cuci21 Privacy Policy

1. Introduction

cuci21 ("we", "us", "our", or "the Company") operates the online gaming platform accessible at cuci21.asia (the "Platform"). This Privacy Policy governs our collection, use, storage, and disclosure of personal data relating to Players and visitors who access or use the Platform.

cuci21 is committed to protecting the privacy of all persons who interact with the Platform. We process personal data only to the extent necessary to provide our Services, comply with applicable legal obligations, and maintain the integrity and security of the Platform. We do not sell personal data.

By registering a cuci21 account, making a deposit, or otherwise using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your personal data as described herein. This Policy is to be read together with the cuci21 Terms and Conditions.

2. Personal Data We Collect

2.1 Data You Provide Directly

cuci21 collects personal data that you provide during registration, account management, and use of Platform Services, including:

• Identity data: Full legal name, date of birth, gender, nationality, and Malaysian identity card (MyKad) or passport number.
• Contact data: Email address, mobile phone number, and mailing address.
• Financial data: Bank account details, e-wallet identifiers (e.g., Touch 'n Go, Boost account), and Visa/Mastercard details provided for deposit and withdrawal purposes. Full card numbers are not stored by cuci21 — payment processing is handled by certified payment processors.
• Account credentials: Username and hashed password (plain-text passwords are never stored).
• Communications data: Records of correspondence with cuci21 support, including chat logs and email exchanges.

2.2 Data Collected Automatically

When you access the Platform, cuci21 systems automatically collect certain technical and usage data, including:

• IP address and approximate geolocation (country and city level)
• Device type, operating system, and browser version
• Session timestamps, login history, and access logs
• Pages visited, game titles played, bet history, and session duration
• Referral source and navigation path within the Platform

2.3 Data from Third Parties

cuci21 may receive supplementary personal data from third-party identity verification providers engaged to fulfil KYC (Know Your Customer) and AML (Anti-Money Laundering) obligations, and from payment processors confirming transaction status.

3. How We Use Your Personal Data

cuci21 uses the personal data we collect for the following purposes:

• Account management: Creating, operating, and maintaining your cuci21 account, including identity verification and authentication.
• Service delivery: Processing deposits, withdrawals, bets, and game interactions; crediting winnings and bonus amounts to your MYR wallet.
• Legal compliance: Meeting obligations under anti-money laundering (AML) regulations, Know Your Customer (KYC) requirements, and other applicable legal frameworks governing online gaming.
• Fraud prevention and security: Detecting, investigating, and preventing fraudulent activity, money laundering, account takeover, and Terms of Service violations.
• Responsible gaming: Monitoring for patterns of behaviour that may indicate problem gambling; applying self-exclusion and limit settings as requested by Players.
• Platform improvement: Analysing aggregated usage data to improve Platform performance, game catalogue, and user experience.
• Communications: Sending transactional notifications (deposit confirmations, withdrawal updates, security alerts) and, where consented, promotional communications about cuci21 offers.
• Customer support: Resolving queries, complaints, and disputes submitted through cuci21 support channels.

cuci21 does not use personal data for automated profiling that produces legal or similarly significant effects without human review.

4. Legal Basis for Processing

cuci21 processes personal data on the following legal bases:

• Contract performance: Processing necessary to deliver the Services you have contracted for — including account creation, bet settlement, and payment processing.
• Legal obligation: Processing required to comply with AML, KYC, age verification, and other regulatory mandates applicable to licensed online gaming operators.
• Legitimate interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and Platform analytics — where our legitimate interests are not overridden by your data protection rights.
• Consent: Processing for optional promotional communications, where you have given explicit consent. You may withdraw consent at any time by contacting support.

5. Data Sharing & Disclosure

cuci21 does not sell, rent, or trade your personal data. We share personal data only in the following limited circumstances:

5.1 Service Providers

cuci21 engages third-party processors who act on our instructions to deliver components of the Platform Services, including payment processors (for deposit and withdrawal handling), KYC/identity verification providers, game software providers (Pragmatic Play, Evolution Gaming, PG Soft, etc.), and cloud hosting and infrastructure providers. All processors are contractually bound to handle data in accordance with applicable data protection standards.

5.2 Legal & Regulatory Authorities

cuci21 will disclose personal data to law enforcement, regulatory bodies, or judicial authorities where required by applicable law, court order, or in connection with the investigation of suspected fraud, money laundering, or other unlawful activity.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of cuci21 assets, Player personal data may be transferred to the acquiring entity, subject to equivalent privacy protections being maintained.

5.4 No Third-Party Marketing

cuci21 does not share personal data with third parties for their own marketing or advertising purposes.

6. International Data Transfers

The cuci21 Platform may engage service providers whose infrastructure is located outside Malaysia. Where personal data is transferred to jurisdictions that may not provide equivalent data protection standards to those applicable in Malaysia, cuci21 implements appropriate safeguards — including contractual data protection clauses — to ensure an equivalent level of protection is maintained.

By using the Platform, you acknowledge that your data may be processed in jurisdictions outside Malaysia in accordance with the safeguards described above.

7. Data Retention

cuci21 retains personal data for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal and regulatory retention requirements. Specific retention periods include:

• Account and identity data: Retained for the duration of the account relationship and for a minimum of 5 years following account closure, in compliance with AML record-keeping obligations.
• Transaction and bet records: Retained for a minimum of 5 years from the date of each transaction.
• Support communications: Retained for 3 years from the date of last correspondence.
• Technical and session logs: Retained for 13 months from the date of collection for security and analytics purposes.

On expiry of the relevant retention period, personal data is securely deleted or anonymised in accordance with cuci21's data destruction procedures.

8. Security Measures

cuci21 implements a layered set of technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction:

• Encryption in transit: All data transmitted between your device and the Platform is encrypted using TLS 1.2 or higher (256-bit SSL). The presence of a valid HTTPS padlock in your browser confirms this protection is active.
• Encryption at rest: Sensitive data stored in cuci21 databases — including financial identifiers and identity documents — is encrypted at rest.
• Password security: Passwords are hashed using industry-standard one-way cryptographic algorithms. cuci21 staff cannot read your password at any time.
• Access controls: Access to personal data systems is restricted to authorised personnel on a need-to-know basis, subject to role-based access controls and comprehensive audit logging.
• Two-factor authentication: Two-factor authentication (2FA) is available to all Players and is strongly recommended for accounts with active balances.
• Intrusion detection: cuci21 operates 24/7 security monitoring with automated detection of anomalous access patterns and immediate alerting protocols.

Notwithstanding these measures, no data transmission over the internet can be guaranteed to be completely secure. cuci21 cannot warrant absolute security of information transmitted to or from the Platform.

9. Cookies & Tracking Technologies

cuci21 uses cookies and similar tracking technologies on the Platform for the following purposes:

• Essential cookies: Required for Platform operation, including maintaining authenticated sessions and remembering login state where "Remember me" is selected. These cannot be disabled without impairing Platform functionality.
• Analytics cookies: Used to collect aggregated, anonymised data on how Players navigate and use the Platform, allowing cuci21 to identify performance improvements. No personally identifiable information is included in analytics data sets.
• Security cookies: Used to detect and prevent fraud, bots, and suspicious account activity.

cuci21 does not use third-party advertising cookies or cross-site tracking technologies for behavioural advertising purposes. You may manage or delete cookies through your browser settings; however, disabling essential cookies will impair your ability to use the Platform.

10. Your Data Rights

As a data subject, you have the following rights with respect to your personal data held by cuci21:

• Right of access: You may request a copy of the personal data cuci21 holds about you.
• Right of rectification: You may request correction of inaccurate or incomplete personal data in your cuci21 account.
• Right of erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to cuci21's legal retention obligations which may override this right.
• Right to restrict processing: You may request that cuci21 restrict processing of your personal data in certain circumstances.
• Right to data portability: You may request that cuci21 provide your personal data in a structured, machine-readable format where technically feasible.
• Right to object: You may object to processing of your personal data carried out on the basis of legitimate interests, including for direct marketing purposes.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of the above rights, contact cuci21 at [email protected]. cuci21 will respond to verified requests within 30 days. Requests may require identity verification before processing.

11. Children & Minors

The cuci21 Platform is strictly intended for persons aged 21 years and above. cuci21 does not knowingly collect personal data from persons under the age of 21. Age verification is a mandatory part of the cuci21 account registration process and is enforced through KYC document review.

If cuci21 becomes aware that personal data has been collected from a person under the age of 21, the associated account will be immediately closed, all collected data will be deleted to the extent legally permissible, and any funds will be handled in accordance with applicable law.

Parents and guardians who believe a minor may have accessed or registered on the Platform are encouraged to contact cuci21 immediately at [email protected].

12. Third-Party Links

The cuci21 Platform does not contain links to third-party websites for the purpose of advertising or referral. Where third-party services are integrated into the Platform (such as live game streams from licensed providers), those providers operate under their own privacy policies with respect to data processed within their proprietary systems. cuci21 is not responsible for the privacy practices of third-party game providers beyond the contractual data protection obligations described in Section 5.1.

13. Updates to This Privacy Policy

cuci21 reserves the right to amend this Privacy Policy at any time. Material changes — including changes to data collection practices, sharing arrangements, or Player rights — will be communicated to registered Players via the email address associated with their cuci21 account prior to the effective date of the change.

The "Last Updated" date at the top of this Policy reflects the most recent revision. Your continued use of the Platform following any amendment constitutes your acceptance of the revised Policy. cuci21 recommends reviewing this Policy periodically.

14. Contact Us

For any queries, requests, or complaints relating to this Privacy Policy or the handling of your personal data by cuci21, please contact us:

• Email: [email protected]
• Subject line: Privacy Request — [Your Account Username]
• Response time: Within 30 days for data subject rights requests; within 5 business days for general privacy queries
• Support hours: Malaysia Standard Time (UTC+8), during published operational hours

All privacy-related communications are handled by cuci21's designated data protection contact and are treated as confidential. cuci21 will never ask you to provide your password in any communication.