hm999 Privacy Policy — How We Handle Your Data
At hm999, your privacy is a foundational commitment, not an afterthought. This Privacy Policy explains in plain terms what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you hold over your own information. We process all personal data in accordance with internationally recognised data protection standards.
Six Core Privacy Commitments
Before diving into the full policy, here is a plain-English summary of the six most important ways hm999 protects your personal data.
hm999 collects only the personal data that is strictly necessary for account operation, payment processing, identity verification, and regulatory compliance. We do not harvest data for its own sake.
Every piece of data transmitted between your device and hm999 servers is protected by industry-standard SSL/TLS encryption. Sensitive fields such as passwords and payment details are hashed and never stored in plain text.
hm999 does not sell, rent, or trade your personal data to third-party marketers or data brokers under any circumstances. Your information is used solely to operate and improve hm999 services.
Data collected for one purpose — for example, KYC verification — is not repurposed for unrelated activities such as advertising profiling. Each category of data is used only for the specific purpose it was collected for.
You have the right to access, correct, and request deletion of your personal data. hm999 provides clear pathways for exercising all privacy rights. Requests are handled within 30 days of receipt.
In the unlikely event of a data breach affecting your personal information, hm999 will notify affected players promptly and take immediate steps to contain the breach and mitigate any potential harm.
Data We Collect
hm999 collects personal data through several channels: directly from you when you register an account or interact with the platform, automatically through your use of the site, and from third-party identity verification and payment processing partners. We collect only the minimum data necessary to fulfil each specific operational purpose.
Account Registration Data
When you create an hm999 account, we collect the following information:
- Full legal name (as it appears on your government-issued ID)
- Date of birth (to verify you are 18 years of age or older)
- Email address
- Mobile phone number
- Residential address (district, city, and postal code within Bangladesh)
- Username (chosen by you)
- Password (stored as a one-way cryptographic hash — never in plain text)
Identity Verification (KYC) Data
As part of our Know Your Customer (KYC) process — required by anti-money-laundering (AML) obligations — we may request and store copies of:
- National Identity Card (NID) — front and back
- Passport biographical data page
- Driving licence (where applicable)
- Proof of address document (utility bill or bank statement, dated within 90 days)
- Selfie or liveness check photograph for facial verification
- Screenshot of registered bKash, Nagad, or Rocket account confirming name match
Financial Transaction Data
All deposits and withdrawals on hm999 are conducted in Bangladeshi Taka (BDT). We record:
- Deposit and withdrawal amounts and timestamps
- Mobile Financial Service (MFS) account references (bKash, Nagad, Rocket, Upay)
- Bank account references where bank transfers are used
- Transaction reference numbers issued by payment providers
We do not store full card numbers, CVV codes, or full bank account numbers on our servers. Payment processing is handled via encrypted channels with our authorised payment partners.
Betting & Gaming Activity Data
We maintain records of your activity on the platform for regulatory, responsible gaming, and customer support purposes. This includes:
- Bet placement history (sport, market, odds, stake, outcome)
- Casino and instant game session records (game title, session duration, bet sizes, winnings)
- Bonus claims and wagering progress records
- Account balance history
Technical & Device Data
When you access hm999 through a browser or mobile device, we automatically collect certain technical data, including:
- IP address and approximate geolocation (country and city level)
- Device type, operating system, and browser version
- Session timestamps, page views, and navigation paths
- Referral URL (the web address you came from before arriving at hm999)
- Cookie identifiers (see the Cookies section below)
Communications Data
If you contact hm999 support via live chat or email, we retain records of that correspondence including the content of messages, timestamps, and the outcome of any support resolution. This data is used for quality assurance, dispute resolution, and regulatory record-keeping.
| Data Category | Legal Basis |
|---|---|
| Registration | Contractual necessity |
| KYC / AML | Legal obligation |
| Payments | Contractual necessity |
| Gaming records | Legitimate interest |
| Technical data | Legitimate interest |
| Marketing | Consent |
How We Use Your Data
hm999 uses the personal data it collects strictly for legitimate, clearly defined purposes. We do not use your data for any purpose that has not been disclosed in this Privacy Policy. The primary purposes for which we process your data are set out below.
Account Operation & Service Delivery
Your registration data and account credentials are used to create and maintain your hm999 player account, authenticate your identity at login, and deliver the sports betting, live casino, slot, and instant game services you have signed up to use. Without this data, we cannot provide you with a functional account.
Identity Verification & Regulatory Compliance
KYC documentation is processed to verify your identity, confirm you are of legal gambling age (18+), and satisfy our anti-money-laundering obligations. We are required by our operating licence conditions to maintain verified records of all players. This processing is a legal obligation and cannot be opted out of — failure to complete KYC will result in withdrawal functionality being suspended.
Payment Processing
Financial transaction data is used to process your BDT deposits via bKash, Nagad, Rocket, Upay, and partner banks, and to execute withdrawal requests to your verified payment account. Transaction records are also retained for accounting, audit, and fraud prevention purposes.
Responsible Gaming & Player Protection
We analyse betting and gaming activity data to identify patterns that may indicate problem gambling behaviour. Where our responsible gaming monitoring detects at-risk behaviour — such as rapidly escalating bet sizes, extended unbroken gaming sessions, or a sudden increase in deposit frequency — our responsible gaming team may make proactive contact to offer support tools including deposit limits, session limits, cooling-off periods, or self-exclusion.
Fraud Prevention & Security
Technical and device data, combined with account activity records, is used by our fraud prevention systems to detect and prevent unauthorised access, account takeover attempts, bonus abuse, matched betting, money laundering, and other prohibited activities. IP address and device fingerprinting data are integral to this process.
Customer Support
Communications data is used by the hm999 support team to respond to your enquiries, resolve disputes, and provide account-related assistance. Support agents access your account data to the extent necessary to address your specific query.
Marketing Communications
If you have opted in to marketing communications during registration or via your account settings, we may use your email address and/or mobile number to send you promotional offers, bonus notifications, and updates about new games or features on hm999. You may withdraw consent for marketing communications at any time by adjusting your account notification preferences or by contacting support. Withdrawal of marketing consent does not affect your ability to use the platform.
Platform Improvement
Aggregated, anonymised technical and behavioural data is used to understand how players use the hm999 platform and to improve navigation, game discovery, and overall user experience. This analysis does not involve individual identification.
-
Account creation & login authentication
-
KYC & age verification (18+)
-
BDT deposit & withdrawal processing
-
Responsible gaming monitoring
-
Fraud & AML detection
-
Customer support & dispute resolution
-
Marketing (consent-based only)
-
Platform analytics & improvement
-
Sale of data to third parties — NEVER
Data Sharing & Disclosure
hm999 does not sell your personal data. We share personal data only with a limited set of authorised third parties where it is necessary to operate the platform, comply with legal obligations, or protect the security of the service. All third-party data processors are contractually bound to process data only as instructed by hm999, to maintain appropriate security standards, and not to use your data for their own independent purposes.
Payment Service Providers
We share transaction-relevant data with our authorised payment partners — including bKash, Nagad, Rocket, Upay, and partner banking institutions — to the extent necessary to process deposits and withdrawals. These providers operate under their own privacy policies and are independent data controllers for their own services.
Identity Verification Partners
KYC documents and biometric verification data may be processed by authorised third-party identity verification service providers who assist hm999 in confirming the authenticity of player-submitted documents. These partners are contractually prohibited from using your KYC data for any purpose other than verification on behalf of hm999.
Game Technology Providers
Game session data (including player ID references, session identifiers, bet amounts, and game outcomes) is processed by our game technology partners — Pragmatic Play, Evolution Gaming, Spribe, Ezugi, NetEnt, and Microgaming — to deliver their games and calculate outcomes. These providers do not receive your name, contact details, or payment information.
Regulatory & Law Enforcement Authorities
hm999 is legally obligated to disclose personal data and transaction records to competent regulatory authorities, law enforcement agencies, and financial intelligence units upon receipt of a valid legal request. This includes reporting obligations under applicable anti-money-laundering and counter-terrorist financing frameworks. We will notify you of such disclosures where we are legally permitted to do so.
Fraud Prevention Networks
In cases of confirmed or strongly suspected fraud, bonus abuse, or money laundering, hm999 may share relevant account and activity data with industry fraud-prevention networks and other licensed gaming operators to prevent the same individual from exploiting multiple platforms.
Internal Group Entities
hm999 may share your data with affiliated group companies for the purpose of centralised platform management, customer support operations, and fraud prevention. All affiliated entities are bound by the same data protection standards described in this Privacy Policy.
What We Never Do
- We do not sell your personal data to third-party advertisers, data brokers, or marketing agencies.
- We do not share your financial data with any party not directly involved in processing your transactions.
- We do not disclose your KYC documents to any party other than authorised verification partners and regulatory authorities with lawful authority to request them.
| Recipient | Data Shared |
|---|---|
| Payment providers bKash, Nagad, Rocket, Upay |
Transaction data, account reference |
| KYC partners | ID documents, selfie data |
| Game studios Pragmatic, Evolution, Spribe |
Session ID, bet data (no PII) |
| Regulators / law enforcement | As legally required |
| Fraud prevention networks | Fraud-case data only |
| Third-party marketers | Never |
Data Retention
hm999 retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable legal, regulatory, or contractual obligations. When data is no longer required, it is securely deleted or anonymised so that it can no longer be linked to any individual.
Retention Periods by Data Category
The following retention schedule reflects both our operational needs and our legal obligations under applicable AML and gaming regulatory frameworks:
- Account registration data: Retained for the lifetime of your active account, plus a minimum of 5 years following permanent account closure, in accordance with AML record-keeping requirements.
- KYC identity documents: Retained for a minimum of 5 years from the date of verification or from the date of account closure, whichever is later.
- Financial transaction records: Retained for a minimum of 5 years from the date of each transaction to satisfy audit and AML compliance obligations.
- Betting and gaming history: Retained for a minimum of 3 years from the date of each bet or game session, for responsible gaming monitoring and dispute resolution purposes.
- Customer support communications: Retained for 2 years from the date of the last interaction in each support case.
- Marketing consent records: Retained for the duration of your consent plus 1 year following withdrawal, to demonstrate compliance.
- Technical and device data (logs): Retained for 90 days from collection, after which logs are either deleted or aggregated into anonymised statistical records.
- Cookie data: Session cookies expire when you close your browser. Persistent cookies have a maximum lifespan of 12 months from the date they are set.
Account Closure and Data
When you request account closure, hm999 will cease active processing of your data for platform operation purposes. However, we are legally required to retain your identity, transaction, and gaming records for the minimum periods specified above. During the retention period, your data is stored securely and access is restricted to compliance and legal personnel only.
Anonymisation
Where retention obligations no longer apply to specific data sets, hm999 may choose to anonymise the data rather than delete it entirely. Anonymised data — where all identifying fields have been irreversibly removed — may be retained indefinitely for aggregate statistical analysis and platform improvement, as it no longer constitutes personal data.
| Data Type | Retention Period |
|---|---|
| Registration data | 5 years post-closure |
| KYC documents | 5 years |
| Transaction records | 5 years |
| Gaming history | 3 years |
| Support comms | 2 years |
| Marketing consent | Duration + 1 year |
| Server logs | 90 days |
| Session cookies | Browser session |
| Persistent cookies | Max 12 months |
Your Privacy Rights
As an hm999 player, you hold a set of clearly defined rights over your personal data. hm999 is committed to honouring these rights promptly and without unnecessary barriers. All privacy rights requests are handled by our Data Protection team and are processed within 30 calendar days of receipt. Where a request is complex or involves a high volume of data, we may extend this period by a further 30 days, in which case we will notify you of the extension and the reason for it.
To exercise any of the rights listed below, contact the hm999 support team via live chat or send a written request to . We may ask you to verify your identity before processing your request to ensure we do not disclose data to an unauthorised party.
You may request a full copy of the personal data hm999 holds about you, along with information about how it is used and with whom it is shared.
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay.
You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected. Note that legal retention obligations may limit this right.
You may ask us to pause processing of your data in certain circumstances — for example, while you contest the accuracy of the data we hold.
Where processing is based on your consent or a contract, you may request a machine-readable export of your personal data to transfer to another service.
You have the right to object to processing carried out on the basis of legitimate interests — including profiling for responsible gaming monitoring — where you believe your interests override ours.
Where processing is based on your consent (e.g., marketing emails), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Where hm999 uses automated processing to make decisions that significantly affect you (such as account suspension), you have the right to request human review of that decision.
Limitations on Rights
Certain rights are subject to limitations where they conflict with hm999's legal obligations. For example, the right to erasure cannot override our legal obligation to retain KYC and transaction records for a minimum of 5 years following account closure. In such cases, hm999 will clearly explain why a request cannot be fully accommodated and will take all reasonable steps to fulfil the request to the extent that legal obligations permit.
Data Security
hm999 takes data security seriously and has implemented a layered set of technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. No online platform can guarantee absolute security, but hm999 operates security controls that meet or exceed industry standards for online gaming platforms serving the Bangladesh market.
Technical Security Measures
- SSL/TLS Encryption in Transit: All data transmitted between your device and hm999 servers is encrypted using TLS 1.2 or higher. This protects login credentials, payment data, and personal information from interception during transmission.
- Encryption at Rest: Sensitive personal data stored on hm999 servers — including identity documents, payment references, and account credentials — is encrypted at rest using AES-256 encryption.
- Password Hashing: Passwords are never stored in plain text. They are processed through a one-way cryptographic hashing algorithm with salting, meaning that even if database access were obtained by an unauthorised party, passwords could not be recovered.
- Two-Factor Authentication (2FA): Players are encouraged to enable 2FA on their hm999 accounts for an additional layer of login security. 2FA requires a one-time code in addition to your password when logging in from an unrecognised device.
- Intrusion Detection Systems: hm999 operates automated intrusion detection and monitoring systems that flag unusual access patterns, brute-force login attempts, and other indicators of account compromise in real time.
- Regular Security Assessments: hm999 conducts periodic security assessments and vulnerability scans of its platform infrastructure to identify and remediate potential weaknesses before they can be exploited.
Organisational Security Measures
- Access Control: Access to personal data is restricted on a strict need-to-know basis. Only staff members whose role requires access to player data — such as KYC analysts, fraud investigators, and customer support agents handling active cases — are granted access, and all access is logged.
- Staff Training: All hm999 personnel who handle personal data receive data protection and security awareness training as part of their onboarding and on an annual refresher basis.
- Third-Party Due Diligence: Before engaging any third-party data processor, hm999 carries out due diligence on that provider's security practices and requires them to sign a data processing agreement that mandates compliance with the security standards described in this policy.
Data Breach Response
In the event of a personal data breach that poses a risk to the rights and freedoms of affected players, hm999 will:
- Contain the breach and assess its scope within 24 hours of detection.
- Notify affected players via their registered email address within 72 hours of confirming the breach.
- Provide clear guidance on the steps affected players should take to protect themselves.
- Report the breach to the relevant supervisory authority as required by applicable law.
-
TLS 1.2+ encryption — all data in transit
-
AES-256 encryption — all sensitive data at rest
-
Salted password hashing — never stored in plain text
-
Two-factor authentication — available for all accounts
-
Intrusion detection — 24/7 automated monitoring
-
Need-to-know access control — all access logged
-
Regular security assessments — periodic vulnerability scans
-
Breach notification within 72 hours — to affected players
Policy Updates & Contact
Changes to This Privacy Policy
hm999 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, legal obligations, or platform services. When we make material changes to this policy, we will notify registered players via their registered email address at least 14 days before the changes take effect. We will also update the "Effective Date" at the top of this document to reflect the date of the most recent revision.
Your continued use of the hm999 platform after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with a revised policy, you should contact us to request account closure before the effective date of the change.
We recommend reviewing this Privacy Policy periodically to stay informed about how hm999 handles your personal data. All previous versions of this policy are available upon request by contacting the support team.
Children's Privacy
hm999 is strictly an adults-only platform. We do not knowingly collect personal data from individuals under the age of 18. If you are a parent or guardian and you believe your child has registered on hm999, please contact us immediately at . We will promptly close the account and delete all associated personal data upon verified notification.
Links to Third-Party Services
The hm999 platform may contain references to or integrations with third-party services, such as payment providers like bKash and Nagad. When you interact with a third-party service, your data is subject to that provider's own privacy policy, which may differ from this one. hm999 is not responsible for the data practices of third-party providers.
Contacting hm999 About Privacy
If you have any questions, concerns, or complaints about this Privacy Policy, about how hm999 handles your personal data, or about exercising your privacy rights, you may contact us through the following channels:
- Live Chat: Available 24/7 directly on the hm999 platform. Responses are typically within minutes during peak hours.
- Email: — please include "Privacy" in the subject line for fastest routing. Response time is typically under 2 hours.
hm999 takes all privacy complaints seriously. If you submit a complaint, we will acknowledge it within 72 hours and provide a substantive response within 30 calendar days. If you are not satisfied with our response, you retain the right to escalate to the relevant data protection supervisory authority in your jurisdiction.
Questions About Your Privacy at hm999?
Our support team is on hand 24/7 to answer any privacy-related questions. You can also review our Terms & Conditions, explore Responsible Gaming tools, or head straight to the platform.