Privacy Policy — How jaea9 Protects Your Personal Data
At jaea9, the privacy and security of every player's personal information is a core operational commitment, not a checkbox. This Privacy Policy sets out in clear, formal English exactly what data we collect, why we collect it, how we store and use it, and what rights you hold over that data as a registered player in Bangladesh.
Document Summary
No Data Sold — Ever
jaea9 does not sell, rent, or commercially trade your personal data to any third party under any circumstances. Your information is used solely to operate your account and improve your gaming experience.
AES-256 Encryption at Rest
All personal data stored on jaea9 servers — including your NID details, payment method records, and betting history — is encrypted at rest using AES-256 encryption and in transit using TLS 1.3 protocol.
KYC Data Handled with Care
Identity documents submitted during KYC verification are processed exclusively by jaea9's compliance team and certified third-party verification partners. Documents are never shared with advertisers or unaffiliated parties.
Minimal Data Collection
jaea9 operates on a data minimisation principle. We collect only the information that is strictly necessary for account operation, regulatory compliance, payment processing, and responsible gaming obligations.
Your Rights Are Respected
You hold clear rights over your personal data: the right to access it, correct it, request its deletion, and object to certain uses. jaea9 provides a straightforward process for exercising each of these rights at no charge.
Bangladesh-Focused Data Practices
jaea9's data practices are calibrated for the Bangladesh market. Payment data related to bKash, Nagad, Rocket, and Upay is handled with the specific security and compliance requirements of Bangladesh mobile financial services in mind.
01 Information We Collect
jaea9 collects personal data in several ways: directly from you when you register an account or complete KYC verification, automatically through your use of the platform, and in limited circumstances from third-party service providers who assist in delivering our services. This section describes each category of data we collect and the basis on which it is collected.
1.1 Registration Data
When you create a jaea9 account, you are required to provide the following information:
- Full legal name (as it appears on your government-issued identity document)
- Date of birth (used for mandatory age verification — jaea9 is an 18+ platform)
- Residential address in Bangladesh (street, district, division, postcode)
- Valid Bangladesh mobile number (used for account verification and two-factor authentication)
- Email address (used for account communications and promotional messages where consent is given)
- Chosen username and encrypted password (password is stored as a salted hash — jaea9 staff cannot view your password in plaintext)
1.2 KYC and Identity Verification Data
In accordance with jaea9's Know Your Customer (KYC) programme and responsible gaming obligations, we may collect the following documentary evidence from you:
- Scan or photograph of a government-issued photo ID — National Identity Card (NID) or valid Bangladesh passport
- Proof of residential address — utility bill, bank statement, or official government letter dated within the last 3 months
- Proof of payment method — confirmation screenshot of the bKash, Nagad, Rocket, or Upay account used for deposits, confirming that the mobile financial service account is registered in your name
- Source of funds documentation — where cumulative deposits exceed ৳1,00,000 in a single calendar month
- Enhanced Due Diligence (EDD) package — requested where jaea9's compliance systems flag unusual account activity
1.3 Financial Transaction Data
jaea9 records all deposit and withdrawal transactions associated with your account. Transaction records include the payment method used (e.g., bKash account number, last four digits of a Visa card), the transaction amount in BDT, the date and time of the transaction in Bangladesh Standard Time (BST, UTC+6), and the transaction status. Full payment credentials such as complete card numbers, mobile banking PINs, or OTP codes are never stored by jaea9 — these are processed exclusively by our certified payment gateway partners.
1.4 Technical and Usage Data
When you access jaea9 through a web browser or mobile device, our servers automatically collect certain technical data to ensure platform security and service quality:
| Data Type | Example | Purpose |
|---|---|---|
| IP Address | 103.x.x.x | Fraud prevention, geolocation, AML compliance |
| Device Fingerprint | UA string, screen res | Multi-account detection, security |
| Session Timestamps | BST login/logout times | Responsible gaming monitoring |
| Betting / Gaming History | Bets placed, games played | Dispute resolution, RG assessment |
| Referrer URL | Originating page | Marketing analytics (anonymised) |
02 How We Use Your Data
jaea9 uses the personal data we collect for specific, legitimate purposes only. We do not use your data in ways that are incompatible with the purpose for which it was originally collected. The following table outlines the primary use cases and the legal basis for each:
| Use Case | Data Used | Legal Basis |
|---|---|---|
| Account creation and management | Registration data, contact details | Contractual necessity |
| Age and identity verification (KYC) | NID, passport, proof of address | Legal obligation / Contractual |
| Processing deposits and withdrawals | Financial transaction data | Contractual necessity |
| Anti-money laundering (AML) compliance | KYC docs, transaction history, IP data | Legal obligation |
| Responsible gaming monitoring | Session data, betting history | Legal obligation / Legitimate interest |
| Customer support and dispute resolution | Account history, communications | Contractual necessity |
| Platform security and fraud prevention | IP address, device fingerprint | Legitimate interest |
| Promotional communications | Email, mobile number | Consent (opt-in only) |
| Service improvement and analytics | Anonymised usage data | Legitimate interest |
2.1 Automated Decision-Making
jaea9 uses automated systems to assist with fraud detection, responsible gaming risk scoring, and bonus eligibility assessments. Where an automated decision has a significant effect on your account — for example, triggering an account review or a withdrawal hold — you have the right to request human review of that decision. Contact [email protected] to exercise this right, citing "Automated Decision Review Request" in your message subject.
2.2 Marketing Communications
jaea9 will only send promotional emails, SMS messages, or push notifications to players who have explicitly opted in to receive such communications. You may withdraw your consent to receive marketing communications at any time by emailing [email protected] with the subject line "Unsubscribe" or by adjusting your notification preferences within your account settings. Withdrawal of consent for marketing communications does not affect your ability to use any jaea9 service.
03 Data Sharing & Disclosure
jaea9 does not sell your personal data to third parties under any circumstances. We share personal data only in the limited circumstances described below, and only to the minimum extent necessary for the specified purpose.
3.1 Service Providers and Technology Partners
In order to operate the jaea9 platform, we work with a carefully selected group of third-party service providers who process personal data on our behalf as data processors. These include:
- Payment Gateway Providers: Processing deposit and withdrawal transactions via bKash, Nagad, Rocket, Upay, Visa, and Mastercard. Payment partners receive only the transaction data strictly necessary to execute the transfer.
- KYC and Identity Verification Partners: Certified identity verification software providers who assist in reviewing submitted identity documents. These partners are contractually bound to handle your data securely and to use it solely for the purpose of identity verification on behalf of jaea9.
- Game Studio Providers: Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, PG Soft, Ezugi, and Spribe operate game servers that your device communicates with during game sessions. These providers may receive your anonymised player ID and session data for the purpose of game delivery, RNG certification, and dispute resolution. They do not receive your full personal profile.
- Cloud Infrastructure and Hosting Providers: jaea9 uses enterprise-grade cloud infrastructure to store data securely. Cloud providers process data on our behalf under strict data processing agreements.
- Analytics Providers: Anonymised, aggregated usage data may be processed by analytics tools to help us understand platform performance and improve user experience. No personally identifiable information is included in analytics data sets.
3.2 Legal and Regulatory Disclosure
jaea9 may be required to disclose personal data to government bodies, law enforcement agencies, or regulatory authorities where we are legally compelled to do so. This includes reporting obligations to the Bangladesh Financial Intelligence Unit (BFIU) under applicable anti-money laundering regulations. Where legally permissible, jaea9 will notify you of such a disclosure request before complying.
3.3 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or part of jaea9's business, your personal data may be transferred to the acquiring entity as part of the transaction. If such a transfer occurs, jaea9 will notify registered players by email at least 30 days before the transfer takes effect and will ensure that the receiving entity is bound by privacy obligations no less protective than those set out in this policy.
04 Cookies & Tracking Technologies
jaea9 uses cookies and similar tracking technologies on the jaea9.com website to ensure the platform functions correctly, to maintain your session security, and to collect anonymised analytics data that helps us improve our services. This section explains how we use these technologies and what choices you have.
4.1 What Are Cookies
Cookies are small text files that are placed on your device (computer, smartphone, or tablet) by a website when you visit it. They allow the website to recognise your device on subsequent visits and to store certain preferences or session information. Cookies do not give jaea9 access to your device beyond the specific data stored in the cookie itself.
4.2 Categories of Cookies Used by jaea9
| Cookie Category | Purpose | Retention | Required? |
|---|---|---|---|
| Strictly Necessary | Session management, login state, CSRF protection, load balancing | Session | Yes — cannot be disabled |
| Functional | Remembering language preference, display settings, responsible gaming tool settings | 30 days | Recommended |
| Analytics | Anonymised page-view and interaction data to understand usage patterns and improve platform performance | 12 months | Optional (opt-out available) |
| Security | Fraud detection signals, device fingerprint tokens for multi-account and bot detection | 90 days | Yes — cannot be disabled |
4.3 Managing Cookies
You can manage or disable non-essential cookies through your browser settings. Most modern browsers allow you to block or delete cookies via their privacy or security settings menu. Please note that disabling strictly necessary cookies will impair or completely prevent your ability to log in to and use the jaea9 platform, as session cookies are essential for account security. Disabling analytics cookies will not affect your ability to use jaea9 but will prevent jaea9 from including your session data in anonymised platform improvement analysis.
05 Data Retention & Storage
jaea9 retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or for as long as is required by applicable law, whichever is longer. The following retention schedule applies to the main categories of personal data we hold:
| Data Category | Retention Period | Legal Basis for Retention |
|---|---|---|
| Account Registration Data | 5 years post-closure | AML regulatory obligation |
| KYC Identity Documents | 5 years post-closure | AML / BFIU compliance |
| Financial Transaction Records | 5 years post-transaction | AML regulatory obligation |
| Betting and Gaming History | 3 years post-closure | Dispute resolution / Legitimate interest |
| Customer Support Communications | 3 years | Dispute resolution / Contractual |
| Marketing Consent Records | Until consent withdrawn + 1 year | Consent record-keeping obligation |
| Anonymised Analytics Data | 24 months rolling | Legitimate interest (anonymised) |
| Self-Exclusion Records | Duration of exclusion + 5 years | Responsible gaming legal obligation |
5.1 Data Storage Location
jaea9 stores player data on enterprise-grade cloud infrastructure hosted in secure data centres. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Access to stored player data is restricted to authorised jaea9 staff and contracted service providers on a strict need-to-know basis, enforced through role-based access controls and multi-factor authentication.
5.2 Secure Deletion
When data reaches the end of its applicable retention period, jaea9 applies secure deletion procedures — including cryptographic erasure of encrypted data and overwriting of physical storage — to ensure that deleted data cannot be recovered or reconstructed. Self-exclusion records are subject to an extended retention period even after secure deletion of other account data, to prevent re-registration during an active exclusion period.
06 Your Data Rights
As a registered jaea9 player, you hold the following rights with respect to your personal data. jaea9 is committed to facilitating the exercise of these rights promptly and without undue burden. All data rights requests should be submitted to [email protected] with the subject line "Data Rights Request — [Right Type]" (for example, "Data Rights Request — Access").
- Right of Access: You may request a copy of the personal data jaea9 holds about you. jaea9 will provide this in a structured, commonly used format within 30 days of a verified request.
- Right to Rectification: If any personal data jaea9 holds about you is inaccurate or incomplete, you have the right to request that it be corrected. This includes corrections to your registered name, address, or date of birth — which may require submission of updated identity documents.
- Right to Erasure ("Right to Be Forgotten"): You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected. jaea9 will honour erasure requests subject to overriding legal retention obligations (such as the 5-year AML data retention requirement).
- Right to Restrict Processing: You may request that jaea9 temporarily restrict the processing of your personal data — for example, while a rectification request is being resolved — without requesting full deletion.
- Right to Data Portability: You may request a machine-readable export of personal data you have provided to jaea9 — for example, your account registration information and transaction history — in CSV or JSON format.
- Right to Object: You may object to jaea9's use of your personal data for marketing communications or for processing activities based on legitimate interest. Objections will be assessed on a case-by-case basis; where an objection is upheld, the relevant processing will cease.
- Right to Human Review of Automated Decisions: Where an automated system has made a significant decision about your account (e.g., flagging it for fraud review), you may request that a human member of jaea9's compliance team review that decision.
07 Data Security Measures
jaea9 implements a comprehensive, layered security architecture to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Our security programme is aligned with internationally recognised information security standards and is reviewed and updated on a regular basis.
7.1 Technical Security Controls
- Transport Encryption: All communications between your browser or device and jaea9's servers are encrypted using TLS 1.3. Older, less secure versions of TLS and SSL are disabled.
- Data Encryption at Rest: All personal data stored on jaea9 servers and cloud infrastructure is encrypted using AES-256 encryption. Encryption keys are managed using a hardware security module (HSM) and rotated on a regular schedule.
- Password Security: Account passwords are stored as salted bcrypt hashes. jaea9 staff cannot view or recover your plaintext password. If you forget your password, a secure reset link is sent to your registered email.
- Two-Factor Authentication (2FA): jaea9 supports two-factor authentication for all player accounts using SMS OTP to your registered Bangladesh mobile number. Players are strongly encouraged to enable 2FA.
- Intrusion Detection and Prevention: jaea9's infrastructure is monitored 24/7 by automated intrusion detection systems (IDS) and a security operations team. Suspicious activity generates immediate alerts and may trigger automated protective responses.
- Web Application Firewall (WAF): A WAF sits in front of all public-facing jaea9 services, filtering malicious traffic including SQL injection attempts, cross-site scripting (XSS), and DDoS attacks before they reach application servers.
7.2 Organisational Security Controls
- Access to live player data is restricted to authorised jaea9 staff who require it for their specific role, enforced through role-based access control (RBAC).
- All staff with access to personal data undergo regular data protection training and are bound by confidentiality obligations in their employment contracts.
- Third-party service providers who process data on jaea9's behalf are subject to security assessments before engagement and are bound by data processing agreements that include security requirements.
- Regular penetration testing and vulnerability assessments are conducted by independent security professionals to identify and remediate weaknesses before they can be exploited.
7.3 Data Breach Response
In the event of a personal data breach that poses a risk to the rights and freedoms of affected players, jaea9 will: (a) contain the breach as quickly as possible; (b) conduct a full internal investigation to determine the scope and cause of the breach; (c) notify affected players by email at their registered address within 72 hours of becoming aware of the breach, providing details of what data was affected, what risks may arise, and what steps jaea9 is taking; and (d) report the breach to relevant authorities as required by applicable law.
08 Policy Updates & Contact
8.1 Policy Updates
jaea9 reviews this Privacy Policy at least annually and whenever there is a material change to our data processing activities, applicable law, or regulatory guidance. When a material change is made, jaea9 will notify registered players by email to their registered address at least 14 days before the updated policy takes effect. The "Effective Date" shown at the top of this document reflects the date the current version came into force. Continued use of jaea9 following the effective date of an updated policy constitutes your acceptance of the revised terms.
Non-material changes — such as minor clarifications in wording that do not alter the substance of our data practices — may be made without prior notice. The updated document will always be available at jaea9.com/privacy-policy with a revised effective date.
8.2 How to Contact Us About Privacy
If you have any question about this Privacy Policy, wish to exercise a data right, want to withdraw consent for marketing communications, or need to report a privacy concern, please contact jaea9's support and compliance team using the following details:
- Email (plain text — not a link): [email protected]
- Subject Line for Data Rights Requests: "Data Rights Request — [Right Type]"
- Subject Line for Privacy Concerns: "Privacy Concern — [Brief Description]"
- Response Time: Within 5 minutes during BST peak hours for general support; within 30 calendar days for formal data rights requests
- Availability: 24/7, Bangladesh Standard Time (BST, UTC+6)
Ready to Experience Bangladesh's Trusted Online Casino?
Now that you understand how jaea9 protects your personal data, explore our full range of games and sports betting options — all in BDT with bKash, Nagad, and Rocket support.