burger icon
M99au Australia
Log In

Privacy Policy

This Privacy Policy explains how M99au, the operator of the website m99au-au.com, collects, uses, discloses, and protects your personal information. It applies to players and other visitors who access or use m99au-au.com, including via any mirror or access point that directs you to this site. By using m99au-au.com you acknowledge that you have read and understood this Privacy Policy.

This policy is intended to reflect the requirements of the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) for Australian users, and key principles of the EU General Data Protection Regulation (GDPR) and Mexican data protection law for users in those regions, where applicable. It does not create contractual rights beyond those provided by applicable law.

Effective date: 1 February 2026

Who We Are

For the purposes of this Privacy Policy, references to "we", "us" or "our" mean the operator of the online gambling platform accessible at m99au-au.com under the brand M99au (M99au for this Australian-facing mirror).

Based on publicly available information and internal audit findings as of 2026, the operator is an offshore, unregulated online gambling provider with opaque ownership. No verifiable corporate legal name, registration number, or registered office address is disclosed on m99au-au.com or its related mirrors. Because we must not fabricate such information, this Privacy Policy describes how personal information is handled by the unnamed operator behind m99au-au.com rather than a specifically identified legal entity.

Registered office / legal address: Not publicly disclosed by the operator on any referenced domains.
Company registration / tax details: Not publicly disclosed; licensing and corporate registration cannot be independently verified and the service should be treated as unregulated.

Primary contact for privacy matters (data protection contact):

  • Online: 24/7 live chat available on m99au-au.com (preferred channel for privacy and data requests).
  • Messaging: WhatsApp-based support may be available; specific numbers or links are not publicly disclosed and may change.
  • Email: No dedicated privacy or support email is reliably published across mirrors; if an email is provided within your account area or on the contact page, you may also use that channel for privacy requests.
  • Postal address: Not disclosed; we therefore cannot offer a reliable postal contact point at this time.

By using this site, you acknowledge these transparency limitations and understand that the data controller is the offshore operator of m99au-au.com, as described above.

What Personal Data We Collect

We observe and process different categories of personal information to operate m99au-au.com and provide gambling and related services. The main categories include:

  • Identification and contact data: Full name, username, password, email address, mobile number, date of birth, country or region, and, where required, proof-of-identity information (such as ID document details, photos, or address documents) for account verification and risk checks.
  • Account and transactional data: Account ID, registration date, login history, language and currency preferences, deposit and withdrawal history, bonus use, bet and game history (including stakes, odds, results and timestamps), loyalty points, and communications with support.
  • Payment and financial data: Payment method details such as masked card identifiers, PayID references, Osko transaction references, crypto wallet identifiers (e.g., USDT addresses), and related payment confirmations processed through third-party payment service providers or agents. We do not generally store full card numbers, but our partners may do so in accordance with their own policies.
  • Technical and device data: IP address, device identifiers, device type, operating system, browser type and settings, referring URLs, pages visited, clickstream and interaction logs, connection timestamps, and approximate location inferred from your IP address.
  • Behavioral and usage data: Game and betting preferences, time spent on the site, click and navigation patterns, response to offers, marketing interactions (e.g., email opens, link clicks), and responsible gambling indicators such as self-exclusion requests or unusual play patterns.
  • Communications data: Copies and logs of live chat conversations, WhatsApp messages (where available), emails (if provided), internal messages, and any complaints or feedback you submit.
  • Cookies and similar technologies: Unique identifiers stored through cookies, web beacons, tags, SDKs, and similar tools that help us recognize your browser or device, maintain your session, and measure performance or marketing effectiveness. More detail is provided in the "Cookies & Tracking Technologies" section below.

Where we reasonably need to, we may combine information from these categories with data from publicly available sources or from our service providers for fraud, security, and analytics purposes.

Legal Basis for Processing

Because m99au-au.com serves users in multiple regions, we rely on several overlapping legal grounds for processing personal information, depending on where you are located and how you use the service. In particular:

  • Contractual necessity: We process personal data that is necessary to create and manage your account, verify your eligibility to use gambling services, process deposits and withdrawals, settle bets, credit bonuses, provide customer support, and otherwise perform our agreement with you. Without this information, we cannot provide you with a functioning account.
  • Compliance with legal obligations: Where applicable laws require (for example, anti-money laundering and counter-terrorism financing rules, record-keeping requirements, taxation or reporting obligations in certain jurisdictions), we may process and retain identification, transactional, and related data to meet those obligations. Even though the operator is unregulated from an Australian licensing perspective, some counterparties or jurisdictions in which our partners operate may impose such duties.
  • Legitimate interests: We process personal information to protect the integrity and security of our platform (for example, to detect and prevent fraud, abuse, collusion and money laundering), to perform analytics and improve our services, to troubleshoot and maintain our systems, to enforce our terms and conditions, and to defend our legal interests. We balance these interests against your privacy rights, and, where local law requires, we offer mechanisms to object or opt out.
  • Consent: In some cases we rely on your consent, such as:
    • sending direct marketing communications by email, SMS, in-app or browser notifications where consent is required;
    • using certain optional cookies or similar tracking technologies for advertising or advanced analytics; and
    • processing sensitive information (for example, health-related data you voluntarily disclose in a responsible gambling or self-exclusion request) where local law requires explicit consent.
    You can withdraw your consent at any time, as described in the "Your Rights" and "Cookies & Tracking Technologies" sections; withdrawal will not affect the lawfulness of processing before it was withdrawn.

For users in the EU/EEA, our primary legal bases under GDPR are Article 6(1)(b) (contract), 6(1)(c) (legal obligation), 6(1)(f) (legitimate interests), and 6(1)(a) (consent) where applicable. For users in Mexico, we aim to align our practices with the legal bases and principles under the Federal Law on Protection of Personal Data Held by Private Parties and its Regulations.

Purpose of Processing

We process your personal information for specific, explicit, and lawful purposes. These purposes, and how they expand from the data we collect, include:

  • Providing and managing our gambling services: To register and maintain your account; verify your age and identity; enable deposits, withdrawals and gameplay; settle bets and payouts; manage promotions and loyalty programs; and provide customer support via live chat or messaging channels.
  • Operating, maintaining, and improving our platform: To monitor technical performance, diagnose and prevent outages, optimize user interfaces and game loading times, understand how players interact with the site, and develop new features or offerings based on aggregated trends and feedback.
  • Risk management, security, and fraud prevention: To detect and investigate suspicious activity, bonus abuse, payment fraud, multi-accounting, collusion, account takeovers, and other misconduct; to enforce our terms and conditions; and to protect our users, our systems, and our partners.
  • Compliance and record-keeping: To meet any applicable legal, regulatory, or reporting obligations, including anti-money laundering and counter-terrorism financing checks, financial record-keeping, dispute handling, and responses to lawful requests from competent authorities.
  • Marketing and personalisation (where permitted): To send you offers, news, bonuses, or surveys that may be of interest to you; to tailor content, banners and promotional messages based on your profile and activity; and to measure the effectiveness of campaigns. We will honour your marketing preferences and, where required by law, will only send such communications with your consent.
  • Analytics and statistics: To analyse aggregated and pseudonymised data about usage patterns, player demographics, and product performance, helping us refine risk models, improve responsible gambling tools, and optimise our operations.
  • Handling queries and disputes: To respond to your requests, complaints, or rights exercises; to document communications; and to manage internal and external dispute processes, including any discussions with regulators or other oversight bodies where applicable.

We do not sell your personal information as the term "sell" is defined in some privacy laws. Where we use data for marketing or advertising with third parties, this is described in more detail in the "Disclosure & Sharing" and "Cookies & Tracking Technologies" sections.

Disclosure & Sharing

We may share your personal information with third parties in limited, controlled circumstances. We require our service providers to handle your data securely and only for the purposes we specify, although, given the offshore and unregulated nature of the operator, you should be aware that oversight mechanisms may be less robust than under fully licensed regimes.

  • Payment and financial partners: Banks, payment processors, PayID/Osko facilitators, card schemes, crypto exchanges or gateways, and other financial intermediaries that process deposits, withdrawals or currency conversions. These partners may act as independent data controllers for some activities and will process your data in accordance with their own privacy policies.
  • Technology and infrastructure providers: Hosting providers, content delivery networks, game providers (e.g., slot, live casino, sportsbook data feeds), analytics and anti-fraud tools, customer support platforms (including live chat and messaging tools such as WhatsApp integrations), and security monitoring services that enable us to run the platform.
  • Verification, risk, and compliance partners: Identity verification services, sanctions and politically exposed person (PEP) screening providers, fraud and AML tools, and responsible gambling service providers that help us assess eligibility, manage risk, and comply with applicable obligations.
  • Affiliates and marketing partners: Affiliate websites, marketing networks, and advertising technology providers that refer players or display our ads. Where required, we will only share pseudonymised or aggregated data or will obtain your consent before using cookies or similar technologies for targeted advertising.
  • Corporate group and successors: Other sites or operators within the broader "M99" network, and any actual or potential buyers, investors, or assignees in connection with a merger, acquisition, restructuring, or transfer of our business or assets. Any successor will be allowed to use the information in line with this Privacy Policy, unless you are notified otherwise.
  • Regulators, authorities, and legal recipients: Where required or permitted by law, we may disclose information to law enforcement agencies, courts, regulators, tax authorities, or other competent bodies, including in response to lawful requests, to protect our legal rights, or to prevent fraud or criminal activity. For Australian users, this may include cooperation with Australian authorities even though we are not locally licensed.
  • With your consent or at your direction: We may share information with third parties when you ask us to (for example, in connection with a specific promotion run jointly with a partner), or when you explicitly consent to a new category of disclosure.

We do not authorise our service providers to use your personal information for their own independent marketing purposes without your separate consent. Where a third party acts as an independent controller (for example, a bank handling your payment), their privacy policy will govern their use of your data.

International Transfers

Because the operator behind m99au-au.com is offshore and uses a range of third-party providers, your personal information may be transferred to and stored in countries outside your country of residence. These may include, but are not limited to, locations in Southeast Asia (such as Malaysia or Singapore), Europe, and other regions where our hosting, game, payment, or support providers are located.

When we transfer personal information internationally, we take steps designed to provide an appropriate level of protection, which may include:

  • Contractual safeguards: Where required by law (for example, under GDPR for transfers from the EU/EEA), we seek to use standard contractual clauses or equivalent contractual mechanisms with our service providers to help protect personal data.
  • Technical and organisational measures: Applying encryption, access controls, and other security measures described in the "Data Security" section to mitigate risks associated with cross-border data flows.
  • Risk-based assessments: Assessing, where reasonably possible, the nature of the services provided and the legal environment in destination countries, and choosing providers that can support acceptable privacy and security standards.

Because our precise corporate jurisdiction is not public and some processing occurs in "grey-market" contexts, we cannot guarantee that every country where data is stored or processed provides the same level of statutory protection as your home jurisdiction. By using m99au-au.com, you acknowledge that your information may be processed in such locations. If you are located in the EU/EEA or Mexico, you may have specific rights in relation to these transfers, as described in "Your Rights".

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable laws, and then take steps to delete or irreversibly anonymise it. Retention periods may differ depending on the type of data and the context of processing. In general:

  • Account and identification data: We keep core account details and KYC documents for as long as your account is active and for a period of up to 5 years after account closure, unless a longer period (up to 7 years) is required to meet potential anti-money laundering, fraud-prevention, tax, or dispute-related obligations in relevant jurisdictions.
  • Transaction and betting history: Deposit, withdrawal, and betting records are typically retained for the lifetime of the account and for at least 5 - 7 years after closure to enable financial reconciliation, respond to disputes, and comply with applicable record-keeping rules.
  • Technical and usage data: Logs, analytics data, and device information may be retained in identifiable form for a shorter period (often up to 2 years) and then aggregated or anonymised for long-term statistical analysis.
  • Marketing-related data: Information about marketing preferences and interactions is retained while you remain subscribed to marketing communications and for up to 2 years after you opt out, to demonstrate compliance with your preferences.
  • Complaints and communications: Records of your communications with us, including complaints and rights requests, are generally kept for up to 7 years after resolution, depending on the nature of the issue and applicable legal requirements.

We may retain information for longer where necessary to establish, exercise, or defend legal claims, to investigate or prevent fraud or abuse, or to comply with specific legal or regulatory obligations in a particular jurisdiction. When data is no longer needed and no legal basis for retention applies, we will delete it or anonymise it so that it can no longer be linked to you.

Your Rights

Your rights over your personal information depend on the laws that apply to you. We aim to respect and, where feasible, align our practices with the rights provided under the Australian Privacy Act and APPs, the EU GDPR, and Mexican data protection law, including the Federal Law on Protection of Personal Data Held by Private Parties and its Regulations.

Core rights (applicable in most regions)

  • Access: You can request confirmation of whether we hold personal information about you and, if so, obtain a copy in a reasonably intelligible form.
  • Correction / rectification: You can ask us to correct inaccurate or incomplete personal information we hold about you.
  • Deletion / cancellation: You can request that we delete certain personal information, subject to legal or legitimate grounds for continued retention (for example, where records must be kept for AML or dispute purposes).
  • Restriction of processing: In some cases you may request that we limit how we use your data, for example while we verify accuracy or assess an objection.
  • Objection: You may object to certain processing, such as processing based on legitimate interests or direct marketing. We will honour your objection to marketing and will assess other objections as required by applicable law.
  • Data portability: Where provided by law (e.g., under GDPR), you may request certain personal data in a structured, commonly used, machine-readable format, and ask that we transmit it to another controller where technically feasible.
  • Withdraw consent: Where we rely on your consent (for example, for certain marketing or cookies), you may withdraw it at any time, without affecting prior processing.

Australia-specific considerations

  • Under the Australian Privacy Act and APPs, you generally have rights to access and correct personal information, and to complain if you believe your privacy has been interfered with. The right to anonymity and pseudonymity may be limited in the gambling context due to our need to verify age and identity.

GDPR-specific rights (EU/EEA users)

  • In addition to the rights above, GDPR provides specific grounds and conditions for access, rectification, erasure, restriction, objection, and portability. If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.

Mexico-specific rights (ARCO and related)

  • Under Mexican data protection law, you may exercise ARCO rights: Access, Rectification, Cancellation, and Opposition regarding your personal data, as well as revoke consent and limit use or disclosure for certain purposes.

How to exercise your rights and timeframes

  • Submitting a request: You can make a privacy request (including ARCO/GDPR-style requests) by contacting us via the live chat function on m99au-au.com and clearly stating that your request is privacy-related. If a dedicated privacy email is listed in your account area or on our contact page, you may also use that channel.
  • Verification: To protect you, we may ask for information to verify your identity before acting on a request, particularly for access, deletion, and portability.
  • Response time: We aim to respond within 30 days of receiving a complete request and required verification information. Complex requests or multiple concurrent requests may take longer, but we will keep you informed.
  • Fees: We will not charge a fee for dealing with your request unless it is manifestly unfounded or excessive. If a fee is justified, we will explain why and provide an estimate before proceeding.
  • Limitations: Some rights may be restricted where we need to retain information for legal, regulatory, or legitimate business reasons (for example, AML retention, fraud prevention, or dispute handling). If we cannot fully comply with your request, we will explain the reasons where legally permitted.

Cookies & Tracking Technologies

We use cookies and similar technologies to observe how you interact with m99au-au.com and to improve and personalise your experience. Cookies are small text files stored on your device by your browser. They may be set by us ("first-party" cookies) or by third parties ("third-party" cookies).

Types of cookies we use

  • Strictly necessary (session) cookies: These are essential to provide core site functions, such as keeping you logged in, maintaining your bet slip, enabling secure account pages, and processing payments. They are typically session-based and expire when you close your browser or log out.
  • Functional and preference cookies: These remember your choices and settings, such as language, odds format, or display preferences, to provide a more personalised experience. They may be persistent and remain on your device for a predefined period.
  • Analytics and performance cookies: These help us understand how users interact with the site (for example, which pages are visited most, whether error messages occur, or how long pages take to load). They may be set by us or by third-party analytics providers and are usually persistent.
  • Advertising and targeting cookies: Where enabled and permitted by law, these cookies track your browsing behaviour on our site and, in some cases, across other sites to show you relevant ads and measure campaign effectiveness. They are generally persistent and may be set by advertising networks or affiliates.

Managing cookies and similar technologies

  • Browser settings: Most browsers allow you to block or delete cookies, or to set alerts before a cookie is stored. Please refer to your browser's help section for detailed instructions. Blocking strictly necessary cookies may prevent some site features from working properly.
  • Internal tools: Where available, we may provide an internal cookie or privacy panel within your account or via a banner on first visit, allowing you to manage non-essential cookies and marketing preferences.
  • Do Not Track (DNT): Because there is no universally accepted standard for DNT signals, our systems do not currently respond to them. You can still manage cookies via your browser and internal tools.

Third parties who set cookies or similar technologies through m99au-au.com may have their own privacy policies. We encourage you to review those policies if you wish to understand how they handle cookie-derived information.

Data Security

We take reasonable technical and organisational measures to safeguard the personal information we process, recognising the heightened risks associated with online gambling and cross-border data flows. While no system can be fully secure, we aim to reduce the likelihood and impact of unauthorised access, disclosure, or loss.

  • Encryption in transit: Communications between your browser and m99au-au.com are protected using industry-standard encryption protocols (such as TLS 1.2 or higher), helping to prevent interception or tampering during transmission.
  • Encryption at rest and data segregation: Where feasible, personal and transactional data stored in our systems or with trusted providers is encrypted or pseudonymised, and logical separation of environments is applied to limit lateral movement in case of a security incident.
  • Access controls and authentication: Access to personal information is restricted to personnel and service providers who need it for legitimate purposes, subject to role-based access controls, authentication mechanisms, and access logging. We encourage you to use strong, unique passwords and to keep your account credentials confidential.
  • Multi-factor and account protections: Where available, we may offer or require additional authentication or verification steps for sensitive account actions (such as password resets or withdrawals) to reduce the risk of account takeover.
  • Security monitoring and audits: We undertake periodic internal checks and use monitoring tools to detect suspicious activity, vulnerabilities, or misconfigurations. While we are not publicly certified under standards like ISO 27001 or SOC 2, we seek to align our practices with recognised industry security principles where practically possible.
  • Staff training and confidentiality: Staff and contractors with access to personal information are expected to follow confidentiality obligations and receive guidance or training on data protection and security practices appropriate to their role.
  • Incident response: We maintain processes to investigate potential security incidents, contain and remediate issues, and, where required by law, notify relevant authorities and affected users within applicable timeframes.

Despite these measures, no online service is completely risk-free. By using m99au-au.com, you acknowledge that residual risks remain, especially given the offshore and unregulated nature of the operator. You should take your own steps to protect your devices, use reputable networks, and monitor your account for suspicious activity.

Complaints & Contacts

If you have questions about this Privacy Policy or how your personal information is handled, or if you wish to make a complaint, you can contact us and, where applicable, escalate your concerns to a supervisory authority.

Contacting the operator (first step)

  1. Submit your inquiry or complaint: Use the live chat function on m99au-au.com and clearly state that your issue relates to privacy or data protection. Provide enough detail for us to understand and investigate (for example, your username, approximate dates, and a clear description of your concern).
  2. Verification: We may ask for additional information to verify your identity, particularly for access, correction, or deletion requests, or where sensitive information is involved.
  3. Initial response: We aim to acknowledge your complaint or request within a reasonable time, typically within 7 days, and to provide a substantive response within 30 days. Complex matters may take longer, but we will inform you if we require more time.
  4. Resolution: We will investigate and attempt to resolve your complaint fairly. If we decide not to take action or cannot fully comply with your request, we will explain why, where law permits.

Because the operator does not publicly disclose a postal address or named Data Protection Officer (DPO), live chat and any contact details advertised in your account area or on our contact page remain the primary channels for privacy communications.

Escalation to supervisory authorities

  • Australia: If you are an Australian user and are not satisfied with our response, you may be able to raise your concerns with the Office of the Australian Information Commissioner (OAIC):
  • European Union / EEA: If you are in the EU/EEA and believe we have not complied with GDPR, you may lodge a complaint with your local data protection authority. A list of supervisory authorities is available via the European Data Protection Board:
  • Mexico: If you are in Mexico and consider that your ARCO rights or other rights under Mexican data protection law have been violated, you may file a complaint with the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI):
    • Website: https://home.inai.org.mx/

Please note that because the operator is offshore and unregulated from an Australian gambling licensing perspective, the practical ability of some supervisory authorities to enforce against us may be limited. Nonetheless, we encourage you to raise concerns so that we can address them wherever possible.

Updates

We may update this Privacy Policy from time to time to reflect changes in our services, our data handling practices, technological developments, or applicable legal requirements. When we make material changes, we will take steps designed to ensure you are informed and can make informed decisions.

  • Notification methods: We may notify you of updates by:
    • publishing the revised Privacy Policy on m99au-au.com and updating the "Last updated" date below;
    • displaying a banner or notice upon login or on key pages of the site;
    • highlighting material changes within your account dashboard; and/or
    • sending an email or message to the contact details associated with your account, where feasible.
  • Advance notice for significant changes: For changes that materially affect how we use your personal information or your rights (for example, introducing new categories of data sharing for marketing), we aim to provide at least 30 days' advance notice before the changes take effect, unless immediate changes are required by law or to address security or operational risks.
  • Your options: If you do not agree with the updated Privacy Policy, you should stop using m99au-au.com and, where possible, close your account and/or request deletion of certain data as permitted by law. Continued use of the site after changes become effective will be treated as your acknowledgement of the updated policy, to the extent permitted by applicable law.
  • Version control: We will keep track of the effective date of this policy and, where feasible, maintain or provide access to a summary of material changes so you can understand how our practices have evolved.

Last updated: 1 February 2026