Privacy Policy
Welcome to Our Privacy Policy
Our team has prepared this document to explain — clearly and without legal jargon — how our website handles your data. Whether you read our casino reviews casually or interact with newsletter subscriptions and comment sections, this policy applies to you.
What does our website do? In short, our team publishes independent reviews of online casinos, sportsbooks, and gambling platforms across various jurisdictions, with content available to Malaysian visitors interested in international online gambling markets. The goal? Help readers make informed choices before signing up anywhere. To run this kind of editorial operation properly, some data collection becomes necessary. This policy explains exactly what, why, and how.
Throughout this document, references to “our team,” “our website,” “our reviews,” or “we/us/our” all refer to the editorial and technical operation responsible for the content you read. We’ve deliberately avoided naming the specific platform — the policy framework applies equally regardless.
Important notice for Malaysian visitors: Our website provides informational content about international gambling platforms. Malaysian law under the Betting Act 1953 and the Common Gaming Houses Act 1953 regulates gambling activities within Malaysia. Users are responsible for understanding and complying with local laws in their jurisdiction of residence. This website does not operate gambling services and does not encourage illegal activity.
By using our website, you agree to the practices described here. Don’t agree? That’s fair. Simply discontinue use. For questions, the contact channels at the bottom of this document remain open.
What Information Gets Collected
The data we gather falls into several distinct categories. Each serves a specific purpose, and none gets collected without reason.
Information You Share Voluntarily
Some interactions require you to provide data directly. These include:
- Contact forms — name, email, subject line, message content
- Newsletter signups — email address plus optional preferences
- Comment sections — username, email, comment content
- Survey participation — demographic info, preferences, feedback
- Account creation (where applicable) — username, password, email
- Direct emails — anything you share when reaching out
Information Collected Automatically
Visit any modern website and standard web technologies capture certain data automatically. Our platform follows this same standard pattern:
- IP address and approximate geographic location (country/state level only)
- Browser type, operating system, device specifications
- Pages visited, time spent, scroll patterns, click behaviour
- Search queries within our internal search
- Performance metrics like load times and error reports
- Referring URLs showing how you arrived
This isn’t surveillance — it’s basic web analytics that every professional website uses to function. Without it, we couldn’t fix bugs, optimise page load speeds, or understand what content actually helps readers.
Information from Third Parties
Sometimes data about visitors reaches us through partners:
- Analytics providers like Google Analytics or Matomo (aggregated stats)
- Affiliate networks (conversion tracking when you click casino links)
- Social media platforms (when you interact with our social presence)
- Email service providers (delivery confirmations, open rates)
- Fraud prevention services (security risk indicators)
How We Actually Use This Information
Collecting data without purpose makes no sense. Here’s what happens with information after it reaches us.
Running the Website
Most data usage falls into operational categories. We use it to:
- Deliver pages quickly across different devices and connections
- Show content in the right language based on your location (English, Bahasa Malaysia, or Mandarin where available)
- Fix technical bugs when they appear
- Improve site navigation based on actual usage patterns
- Optimise mobile experience for various screen sizes
- Personalise review recommendations based on browsing interests
Communicating with You
When you reach out, we respond. When you subscribe, we send newsletters. Standard stuff:
- Replying to contact form inquiries and emails
- Sending newsletter content you subscribed to receive
- Notifying about important policy or service changes
- Following up on previous support interactions
- Inviting participation in optional research surveys
Improving Our Reviews
Reader behaviour tells our editorial team what works. Aggregated patterns shape future content:
- Which casino reviews get the most engagement
- What topics readers actively search for
- Where users drop off or stay engaged
- How conversion paths perform across different pages
- Which formats deliver clearer information
Legal and Operational Necessities
Some processing happens because law or business operations require it:
- Meeting Personal Data Protection Act 2010 (PDPA), GDPR, and other regulatory obligations
- Addressing complaints when they arise
- Maintaining audit trails for accounting purposes
- Investigating terms of service violations
- Responding to legitimate legal requests
Cookies — Yes, We Use Them
Almost every website does. Cookies are small text files stored on your device. They serve different purposes depending on type.
Essential Cookies (Can’t Be Disabled)
These keep core features working:
- Session management as you browse between pages
- Security tokens preventing attacks
- Cookie consent records (yes, we use a cookie to remember your cookie preferences)
- Authentication for logged-in users
- Accessibility settings preservation
Performance and Analytics Cookies
These help us understand how the site performs:
- Google Analytics — page views, sessions, user flow
- Heatmap tools — click patterns and scroll depth
- Error tracking — JavaScript errors affecting users
- Speed monitoring — Core Web Vitals and load times
- Custom events — newsletter signups, review ratings
Functional Cookies
These remember your preferences:
- Selected language for future visits (English, Bahasa Malaysia, Mandarin)
- Dark/light mode display setting
- Region-based content adjustments (state and territory preferences)
- Filter selections when comparing casinos
- Saved bookmarks or favourite operators
Advertising and Affiliate Cookies
Our website partners with affiliate networks:
- Tracking referrals to casino operators from our reviews
- Conversion attribution showing which content drives signups
- Retargeting to previous visitors
- Audience segmentation for relevant content
- Campaign performance measurement
Taking Control of Cookies
Your browser gives you control. Most modern browsers let you:
- Block all cookies (will break some features)
- Block third-party cookies only
- Delete existing cookies
- Get notified when new cookies attempt to set
- Whitelist specific trusted sites
- Set expiration preferences
Our cookie consent banner on first visit allows granular choices. Adjust anytime through the banner that reappears or your browser settings.
Who Sees Your Information
Short answer: very few parties, and only when necessary. Our team does not sell, rent, or trade personal data to unrelated marketers. Some limited sharing happens as part of normal operations.
Service Providers
We work with trusted vendors who help run the website. Each operates under strict data processing agreements:
- Hosting providers — servers and infrastructure
- Analytics services — Google Analytics and similar
- Email service providers — Mailchimp, Sendinblue, or similar for newsletters
- Customer support tools — helpdesk software
- Content delivery networks — fast global delivery
- Security services — Cloudflare-type DDoS and attack protection
- Database providers — cloud storage services
All vendors must:
- Use information only for purposes we authorised
- Maintain appropriate security measures
- Comply with applicable data protection laws including the Personal Data Protection Act 2010
- Delete data when no longer needed
- Report security incidents promptly to us
Affiliate Partners
Revenue from affiliate partnerships funds our editorial work. When you click a casino link from our reviews, certain information passes to the operator:
- Referral source (you came from our platform)
- Campaign identifiers (which specific review)
- Click timestamps
- General device type and browser
- Aggregated conversion data (without personal details)
The affiliate model lets us produce reviews without charging readers. Editorial independence remains intact regardless of commission rates — we cover casinos honestly whether they pay us well, poorly, or not at all.
Legal Requirements
Sometimes law forces disclosure. Examples include:
- Valid court orders or subpoenas from Malaysian or international courts
- Legitimate government investigations by federal or state authorities
- Protecting our team’s legal rights or safety
- Investigating suspected fraud affecting our platform
- Defending intellectual property claims
When this happens, we provide only the minimum required and notify affected users when legally permitted.
Business Transfers
If our website ever undergoes a merger, acquisition, or similar transaction, personal information may transfer as part of that deal. Users would:
- Receive prior notice of planned ownership changes
- Retain rights granted under this policy
- Be able to opt out where legally required
- Get updated privacy notices for material changes
Aggregated and Anonymised Data
Statistics that can’t identify individuals may be shared more freely:
- Industry trend reports
- Research publications about gambling preferences
- Marketing materials with stats like “70% of our Malaysian readers prefer X”
- Public communications and press releases
How Long We Keep Your Data
Forever isn’t the answer. We retain data only as long as needed, with specific timelines for different categories:
| Data Type | Retention Period |
| Contact form submissions | 24 months after last interaction |
| Newsletter subscriber data | While active + 12 months after unsubscribe |
| Comment section data | Indefinitely (deletion available on request) |
| Analytics data (individual) | 26 months maximum |
| Analytics data (aggregated) | Indefinitely |
| Cookie data | 30 days to 24 months depending on type |
| Account information | While active + 6 months after deactivation |
| Support tickets | 36 months for service continuity |
| Legal records | As required by Malaysian federal law (often 7 years) |
Earlier deletion occurs when:
- You request it under the Personal Data Protection Act 2010 or applicable law
- Accounts go completely inactive for extended periods
- The original purpose has been fulfilled
- Laws require earlier deletion
- Retention creates unnecessary risk
Backups complicate this slightly. Daily backups stay 30 days, weekly backups 90 days, monthly archives 12 months. Deleted data eventually disappears from backups through regular maintenance cycles.
Your Rights — What You Can Do
Depending on where you live, different privacy laws give you specific rights. Our team respects all of them.
If You’re in Malaysia
The Personal Data Protection Act 2010 (PDPA) and Personal Data Protection Regulations 2013 give you these rights:
- Right of access — request access to personal data we hold about you (Section 30)
- Right to correct — correct inaccurate, incomplete, misleading, or outdated personal data (Section 34)
- Right to withdraw consent — withdraw previously given consent for processing (Section 38)
- Right to prevent processing — prevent processing likely to cause damage or distress (Section 42)
- Right to prevent direct marketing — opt out of direct marketing communications (Section 43)
- Complaint filing — lodge complaints with the Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi)
- Cross-border transfer transparency — information about transfers of personal data outside Malaysia
- Data breach notification — notification when significant data breaches occur (following PDPA amendments 2024)
- Data portability — right to data portability under 2024 PDPA amendments
If You’re in the EU, EEA, or UK
GDPR (and its UK equivalent) gives you these rights:
- Access — request copies of data we hold about you
- Rectification — correct inaccurate information
- Erasure — request deletion (“right to be forgotten”)
- Restriction — limit how we process your data
- Data portability — receive your data in machine-readable format
- Objection — object to processing based on legitimate interests
- Consent withdrawal — revoke previously given consent
- Automated decisions — avoid decisions made solely by algorithms
- Lodge complaints — file with your national data protection authority
If You’re in the United States
Various state laws give U.S. residents specific rights:
- California (CCPA/CPRA) — right to know, delete, correct, opt-out of sale, limit sensitive info use
- Virginia (VCDPA) — access, correction, deletion, portability, opt-out rights
- Colorado (CPA) — similar rights to VCDPA with universal opt-out mechanism
- Connecticut, Utah, Texas — state-specific privacy rights
Other Southeast Asian Jurisdictions
Similar rights exist in many regional frameworks:
- Singapore PDPA 2012 — comprehensive privacy rights with data portability
- Indonesian PDP Law 2022 — GDPR-inspired protections for Indonesians
- Thailand PDPA 2019 — comprehensive privacy framework
- Philippines Data Privacy Act 2012 — comprehensive privacy rights
- Vietnamese Cybersecurity Law — data protection provisions
Other Global Jurisdictions
Similar rights exist in many regions:
- Canadian PIPEDA — access and correction rights
- Brazilian LGPD — GDPR-like protections for Brazilians
- Australian Privacy Act 1988 — access and correction rights
- South African POPIA — comprehensive privacy rights
- Japanese APPI — disclosure and correction rights
Actually Using These Rights
Want to exercise any of them? Reach out through contact channels listed below. Requests should include:
- Sufficient identity verification (protecting against impersonation)
- Clear statement of which right you’re using
- Scope of what specific data or processing concerns you
- Preferred contact method for our response
- Preferred language of response (English, Bahasa Malaysia, or Mandarin where available)
Response timeline runs 21 days typically under Malaysia’s PDPA, though complex requests may extend further with notification. First request in any 12-month period costs nothing. Excessive or repeated requests may incur reasonable administrative fees where law permits (up to RM10 per PDPA regulations).
How We Protect Your Information
Security isn’t an afterthought — it’s foundational. Our team implements multiple protection layers across technical, organisational, and physical dimensions.
Technical Measures
- SSL/TLS encryption (minimum 256-bit) for all data in transit
- Database encryption for stored information
- Role-based access controls limiting employee data access
- Firewalls, intrusion detection, DDoS protection
- Regular security scans and prompt patching
- Annual third-party penetration testing
- Multi-factor authentication for administrative access
- Secure development lifecycle and code review processes
Organisational Measures
- Regular privacy training for all team members
- Strict confidentiality agreements with employees and contractors
- Due diligence reviews of all service providers
- Documented incident response procedures
- Data minimisation policies (collect only what’s needed)
- Internal and external privacy audits
- Background checks for personnel with sensitive access
- Clear data governance with defined roles
Physical Measures
- Data centres with restricted access and 24/7 monitoring
- Power redundancy, fire suppression, climate control
- Secure hardware disposal procedures
- Strict visitor management protocols
- Continuous camera surveillance in sensitive areas
When Things Go Wrong — Data Breach Response
No security is perfect. If something happens, our commitment is:
- Immediate investigation to assess scope and impact
- Swift containment and remediation actions
- Reporting to the Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi) under the 2024 PDPA amendments when significant breaches occur
- Notifying affected individuals when breaches are likely to result in significant harm
- Providing guidance on protective steps
- Public acknowledgment of significant incidents while preserving investigation integrity
- Post-incident review to prevent recurrence
Honest disclosure: while we use strong measures, no internet transmission or electronic storage achieves complete security. We commit to commercially reasonable protection without claiming impossible perfection.
International Data Transfers
Modern internet operations cross borders constantly. Servers, services, and team members may operate from various countries. When transfers happen, we use appropriate legal safeguards:
- PDPA Section 129 requirements — personal data may be transferred outside Malaysia only to jurisdictions specified by the Minister or where comparable protection exists
- Standard Contractual Clauses — EU-approved contractual frameworks for European transfers
- Binding Corporate Rules — internal organisation-wide protection commitments
- Certification programs — recognised international privacy certifications including ASEAN Framework
- Explicit consent — when other mechanisms don’t apply
- Necessity exemptions — for contract performance or vital interests
Common transfer destinations include the United States (hosting, analytics), Singapore (regional hosting), European Union (various providers), United Kingdom (post-GDPR equivalent framework), and other jurisdictions as operational needs require. Malaysian data may be transferred outside Malaysia in accordance with PDPA cross-border transfer provisions.
A Note About Minors
Gambling content targets adults. Full stop. Our team doesn’t knowingly collect personal information from anyone under 18 years of age.
Malaysia’s legal framework includes:
- Age of majority — 18 years under the Age of Majority Act 1971
- Sharia jurisdiction awareness — recognition that gambling is prohibited for Muslim citizens under Sharia law
- Special protections for minors — enhanced protections under Child Act 2001
We maintain:
- Minimum age requirements (18+ minimum)
- Age verification mechanisms for certain features
- Adult content warnings on gambling-related content
- Support for parental control tools blocking our content
- Educational resources about preventing minor access
If we ever learn that a minor’s data ended up in our systems, we act fast:
- Immediate investigation to verify and identify affected data
- Prompt deletion from our systems
- Parental notification when contact information allows
- System review to identify how collection occurred
- Process improvements preventing future occurrences
Parents who suspect a minor provided information should contact us immediately.
Responsible Gambling Resources
We review casinos, but we genuinely care about reader wellbeing. Our reviews include responsible gambling information, and we maintain links to Malaysian and international support organisations:
- Malaysian Mental Health Association (MMHA) — mmha.org.my, 03-2780 6803 mental health support for gambling-related issues
- Befrienders Kuala Lumpur — befrienders.org.my, 03-7627 2929 emotional support 24/7
- Befrienders Penang — 04-281 5161 Penang emotional support
- Befrienders Ipoh — 05-547 7933 Ipoh emotional support
- Befrienders Johor Bahru — 07-331 2300 JB emotional support
- Talian Kasih (National Helpline) — 15999 24/7 government helpline for social welfare issues
- Malaysian Care — malaysiancare.org counselling and support services
- Life Line Association Malaysia — lifeline.org.my, 03-4265 7995 counselling support
- Agensi Kaunseling dan Pengurusan Kredit (AKPK) — akpk.org.my, 03-2616 7766 financial counselling by Bank Negara Malaysia
- Ministry of Health Malaysia (KKM) — moh.gov.my public health resources
- Gamblers Anonymous International — gamblersanonymous.org international peer support
- GamCare (UK) — gamcare.org.uk additional international resource
- GambleAware (UK) — gambleaware.org, 0808 8020 133 international support
If gambling stops being entertainment and starts causing problems, these resources help. Reaching out shows strength, not weakness. Cultural note: In Malaysia’s multicultural society, gambling addiction can also affect family harmony and financial stability — reaching out to professionals or family support networks is important.
Third-Party Links
Casino reviews necessarily link to casino websites. This policy covers only our own platform. Once you click through to a third-party site:
- That site’s privacy policy applies, not ours
- We don’t control their data practices
- Standards may vary significantly between operators
- Update frequencies differ — their policies change without our knowledge
- Malaysian users are reminded that online gambling is regulated under Malaysian law, and users are responsible for compliance with local regulations
- Overseas casinos operate under their own jurisdictional licences (Curaçao, Malta, Isle of Man, Gibraltar, Philippines PAGCOR, etc.)
Reading the privacy policies of casinos you actually consider joining? Genuinely worthwhile, even though most people skip it.
About Our Affiliate Disclosure
Most casino links on our website are affiliate links. Clicking them and signing up may earn our team a commission. This relationship:
- Doesn’t compromise editorial independence — reviews stay honest regardless
- Funds our editorial work and infrastructure
- Gets disclosed clearly throughout the website
- Applies to most reviewed operators (we note exceptions)
- Allows alternatives — you can search direct casino URLs without our links
- Maintains transparency about commercial relationships
- Complies with Malaysian Communications and Multimedia Act 1998 disclosure standards where applicable
Policy Updates
This document evolves as our practices, the law, and industry standards change. When updates happen:
How You’ll Know
- Material changes get prominent notices on the website
- Newsletter subscribers receive email updates about significant changes
- The “Last Updated” date at the top reflects any modifications
- Previous versions stay archived and accessible on request
- Continued use after changes constitutes acceptance
Minor updates — fixing typos, clarifying language, updating contact info — may happen without specific notification beyond the date update.
Some changes require specific action from you:
- New consent requests for new processing types
- Updated preference options requiring choices
- Verification of existing preferences
- Account adjustments for significant changes
- Regional variations affecting specific users differently
Regional Specifics
Different regions have specific requirements addressed below.
Malaysia (Personal Data Protection Act 2010)
For all Malaysian users, our team operates in accordance with the Personal Data Protection Act 2010 (Act 709) and its 2024 amendments. Key principles include:
- General Principle — consent required for processing personal data
- Notice and Choice Principle — data subjects informed about processing purposes
- Disclosure Principle — personal data disclosed only for consented purposes
- Security Principle — appropriate practical measures to protect personal data
- Retention Principle — personal data not kept longer than necessary
- Data Integrity Principle — personal data kept accurate, complete, and up-to-date
- Access Principle — data subjects given access to their personal data
PDPA 2024 Amendments
Recent updates to Malaysia’s PDPA include significant enhancements:
- Data Breach Notification — mandatory notification to Commissioner within 72 hours of significant breaches (effective 2025)
- Data Portability Rights — new right to receive personal data in structured format
- Data Protection Officer — certain organisations required to appoint DPO
- Enhanced Penalties — increased fines up to RM1 million for violations
- Cross-Border Transfers — updated framework for international data transfers
- Direct Business Applicability — expanded scope of covered organisations
Malaysian Gambling Legal Framework
Understanding Malaysia’s gambling laws:
- Betting Act 1953 (Act 495) — prohibits betting outside licensed operations
- Common Gaming Houses Act 1953 — prohibits common gaming houses
- Racing (Totalisator Board) Act 1961 — governs horse racing betting
- Pool Betting Act 1967 — regulates pool betting
- Genting Highlands casino — only licensed physical casino operating under special licence
- 4D and Sports Toto — licensed lottery operators (Magnum, Sports Toto, Da Ma Cai)
- Sharia Criminal Offences enactments — state-level Islamic laws prohibit gambling for Muslims
- Online gambling — generally prohibited under Malaysian law
This platform provides informational content about international gambling markets for educational purposes. Users are responsible for understanding their local legal obligations.
State-Level Sharia Considerations
Malaysia’s dual legal system includes:
- Federal Law — applies to all Malaysian citizens
- Sharia Law — applies to Muslim citizens in personal and religious matters
- State Sharia Criminal Offences enactments — gambling considered haram (forbidden) for Muslims
- Non-Muslim citizens — subject only to federal law regarding gambling
- Enforcement variation — differs by state (Kelantan, Terengganu, Selangor, etc.)
Malaysian Multimedia Regulation
Online content regulation includes:
- Communications and Multimedia Act 1998 — governs online content and communications
- Malaysian Communications and Multimedia Commission (MCMC) — regulatory body
- Content Code — industry self-regulation framework
- SkuadCyber (MCMC) — cyber content complaint mechanism
Southeast Asian Regional Considerations
Broader regional privacy framework:
- ASEAN Framework on Personal Data Protection — regional cooperation standards
- ASEAN Data Management Framework — cross-border data flow standards
- Cross-Border Privacy Rules (CBPR) — APEC framework for regional data flows
European Union and EEA
For EU/EEA users, our team operates as data controller. Legal bases for processing include:
- Consent — explicit consent for specific processing
- Legitimate interests — analytics, security, service improvement (balanced against your privacy)
- Contract performance — providing services you requested
- Legal obligations — applicable laws and regulations
- Vital interests — rare emergency situations
- Public interest — important public interest purposes
California Residents
CCPA/CPRA-required notices:
- Categories collected — as detailed in “What Information Gets Collected”
- Sources — direct from users, automatic collection, third parties
- Business purposes — operating the website, communicating, security, analytics
- Categories of recipients — service providers, affiliate partners, legal disclosures
- Right to opt out — available through cookie banner and contact channels
- Sensitive information — we don’t intentionally collect sensitive personal information
Other Specific Regions
Users in specific regions get rights under their local laws. Contact us to exercise jurisdiction-specific rights, and we’ll respond according to applicable requirements.
Contact Information
Questions, requests, or concerns about this Privacy Policy? Our team is reachable through:
- Email — Privacy inquiries directed through the contact form on our website
- Postal Mail — Available upon request through our contact form
- Data Protection Officer — Reachable through our standard contact channels for PDPA-related matters
- Multilingual Support — English, Bahasa Malaysia, and Mandarin support available where possible
We aim to respond to all privacy-related communications within 21 days as required by Malaysia’s PDPA, often much faster. Complex requests may take longer, but we’ll communicate timeline expectations clearly.
Complaint escalation: If you’re not satisfied with our response, you may contact the Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi Malaysia) at pdp.gov.my or through their complaint mechanism.
Glossary of Terms
A few definitions clarifying terms used throughout this policy:
- Personal Data — any information relating to a data subject that can identify them, either directly or indirectly (as defined under PDPA 2010)
- Sensitive Personal Data — information about physical or mental health, political opinions, religious beliefs, commission of offences, and other categories requiring higher protection under PDPA
- Data Subject — individual whose personal data is being processed
- Data User — entity that processes personal data or has control over processing (Malaysian PDPA term equivalent to “Data Controller”)
- Data Processor — entity processing data on the data user’s behalf
- Processing — any operation performed on personal data (collection, storage, use, deletion)
- Cookies — small text files stored on your device by websites
- Third Party — entity other than you or our team
- Aggregated Data — information combined in ways that can’t identify individuals
- Anonymised Data — information stripped of identifying elements
- PDPA — Personal Data Protection Act 2010 (Act 709), Malaysia’s federal privacy law
- PDP Commissioner — Personal Data Protection Commissioner (Jabatan Perlindungan Data Peribadi)
- MCMC — Malaysian Communications and Multimedia Commission
- DPO — Data Protection Officer (required for certain organisations under 2024 PDPA amendments)