Your Data Is Yours. We Mean That.
You shouldn't have to trust a random platform with your Gamer ID. Here's exactly what we collect, how we protect it, and why we built it this way.
Let's be real - nobody enjoys typing their Gamer ID into a website they've never heard of. There's always that little voice: "Is this legit? Where does this data go? Am I about to get spam for the rest of my life?"
Totally fair. We'd have the same questions.
The thing is, a lot of you reading this probably check the network tab before hitting submit. You read changelogs for fun. You know what CORS is and have opinions about it. You've probably reverse-engineered a game client at least once just to see how it worked.
You don't hand out trust easily - and honestly, you shouldn't. So instead of asking for it, here's what we actually do.
What We Collect (The Full List)
When you redeem an Octopus Card, we ask for three things:
- Your card code and PIN. Verifies the card and triggers the transaction.
- Your account identifier. A Gamer ID, phone number, or platform username - whatever the product needs to deliver to the right account.
- Your email (optional). Only used to send a confirmation if the redemption takes longer than expected. You can skip this entirely.
That's it. No name. No address. No payment details - those live with the marketplace you bought from, not with us. No account creation. No cookies tracking you across the web.
Let's Talk About What You're Handing Over
Think about what flows through a platform like ours. Gamer IDs for Free Fire, PUBG, Valorant, Roblox. Mobile phone numbers for top-ups across 100+ countries. Optional email addresses. Across all our transactions, that's a genuinely valuable dataset - the kind of thing that would make an ad-tech company drool.
And that's exactly why our business model matters here.
We make money from a small margin on each card sale. That's it. We're not an ad platform. We're not a data company. We don't have investors breathing down our necks asking how we plan to "monetise the user base." There is no second revenue stream hiding behind a privacy policy. We sell gift cards and mobile top-ups. The margin on those sales is how we keep the lights on.
Which means all that data - your Gamer ID, your phone number, your email if you shared it - is genuinely useless to us beyond completing your transaction. We have no incentive to keep it, no reason to mine it, and no business model that benefits from selling it. It's not that we've nobly chosen to resist temptation. The temptation doesn't exist.
We Love Encryption and We Hate Ads
We'll just say it plainly: we're the kind of people who encrypt everything and block ads on our own browsers. That shapes how we build.
Everything is encrypted. Every request between your browser and our servers runs over TLS. Data at rest is encrypted on the database layer. Your card PIN is never stored in plaintext after redemption - it's consumed and gone. We don't do encryption because a compliance checklist told us to. We do it because the alternative makes us uncomfortable.
Zero tracking. Zero ads. Zero third-party scripts. We don't run Google Analytics. We don't embed Facebook pixels. We don't load scripts that phone home to ad networks while you're trying to redeem a card. If you open DevTools on our claim page, you'll see requests going to our servers and nowhere else. No surprises in the network tab. No third-party domains you didn't ask for.
Single-use, closed-loop cards. Each Octopus Card works exactly once for exactly one product. There's no stored balance to steal, no reusable token to intercept, no account to break into. Once a card is redeemed, the code and PIN are permanently consumed. Even if someone got hold of them after the fact, they're worthless.
No account, no attack surface. We don't make you create an account to redeem a card. No passwords to leak. No sessions to hijack. No "forgot password" flow that can be socially engineered. The less we store about you, the less there is to compromise.
Open-loop cards (like Visa gift cards) work anywhere - which means a stolen card number can be used anywhere too. Closed-loop cards are tied to a single product and a single redemption. The attack surface is fundamentally smaller. Read more about why we chose this model.
Why We Built It This Way
We understand who uses this platform. Gamers who check URLs before entering their PUBG ID. People sending top-ups home who want to know their mother's phone number isn't ending up in a database somewhere. Technical users who open the network tab first and ask questions later.
That scepticism is healthy. We'd rather earn trust through how the system actually works than ask you to take our word for it.
The architecture reflects that. Single-use cards mean no stored value to steal. No accounts mean no credentials to leak. No ad business means no reason to hoard your data. And a margin-based business model means the only thing we care about is whether your card was delivered correctly - not what else we can squeeze out of knowing who you are.
Your Gamer ID is yours. Your phone number is yours. Your email, if you choose to share it, is used once and forgotten. That's not a privacy policy - that's how the system is designed to work.
Curious about the technical stack behind all of this? Read Around the World in 80 Days - our deep dive into the engineering. Or see how the redemption flow works step by step.
License
This article is licensed under CC BY-NC-SA 4.0. You are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material
Under the following terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- NonCommercial — You may not use the material for commercial purposes.
- ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
Buy what this post is about
Ready to get a card?
Browse Octopus Cards on Driffle — gaming top-ups, mobile recharges, and travel eSIMs at a discount, delivered instantly.
Related posts
Breaking Our Own System on Purpose: Mocks, Chaos, and Fuzz
We integrate with dozens of external vendors. Any one of them can have a bad day. Here's how we make sure their bad day never becomes ours.
Are Online Gift Cards Safe? A Buyer's Guide to Avoiding Scams
A practical guide to telling legitimate online gift cards from scams — what to check, what to never do, and how the platforms that get it right (Octopus Cards included) actually work.
The Wallet That Couldn't Count: Scaling Transactions the Hard Way
How we went from race conditions to sub-millisecond wallet updates - a journey through mistakes, over-engineering, and finally letting the database do its job.