Privacy Policy

1 Overview & Scope

This Privacy Policy applies to all personal data processed by megaa888 in connection with the operation of the megaa888 online gaming platform at megaa888.org ("Platform"). It covers personal data collected from:

• Registered Players who hold an Account with megaa888.
• Visitors who access the megaa888 Platform without registering.
• Individuals who contact megaa888 customer support via live chat, Telegram, or email.

By using the megaa888 Platform, you acknowledge that you have read and understood this Privacy Policy. This Policy should be read alongside the megaa888 Terms & Conditions, which govern the overall use of the Platform.

2 Data Controller

For the purposes of this Privacy Policy, megaa888 acts as the data controller in respect of personal data collected through the Platform. As data controller, megaa888 determines the purposes and means of processing your personal data.

If you have any questions about how megaa888 handles your personal data, or if you wish to exercise any of the rights described in Section 11, you may contact the megaa888 Data Protection team using the contact details provided in Section 15 of this Policy.

3 Data We Collect

megaa888 collects the following categories of personal data from Players and visitors:

Identity Data:

• Full legal name as stated on government-issued identification.
• Date of birth (used for age verification — all megaa888 players must be 21 years of age or older).
• Identity document details (e.g., Malaysian MyKad number, passport number) collected during KYC verification.
• Profile photograph where submitted as part of KYC documentation.

Contact Data:

• Registered mobile number (Malaysian format: 601X-XXXXXXX).
• Email address registered to the Account.
• Residential address where required for KYC purposes.

Financial Data:

• Payment method details, including e-wallet identifiers (Touch 'n Go, Boost, GrabPay), bank account identifiers (for FPX, Maybank, CIMB), and DuitNow QR references.
• Transaction history including deposit amounts, withdrawal amounts, dates, and payment method used.
• Wallet balance history.

Gaming Activity Data:

• Game participation records, wager amounts, win/loss results, and session durations.
• Sportsbook bet history including markets wagered, odds, and outcomes.
• Bonus claims and wagering requirement progress.
• Responsible gaming settings and self-exclusion records where applicable.

Technical Data:

• IP address and approximate geolocation at the time of access.
• Device type, operating system, browser type and version.
• Session timestamps and navigation behaviour within the Platform.
• Cookie identifiers and analytics identifiers as described in Section 8.

Communications Data:

• Records of customer support interactions including live chat transcripts and Telegram message logs.
• Complaint and dispute correspondence.

4 How We Collect Data

megaa888 collects personal data through the following channels:

• Directly from you — when you register an Account, complete KYC verification, make a deposit or withdrawal, contact customer support, or participate in a promotion.
• Automatically — through cookies, session tracking technologies, and server logs when you access the Platform, as described in Section 8.
• From third parties — including identity verification service providers engaged to conduct KYC checks, payment processors that confirm transaction details, and fraud detection services that flag suspicious activity patterns.

5 How We Use Your Data

megaa888 uses the personal data it collects for the following purposes:

• Account administration: Creating and maintaining your megaa888 Account, processing your login credentials, and enabling access to Platform features.
• Identity and age verification: Confirming that you meet the minimum age requirement of 21 years and that your identity is genuine, in compliance with international gaming authority standards.
• Payment processing: Facilitating deposits and withdrawals in Malaysian Ringgit (MYR) through your chosen payment method, and reconciling your Wallet balance.
• Gaming operations: Recording game activity, calculating and crediting winnings, applying bonus terms, and maintaining accurate bet history records.
• Responsible gaming: Monitoring gaming behaviour for indicators of problem gambling, applying player-set limits and self-exclusion instructions, and contacting Players who may benefit from responsible gaming support.
• Fraud prevention and security: Detecting, investigating, and preventing fraudulent transactions, multi-accounting, money laundering, and other prohibited conduct as defined in the Terms & Conditions.
• Legal and regulatory compliance: Meeting obligations imposed by applicable anti-money-laundering (AML) laws, gaming authority requirements, and any applicable data protection regulations.
• Customer support: Responding to your queries, resolving disputes, and improving our support processes.
• Platform improvement: Analysing aggregated, anonymised usage data to improve Platform performance, game selection, and user experience.
• Marketing communications: Sending promotional offers, bonus notifications, and relevant gaming information to Players who have not opted out. Players may withdraw marketing consent at any time via Account settings.

6 Legal Basis for Processing

megaa888 processes personal data on the following legal bases:

• Contractual necessity: Processing required to perform the Player Account agreement — including identity verification, payment processing, and gaming operations.
• Legal obligation: Processing required to comply with applicable AML legislation, gaming authority requirements, and tax reporting obligations.
• Legitimate interests: Processing for fraud detection, platform security, responsible gaming monitoring, and aggregated analytics — where such interests are not overridden by your data protection rights.
• Consent: Processing for direct marketing communications and non-essential cookies, where your explicit consent has been obtained. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

7 Data Sharing & Disclosure

megaa888 does not sell or rent your personal data to third parties. megaa888 may share your personal data with the following categories of recipients, strictly on a need-to-know basis:

• Identity verification providers: Third-party KYC services engaged to verify your identity and age documentation.
• Payment processors: Financial technology providers that process your deposits and withdrawals, including e-wallet operators and bank transfer facilitators used in Malaysia.
• Game providers: Casino game and sportsbook software suppliers who require transactional data to operate their games within the megaa888 Platform.
• Fraud prevention services: Specialist providers engaged to detect and prevent fraudulent activity, money laundering, and prohibited conduct.
• Regulatory and law enforcement authorities: Where required by applicable law, court order, or regulatory directive — including AML reporting obligations and responses to lawful authority requests.
• Professional advisers: Legal counsel, auditors, and insurers engaged in connection with megaa888's business operations, subject to professional confidentiality obligations.

All third-party recipients of megaa888 player data are required to process such data in accordance with applicable data protection standards and solely for the purpose for which it was shared.

8 Cookies & Tracking Technologies

megaa888 uses cookies and similar tracking technologies on the Platform for the following purposes:

• Essential cookies: Required for the Platform to function — including login session maintenance, security tokens, and cart/wallet state. These cannot be disabled without breaking core Platform functionality.
• Functional cookies: Store your Platform preferences such as language settings, last-visited game category, and responsible gaming reminder settings.
• Analytics cookies: Anonymised data about how Players navigate the Platform — used to identify performance issues and improve user experience. No personally identifiable information is included in analytics data.
• Marketing cookies: Used to present relevant promotional offers based on your activity on the Platform. These are deployed only where you have provided consent.

You may manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to use core megaa888 Platform features. Note that blocking essential cookies may impair Platform functionality including the megaa888 login session.

9 Data Retention

megaa888 retains personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following retention periods:

• Active Account data: Retained for the duration of the Account's active status plus a minimum of five (5) years following Account closure, to meet AML record-keeping obligations.
• Transaction records: Financial transaction data is retained for a minimum of seven (7) years in accordance with applicable financial record-keeping requirements.
• Customer support communications: Retained for a minimum of two (2) years following resolution of the relevant query or dispute.
• KYC documentation: Retained for the duration of the Account plus five (5) years following closure, or longer if required by applicable law.
• Marketing consent records: Retained until consent is withdrawn, plus one (1) year thereafter as evidence of the consent status.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with megaa888's data destruction procedures.

10 Data Security

megaa888 implements technical and organisational security measures appropriate to the risk presented by the processing of your personal data. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the megaa888 Platform — the same encryption standard used by major Malaysian banks including Maybank and CIMB.
• Encryption of sensitive data fields — including identity document details and financial data — at rest in megaa888's database infrastructure.
• Role-based access controls limiting employee access to personal data to the minimum necessary for their job function.
• Automated intrusion detection and real-time monitoring of Platform infrastructure for security anomalies.
• Regular independent security audits and penetration testing of the Platform and supporting systems.
• Two-factor authentication (2FA) availability for all Player Accounts and mandatory 2FA for all megaa888 staff with access to player data.

Notwithstanding the above, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe your megaa888 Account has been compromised, contact customer support immediately.

11 Your Rights

Subject to applicable law, you have the following rights in respect of your personal data held by megaa888:

• Right of access: You may request a copy of the personal data megaa888 holds about you.
• Right to rectification: You may request correction of inaccurate or incomplete personal data.
• Right to erasure: You may request deletion of your personal data where megaa888 no longer has a lawful basis for retaining it, subject to overriding legal retention obligations.
• Right to restriction of processing: You may request that megaa888 restrict its processing of your data in certain circumstances.
• Right to data portability: Where processing is based on your consent or on a contract, you may request a machine-readable copy of data you have provided to megaa888.
• Right to object: You may object to processing based on legitimate interests, including direct marketing at any time.
• Right to withdraw consent: Where megaa888 relies on your consent to process your data, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact the megaa888 Data Protection team as detailed in Section 15. megaa888 will respond to verified requests within 30 calendar days. In complex cases, this period may be extended by a further 60 days, with notification provided within the initial 30-day period.

12 Children's Privacy

The megaa888 Platform is strictly intended for individuals aged 21 years and above. megaa888 does not knowingly collect personal data from individuals under 21 years of age. Age verification is performed on all Accounts during the KYC process.

If megaa888 becomes aware that personal data has been collected from an individual under the age of 21, the Account will be suspended immediately and the personal data in question will be deleted in accordance with Section 9, subject to any applicable legal retention requirements. If you have reason to believe that a minor has registered with megaa888, please notify customer support immediately.

13 International Data Transfers

megaa888 primarily processes personal data within its hosting infrastructure. In certain circumstances, personal data may be transferred to and processed by third-party service providers located outside Malaysia — for example, internationally-based identity verification providers, game software suppliers, or cloud infrastructure providers.

Where such transfers occur, megaa888 ensures that appropriate safeguards are in place to protect your personal data, including contractual data protection clauses with the recipient that require data to be handled to a standard equivalent to applicable data protection requirements.

14 Policy Amendments

megaa888 reserves the right to update this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, or our data processing practices. The effective date of the current version is displayed at the top of this page. Material changes will be notified to registered Players via the email address or mobile number on file, or by a prominent notice on the Platform, prior to the change taking effect.

Continued use of the megaa888 Platform following notification of an amended Privacy Policy constitutes your acceptance of the revised terms. If you do not accept an amendment, you may close your Account in accordance with the Terms & Conditions.

15 Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or megaa888's handling of your personal data, please contact the megaa888 Data Protection team through the following channels:

• Live Chat: Available 24/7 via the megaa888 Platform.
• Telegram: Available 24/7 via the official megaa888 Telegram support channel.
• Email: support megaa888.org — please include "Privacy Request" in your subject line for prompt routing.

megaa888 aims to respond to all privacy-related enquiries within 5 business days of receipt. For formal data subject rights requests, the response timelines described in Section 11 apply.