go2cuci Privacy Policy

1. Introduction

go2cuci ("we", "us", or "our") operates the online gaming platform accessible at go2cuci.co (the "Platform"). We are committed to safeguarding the privacy of all individuals who use our Platform, and we process personal data in accordance with applicable data protection legislation, including the Malaysian Personal Data Protection Act 2010 ("PDPA") and international standards adopted by the gaming authority under whose licence we operate.

This Privacy Policy ("Policy") describes how go2cuci collects, uses, stores, discloses, and otherwise processes personal data about you when you access or use the Platform, create or manage an account, make a deposit or withdrawal, or communicate with our customer support team. Please read this Policy carefully. By continuing to use the Platform, you acknowledge that you have read and understood this Policy.

This Policy should be read together with our Terms & Conditions and Responsible Gaming Policy, which form part of your agreement with go2cuci.

2. Data Controller

For the purposes of applicable data protection law, go2cuci is the data controller in respect of personal data collected through the Platform. This means we determine the purposes for which, and the means by which, your personal data is processed.

Our Data Protection contact can be reached via the support channels listed at the end of this Policy. Any queries, complaints, or requests relating to the processing of your personal data should be directed to that contact in the first instance.

3. Personal Data We Collect

go2cuci collects and processes the following categories of personal data:

• Identity Data: Full name, date of birth, gender, nationality, and copies of government-issued identification documents (such as MyKad or passport) provided during the Know Your Customer ("KYC") verification process.
• Contact Data: Email address, mobile phone number, and residential address.
• Account Data: Username, encrypted password, account registration date, preferred language, and communication preferences.
• Financial Data: Payment method details (excluding full card numbers), transaction history, deposit and withdrawal records, and balance information. go2cuci does not store full payment card numbers; card details are tokenised by our payment processing partners.
• Transaction Data: Details of wagers placed, games played, bet amounts, win/loss records, and bonus activity.
• Technical Data: IP address, browser type and version, device type, operating system, time zone, and session duration data collected automatically when you access the Platform.
• Usage Data: Information about how you navigate and interact with the Platform, including pages visited, features used, and session activity logs.
• Communications Data: Records of communications between you and go2cuci, including live chat transcripts and email correspondence.

4. How We Collect Personal Data

go2cuci collects personal data through the following means:

• Direct interactions: Data you provide when you register an account, complete KYC verification, make a deposit or withdrawal, contact customer support, or respond to surveys or promotions.
• Automated technologies: Technical and usage data collected automatically through cookies, web beacons, and similar technologies when you access the Platform. Please refer to Section 9 of this Policy for further information on cookies.
• Third-party sources: Identity and financial verification data received from KYC service providers, fraud detection agencies, and payment processors where necessary to fulfil our legal and regulatory obligations.

5. Purposes of Processing & Legal Basis

go2cuci processes your personal data for the following purposes and on the corresponding legal bases:

• Account registration and management — necessary for the performance of the contract between you and go2cuci.
• Identity verification (KYC) — necessary for compliance with our legal obligations under applicable anti-money laundering and gaming regulatory requirements.
• Processing deposits and withdrawals — necessary for the performance of the contract and compliance with financial regulations.
• Provision of gaming services — necessary for the performance of the contract.
• Customer support and dispute resolution — necessary for the performance of the contract and our legitimate interests in resolving complaints effectively.
• Fraud detection and prevention — necessary for compliance with legal obligations and our legitimate interests in protecting the Platform and its users from financial crime and abuse.
• Responsible gaming monitoring — necessary for compliance with our regulatory obligations and our legitimate interests in promoting safe gambling.
• Marketing communications — based on your consent, where you have opted in to receive promotional communications from go2cuci. You may withdraw consent at any time by updating your communication preferences in your account settings.
• Platform improvement and analytics — based on our legitimate interests in understanding how the Platform is used and improving the member experience.

6. Sharing of Personal Data

go2cuci does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. We may share your personal data with the following categories of recipients, strictly as necessary:

• Payment service providers: To process deposits and withdrawals (e.g. Touch n Go eWallet, Boost, DuitNow, Maybank, CIMB, card scheme processors). These providers act as independent data controllers or processors as applicable and are subject to their own privacy obligations.
• KYC and identity verification providers: To fulfil regulatory obligations relating to member verification and anti-money laundering compliance.
• Game software providers: Limited technical data may be shared with licensed game providers to facilitate game play. No financial or identity data is shared with game providers beyond what is technically necessary.
• Regulatory and law enforcement authorities: Where required by law, court order, or regulatory direction, go2cuci will disclose personal data to competent authorities. We will notify you of such disclosures where legally permitted to do so.
• Professional advisers: Including lawyers, auditors, and insurers, subject to confidentiality obligations, where necessary for the conduct of go2cuci's business.
• Group companies: Where go2cuci operates within a corporate group structure, data may be shared with group entities for internal administrative purposes, subject to equivalent data protection safeguards.

7. International Transfers of Personal Data

Some of go2cuci's service providers and group entities may be located outside Malaysia. Where personal data is transferred to recipients in countries that do not provide an equivalent level of data protection to Malaysia's PDPA, go2cuci will implement appropriate safeguards — such as standard contractual clauses or binding corporate rules — to ensure that your data remains protected to a standard consistent with this Policy.

By using the Platform, you acknowledge that your personal data may be transferred to and processed in jurisdictions outside Malaysia in accordance with the safeguards described in this section.

8. Data Retention

go2cuci retains personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law and regulation. The following general retention periods apply:

• Account and identity data: Retained for the duration of the account relationship and for a minimum of five (5) years following account closure, in accordance with anti-money laundering regulatory requirements.
• Transaction and financial data: Retained for a minimum of seven (7) years following the transaction date, in accordance with applicable financial recordkeeping obligations.
• Communications data: Retained for three (3) years from the date of the communication, unless a longer period is required for dispute resolution or legal proceedings.
• Technical and usage data: Typically retained for up to twenty-four (24) months in aggregate or anonymised form for analytics purposes.

When personal data is no longer required, go2cuci will securely delete or anonymise it in accordance with our internal data disposal procedures.

9. Cookies & Tracking Technologies

go2cuci uses cookies and similar tracking technologies on the Platform. Cookies are small text files placed on your device that help us deliver a better member experience and gather aggregate analytics data.

We use the following categories of cookies:

• Strictly necessary cookies: Essential for the Platform to function correctly, including session management and authentication. These cookies cannot be disabled.
• Performance and analytics cookies: Used to understand how Members use the Platform, identify technical issues, and improve functionality. Data collected is aggregated and anonymised.
• Functionality cookies: Used to remember your preferences such as language settings and game display options.
• Marketing cookies: Used to deliver relevant promotional content to you within the Platform, based on your activity and preferences. These cookies are only set where you have provided consent.

You may manage your cookie preferences through your browser settings. Please note that disabling strictly necessary cookies may impair your ability to use the Platform. go2cuci does not use third-party advertising networks that track your activity across other websites.

10. Your Data Protection Rights

Subject to applicable law, you have the following rights in relation to your personal data held by go2cuci:

• Right of access: You may request a copy of the personal data go2cuci holds about you.
• Right to correction: You may request that inaccurate or incomplete personal data be corrected. You can update most account information directly through your account settings.
• Right to erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations.
• Right to restrict processing: You may request that we restrict processing of your personal data in certain circumstances, for example while the accuracy of the data is being contested.
• Right to data portability: Where processing is based on your consent or on the performance of a contract, you may request that we provide your personal data in a structured, commonly used, machine-readable format.
• Right to object: You may object to processing based on our legitimate interests. We will assess the objection and cease processing unless we have compelling legitimate grounds that override your interests.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

To exercise any of the above rights, please contact go2cuci via the support channels listed in Section 14. We will respond to valid requests within thirty (30) calendar days. We may need to verify your identity before processing your request.

11. Security Measures

go2cuci implements technical and organisational security measures appropriate to the risk associated with the processing of your personal data. These measures include:

• Transport Layer Security (TLS 1.3) encryption for all data transmitted between your device and our servers.
• Encryption of sensitive data fields at rest, including identity document data and financial information.
• Role-based access controls limiting staff access to personal data to those with a legitimate operational need.
• Regular penetration testing and security audits of the Platform and its infrastructure.
• Payment Card Industry Data Security Standard (PCI DSS) compliant payment processing via certified third-party processors.
• Incident response procedures for detecting, reporting, and managing personal data breaches in accordance with applicable notification obligations.

While go2cuci takes all reasonable precautions, no internet transmission or electronic storage system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for notifying go2cuci promptly of any suspected unauthorised access.

12. Children's Privacy

The go2cuci Platform is strictly restricted to persons aged 21 years and above. go2cuci does not knowingly collect personal data from individuals under the age of 21. If we become aware that personal data has been submitted by a person under 21, we will delete that data immediately and close the associated account without further notice.

If you believe that a minor has provided personal data to go2cuci, please contact our support team immediately via the channels listed in Section 14.

13. Amendments to This Policy

go2cuci reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, our data processing practices, or the Platform's functionality. When material changes are made, we will publish the updated Policy on the Platform with a revised effective date and, where feasible, notify you via your registered email address.

Your continued use of the Platform following the publication of an amended Policy constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

14. Contact Us

For any questions, requests, or complaints relating to this Privacy Policy or the processing of your personal data by go2cuci, please contact us through the following channels:

• Live Chat: Available on-site 24 hours a day, 7 days a week.
• Email: [email protected]
• Support Hours: 9:00 AM – 1:00 AM (MYT), daily.

go2cuci will acknowledge privacy-related requests within five (5) business days and aims to resolve them within thirty (30) calendar days. If you are dissatisfied with our response, you may have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.