ap888 Privacy Policy

1. About This Privacy Policy

This Privacy Policy applies to all personal data collected, processed, or stored by ap888 in connection with the operation of the ap888 online gaming platform at ap888.win (the "Platform"). It applies to all registered Members, prospective Members who visit the Platform, and individuals who interact with ap888 through customer support channels.

References to "ap888", "we", "us", or "our" in this Policy refer to the operator of the ap888 Platform. References to "you" or "Member" refer to any individual whose personal data is processed in connection with the Platform.

This Policy should be read alongside the ap888 Terms & Conditions and Responsible Gaming Policy, which together constitute the full contractual and regulatory framework governing your use of the Platform.

We take the privacy of our Malaysian Members seriously. The ap888 platform is designed from the ground up with data minimisation principles — we collect what is operationally necessary, retain it for defined periods, and apply security standards consistent with those used by Malaysian financial institutions.

2. Personal Data We Collect

ap888 collects personal data through several channels in the course of operating the Platform. The categories of data collected include:

2.1 Registration Data. When you create an ap888 account, we collect: your full legal name, date of birth, Malaysian contact number (in +60 format), email address, preferred currency (MYR), and username. This data is mandatory for account creation.

2.2 Identity Verification (KYC) Data. To comply with anti-money laundering (AML) regulations and international gaming authority licensing requirements, ap888 may request copies of government-issued identification (e.g., Malaysian National Registration Identity Card (NRIC) or passport), proof of residential address (utility bill or bank statement issued within 90 days), and proof of payment method ownership. KYC documents are stored securely and accessed only by authorised compliance personnel.

2.3 Financial Transaction Data. We collect records of all deposits and withdrawals processed through your ap888 account, including payment method details (e.g., Touch 'n Go eWallet account reference, DuitNow account number, Maybank or CIMB account details), transaction amounts, timestamps, and processing status. Full payment credentials (such as card numbers) are handled by payment processors and are not stored on ap888's servers.

2.4 Gaming Activity Data. ap888 maintains records of all bets placed, games accessed, session durations, wins and losses, and bonus usage. This data is used for account management, dispute resolution, responsible gaming monitoring, and regulatory reporting.

2.5 Device and Technical Data. When you access the Platform, we automatically collect: IP address, device type, operating system, browser type and version, referring URL, and session timestamps. This data is used for security monitoring, fraud prevention, and platform performance optimisation.

2.6 Communications Data. Records of all communications between you and ap888 — including live chat transcripts, email correspondence, and support tickets — are retained for quality assurance, dispute resolution, and regulatory compliance purposes.

2.7 Responsible Gaming Data. Where you engage with ap888's responsible gaming tools (deposit limits, self-exclusion, cool-off periods), the settings applied and the dates of their activation are recorded and maintained to enforce your stated preferences across the Platform.

3. How We Use Your Personal Data

ap888 uses the personal data it collects for the following purposes:

• To create, verify, and manage your ap888 account and provide access to all Platform services.
• To process deposits and withdrawals in Malaysian Ringgit (MYR) through your selected payment methods.
• To fulfil anti-money laundering (AML), Know Your Customer (KYC), and international gaming authority licensing compliance obligations.
• To detect, investigate, and prevent fraud, collusion, bonus abuse, money laundering, and other prohibited activities.
• To monitor gaming activity for responsible gaming purposes, including identification of at-risk behaviour patterns and enforcement of player-set limits.
• To operate, maintain, and improve the Platform's technical performance and security infrastructure.
• To respond to Member enquiries and resolve disputes through customer support channels.
• To send transactional communications — including deposit confirmations, withdrawal updates, and security alerts — to your registered email or mobile number.
• To send marketing communications about ap888 promotions, VIP program updates, and new product launches, where you have provided consent or where we have a legitimate interest basis for doing so.
• To comply with applicable laws, regulations, and lawful requests from competent regulatory or judicial authorities.

4. Legal Basis for Processing

ap888 processes personal data under the following legal bases:

• Contract performance: Processing necessary to provide the gaming services you have contracted for, including account management, payment processing, and game delivery.
• Legal obligation: Processing required to comply with AML regulations, gaming licensing conditions, tax reporting obligations, and responses to lawful regulatory or law enforcement requests.
• Legitimate interests: Processing for fraud detection and prevention, platform security monitoring, responsible gaming oversight, and internal analytics to improve the Platform, where these interests are not overridden by your privacy rights.
• Consent: Processing for marketing communications and non-essential cookies, where explicit consent has been obtained. You may withdraw consent at any time without affecting the lawfulness of processing based on consent prior to withdrawal.

5. Sharing of Personal Data

ap888 does not sell, rent, or transfer your personal data to third-party marketers or data brokers. Your data may be shared with the following categories of third parties, strictly for the purposes outlined in this Policy:

• Payment processors: Your payment method details are shared with licensed payment processors (including Touch 'n Go eWallet, Boost, DuitNow gateway providers, and banking partners) to facilitate MYR deposits and withdrawals. These processors are bound by their own regulatory and contractual data protection obligations.
• Game content providers: Where technically necessary for game delivery, session identifiers and limited account data may be transmitted to licensed game studio providers (such as Evolution Gaming or Pragmatic Play). These providers are contractually prohibited from using this data for any purpose other than game delivery.
• KYC and identity verification services: Document data may be processed by third-party identity verification providers operating under data processing agreements with ap888.
• Regulatory and law enforcement authorities: ap888 will disclose personal data to competent authorities where required to do so by applicable law, court order, or gaming regulatory directive — including AML suspicious transaction reporting obligations.
• Professional advisers: Auditors, legal counsel, and compliance consultants engaged by ap888 may access personal data on a strictly need-to-know basis under professional confidentiality obligations.

6. International Data Transfers

ap888's primary data infrastructure is located in the Asia-Pacific region. Where personal data is transferred to servers or processors outside Malaysia, ap888 ensures that adequate protections are in place — including data processing agreements containing standard contractual clauses or equivalent safeguards consistent with applicable data protection standards.

ap888 does not transfer personal data to jurisdictions that do not provide an adequate level of data protection without implementing appropriate safeguards. If you require details of the specific safeguards applied to a particular international data transfer, you may contact ap888's data compliance team via the contact details in Section 14.

7. Data Retention

ap888 retains personal data for the minimum period necessary to fulfil the purposes for which it was collected, subject to the following minimum retention requirements:

• Account data and KYC documents: Retained for a minimum of five (5) years from account closure, in compliance with AML regulatory requirements applicable to licensed gaming operators.
• Transaction records: Retained for a minimum of five (5) years from the date of each transaction.
• Gaming activity logs: Retained for a minimum of three (3) years for dispute resolution and responsible gaming monitoring purposes.
• Customer support communications: Retained for three (3) years from the date of the last interaction.
• Marketing consent records: Retained until you withdraw consent, plus a further one (1) year to demonstrate compliance with consent obligations.
• Self-exclusion and responsible gaming records: Retained for the duration of the exclusion period plus a minimum of five (5) years thereafter, to prevent re-registration circumvention.

Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised.

8. Cookies and Tracking Technologies

ap888 uses cookies and similar tracking technologies to operate and improve the Platform. The categories of cookies used are as follows:

• Strictly necessary cookies: Required for core Platform functionality including session authentication, login state maintenance, and security tokens. These cookies cannot be disabled without impairing Platform access.
• Functional cookies: Used to remember your preferences such as language settings, display preferences, and responsible gaming tool configurations. These enhance your ap888 experience but are not essential.
• Analytics cookies: Used to collect aggregated, anonymised data about how Members interact with the Platform — pages visited, features used, and session duration. This data is used to improve Platform performance and content relevance. Analytics cookies are only set with your consent.
• Security and fraud prevention cookies: Used to identify and mitigate suspicious access patterns, bot activity, and potential account compromise. These are operationally necessary for Platform security.

You can manage your cookie preferences through the Platform's cookie settings panel. Declining optional cookies does not prevent access to core ap888 gaming and account services.

9. Security Measures

ap888 implements technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. Key security measures include:

• 256-bit SSL/TLS encryption for all data in transit between your device and the ap888 Platform.
• Encryption of sensitive data at rest, including KYC documents and financial record fields.
• Role-based access controls ensuring that personal data is accessible only to ap888 personnel with a documented operational need.
• Multi-factor authentication requirements for administrative access to systems that hold Member personal data.
• Continuous intrusion detection and anomaly monitoring on the Platform infrastructure.
• Regular independent security audits and penetration testing of the Platform.

While ap888 takes all reasonable precautions, no system can guarantee absolute security. You are responsible for maintaining the confidentiality of your ap888 login credentials and for promptly notifying ap888 if you suspect unauthorised account access.

10. Your Data Rights

Subject to applicable data protection law and regulatory retention obligations, you have the following rights in respect of your personal data held by ap888:

• Right of access: You may request a copy of the personal data ap888 holds about you. ap888 will respond within 30 calendar days of a verified request.
• Right to rectification: If any personal data ap888 holds about you is inaccurate or incomplete, you may request correction. Many data fields can be updated directly through the ap888 account settings panel.
• Right to erasure: You may request deletion of your personal data where ap888 no longer has a lawful basis for retaining it. This right is subject to overriding regulatory retention obligations — in particular, AML regulations require retention of transaction and KYC data for a minimum of five years.
• Right to restrict processing: You may request that ap888 restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of data or object to processing based on legitimate interests.
• Right to data portability: Where processing is based on your consent or contract performance, you may request your personal data in a structured, machine-readable format.
• Right to object: You may object to processing based on ap888's legitimate interests. ap888 will cease such processing unless it can demonstrate compelling legitimate grounds that override your interests.

To exercise any of these rights, contact ap888's data compliance team via live chat or email (see Section 14). ap888 may request identity verification before processing rights requests to prevent unauthorised access to another person's data.

11. Children's Privacy

The ap888 Platform is strictly restricted to individuals aged 21 years and above. ap888 does not knowingly collect personal data from persons under the age of 21. If ap888 becomes aware that personal data has been collected from an underage individual, the account will be immediately suspended, all funds held pending investigation, and the personal data deleted in accordance with applicable law.

If you believe that a minor may have registered on the ap888 Platform, please contact ap888 customer support immediately through live chat.

12. Marketing Communications

ap888 may send you marketing communications about promotions, VIP program updates, new game launches, and special offers where you have consented to receive them or where ap888 has a legitimate interest basis for doing so (for example, communications about products directly related to services you already use on the Platform).

You may withdraw consent for marketing communications at any time by:

• Using the "unsubscribe" link in any marketing email from ap888.
• Updating your marketing preferences in the ap888 account settings panel under Communications Preferences.
• Contacting ap888 customer support via live chat.

Withdrawal of marketing consent does not affect receipt of transactional communications (such as deposit confirmations, withdrawal notifications, and account security alerts), which are necessary for the operation of your ap888 account.

13. Changes to This Privacy Policy

ap888 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, regulatory requirements, or Platform functionality. Where changes are material, ap888 will notify Members by email to the registered address and/or by prominent notice on the Platform homepage, with a minimum of seven (7) days' notice before the revised Policy takes effect.

Your continued use of the ap888 Platform after the effective date of a revised Privacy Policy constitutes your acknowledgement of the changes. The version of this Policy displayed on the Platform at any given time is the current and applicable version. This Policy was last updated in June 2026.

14. Contact and Data Enquiries

For any questions, requests, or concerns regarding this Privacy Policy or ap888's data practices, you may contact the ap888 data compliance team through the following channels:

• Live Chat: Available 24/7 through the ap888 Platform — average response time under 90 seconds.
• Email: [email protected] — responses within 2 business hours during operational hours.

When submitting a data rights request by email, please include your registered ap888 username and the nature of your request to allow ap888 to locate your records and respond efficiently. Identity verification may be required before rights requests are actioned.