SPIN99 Privacy Policy — Data Protection for Malaysian Players

Q: Can I request my data from SPIN99?

Yes — email support@spin99-malaysia.com with subject "Data Rights Request" for full data export or deletion. Processed within 30 days per Malaysia PDPA 2010.

SPIN99 respects your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we store and protect it, and what rights you have under Malaysia’s Personal Data Protection Act 2010 (PDPA) and Gaming Curacao Tier-1 player-protection regulations. Last updated: 1 January 2026.

1. Data We Collect

1.1 Account Registration Data

Full legal name (as it appears on your IC or passport)
Date of birth (to verify minimum age 18)
National IC number or passport number (for KYC)
Residential address (state and postcode minimum)
Malaysian mobile phone number
Email address
Chosen account password (hashed with bcrypt — we never store plaintext)

1.2 Banking Data

Bank account number
Name of bank
Account holder name (must match registered name)
eWallet IDs (Touch ’n Go, DuitNow, Boost, GrabPay)
Cryptocurrency wallet addresses (for crypto deposits/withdrawals)
Transaction history (deposits, withdrawals, transfers between game wallets)

1.3 Gameplay Data

Every bet placed (amount, game, time, outcome)
Win/loss balance per session
Bonus claim and rollover progress
Live casino video session metadata

1.4 Technical Data

Device fingerprint (browser, OS, screen resolution)
IP address (anonymized to /24 subnet for analytics, full IP retained for fraud prevention)
Login timestamps and locations
Session cookies (essential) and analytics cookies (optional, opt-out available)

1.5 KYC Documents

For verifications above RM5,000 withdrawal or random spot-checks, we collect:

Photo of front of IC or passport
Photo of back of IC (if applicable)
Selfie holding IC for liveness verification
Recent utility bill or bank statement (proof of address)

2. Why We Collect Your Data

Account verification & anti-money-laundering — KYC is a Gaming Curacao Tier-1 regulatory requirement
Processing deposits and withdrawals — bank routing data needed for payment
Customer support — resolving your tickets without re-verification each time
Responsible gaming detection — identifying problem-gambling behavior patterns
Fraud prevention — multi-accounting detection, bonus-abuse detection, collusion detection at live tables
Tax and regulatory reporting — only when legally compelled by Malaysian authorities or Gaming Curacao
Marketing (with your consent) — sending promotion alerts via WhatsApp, Telegram, email or SMS

3. How We Store & Protect Your Data

All data encrypted at rest using AES-256
All data in transit encrypted via TLS 1.3 (256-bit)
Passwords hashed with bcrypt + per-record salt — we cannot read your password
Database servers located in Tier-3 data centres in Singapore and Frankfurt
Daily encrypted backups to two geographically separated data centres
Access restricted to authorized staff under role-based permissions
Annual third-party penetration testing
SOC 2 Type II audited infrastructure

4. Who We Share Data With

SPIN99 does not sell your data to advertisers. We share data only in these specific circumstances:

Payment processors — to complete deposits and withdrawals (PCI-DSS Level 1 certified partners)
Game providers — only player ID and bet metadata, never your real name or banking
KYC verification partners — document verification specialists under NDA
Gaming Curacao regulator — on lawful written request, scoped to specific investigation
Malaysian authorities — only when legally compelled via court order or PDPA-compliant request
Fraud-prevention networks — anonymized device fingerprints shared with industry consortium

5. Your Rights Under Malaysia PDPA 2010

As a Malaysian resident, you have the following rights:

Right to access — request a copy of all personal data we hold about you
Right to correction — request correction of inaccurate or outdated information
Right to withdraw consent — opt out of marketing communications at any time
Right to lodge complaint — to the Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi)
Right to data portability — request CSV export of your account history

To exercise any of these rights, email [email protected] with the subject "Data Rights Request". We respond within 30 days.

6. Data Retention Period

Gameplay logs & transaction records — 7 years (Gaming Curacao regulatory requirement)
KYC documents — 7 years from last account activity
Marketing preferences — retained until you opt out, then deleted within 30 days
Live chat transcripts — 2 years
Closed accounts — account record retained 7 years, gameplay data anonymized after 2 years

7. Cookies

Essential Cookies

Required for SPIN99 to function. Stores your login session, language preference (EN/BM), and security tokens. Cannot be disabled without breaking the site.

Analytics Cookies

Optional. Anonymized usage data (pages visited, time on page, click paths). Disable in your browser settings or via the cookie banner.

Marketing Cookies

Optional. Used for retargeting ads on Facebook, Google and similar networks. Disable via cookie banner or browser settings.

8. Marketing Communications

By registering, you consent to receive transactional emails (deposit confirmations, withdrawal status, security alerts) which are essential and cannot be opted out of.

Promotional communications (WhatsApp/SMS/email/Telegram about bonuses, tournaments) require opt-in consent at registration. You can opt out at any time:

Email opt-out: click "unsubscribe" at the bottom of any marketing email
SMS opt-out: reply STOP to any marketing SMS
WhatsApp opt-out: send "STOP" to our WhatsApp number
In-app: Account Settings → Notification Preferences

9. Children’s Privacy

SPIN99 services are not intended for persons under 18. We do not knowingly collect data from minors. If we discover an account belongs to someone under 18, we terminate the account immediately and refund deposits (winnings forfeited per Gaming Curacao rules).

10. Changes to This Policy

SPIN99 may update this Privacy Policy from time to time. Material changes will be notified 30 days in advance via email and in-app notice. The "Last updated" date at the top reflects the most recent version.

11. Contact Us

For privacy questions, data rights requests, or PDPA-related concerns:

Email: [email protected]
Subject line: "Data Rights Request"
Response time: within 30 days

SPIN99 — Frequently Asked Questions

Does SPIN99 sell my data?

No. SPIN99 does not sell member data to advertisers or third parties. Data is shared only with payment processors, regulators, and fraud-prevention partners under strict NDAs.

Can I request my data from SPIN99?

Yes — email [email protected] with subject "Data Rights Request" for full data export or deletion. Processed within 30 days per Malaysia PDPA 2010.

How long does SPIN99 store my data?

Gameplay and KYC records: 7 years per Gaming Curacao regulator rules. Live chat transcripts: 2 years. Marketing preferences: until you opt out.

Is my password stored in plain text?

No. Passwords are hashed with bcrypt and a per-record salt. SPIN99 cannot read your password — even our own database administrators cannot decrypt it.

How do I opt out of marketing?

Email: click unsubscribe at the bottom. SMS: reply STOP. WhatsApp: send STOP. In-app: Account Settings → Notification Preferences. Honoured immediately.

Join SPIN99 — Claim Your 199% Welcome Bonus

Minimum deposit RM30. 199% match up to RM1,999 + 199 free spins. 10× rollover, slot & fishing eligible.