Privacy Policy – How a9login Collects, Uses and Protects Your Data

1. Definitions

In this Privacy Policy, the following terms shall have the meanings set out below:

• "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to name, identification number, contact details, financial data, and online identifiers.
• "Processing" means any operation performed on Personal Data, including collection, recording, storage, use, disclosure, transfer, or deletion.
• "Platform" means the a9login website accessible at a9login.club and all associated services, game products, payment systems, and support channels.
• "Member" means any registered user of the a9login Platform.
• "Data Controller" means the entity that determines the purposes and means of processing Personal Data — in this context, a9login.
• "Third-Party Service Provider" means an external entity engaged by a9login to provide specific services in connection with Platform operations, such as payment processing, identity verification, or cloud infrastructure.

2. Data Controller Information

a9login acts as the Data Controller for all Personal Data collected through the Platform. a9login is licensed and operated in accordance with internationally recognised gaming authority standards. For all data protection queries, Members may contact a9login via the support channels listed in Section 15 of this Policy.

3. Personal Data We Collect

a9login collects the following categories of Personal Data from Members and prospective Members:

• Identity Data: Full legal name, date of birth, nationality, and government-issued identity document details (e.g., MyKad, passport) collected for KYC compliance purposes.
• Contact Data: Email address, mobile phone number, and residential address submitted at registration or updated subsequently.
• Financial Data: Payment method details (e.g., Touch n Go eWallet account identifier, Boost account identifier, Maybank, CIMB, or Public Bank account reference), transaction history, deposit amounts, and withdrawal records. Full payment credentials (e.g., card numbers) are handled exclusively by our third-party payment processors and are not stored on a9login servers.
• Account Data: Username, encrypted password, account preferences, bonus and promotional history, and session records.
• Gaming Data: Bet history, game session durations, wagering patterns, and gaming product preferences.
• Technical Data: IP address, device type, browser type and version, operating system, screen resolution, and time zone settings collected automatically during Platform use.
• Communication Data: Records of correspondence between the Member and a9login support, including live chat transcripts and email exchanges.
• Usage Data: Information about how Members navigate the Platform, including pages visited, features accessed, and time spent in specific sections.

4. How We Collect Personal Data

a9login collects Personal Data through the following channels:

• Direct submission: When a Member completes the registration form, submits KYC documentation, contacts support, or participates in a promotion.
• Automated collection: Through cookies, web beacons, server logs, and similar technologies that operate automatically when a Member accesses the Platform. See Section 8 for details on cookies.
• Third-party sources: From identity verification providers and fraud detection services engaged by a9login to validate the accuracy of Member-submitted data.
• Payment processors: Transaction confirmation data and payment status updates received from authorised payment service providers following deposit and withdrawal processing.

5. Legal Basis for Processing

a9login processes Member Personal Data on the following legal bases:

• Contractual necessity: Processing required to fulfil the Member Agreement, including account creation, game provision, payment processing, and withdrawal settlement.
• Legal obligation: Processing required to comply with applicable anti-money laundering (AML) legislation, know-your-customer (KYC) requirements, responsible gaming regulations, and gaming authority licence conditions.
• Legitimate interests: Processing conducted for the purposes of fraud prevention, Platform security, technical improvement, and customer service quality assurance, where such interests are not overridden by the Member's privacy rights.
• Consent: Processing for marketing and promotional communications, where Members have explicitly opted in to receive such communications.

6. How We Use Your Personal Data

a9login uses collected Personal Data for the following purposes:

• To create, verify, and administer Member accounts;
• To process deposits, withdrawals, and bonus credits in MYR;
• To conduct KYC verification and comply with AML and responsible gaming obligations;
• To detect, investigate, and prevent fraudulent activity, collusion, and platform abuse;
• To provide 24/7 customer support and respond to Member queries and complaints;
• To personalise the Member's Platform experience based on gaming preferences and usage patterns;
• To send transactional communications, including account notifications, deposit confirmations, and withdrawal receipts;
• To send marketing communications to Members who have opted in to receive them;
• To monitor and improve Platform performance, security, and user experience;
• To comply with legal obligations and respond to lawful requests from regulatory or law enforcement authorities.

7. Disclosure of Personal Data

7.1 a9login does not sell, rent, or trade Member Personal Data to third parties for their independent commercial use under any circumstances.

7.2 a9login may disclose Personal Data to the following categories of recipients where necessary and proportionate:

• Payment service providers (e.g., operators of Touch n Go eWallet, Boost, and banking partners) for the purpose of processing financial transactions;
• Identity verification and AML compliance providers engaged to fulfil regulatory KYC obligations;
• Cloud infrastructure and technology service providers who host and maintain the Platform under binding data processing agreements;
• Fraud detection and cybersecurity providers engaged to protect the Platform and its Members;
• Regulatory and gaming authorities where disclosure is required under the terms of a9login's operating licence;
• Law enforcement and government agencies where disclosure is required by applicable law, court order, or lawful authority.

7.3 All Third-Party Service Providers engaged by a9login are contractually bound to process Member Personal Data only for the specific, authorised purposes for which they are engaged, and are prohibited from using such data for their own commercial purposes.

8. Cookies and Tracking Technologies

8.1 a9login uses cookies and similar tracking technologies to operate and improve the Platform. Cookies are small text files stored on a Member's device that enable the Platform to recognise returning users, maintain session state, and analyse usage patterns.

8.2 The following categories of cookies are used on the a9login Platform:

• Strictly necessary cookies: Required for the Platform to function correctly, including session authentication and security tokens. These cannot be disabled without impairing Platform functionality.
• Functional cookies: Used to remember Member preferences such as language settings and game lobby layout choices.
• Analytical cookies: Used to collect aggregated, anonymised data about how Members use the Platform, enabling a9login to identify performance issues and improve the user experience.

8.3 Members may manage cookie preferences through their browser settings. Disabling certain categories of cookies may affect Platform functionality. Strictly necessary cookies cannot be disabled through browser settings without preventing access to secure Platform features.

9. Data Security

9.1 a9login implements technical and organisational security measures proportionate to the risk of processing Member Personal Data. These measures include, but are not limited to:

• 256-bit SSL/TLS encryption for all data transmitted between Members and the Platform;
• Encrypted storage of sensitive Personal Data at rest;
• Role-based access controls limiting internal access to Personal Data on a strict need-to-know basis;
• Regular penetration testing and vulnerability assessments of Platform infrastructure;
• Incident response procedures for the detection, containment, and notification of Personal Data breaches.

9.2 In the event of a Personal Data breach that is likely to result in a high risk to Member rights and freedoms, a9login will notify affected Members without undue delay and in accordance with applicable legal requirements.

10. Data Retention

10.1 a9login retains Member Personal Data for as long as is necessary to fulfil the purposes described in this Policy, or as required by law. The following general retention periods apply:

• Account and identity data: Retained for the duration of the Member's active account plus a minimum of five (5) years following account closure, in accordance with AML regulatory requirements.
• Financial and transaction data: Retained for a minimum of seven (7) years following each transaction, as required under applicable financial record-keeping obligations.
• Support communication records: Retained for a period of three (3) years following the resolution of the relevant enquiry or complaint.
• Marketing preferences and opt-in records: Retained for the duration of active consent, plus a reasonable period thereafter to demonstrate compliance with consent requirements.

10.2 Upon the expiry of applicable retention periods, Personal Data will be securely deleted or anonymised such that it can no longer be associated with any identifiable individual.

11. Your Rights

Subject to applicable law, Members have the following rights in respect of their Personal Data held by a9login:

• Right of access: The right to request a copy of the Personal Data a9login holds about you.
• Right to rectification: The right to request correction of inaccurate or incomplete Personal Data.
• Right to erasure: The right to request deletion of your Personal Data, subject to a9login's legal retention obligations.
• Right to restrict processing: The right to request that a9login limits the processing of your Personal Data in certain circumstances.
• Right to data portability: The right to receive your Personal Data in a structured, machine-readable format where technically feasible.
• Right to object: The right to object to processing based on legitimate interests, including direct marketing communications.
• Right to withdraw consent: Where processing is based on consent, the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of the above rights, Members should contact a9login via the support channels listed in Section 15. Requests will be processed within thirty (30) calendar days of receipt, subject to identity verification.

12. Children and Minors

12.1 The a9login Platform is strictly intended for use by individuals aged 21 and above. a9login does not knowingly collect or process Personal Data from individuals under the age of 21.

12.2 If a9login becomes aware that Personal Data has been collected from a person under the age of 21, the relevant Account will be immediately suspended and all associated Personal Data will be deleted without retention, except where legal obligations require otherwise.

12.3 If you believe that a person under the age of 21 has registered an Account on the a9login Platform, please contact the support team immediately at the contact details provided in Section 15.

13. International Data Transfers

13.1 In the course of providing its services, a9login may transfer Member Personal Data to Third-Party Service Providers operating in jurisdictions outside Malaysia. Where such transfers occur, a9login ensures that appropriate safeguards are in place to protect Personal Data to a standard equivalent to that applied within Malaysia, including through the use of contractual data protection clauses.

13.2 Members may request details of the safeguards applicable to specific international data transfers by contacting a9login via the support channels listed in Section 15.

14. Amendments to This Policy

14.1 a9login reserves the right to amend this Privacy Policy at any time. Material changes will be notified to Members via the email address registered to their Account at least seven (7) days prior to the amended Policy taking effect.

14.2 The current version of this Privacy Policy is always accessible on the a9login Platform at a9login.club/privacy-policy. The "Last updated" date at the top of this Policy indicates when it was most recently revised. Continued use of the Platform after the effective date of any amendment constitutes acceptance of the updated Policy.

15. Contact and Complaints

For any queries, requests, or complaints relating to this Privacy Policy or a9login's processing of your Personal Data, please contact the support team via:

• Live Chat: Available 24 hours a day, 7 days a week, from any page on the a9login Platform. Average response time under 2 minutes.
• Email: support@a9login.club (plain text — not a clickable link)

a9login is committed to resolving data protection concerns promptly and transparently. If you are not satisfied with the outcome of an internal complaint, you may refer the matter to the relevant data protection authority in your jurisdiction.