Your Privacy Matters
au9 is committed to protecting the personal data of every player on the platform. This Privacy Policy explains in plain English exactly what data we collect, why we collect it, how it is used, who it may be shared with, and what rights you have over your own information.
No Data Selling
au9 does not sell, rent, or trade your personal data to any third party for commercial purposes. Your information exists solely to operate your account, process payments, and improve your platform experience.
End-to-End Encryption
Every connection to au9 is secured with 256-bit SSL/TLS encryption. Data transmitted between your device and our servers — including payment details, login credentials, and personal information — is fully encrypted in transit.
Minimal Data Collection
au9 collects only the personal data that is strictly necessary to provide our services, verify your identity, comply with anti-money laundering obligations, and process deposits and withdrawals via bKash, Nagad, and other local payment methods.
Full User Control
You retain the right to access, correct, export, restrict processing of, or request deletion of your personal data at any time by contacting our support team. au9 processes all data rights requests within 30 days of receipt.
Defined Retention Periods
au9 does not hold personal data indefinitely. Retention periods are defined by data category and legal obligation. Financial transaction records are retained for seven years in line with anti-money laundering requirements; inactive account data is reviewed periodically.
Transparent Cookie Use
au9 uses only functional, analytical, and security cookies. We do not deploy third-party advertising cookies or cross-site tracking pixels. Cookie usage is documented in detail in the Cookies section of this policy.
Data We Collect
au9 collects personal data through multiple points of interaction with the platform. The categories of data we collect, the specific data points within each category, and the basis on which collection occurs are described below. We collect no data beyond what is reasonably necessary for the purposes outlined in this policy.
Registration Data
When you create an account on au9, we collect the following information:
- Full legal name as it appears on your government-issued identity document.
- Date of birth for age verification purposes (18+ requirement).
- Email address used as your primary account identifier and for all account-related communications.
- Mobile phone number for two-step verification and account recovery.
- Residential address including district, division, and postal code within Bangladesh (e.g., Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, Mymensingh).
- Username and password — your password is stored only as a salted cryptographic hash; au9 staff cannot read your password in plain text.
Identity Verification (KYC) Data
In compliance with anti-money laundering requirements and our age verification obligations, au9 collects the following KYC documentation before enabling withdrawal functionality on your account:
- Photograph or scanned copy of your Bangladesh National Identity Card (NID) or valid passport.
- A recent utility bill, bank statement, or equivalent document confirming your residential address.
- A selfie photograph taken alongside your identity document for facial match verification.
KYC documents are stored securely and are never used for any purpose other than account verification and regulatory compliance. They are not shared with marketing partners or third-party data brokers under any circumstances.
Financial Transaction Data
When you make a deposit or withdrawal on au9, we record transaction details including the payment method used (bKash, Nagad, Rocket, Upay, or bank transfer), transaction reference numbers, amounts in BDT, timestamps, and associated account identifiers. We do not store full mobile banking PINs or bank account passwords. Payment processing is handled by our licensed payment partners, who operate under their own security and data protection standards.
Behavioural and Usage Data
au9 automatically collects certain technical and behavioural data when you use the platform:
| Data Type | Examples | Purpose |
|---|---|---|
| Device | Device type, OS version, browser type | Platform compatibility, fraud detection |
| Network | IP address, approximate geolocation | Geo-restriction enforcement, security |
| Session | Login timestamps, session duration | Account security, responsible gaming |
| Gameplay | Game selections, wager amounts, bet history | Bonus eligibility, dispute resolution |
| Navigation | Pages visited, click paths, time on page | UX improvement, platform optimisation |
Communications Data
When you contact au9's support team via live chat or email, we retain a record of the communication including the content of messages, support ticket identifiers, resolution status, and timestamps. These records are used for quality assurance, dispute resolution, and staff training purposes.
How We Use Your Data
au9 uses the personal data we collect exclusively for the following purposes. We do not use your data for any purpose that is incompatible with those stated at the time of collection.
Account Management and Service Delivery
The primary use of your personal data is to create and maintain your au9 account, authenticate your identity at login, process deposits and withdrawals, display your balance and transaction history, and deliver the full range of casino games, sports betting markets, and platform features to you as a registered user.
Identity Verification and Legal Compliance
au9 is obligated to verify the identity and age of all account holders before processing withdrawals. Your KYC data is processed for this purpose. In addition, au9 processes financial transaction data to comply with anti-money laundering obligations, to detect and prevent fraud, and to respond to lawful requests from law enforcement or financial intelligence authorities where required.
Responsible Gaming Monitoring
au9 uses session data, login frequency, and betting behaviour data to identify players who may be showing signs of problem gambling. Where such indicators are detected, au9 may reach out proactively to offer responsible gaming tools including deposit limits, session time limits, cooling-off periods, or self-exclusion. This use of data is in the direct interest of player wellbeing and is a core part of au9's responsible gaming obligations.
Platform Security and Fraud Prevention
IP addresses, device identifiers, and session metadata are used to detect suspicious login activity, identify potential duplicate accounts, flag unusual betting patterns indicative of bonus abuse or collusion, and protect the integrity of the platform for all users.
Customer Support and Dispute Resolution
Communications data is used to respond to your support queries, investigate complaints, resolve betting disputes, and maintain a record of account interactions for audit purposes. Support records are retained for a period defined in Section 5 of this policy.
Service Improvement and Analytics
Aggregated and anonymised usage data is analysed to understand how players navigate the platform, which game categories are most popular, where technical friction points exist, and how the overall user experience can be improved. This analysis does not involve identifying individual players from aggregated datasets.
Promotional Communications
With your explicit consent at the time of registration or at any subsequent point, au9 may send you promotional communications about bonuses, seasonal promotions (such as Eid specials, Pohela Boishakh offers, or BPL cricket betting promotions), and new platform features. You may withdraw consent for marketing communications at any time by contacting [email protected] or by updating your notification preferences in your account settings. Withdrawal of marketing consent does not affect the processing of data for account management or legal compliance purposes.
Data Sharing & Third Parties
Payment Processing Partners
To process your deposits and withdrawals, au9 must share relevant transaction data with its payment processing partners, which include the operators of bKash, Nagad, Rocket, Upay, and partner banking institutions including Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, and Sonali Bank. The data shared is limited to what is strictly necessary to execute the transaction: your registered mobile number or account identifier, transaction amount, and a reference code. These partners are contractually bound to process your data only for the purpose of completing the transaction and maintaining records required by financial regulators.
Game Content Providers
au9 hosts games developed and operated by third-party studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. When you play a live casino or RNG game delivered by one of these providers, your account identifier and wager data are transmitted to the provider's systems to record game outcomes and resolve disputes. Game providers do not receive your full personal profile, identity documents, or payment account details. They receive only the minimum data necessary to deliver the game and validate results.
Legal and Regulatory Disclosure
au9 may disclose personal data to law enforcement authorities, financial intelligence units, or other competent regulatory bodies where required by applicable law, a valid court order, or a lawful regulatory demand. au9 will, where legally permitted, notify the affected account holder of any such disclosure. au9 does not make voluntary disclosures beyond what is legally required.
Fraud Prevention and Security Services
au9 works with specialist fraud detection and cybersecurity service providers who process certain technical data (IP addresses, device fingerprints, behavioural signals) on au9's behalf to identify and prevent fraudulent activity. These service providers act as data processors under strict contractual terms and are not permitted to use au9 player data for any purpose beyond providing fraud prevention services to au9.
Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or part of au9's business assets, personal data held by au9 may be transferred to the acquiring entity as part of the transaction. In such circumstances, au9 will notify affected account holders in advance and ensure that the receiving entity agrees to honour the privacy commitments set out in this policy.
Cookies & Tracking Technologies
au9 uses cookies and similar browser-based storage technologies to operate core platform functionality, maintain session security, and collect anonymised analytics data. We do not deploy advertising cookies, retargeting pixels, or cross-site tracking scripts of any kind.
Types of Cookies Used
| Cookie Category | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Maintain your logged-in session, remember your language preference, prevent cross-site request forgery (CSRF) | No — disabling breaks core functionality |
| Functional | Remember your game lobby preferences, display currency as BDT (৳), remember responsible gaming tool settings | Yes — via browser settings |
| Analytical | Measure page load performance, track anonymised navigation paths, identify technical errors | Yes — via browser settings |
| Security | Detect anomalous login behaviour, rate-limit failed authentication attempts, identify session hijacking attempts | No — essential for account protection |
Managing Cookies
You may manage or delete cookies at any time through your browser settings. Most modern browsers allow you to block all cookies, accept only first-party cookies, or review and delete cookies on a site-by-site basis. Please note that disabling strictly necessary or security cookies will impair your ability to log in and use the au9 platform. Disabling functional or analytical cookies will not prevent you from accessing the platform but may reduce the quality of your experience.
Local Storage and Session Storage
In addition to cookies, au9 may use browser local storage and session storage to cache non-sensitive preference data, improve page load speed, and maintain game state during an active session. This data is stored locally on your device and is not transmitted to au9's servers independently of your normal platform interactions. You can clear local and session storage via your browser's developer tools or privacy settings.
Data Retention & Storage
au9 retains personal data for defined periods based on the category of data and the legal or operational obligation that justifies retention. Data is not held beyond the period necessary to fulfil the purpose for which it was collected.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account plus 5 years after closure | Legal compliance, dispute resolution |
| KYC identity documents | Duration of account plus 7 years after closure | Anti-money laundering obligation |
| Financial transaction records | 7 years from transaction date | Financial reporting, AML compliance |
| Betting and gameplay history | 3 years from the date of each session | Dispute resolution, bonus auditing |
| Support communications | 3 years from ticket resolution date | Quality assurance, legal disputes |
| Analytical/anonymised data | Indefinitely (no personal identifiers) | Platform improvement |
| Marketing consent records | Until withdrawal of consent plus 2 years | Proof of lawful processing basis |
Data Storage Location
All personal data collected by au9 is stored on secured servers. au9 implements technical and organisational security measures appropriate to the sensitivity of the data held, including access controls limiting data access to authorised personnel only, encryption at rest for all databases containing personal information, and regular security audits conducted by independent third-party specialists.
Data Deletion
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised. Secure deletion procedures ensure that data cannot be reconstructed or recovered from decommissioned storage media. Anonymised data derived from your account (with all personal identifiers removed) may be retained beyond the standard retention period for aggregate platform analytics.
Your Privacy Rights
As a user of the au9 platform, you have the following rights with respect to your personal data. au9 will respond to all valid data rights requests within 30 calendar days of receipt. In cases of complex or high-volume requests, this period may be extended by a further 30 days with prior notice to the requester.
Right of Access
You have the right to request a copy of all personal data that au9 holds about you. This includes your registration data, KYC records, transaction history, betting records, and support communications. Requests may be made by emailing [email protected] from the email address registered to your account. We will provide the data in a structured, commonly used format.
Right to Rectification
If any personal data that au9 holds about you is inaccurate, incomplete, or out of date, you have the right to request that it be corrected. For account-level data such as your address or phone number, you may update this directly in your account settings. For identity document data, corrections must be requested via [email protected] accompanied by updated documentation.
Right to Erasure
You may request that au9 delete your personal data. This right is subject to legal retention obligations — au9 cannot delete financial transaction records or KYC data that it is legally required to retain under anti-money laundering rules. Where erasure is possible in full or in part, au9 will confirm the scope of deletion carried out and the basis for any data that must be retained.
Right to Restriction of Processing
In certain circumstances — for example, where you contest the accuracy of data held about you while au9 investigates — you may request that au9 restrict the processing of your data to storage only. During a restriction period, au9 will not use the restricted data for any purpose other than storage unless you provide consent or a legal obligation requires otherwise.
Right to Data Portability
You have the right to receive a structured, machine-readable export of the personal data you provided to au9 directly (such as registration data and account preferences). This right does not extend to data generated by au9 as a result of your use of the platform (such as internally generated risk scores). Portability requests are processed via [email protected].
Right to Object to Marketing
You have the right to object to the processing of your personal data for direct marketing purposes at any time. To exercise this right, contact [email protected] or update your communication preferences in your account settings. au9 will cease all marketing communications within two business days of receiving a valid objection.
Data Security Measures
au9 takes the security of your personal data seriously and has implemented a comprehensive set of technical and organisational measures to protect your information from unauthorised access, disclosure, alteration, or destruction.
Technical Security Controls
- Transport Layer Security (TLS 1.3): All data in transit between your device and au9 servers is encrypted using TLS 1.3 with 256-bit AES cipher suites. The au9 platform enforces HTTPS exclusively — unencrypted HTTP connections are automatically redirected.
- Database Encryption at Rest: All databases containing personal data are encrypted at rest. Encryption keys are managed by a dedicated key management system with access restricted to authorised infrastructure personnel only.
- Password Hashing: User passwords are never stored in plain text. They are processed through a modern adaptive hashing algorithm (bcrypt) with per-user salts, making rainbow table and brute-force attacks computationally infeasible.
- Two-Step Verification: au9 supports two-step verification for all accounts. Players are encouraged to enable this feature to add an additional authentication layer beyond their password.
- Rate Limiting and Account Lockout: Repeated failed login attempts trigger account lockout and alert notifications to the registered email address, protecting against credential stuffing attacks.
- Intrusion Detection: au9's infrastructure is monitored around the clock by automated intrusion detection systems. Anomalous access patterns trigger immediate alerts to the security team for investigation.
Organisational Security Controls
- Access Control: Access to personal data is granted on a strict need-to-know basis. Staff roles are defined with minimum necessary data access permissions. Access rights are reviewed quarterly and revoked immediately upon staff departure.
- Staff Training: All au9 personnel with access to personal data receive data protection and security awareness training upon joining and annually thereafter.
- Third-Party Audits: au9 engages independent security specialists to conduct penetration testing and vulnerability assessments on a regular basis. Critical findings are remediated on a priority timeline.
- Incident Response: au9 maintains a documented data breach response procedure. In the event of a breach affecting your personal data, au9 will notify affected users within 72 hours of becoming aware of the incident, providing details of what data was affected and what steps are being taken.
Your Role in Security
While au9 implements strong technical controls, the security of your account also depends on the choices you make. au9 strongly recommends that you use a unique, strong password for your au9 account that you do not reuse on any other service; enable two-step verification; never share your login credentials with anyone; and contact [email protected] immediately if you suspect any unauthorised access to your account.
Policy Updates & Contact
Changes to This Policy
au9 reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or the services we offer. When material changes are made, au9 will notify registered account holders via email to the address on file at least 14 days before the updated policy takes effect. The updated policy will be published on this page with a revised effective date. Continued use of the au9 platform after the effective date of an updated Privacy Policy constitutes your acceptance of the revised terms.
Minor changes — such as clarifications of existing practices, correction of typographical errors, or formatting improvements — may be made without prior notice and will be reflected by updating the effective date at the top of this document.
How to Contact au9 About Privacy
If you have any questions about this Privacy Policy, wish to exercise any of your data rights, have concerns about how your personal data is being handled, or wish to report a potential data breach involving your account, please contact au9's support team:
- Email: [email protected] (plain text — not a clickable link)
- Subject Line: Use "Privacy Policy Query" or "Data Rights Request" as appropriate
- Response Time: au9 aims to acknowledge all privacy-related enquiries within 24 hours and to provide a substantive response within 7 business days (Bangladesh Standard Time, UTC+6)
- Language: All privacy correspondence is handled in English
Ready to Play Securely?
Your data is protected. Your privacy is respected. Now explore the full au9 experience — from live cricket betting to slots, table games, and the live casino.