Privacy Policy – bosscuci

1. Introduction

This Privacy Policy is issued by bosscuci ("we", "us", "our") and governs the collection, use, processing, and storage of personal data provided by or collected from registered players and visitors ("you", "your") of the bosscuci platform, accessible at bosscuci.club and through associated mobile applications.

bosscuci is committed to handling personal data responsibly, in compliance with applicable data protection legislation and the data privacy requirements mandated under our international gaming licence. By registering an account with bosscuci or otherwise using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.

This Policy should be read alongside the bosscuci Terms & Conditions, which govern the overall relationship between bosscuci and registered players. The Terms & Conditions are available at /terms-conditions.

2. Data We Collect

bosscuci collects personal data through several channels: directly from you when you register and use the Platform, automatically through your use of the Platform, and from third-party verification and payment service providers. The categories of personal data we collect include:

2.1 Registration & Identity Data

• Full legal name (as per government-issued identification)
• Date of birth (for mandatory 21+ age verification)
• Malaysian identity card (MyKad) number or passport number
• Residential address, including postcode and state
• Mobile phone number (Malaysian registered)
• Email address
• Username and encrypted password

2.2 Financial & Transaction Data

• Bank account details (for withdrawal processing)
• E-wallet identifiers (Touch 'n Go, Boost, GrabPay, DuitNow)
• Transaction history, including deposit amounts, withdrawal requests, and processing timestamps
• Source of funds documentation where required under AML obligations

2.3 Gaming & Betting Data

• Game play history, bet records, and outcomes
• Bonus and promotion usage records
• Responsible gaming tool settings and activation history (deposit limits, self-exclusion records)
• Customer support interaction logs

2.4 Technical & Device Data

• IP address and approximate geographic location
• Device type, model, and operating system
• Browser type and version
• Session timestamps, login history, and duration
• Cookie identifiers and tracking data (see Section 6)

2.5 KYC Verification Documents

• Copies of government-issued identity documents
• Proof of address documentation
• Source of funds declarations or supporting financial documents

3. How We Use Your Data

bosscuci processes personal data for the following specific purposes:

• Account creation and management: Verifying identity, opening accounts, maintaining player profiles, and administering account settings;
• Service delivery: Enabling access to casino games, live dealer tables, sports betting markets, and deposit/withdrawal functionality;
• Age and identity verification: Confirming that every registered player is aged 21 or older, as required under our licensing obligations and responsible gaming commitments; 21+
• Payment processing: Executing MYR deposits and withdrawals via Touch 'n Go, DuitNow, FPX, Boost, and Malaysian banking channels;
• Legal and regulatory compliance: Meeting anti-money laundering (AML), counter-terrorism financing (CTF), and gaming licence obligations, including transaction monitoring and suspicious activity reporting;
• Fraud prevention and security: Detecting, investigating, and preventing fraudulent account activity, bonus abuse, money laundering, and unauthorised access;
• Responsible gaming: Monitoring player activity to identify potential problem gambling behaviour, enforcing self-exclusion records, and providing support tools;
• Customer support: Responding to enquiries, resolving disputes, and processing complaints;
• Platform improvement: Analysing aggregate usage patterns to improve Platform performance, user experience, and game offerings;
• Marketing and promotions: Sending promotional communications to players who have opted in, including bonus offers, deposit match promotions, and Malaysian seasonal campaigns (subject to opt-out rights described in Section 10).

4. Legal Basis for Processing

bosscuci processes personal data on the following legal bases:

• Contractual necessity: Processing required to perform the contract between bosscuci and the Player, including account management, game access, and payment processing;
• Legal obligation: Processing required to comply with applicable legal and regulatory requirements, including KYC/AML obligations mandated under our gaming licence;
• Legitimate interests: Processing for fraud detection, security, platform improvement, and responsible gaming monitoring, where such processing does not override the Player's fundamental rights and freedoms;
• Consent: Processing for direct marketing communications and certain cookie-based tracking, where you have given explicit consent that may be withdrawn at any time.

5. Data Sharing & Disclosure

bosscuci does not sell, rent, or trade personal data to third parties for their independent commercial purposes. Personal data may be shared with the following categories of recipients strictly on a need-to-know basis:

• Payment service providers: Malaysian fintech and banking partners (including FPX operators, Touch 'n Go, Boost, GrabPay, Maybank, CIMB, Public Bank, Hong Leong) for deposit and withdrawal processing;
• KYC and identity verification providers: Third-party identity verification services used to confirm age, identity, and document authenticity;
• Game technology providers: Licensed game studios and live dealer platform operators (such as Evolution Gaming, Pragmatic Play, PG Soft) for the purpose of delivering gaming services;
• Regulatory and law enforcement authorities: Where required by law, court order, or gaming licence obligation, including financial intelligence units and gaming regulators;
• IT infrastructure and security providers: Cloud hosting, cybersecurity, and fraud detection service providers operating under contractual data processing agreements that impose equivalent data protection obligations;
• Professional advisers: Legal, audit, and compliance advisers where disclosure is necessary for the provision of professional services to bosscuci.

All third-party service providers engaged by bosscuci are required by contract to maintain the confidentiality of personal data and to process it only in accordance with bosscuci's instructions and applicable data protection requirements.

6. Cookies & Tracking Technologies

6.1 Types of Cookies. bosscuci uses the following categories of cookies and similar tracking technologies on the Platform:

• Essential cookies: Required for the Platform to function, including session authentication, security tokens, and load balancing. These cannot be disabled without affecting Platform functionality.
• Analytical cookies: Used to measure aggregate Platform usage, page performance, and feature engagement. Data is anonymised and used solely for Platform improvement purposes.
• Preference cookies: Used to remember player settings such as language, game lobby filters, and display preferences across sessions.
• Marketing cookies: Used to attribute player registrations to referring marketing channels. bosscuci does not permit third-party retargeting or behavioural advertising via cookies on the Platform.

6.2 Cookie Management. Players can manage non-essential cookie preferences via the cookie consent tool presented upon first visit to bosscuci.club. Essential cookies cannot be disabled. Browser-level cookie blocking may impair the functionality of the bosscuci Platform.

7. Data Retention

bosscuci retains personal data for the following periods:

• Active account data: For the duration of the Player's account relationship with bosscuci and for a minimum of five (5) years following account closure, in compliance with AML record-keeping obligations under our gaming licence;
• KYC and identity documents: Minimum five (5) years post account closure or the final transaction, whichever is later;
• Transaction records: Minimum five (5) years, consistent with financial record-keeping requirements;
• Self-exclusion records: Retained for the duration of the self-exclusion period plus a minimum of seven (7) years to prevent re-registration by excluded players;
• Marketing consent records: Retained for the duration of the consent plus three (3) years following consent withdrawal.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with bosscuci's data destruction procedures.

8. Data Security

bosscuci implements a multi-layered security framework to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. Key security measures include:

• TLS 1.3 encryption for all data transmitted between Player devices and bosscuci servers;
• AES-256 encryption at rest for sensitive personal data including payment details and identity documents;
• Role-based access controls limiting internal access to personal data on a strict need-to-know basis;
• Multi-factor authentication required for all bosscuci staff with access to production systems;
• Regular penetration testing and vulnerability assessment by independent cybersecurity professionals;
• Intrusion detection systems and 24/7 security monitoring of the bosscuci platform infrastructure;
• Incident response procedures including mandatory notification protocols in the event of a data breach.

9. International Data Transfers

bosscuci may transfer personal data to servers or service providers located outside Malaysia where required for the delivery of the Platform's services. Where such transfers occur, bosscuci ensures that appropriate safeguards are in place, including contractual data processing agreements incorporating standard data protection clauses, to ensure that the transferred data receives a level of protection equivalent to that afforded under applicable data protection law.

Players who require further information about the specific safeguards applicable to international transfers of their personal data may contact the bosscuci data protection team via the contact details in Section 14.

10. Your Rights

Subject to applicable law and the conditions of our gaming licence, registered bosscuci players have the following rights in relation to their personal data:

• Right of access: The right to request a copy of the personal data held by bosscuci about you;
• Right to rectification: The right to request correction of inaccurate or incomplete personal data;
• Right to erasure: The right to request deletion of personal data in certain circumstances (note that bosscuci may be required to retain data under AML and licensing obligations, which supersede erasure requests);
• Right to restrict processing: The right to request that bosscuci limits the processing of your personal data in certain circumstances;
• Right to data portability: The right to receive a structured, machine-readable copy of personal data you have provided to bosscuci;
• Right to object: The right to object to processing based on legitimate interests, including direct marketing;
• Right to withdraw consent: Where processing is based on consent (including marketing communications and non-essential cookies), you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of the above rights, submit a written request to [email protected]. bosscuci will respond to all rights requests within thirty (30) days. Identity verification will be required before processing requests that involve disclosure of personal data.

11. Children's Privacy

The bosscuci platform is strictly restricted to individuals aged 21 years and older. 21+ bosscuci does not knowingly collect, process, or retain personal data from any person under the age of 21. Age verification is a mandatory component of the registration and KYC process.

If bosscuci becomes aware that personal data has been collected from an individual under 21, the relevant account will be immediately closed, all personal data deleted (subject to any mandatory retention obligations), and the matter referred to the appropriate regulatory authority. If you have reason to believe that a person under 21 has registered an account on bosscuci, contact the support team immediately at [email protected].

12. Third-Party Services

The bosscuci platform integrates third-party services including game providers, payment gateways, and analytics tools. These third parties operate under their own privacy policies and data processing terms. bosscuci is not responsible for the privacy practices of third-party services accessed through the Platform, and players should review the privacy policies of those services independently.

bosscuci does not permit third-party advertising networks to place tracking technologies on the Platform without the player's explicit consent. Any third-party data processors engaged by bosscuci are subject to contractual data processing agreements that require compliance with applicable data protection standards.

13. Amendments to This Policy

bosscuci reserves the right to amend this Privacy Policy at any time to reflect changes in law, regulatory requirements, or Platform practices. Where material changes are made, bosscuci will notify registered players via email or in-platform notification prior to the changes taking effect. The most current version of this Privacy Policy will always be accessible at bosscuci.club/privacy-policy. Continued use of the bosscuci platform following notification of an updated Privacy Policy constitutes acceptance of the revised terms.

14. Contact & Data Enquiries

For questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by bosscuci, contact us through the following channels:

• Email: [email protected]
• Live Chat: Available 24/7 via the bosscuci platform
• Response time: Average 3–5 minutes via Live Chat; within 24 hours via email

bosscuci's support team serves players across Malaysia — including Kuala Lumpur, Petaling Jaya, Penang, Johor Bahru, Seremban, Kota Kinabalu, and Kuching — with consistent, English-language assistance at all times.