Privacy Policy —
How a9a999 Protects Your Data
At a9a999, protecting the personal information of every player in Bangladesh is a fundamental responsibility — not an afterthought. This Privacy Policy explains in plain, formal English exactly what data we collect, why we collect it, how it is stored and processed, who it may be shared with, and what rights you hold as a data subject. We encourage every player to read this document carefully.
Six Privacy Principles We Live By
Before diving into the full legal text, the following six principles summarise how a9a999 approaches data privacy for every player across Bangladesh. These are not aspirational statements — they are enforced practices embedded in our platform architecture and operational procedures.
All data transmitted between your device and the a9a999 platform — including login credentials, payment details, and personal information — is protected by industry-standard TLS/SSL encryption. Your connection to a9a999.vip is always secure.
a9a999 does not sell, rent, or trade your personal information to third-party advertisers, data brokers, or marketing aggregators under any circumstances. Your data is used solely to operate and improve the a9a999 platform and to fulfil our legal obligations.
We collect only the information that is genuinely necessary to provide you with a safe and functional gambling experience. We do not collect data speculatively or in excess of what is required for account management, payment processing, and regulatory compliance.
Access to player personal data within a9a999 is restricted on a strict need-to-know basis. Only authorised personnel whose roles require access to specific categories of data — such as the KYC verification team or the payments team — are permitted to view it.
You retain the right to access, correct, update, or request deletion of the personal information we hold about you at any time, subject to our data retention obligations under applicable law. Contact [email protected] to exercise these rights.
Whenever this Privacy Policy is materially updated, a9a999 will notify registered players by email before the changes take effect. The version number and effective date at the top of this document are always updated to reflect the current version in force.
Complete Privacy Policy
1. Information We Collect
a9a999 collects personal data through several channels: directly from you when you register an account or contact support; automatically when you interact with the platform; and from third-party verification and payment providers in the course of processing your transactions. The categories of personal data we collect are set out below.
1.1 Account Registration Data
When you create an a9a999 account, we collect the following information which you provide directly:
- Identity data: Full legal name, date of birth, gender (optional).
- Contact data: Email address, mobile phone number (a Bangladeshi number is required for bKash/Nagad payment integration).
- Address data: Residential address in Bangladesh, including district, city or upazila, and postcode where applicable.
- Account credentials: Username and hashed password (passwords are never stored in plain text).
1.2 Identity Verification (KYC) Data
Before processing your first withdrawal, a9a999 is required to verify your identity. During the KYC process, we may collect:
- A copy of your National Identity Card (NID), valid passport, or driving licence.
- A recent utility bill, bank statement, or other proof of address document.
- A selfie photograph (for liveness checks) taken at the time of verification submission.
- The NID number or passport number printed on your submitted documents.
KYC documents are stored securely and are used exclusively for the purpose of identity verification and anti-money laundering compliance. They are not used for any other purpose, and they are not shared with third parties except as described in Section 4 of this Policy.
1.3 Financial Transaction Data
When you make a deposit or request a withdrawal, we collect and retain records of:
- Transaction amounts in BDT (Bangladeshi Taka).
- Transaction reference numbers generated by bKash, Nagad, Rocket, Upay, or your bank.
- The payment method used (e.g., bKash mobile wallet, Nagad, Dutch-Bangla Rocket, Upay, bank transfer).
- The date, time (Bangladesh Standard Time, UTC+6), and status of each transaction.
- Partial account identifiers associated with your payment method (e.g., the last four digits of the mobile number linked to your bKash account) — we do not store your full mobile banking PIN or full bank account credentials.
1.4 Technical and Usage Data
When you access the a9a999 platform, our servers and analytics systems automatically collect certain technical data, including:
- IP address and approximate geographic location derived from it (district or city level — not precise GPS location).
- Browser type, version, and language settings.
- Operating system and device type (mobile, tablet, desktop).
- Mobile carrier or ISP name (e.g., Grameenphone, Robi, Banglalink, Teletalk).
- Pages visited, time spent on each page, game sessions initiated, and betting history.
- Referring URL (the website or search result that directed you to a9a999.vip).
- Session timestamps and click-path data for fraud detection and platform improvement purposes.
1.5 Communications Data
When you contact a9a999 customer support by email, we retain a record of the correspondence, including the content of your message, your email address, the date and time of the communication, and any resolution actions taken. This data is used to manage your support enquiry, to maintain a record of your account history, and to improve our customer service quality.
2. How We Use Your Data
a9a999 uses the personal data it collects for the following specific and legitimate purposes. We do not use your data in any manner inconsistent with the purposes listed here without first obtaining your explicit consent or as required by law.
| Purpose | Categories of Data Used | Legal Basis |
|---|---|---|
| Account creation and management | Identity, contact, credentials | Contract performance |
| Processing deposits and withdrawals | Financial transaction, identity | Contract performance |
| Identity and age verification (KYC) | KYC documents, NID data | Legal obligation |
| Fraud detection and prevention | Technical, financial, identity | Legitimate interest |
| Anti-money laundering monitoring | Financial transaction, identity | Legal obligation |
| Customer support and dispute resolution | Communications, account data | Contract performance |
| Platform analytics and improvement | Technical, usage data | Legitimate interest |
| Responsible gaming monitoring | Betting history, usage patterns | Legal obligation / legitimate interest |
| Promotional communications (opt-in only) | Contact data, preferences | Consent |
Where you have given consent to receive promotional communications — such as bonus announcements, seasonal offers tied to BPL, Eid, Pohela Boishakh, or ICC tournaments — you may withdraw that consent at any time by contacting [email protected]. Withdrawal of consent for promotional communications will not affect the lawfulness of any processing carried out before your withdrawal.
3. Legal Basis for Processing
a9a999 processes personal data under one or more of the following legal bases, as indicated in the table above:
- Contract performance: Processing is necessary to fulfil the contractual obligations set out in the a9a999 Terms & Conditions — for example, creating your account, processing deposits, and paying out winnings.
- Legal obligation: Processing is required to comply with applicable laws and regulatory requirements — for example, conducting KYC verification, retaining financial transaction records for the legally required period, and cooperating with competent authorities in relation to fraud or money laundering investigations.
- Legitimate interest: Processing is necessary for the purposes of a9a999's legitimate business interests, where those interests are not overridden by your rights and freedoms — for example, detecting and preventing fraud, monitoring platform performance, and improving user experience.
- Consent: Processing is based on your freely given, specific, and informed consent — for example, sending you promotional emails about a9a999 bonuses or new game releases. You may withdraw consent at any time.
4. Data Sharing & Disclosure
a9a999 does not sell your personal data. We may share your data only in the limited circumstances described below, and only to the extent necessary for the stated purpose.
4.1 Payment Processing Partners
To process your deposit and withdrawal transactions, a9a999 shares the minimum necessary financial and identity data with our payment processing partners, which currently include bKash, Nagad, Dutch-Bangla Bank (Rocket), and Upay. These providers receive only the data required to authorise and record your specific transaction. They are contractually prohibited from using this data for any purpose other than transaction processing.
4.2 Game and Technology Providers
The casino games and sports data feeds on the a9a999 platform are supplied by third-party software providers including Pragmatic Play, Evolution Gaming, Microgaming, NetEnt, Spribe, and Ezugi. These providers may receive a pseudonymous player session identifier to facilitate the delivery of game content and to record game outcomes for audit purposes. They do not receive your name, NID number, payment details, or full contact information.
4.3 Identity Verification Services
Where a9a999 uses a third-party KYC verification platform to assist with the authentication of identity documents submitted by players, your KYC documents and associated personal data may be transmitted to that provider over an encrypted connection for the sole purpose of identity verification. Such providers are bound by data processing agreements and are prohibited from retaining or reusing your documents beyond the scope of the verification task.
4.4 Legal and Regulatory Disclosure
a9a999 may disclose personal data to competent authorities, law enforcement agencies, courts, or government bodies when required to do so by applicable law, valid legal process, or a lawful order of a court of competent jurisdiction. In such cases, a9a999 will disclose only the data specifically requested and will, where legally permissible, notify the affected player of the disclosure.
4.5 Business Transfers
In the event that a9a999 undergoes a merger, acquisition, restructuring, or sale of all or part of its business assets, player personal data may be transferred to the acquiring entity as part of that transaction. Players will be notified of any such transfer and of any material changes to data processing practices that may result from it, prior to the transfer taking effect where possible.
5. Cookies & Tracking Technologies
The a9a999 platform uses cookies and similar tracking technologies to deliver a functional, personalised, and secure browsing experience. A cookie is a small text file placed on your device by our web server when you visit a9a999.vip. Cookies are not executable programs and cannot carry viruses or access other files on your device.
5.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Can Be Disabled? |
|---|---|---|---|
| Strictly Necessary | Session management, login state, CSRF security tokens | Session / 24 hours | No — required for site function |
| Functional | Language preference, last-used game lobby, preferred deposit method | 30 days | Yes — affects personalisation |
| Analytics | Page visit counts, session duration, game engagement metrics (pseudonymous) | 12 months | Yes — opt out via support |
| Fraud Prevention | Device fingerprinting for multi-account and bot detection | 90 days | No — required for security |
Most modern browsers allow you to control cookie settings through the browser's preferences menu. Disabling strictly necessary or fraud prevention cookies may impair the functionality of the a9a999 platform or prevent you from logging in. If you are accessing a9a999 on a mobile device in Bangladesh using Chrome for Android, Firefox, or Samsung Internet, your browser's privacy settings will control cookie behaviour in the same way as on a desktop browser.
6. Data Retention
a9a999 retains personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. The following retention periods apply to the main categories of data we hold:
- Account registration data: Retained for the lifetime of your active account, and for a period of five (5) years following account closure or last account activity, whichever is later, for audit and fraud prevention purposes.
- KYC verification documents: Retained for a minimum of five (5) years from the date of submission, in accordance with anti-money laundering record-keeping requirements.
- Financial transaction records: Retained for a minimum of seven (7) years from the date of each transaction, as required for financial record-keeping compliance.
- Betting and game history: Retained for five (5) years from the date of each game session or bet, and available to the player in their account history throughout this period.
- Customer support correspondence: Retained for three (3) years from the date of the last communication in a support thread.
- Analytics and technical log data: Retained in aggregated or pseudonymous form for up to twenty-four (24) months.
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised so that it can no longer be associated with an individual player. Data that has been anonymised is not subject to this Privacy Policy and may be retained indefinitely for statistical and research purposes.
7. Your Rights as a Data Subject
As a player whose personal data is processed by a9a999, you hold the following rights in relation to your personal information. To exercise any of these rights, contact a9a999 at [email protected] with the subject line "Data Rights Request" and include your registered username and the specific right you wish to exercise. We will respond within thirty (30) calendar days of receiving a valid request.
8. Data Security Measures
a9a999 implements a comprehensive set of technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. While no online platform can guarantee absolute security, the following controls are in place across the a9a999 infrastructure:
- TLS/SSL encryption: All data in transit between your browser or mobile device and a9a999's servers is encrypted using TLS 1.2 or higher. This applies to login, account management, payment flows, and support communications.
- Password hashing: Player passwords are stored using a modern one-way cryptographic hashing algorithm with per-user salting. Plain-text passwords are never stored or transmitted.
- Two-factor authentication (2FA): Players are encouraged to enable 2FA on their a9a999 account for an additional layer of login security. 2FA is mandatory for accounts that have processed withdrawals above certain threshold amounts.
- Role-based access control (RBAC): Internal access to player data is governed by a strict role-based permissions model. Staff members are granted access only to the data categories required for their specific job function.
- Audit logging: All internal access to player records — including KYC document views, withdrawal approvals, and account modifications — is logged with the staff member's identity, timestamp, and action taken. Audit logs are reviewed regularly for anomalies.
- Encrypted storage: Sensitive data categories — including KYC documents, NID numbers, and financial records — are stored in encrypted form at rest using AES-256 encryption.
- Penetration testing: The a9a999 platform undergoes periodic security assessments and penetration tests carried out by qualified independent security professionals to identify and remediate vulnerabilities before they can be exploited.
8.1 Data Breach Response
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected players, a9a999 will notify the relevant players without undue delay, and no later than seventy-two (72) hours after becoming aware of the breach, providing a description of the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address it. Notification will be sent to the email address registered on your a9a999 account. Minor security incidents that do not pose a meaningful risk to players will be logged and remediated internally without individual notification.
8.2 Third-Party Security
Where personal data is shared with third-party processors as described in Section 4, a9a999 conducts due diligence on those processors' security practices before entering into a data processing relationship. All third-party processors are bound by contractual obligations requiring them to implement security measures at least equivalent to those described in this section, and to notify a9a999 promptly in the event of any security incident affecting data processed on our behalf.
Ready to Play at a9a999?
Now that you have reviewed how a9a999 protects your personal data, you can explore the platform with confidence. From cricket betting and slots to live casino tables — all transactions in BDT, all data encrypted. 18+ only.
18+ Please gamble responsibly. Visit Responsible Gaming for self-exclusion tools and support resources available across Bangladesh.