main24 Privacy Policy

This Privacy Policy ("Policy") describes how main24 ("main24", "we", "us", or "our") collects, uses, stores, and discloses personal information about individuals ("you" or "User") who access or use the main24 platform at main24.win, including all related services, features, and content.

main24 operates as a Malaysia-focused online gaming platform offering sports betting, live casino, slots, poker, and crash games. Given the nature of our services — which involve financial transactions, age verification, and responsible gaming obligations — the collection and careful handling of personal data is an operational necessity as well as a legal and ethical responsibility.

This Policy should be read in conjunction with main24's Terms & Conditions, which are accessible at main24.win/terms-conditions and which are incorporated herein by reference.

main24 is the data controller responsible for personal data collected through the Platform. As data controller, main24 determines the purposes and means by which personal data is processed in connection with the provision of its services.

For all privacy-related enquiries, requests, or complaints, Users may contact main24's data protection contact point at:

main24 collects personal data in the following categories:

3.1 Registration Data

When you register a main24 Account, we collect: full legal name; date of birth; email address; phone number; username; password (stored in hashed form — never in plain text); and country of residence.

3.2 Identity Verification (KYC) Data

To comply with age verification requirements and responsible gaming obligations, main24 collects copies of government-issued identity documents (Malaysian MyKad or passport), proof of address documents, and facial verification images where required. KYC data is processed by main24 and its authorised KYC verification partners.

3.3 Financial Data

We collect records of deposits, withdrawals, bets, and gaming transactions associated with your Account. Payment method details (eWallet identifiers, bank account names) are collected for transaction processing and withdrawal verification purposes. We do not store full card numbers or eWallet PIN codes.

3.4 Technical & Device Data

When you access the Platform, we automatically collect: IP address; browser type and version; device type and operating system; session timestamps; and pages visited. This data is used for security monitoring, fraud prevention, and platform optimisation.

3.5 Communications Data

Records of your communications with main24 customer support — including live chat transcripts and email correspondence — are retained for quality assurance, dispute resolution, and regulatory compliance purposes.

3.6 Responsible Gaming Data

Where you use main24's responsible gaming tools (deposit limits, self-exclusion, session reminders), we record your preferences and the dates and terms of any restrictions applied to your Account.

main24 uses the personal data we collect for the following purposes:

• Account creation and management: Processing your registration, maintaining your Account, and enabling you to access platform services via the main24 login page;
• Identity and age verification: Conducting KYC checks to verify your identity and confirm that you are 21 years of age or older, as required by main24's age policy;
• Payment processing: Processing deposits and withdrawals via Touch n Go eWallet, Boost, GrabPay, DuitNow, FPX, Maybank, CIMB, and Public Bank;
• Fraud prevention and security: Monitoring account activity for suspicious behaviour, preventing multi-accounting, and detecting and investigating potential fraud or money laundering;
• Responsible gaming: Administering deposit limits, loss caps, session reminders, and self-exclusion requests in accordance with our responsible gaming obligations;
• Customer support: Responding to support queries, resolving disputes, and providing account assistance;
• Legal and regulatory compliance: Meeting our obligations under applicable gaming, anti-money laundering, and data protection laws;
• Platform improvement: Analysing anonymised usage data to improve the performance, design, and content of the main24 Platform;
• Marketing communications: Sending promotional offers and updates to Users who have opted in to marketing communications. You may opt out at any time by contacting [email protected].

main24 processes personal data on the following legal bases, as applicable:

• Contractual necessity: Processing required to perform the contract between you and main24 (i.e., operating your Account, processing payments, enabling gameplay);
• Legal obligation: Processing required to comply with applicable laws, including KYC/AML regulations, age verification obligations, and regulatory reporting;
• Legitimate interests: Processing carried out in main24's legitimate interests — such as fraud prevention, platform security, and customer support — where those interests are not overridden by your rights;
• Consent: Where we rely on consent (e.g., for marketing communications or non-essential cookies), you may withdraw consent at any time by contacting [email protected] or adjusting your browser settings. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

main24 shares personal data with the following categories of third parties, strictly to the extent necessary for the stated purpose:

• Payment processors: Touch n Go, Boost, GrabPay, Maybank, CIMB, Public Bank, DuitNow, and FPX, for the purpose of processing deposits and withdrawals;
• KYC verification partners: Authorised third-party identity verification service providers engaged by main24 to conduct document verification and age checks;
• Game software providers: Licensed game studios whose titles are integrated into the main24 platform, where game session data is necessarily transmitted to the provider's systems to enable gameplay;
• IT infrastructure and hosting providers: Cloud hosting and data storage services used to operate the Platform, subject to appropriate data processing agreements;
• Legal and regulatory authorities: Where required by applicable law, court order, regulatory authority, or law enforcement request — including anti-money laundering (AML) reporting obligations;
• Dispute resolution bodies: Where a dispute is referred to an independent third-party resolution service in accordance with main24's Terms & Conditions.

All third-party service providers engaged by main24 are required to process personal data only in accordance with main24's instructions, to implement appropriate security measures, and to comply with applicable data protection law.

7.1 main24 does not store full payment card numbers, eWallet PINs, or internet banking credentials. Payment transactions are processed directly through PCI-DSS compliant payment processors.

7.2 main24 retains records of transaction amounts, dates, payment method types (e.g., "Touch n Go eWallet" or "Maybank"), and transaction reference numbers for the purposes of account management, withdrawal processing, dispute resolution, and anti-money laundering compliance.

7.3 For withdrawals, main24 may require you to confirm the payment method associated with your Account. Where a withdrawal is made to a different method than the deposit source, additional identity verification may be requested to protect against fraud.

main24 uses cookies and similar technologies on the Platform. Cookies are small text files placed on your device that help us operate the Platform, remember your preferences, and analyse usage patterns.

Categories of cookies used by main24:

• Essential / Strictly Necessary: Required for the Platform to function — session management, authentication, security tokens, and load balancing. Cannot be disabled without breaking platform functionality.
• Analytics / Performance: Used to understand how Users interact with the Platform — page views, session duration, navigation paths. Data is aggregated and anonymised. These cookies may be disabled via browser settings or a cookie management tool.
• Preference: Remember your language settings, display preferences, and previously applied filters within the Platform.

You may control non-essential cookies through your browser's cookie settings. Please note that disabling analytics or preference cookies may affect your experience on the Platform but will not prevent you from accessing your main24 Account.

main24 retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, including compliance with legal, accounting, and regulatory obligations. The primary retention periods are set out in the table in Section 3 above.

Where data is no longer required for any of the stated purposes, main24 will securely delete or anonymise the data in accordance with its data deletion procedures. Anonymised data — which cannot reasonably be used to identify an individual — may be retained indefinitely for statistical and platform improvement purposes.

Certain data categories, particularly KYC documents and financial transaction records, are subject to mandatory minimum retention periods under applicable anti-money laundering and gaming regulations, and cannot be deleted at the User's request until those mandatory periods have expired.

main24 implements appropriate technical and organisational security measures to protect personal data against unauthorised access, accidental loss, destruction, or damage. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your browser and the main24 Platform;
• Encryption of stored sensitive data, including KYC documents and password hashes;
• Role-based access controls limiting employee access to personal data on a need-to-know basis;
• Active monitoring for suspicious login activity, including anomalous IP addresses and device fingerprints;
• Regular security assessments and vulnerability testing of Platform infrastructure;
• PCI-DSS compliant payment processing — main24 does not store full payment credentials.

While main24 implements strong security practices, no data transmission over the internet or system of data storage can be guaranteed to be 100% secure. You are responsible for maintaining the security of your own main24 login credentials and should enable two-factor authentication on your Account for additional protection.

Subject to applicable law, you have the following rights in relation to your personal data held by main24:

• Right of Access: You may request a copy of the personal data main24 holds about you;
• Right to Rectification: You may request correction of inaccurate or incomplete personal data;
• Right to Erasure: You may request deletion of your personal data, subject to any overriding legal retention obligations;
• Right to Restriction: You may request that main24 restrict the processing of your data in certain circumstances;
• Right to Data Portability: You may request a machine-readable copy of the data you have provided to main24;
• Right to Object: You may object to data processing carried out on the basis of legitimate interests, including direct marketing;
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact main24 at [email protected]. main24 will respond to all rights requests within 30 days of receipt. In complex cases, the response period may be extended by a further 60 days, of which you will be notified within the initial 30-day period.

Please note that certain rights may be limited where main24 has a legal obligation to retain data (e.g., KYC records for AML compliance) or where exercising the right would compromise fraud prevention or responsible gaming obligations.

12.1 main24's responsible gaming tools — deposit limits, loss caps, session time limits, reality checks, and self-exclusion — operate by recording your preferences and applying them to your Account. This necessarily involves the storage and use of data about your gaming behaviour.

12.2 Self-Exclusion Data. Where you self-exclude from main24, your exclusion status is stored and applied across all products on the Platform. main24 retains self-exclusion records for a minimum of 5 years after the exclusion period ends to prevent inadvertent re-admission and to comply with responsible gaming regulatory obligations.

12.3 21+ Age Verification. KYC data collected for age verification purposes is retained in accordance with Section 9. main24 does not use age verification data for marketing segmentation.

main24 enforces a strict minimum age of 21 for all account registrations. The Platform is not directed at, and does not knowingly collect personal data from, persons under the age of 21.

If main24 becomes aware that personal data has been collected from a person under the age of 21 — whether through an erroneous registration or otherwise — that Account will be immediately suspended, the data will be reviewed, any associated transactions will be reversed where possible, and the data will be deleted or anonymised as soon as practicable, consistent with applicable legal obligations.

If you believe that a person under 21 has registered an Account on main24, please contact us immediately at [email protected].

main24's Platform and certain third-party service providers may process personal data in jurisdictions outside Malaysia. Where personal data is transferred internationally, main24 ensures that appropriate safeguards are in place — such as standard contractual clauses or equivalent data protection mechanisms — to protect your data to a standard consistent with this Policy.

By using the main24 Platform, you acknowledge that your personal data may be transferred to and processed in countries outside your country of residence, including in connection with payment processing and KYC verification services.

main24 reserves the right to amend this Privacy Policy at any time. Where changes are material — for example, where we intend to process personal data in a new way or for a new purpose — we will notify affected Users via email to their registered address or via a prominent in-platform notification before the change takes effect.

Minor or non-material updates (such as clarifications of existing language or correction of typographical errors) may be made without individual notification, and the updated Policy will be published at main24.win/privacy-policy with a revised "Last Updated" date.

Your continued use of the main24 Platform following notification of a material policy change constitutes your acceptance of the revised Policy. If you do not accept the revised Policy, you should stop using the Platform and may request Account closure by contacting [email protected].

For any questions, requests, or complaints in relation to this Privacy Policy or main24's handling of your personal data, please contact us:

If you are not satisfied with main24's response to a privacy complaint, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction. main24 will cooperate fully with any regulatory investigation.