This Privacy Policy explains how ap8 collects, uses, stores, and shares your personal data when you use the ap8.one platform. Please read it carefully. By registering an account or using ap8, you acknowledge that you have read and understood this Policy.
ap8 ("ap8", "we", "our", "us") is the operator of the online gaming platform accessible at ap8.one. We take the privacy and security of your personal data seriously. This Privacy Policy describes the types of personal information we collect from users of the ap8 platform, the purposes for which we use it, the circumstances under which we may share it, and the rights available to you in relation to your data.
This Policy applies to all personal data processed in connection with your registration, use of any ap8 product (slots, live casino, sportsbook, jackpot games), participation in promotions, and any communications you have with ap8 support. It supplements but does not replace our Terms & Conditions, which also contain provisions relevant to your personal data.
ap8 is committed to handling your personal data in a manner consistent with applicable data protection principles, including purpose limitation, data minimisation, storage limitation, accuracy, integrity, and confidentiality. We process your data only to the extent necessary to provide our services and meet our legal obligations.
For the purposes of applicable data protection law, ap8 is the data controller in respect of personal data collected through the ap8.one platform. As data controller, ap8 determines the purposes and means of processing your personal information. Our data protection contact details are provided in Section 16 of this Policy.
Where ap8 engages third-party service providers to process personal data on our behalf (for example, payment processors, KYC verification providers, or customer support software vendors), those providers act as data processors under written data processing agreements that bind them to process your data only in accordance with our documented instructions and applicable data protection law.
ap8 collects the following categories of personal data in connection with your use of the platform:
| Category | Examples |
|---|---|
| Identity Data | Full legal name, date of birth, national identity number or passport number, selfie / facial image for KYC verification |
| Contact Data | Malaysian mobile phone number, email address, residential address |
| Financial Data | Payment method identifiers (e.g. Touch n Go account, bank account number, USDT wallet address), transaction history, deposit and withdrawal records |
| Gaming Activity Data | Game session records, bet history, win/loss records, wagering patterns, bonus usage, jackpot participation |
| Technical Data | IP address, device identifiers, browser type and version, operating system, session timestamps, geolocation data (country/region level) |
| Communications Data | Support chat transcripts, email correspondence, feedback submissions |
| Responsible Gaming Data | Deposit limits set by the player, self-exclusion status, cooling-off period records, session time preferences |
ap8 does not intentionally collect special category personal data (such as racial or ethnic origin, political opinions, religious beliefs, or health data) except where strictly necessary for regulatory compliance, such as processing a responsible gaming self-exclusion request that references a medical basis.
The majority of personal data ap8 holds about you is provided directly by you when you register an account, complete KYC verification, make a deposit or withdrawal request, contact customer support, or respond to a promotion. You are not obligated to provide data beyond what is strictly required for the service, but failure to provide mandatory data (for example, identity verification documents) may prevent us from providing certain features such as withdrawal processing.
When you access and use the ap8 platform, we automatically collect certain technical and behavioural data through cookies, server logs, and similar technologies. This includes your IP address, device characteristics, pages visited, game sessions initiated, and actions taken within the platform. This data is used primarily for platform security, fraud prevention, and service improvement purposes.
ap8 may receive personal data about you from third-party sources in limited circumstances, including: identity verification and anti-fraud service providers during KYC processing; payment processors confirming transaction completion; and licensing authority databases where required for regulatory compliance checks.
ap8 processes your personal data on the following legal bases, depending on the specific processing activity:
ap8 uses the personal data we collect for the following purposes:
ap8 does not sell your personal data to third parties. We may share your data with the following categories of recipients in the circumstances described:
ap8 will never sell, rent, or trade your personal data to third-party marketers or data brokers.
As an internationally operated gaming platform, ap8 may transfer your personal data to countries outside Malaysia in connection with the services described in this Policy — for example, to data centres hosting the platform infrastructure, or to certified game providers with servers in other jurisdictions. Where such transfers occur, ap8 ensures that appropriate safeguards are in place to protect your data, including contractual data transfer mechanisms that impose equivalent data protection standards on the recipient.
If you require further information about the safeguards ap8 applies to international data transfers, please contact us using the details in Section 16.
ap8 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law or our gaming licence conditions. The following retention principles apply:
Where data is no longer required for any legitimate purpose and no legal retention obligation applies, ap8 will securely delete or anonymise it.
ap8 uses cookies and similar tracking technologies (including local storage and session tokens) on the ap8.one platform. Cookies are small text files placed on your device that enable platform functionality and provide usage analytics.
These cookies are essential for the ap8 platform to function. They maintain your authenticated session, store your language and currency preferences, and enable security features such as CSRF protection. These cookies cannot be disabled without breaking core platform functionality.
ap8 uses privacy-respecting analytics tools to understand how players use the platform — which features are used most, where errors occur, and how performance can be improved. Analytics data is aggregated and does not identify individual players.
You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the ap8 platform, including the ability to stay logged in between sessions.
Subject to applicable law and the conditions of our gaming licence, you have the following rights in relation to personal data ap8 holds about you:
To exercise any of these rights, contact ap8 using the details in Section 16. ap8 will respond to valid requests within 30 days. In complex cases, this period may be extended by a further 60 days, with notice given to you.
ap8 is strictly for persons aged 21 and above. We do not knowingly collect personal data from persons under 21 years of age. If we become aware that a person under 21 has registered an account, we will immediately close the account and delete all associated personal data, subject to any legal retention obligations.
If you believe a person under 21 has registered on ap8, please contact our support team immediately. ap8 uses KYC verification to confirm the age of all registered players; any account that cannot be verified as belonging to a person aged 21 or above will be suspended pending verification.
ap8 implements a range of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
While ap8 takes all reasonable steps to protect your personal data, no internet-connected system is entirely immune to security risks. You should also take steps to protect your own account, including using a strong unique password and enabling 2FA on your ap8 account.
The ap8 platform may contain references to third-party game providers and payment services. ap8 is not responsible for the privacy practices of third-party entities. When you interact with a third-party service (for example, completing a payment via your Touch n Go eWallet app), that interaction is governed by the third party's own privacy policy, not this Policy.
ap8 encourages you to review the privacy policies of any third-party services you use in connection with your ap8 account.
ap8 reserves the right to update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or gaming licence requirements. Material changes will be communicated to registered players via in-platform notification or email at least fourteen (14) days before taking effect. The "Last updated" date at the top of this page indicates when the most recent revision was made.
Your continued use of the ap8 platform after the effective date of any updated Privacy Policy constitutes your acknowledgement of the changes. If you do not agree with the updated Policy, you should close your account before the changes take effect.
For any queries relating to this Privacy Policy, to exercise your data rights, or to raise a data protection concern, you may contact ap8's data protection team. Our support email address is displayed in the footer of this page as plain text. Please include "Privacy Enquiry" in the subject line of your email and provide your registered username so we can locate your account.
ap8 aims to acknowledge all data rights requests within 72 hours and to resolve them within 30 days. For complex requests involving large volumes of data, this period may be extended in accordance with applicable law, with notification provided to you.
If you are not satisfied with ap8's response to a data protection enquiry, you have the right to escalate your complaint to the relevant data protection supervisory authority or our gaming licensing authority.
Six ways ap8 goes beyond minimum compliance to protect your personal data.
Every byte of data between your device and ap8 is encrypted with bank-grade 256-bit SSL. Your login credentials, payment details, and personal information are never transmitted in plain text.
ap8 will never sell, rent, or trade your personal data to third-party marketers or data brokers. Your information is used only to provide and improve the ap8 service you signed up for.
Access, correction, deletion, and data portability requests are handled within 30 days. Contact ap8 support — no complex forms, no bureaucratic runaround to access data that's yours.
ap8 retains data only as long as required by law or necessary for the service. When the retention period expires, data is securely deleted or anonymised — not kept indefinitely.
ap8 staff access to player personal data is restricted on a strict need-to-know basis. Role-based access controls and audit logging ensure that data access is always traceable and justified.
ap8 operates under international gaming authority licensing, which mandates data protection standards as a licensing condition — giving you an external avenue for data complaints beyond ap8 itself.
Transparent policies, bank-grade security, and full respect for your privacy rights.
🔞 21+ only. ap8.one is operated under international gaming authority licence.