatic session timeouts — after subject to verification of inactivity, you are logged out, protecting your account if you leave your phone unattended. We monitor all account activity in real time, flagging suspicious patterns such as multiple failed login attempts, unusually large withdrawals, logins from unexpected geographic locations, or rapid account changes. When we detect anomalies, we contact you immediately to verify the activity or temporarily lock your account for protection. Your payment data — e-wallet account numbers, bank account details — is never stored in plaintext on our servers. We use tokenisation, storing only a reference ID provided by payment processors. Our data centres maintain 24/7 physical security, redundant power supplies, automated backups, and disaster recovery protocols. Access to your data is restricted to authorised staff and logged comprehensively. We undergo quarterly security audits by independent third-party firms; audit reports and compliance certificates are available upon request.

Game fairness and RTP

Games on raft fall into two distinct categories: RNG-driven games and live-dealer games. RNG-driven games — slots like Aviator, Sweet Bonanza, Gates of Olympus, Fortune Tiger, and Mahjong Ways — use certified Random Number Generators audited monthly by independent testing laboratories. These audits confirm that our RNG produces statistically random outcomes and that no bias, manipulation, or pattern exists. RNG fairness means each spin outcome is independent; results from previous spins have zero influence on future spins, and we cannot predict or control outcomes. We publish the Return to Player (RTP) percentage for each RNG game, representing the theoretical long-term payout rate calculated across millions of spins across all players globally. RTP is a statistical measure of the entire player base over time, not individual sessions or players. In the short term, players experience variance — streaks of losses or wins that deviate significantly from published RTP — which is statistically normal and expected in games of chance. We do not adjust or manipulate individual spins to meet daily quotas, punish frequent winners, favour new players, or adjust outcomes based on deposit method. Each spin outcome is determined by our RNG algorithm without human intervention or bias. Live-dealer games — blackjack, roulette, baccarat, Dragon Tiger — operate fundamentally differently: outcomes depend on physical card dealing or ball physics, not software algorithms. However, fairness is ensured through live-streamed video, allowing you to observe the entire dealing process in real time. Our dealers work in compliance with gaming regulations and undergo regular training and background checks. Game rules are published and audited for compliance; blackjack payouts follow standard casino rules (21 pays 1.5:1, regular wins pay 1:1), roulette odds are fixed by wheel physics, and baccarat outcomes depend on card dealing sequences. All games undergo monthly audits for compliance with published rules and payout structures.

KYC verification process

Know Your Customer (KYC) verification is a legal requirement in all jurisdictions where we at raft operate. When you register on raft, we collect your full legal name, date of birth, and residential address. Before you can deposit funds or withdraw winnings, you must submit government-issued identity documentation — a national ID card, passport, or driver's licence — and a recent utility bill (electricity, water, or internet bill dated within the last three months) to verify your residential address. Our compliance team reviews these documents manually; typical review time is one business day, though peak periods may extend to two business days. During holidays like Imlek, Idul Fitri, or Idul Adha, review processing may take slightly longer due to reduced staff availability. Documents must be clear, in focus, and display all relevant information: full legal name, date of birth, issue date, expiry date, and issuing authority. We accept digital photographs or scanned PDFs in common formats. Once verified, your account is flagged as "KYC complete," and you can deposit, withdraw, and play without further documentation, unless you request changes to your account details (name, residential address). We store identity documents in encrypted form within secure data facilities and never share them with third parties without your explicit written consent, except where legally required by financial regulators, law enforcement agencies, or tax authorities. If a document is rejected — for example, if it is expired, illegible, or does not match your account information — we notify you immediately with specific feedback and provide an opportunity to resubmit. Some jurisdictions or circumstances may require additional verification for large withdrawal requests, such as video-call verification, proof of source of funds, or tax compliance documentation. If applicable to your account, our support team will guide you through these requirements clearly and completely.

User feedback and review channels

We at raft actively encourage players to share feedback about our platform, games, and services. Reviews can be submitted via your account dashboard after you complete a gaming session; they are moderated to remove spam and abusive content, but genuine feedback — positive or negative — is published and visible to other players considering raft. When reading reviews from other players, consider their experience level and timeframe. A new player unfamiliar with how randomness operates in short-term gaming sessions may rate a slot game lower after experiencing early bad luck; this reflects their personal outcome variance, not the game's fairness or our platform's quality. A long-time player's review, reflecting hundreds or thousands of hands or spins, carries more statistical weight because it approaches the true long-term performance aligned with published RTP and actual game mechanics. We do not fabricate reviews, pay players to post positive comments, or artificially suppress negative feedback. We welcome honest third-party assessment from independent review websites and do not attempt to censor or influence critical reviews. If you experience a technical problem — such as a connection drop mid-game, a missing balance update, or a disputed transaction outcome — report it to our support team immediately with as much detail as possible: your account ID, the specific game or transaction ID, the precise time of the issue, your device type, and your connection type. Our team investigates every complaint and provides a detailed resolution or explanation within 48 hours. Our complaint resolution rate exceeds non-specific info, meaning most issues are resolved to the player's satisfaction or through appropriate remediation if a system error is confirmed. You can contact support via in-app chat, email, or our FAQ page, which is updated regularly with common questions and answers from players in supported jurisdictions.