Privacy Policy — How join 9 Protects Your Data
At join 9, the privacy and security of your personal information is a fundamental commitment, not an afterthought. This Privacy Policy explains in plain terms what data we collect, why we collect it, how we use it, and the rights you hold over your own information as a player on our platform.
Your Privacy, Our Priority
join 9 is committed to handling the personal data of all players — whether based in Dhaka, Chittagong, Sylhet, Khulna, or elsewhere in Bangladesh — with the highest standards of care, transparency, and security. The six principles below summarise how we approach data privacy across every part of our platform.
Encrypted Storage
All personal data stored by join 9 is protected using industry-standard encryption. Sensitive fields such as payment details and identity documents are stored in encrypted form and accessible only to authorised systems.
No Data Sales
join 9 does not sell, rent, or lease your personal data to third-party marketers under any circumstances. Your information is used solely for the purposes described in this Privacy Policy.
SSL Protection
All data transmitted between your device and join 9 servers is protected by TLS/SSL encryption, ensuring that your login credentials, payment instructions, and personal details cannot be intercepted in transit.
Purpose Limitation
Data collected by join 9 is used only for the specific purposes disclosed in this Privacy Policy. We do not repurpose your data for unrelated activities without first obtaining your explicit consent.
Player Controls
You have meaningful rights over your personal data, including the right to access, correct, and request deletion of information we hold about you. These rights are explained in full in the Your Privacy Rights section below.
Defined Retention Periods
join 9 retains personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable legal obligations. Data no longer needed is securely deleted or anonymised.
1 Data We Collect
join 9 collects personal data from players in several ways: directly when you register an account or interact with our platform, automatically when you use our website or mobile interface, and occasionally from third-party sources as part of our verification and fraud prevention processes. The categories of data we collect are described below.
1.1 Registration and Account Data
When you create a join 9 account, we collect the following information:
- Full legal name — as it appears on your government-issued identity document
- Date of birth — used to verify that you are 18 years of age or older
- Email address — used for account communications, transactional notifications, and support correspondence
- Mobile phone number — used for account verification, two-factor authentication, and support contact
- Residential address — including city, district, and postcode, used for identity verification and KYC compliance
- Username and password — your chosen login credentials (passwords are stored in hashed form and are never visible to join 9 staff)
1.2 Identity Verification (KYC) Data
As part of our Know Your Customer process, we may request and store copies of the following documents:
- Government-issued photo ID — National Identity Card (NID), valid passport, or driving licence
- Proof of address — utility bill, bank statement, or official government letter dated within 90 days
- Payment method verification — confirmation of ownership of your bKash, Nagad, Rocket, or Upay account, or a copy of your bank card (with sensitive digits obscured)
- Selfie or live photograph — taken during the verification process to confirm that the document submitted belongs to the person registering the account
1.3 Transaction and Financial Data
When you make deposits or withdrawals on the join 9 platform, we collect and retain the following transactional data:
- Payment method type and reference number (e.g., bKash wallet number, Nagad account reference)
- Transaction amounts, timestamps, and statuses
- Deposit and withdrawal history associated with your account
- Bonus credits and wagering activity for the purpose of promoting compliance with bonus terms
join 9 does not store full card numbers or mobile banking PINs. Payment transactions are processed through encrypted channels, and full financial credentials are handled exclusively by the relevant payment provider.
1.4 Usage and Technical Data
When you access the join 9 platform, our systems automatically collect certain technical data, including:
- IP address and approximate geographic location (city/district level)
- Device type, operating system, and browser version
- Session start and end times, pages visited, and features used
- Game history, bet amounts, win/loss records, and session duration data
- Referring URL (the website or link that directed you to join 9)
- Error logs and crash reports generated during your session
This technical data is used primarily for platform security, fraud detection, responsible gaming monitoring, and improving the user experience. It is not used to identify individual users for marketing purposes without additional consent.
1.5 Communications Data
If you contact join 9 via email, live chat, or any other support channel, we retain a record of that correspondence, including the content of your messages and any attachments. This data is used to resolve your query, train our support team, and maintain an accurate record of your account history. Support communications are retained for a minimum of 24 months.
Minimal data principle: join 9 applies a data minimisation approach — we collect only the personal information genuinely necessary for the purposes described in this Privacy Policy. We do not collect data "just in case" or for speculative future uses.
2 How We Use Your Data
join 9 uses the personal data we collect for the following clearly defined purposes. We do not use your data for any purpose that is incompatible with the reasons for which it was originally collected.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation and management | Name, email, phone, date of birth, address | Contract performance |
| Identity and age verification (KYC) | ID documents, selfie, proof of address | Legal obligation / contract |
| Processing deposits and withdrawals | Payment method data, transaction records | Contract performance |
| Fraud detection and security monitoring | IP address, device data, session logs, transaction patterns | Legitimate interests |
| Responsible gaming monitoring | Game history, session duration, bet frequency, self-exclusion status | Legal obligation / legitimate interests |
| Customer support | Account data, communications records | Contract performance |
| Promotional communications | Email address, communication preferences | Consent (opt-in) |
| Platform improvement and analytics | Anonymised usage data, technical logs | Legitimate interests |
2.1 Marketing Communications
join 9 may send you promotional emails or messages about new games, upcoming BPL cricket betting markets, Eid bonus offers, and platform updates — but only if you have opted in to receive marketing communications at the time of registration or subsequently via your account settings. You may withdraw your consent to receive marketing communications at any time by updating your notification preferences in your account settings or by contacting support at [email protected]. Withdrawing marketing consent does not affect the delivery of essential transactional communications such as deposit confirmations, withdrawal notifications, or security alerts.
2.2 Automated Decision-Making
join 9 uses automated systems for certain processes including fraud detection, responsible gaming risk scoring, and bonus eligibility assessment. Where a significant decision affecting your account is made on a fully automated basis — such as an account restriction triggered by fraud detection — you have the right to request human review of that decision by contacting our support team. We will acknowledge such requests within 3 business days.
No unsolicited marketing: join 9 does not send marketing communications to players who have not opted in. If you receive an unsolicited communication claiming to be from join 9, please report it to [email protected] immediately, as it may be a phishing attempt.
3 Data Sharing & Disclosure
join 9 does not sell or trade your personal data. We share data with third parties only in the limited circumstances described below, and only to the extent strictly necessary for the stated purpose.
3.1 Service Providers and Technology Partners
join 9 works with a carefully selected set of third-party service providers who assist in the operation of the platform. These include:
- Payment processors — bKash, Nagad, Rocket, Upay, and card payment networks receive the minimum data required to process your transactions. These providers operate under their own privacy policies and are bound by their own regulatory obligations.
- Identity verification providers — third-party KYC and document verification services may process your identity documents on join 9's behalf. All such providers are contractually bound to handle your data securely and exclusively for the verification purpose.
- Game software providers — game studios such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, and Spribe operate game engines integrated into the join 9 platform. These providers may receive limited technical session data (such as session tokens and game outcome records) necessary to deliver the game to you. They do not receive your full personal profile.
- Fraud detection and analytics partners — specialist providers who assist join 9 in identifying suspicious activity, verifying device integrity, and maintaining platform security. All such providers are bound by strict data processing agreements.
- Cloud infrastructure providers — join 9 uses secure cloud hosting to store platform data. Data is stored in encrypted form and accessed only by authorised systems and personnel.
3.2 Legal and Regulatory Disclosure
join 9 may disclose your personal data to law enforcement agencies, regulatory authorities, or courts where we are legally required to do so, or where disclosure is necessary to protect the rights, safety, or property of join 9, our players, or the public. We will not disclose more data than is required by the applicable legal instrument, and where permitted by law, we will notify affected players of such disclosure.
3.3 Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of join 9's assets, personal data held by join 9 may be transferred to the acquiring entity as part of that transaction. In such circumstances, join 9 will notify affected players via the email address registered on their account prior to any transfer of their personal data, and the acquiring entity will be bound by the terms of this Privacy Policy with respect to previously collected data.
No data sales — ever: join 9 has never sold player personal data to third-party advertisers or data brokers, and we have no intention of doing so. Our business model is based on providing a great betting and gaming experience to players in Bangladesh — not on monetising your personal information.
4 Cookies & Tracking
join 9 uses cookies and similar tracking technologies to operate the platform effectively, maintain your login session, remember your preferences, and understand how players interact with our website. This section explains what cookies we use and the choices available to you.
4.1 What Are Cookies?
Cookies are small text files placed on your device by a website when you visit it. They serve a variety of functions — from keeping you logged in as you navigate between pages, to storing your language and display preferences, to helping us identify technical problems. Cookies themselves do not contain executable code and cannot access other data on your device.
4.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Session management, login authentication, security tokens, CSRF protection | Session / up to 24 hours |
| Functional | Remembering your display preferences, notification settings, and last-visited game category | Up to 12 months |
| Analytics | Understanding which pages and features are most used, measuring page load performance, identifying navigation friction points | Up to 24 months |
| Fraud Prevention | Device fingerprinting signals used to detect unusual login patterns and protect your account from unauthorised access | Up to 12 months |
4.3 Managing Your Cookie Preferences
Strictly necessary cookies are required for the platform to function and cannot be disabled without disrupting core features such as login and game play. For all other cookie categories, you may adjust your preferences via your browser settings. Most modern browsers allow you to block or delete cookies; please refer to your browser's help documentation for specific instructions. Please note that disabling functional or analytics cookies may affect the quality of your experience on the join 9 platform — for example, your preferences may not be remembered between sessions.
Mobile app tracking: If you access join 9 via a mobile browser on your Android or iOS device, standard browser cookie controls apply. join 9 does not use any device-level advertising identifiers (such as Google GAID or Apple IDFA) for cross-app tracking purposes.
5 Data Security
join 9 implements a comprehensive set of technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. Our security programme includes the following key controls:
- TLS/SSL encryption in transit: All data exchanged between your browser or app and join 9 servers is encrypted using TLS 1.2 or higher. Connections over unencrypted HTTP are automatically redirected to HTTPS.
- Encryption at rest: Sensitive personal data fields stored in join 9 databases — including identity document images, payment references, and authentication credentials — are encrypted using AES-256 or equivalent industry-standard algorithms.
- Access controls: Internal access to personal data is restricted on a strict need-to-know basis. join 9 staff members can only access the categories of player data that are necessary for their specific role. All internal access is logged and subject to regular audit.
- Two-factor authentication (2FA): join 9 strongly encourages all players to enable 2FA on their accounts via the security settings menu. 2FA is mandatory for all join 9 administrative and support staff accounts.
- Intrusion detection and monitoring: join 9's infrastructure is monitored 24/7 for signs of unusual access patterns, attempted intrusions, and data exfiltration. Automated alerts are configured for anomalous activity thresholds.
- Regular security review: join 9 conducts periodic internal security reviews and works with independent technical advisors to assess the robustness of our data security controls.
Despite these measures, no online platform can guarantee absolute security. If you become aware of any actual or suspected security incident involving your join 9 account — including unauthorised login attempts or unusual account activity — please contact our support team immediately at [email protected]. We will investigate and respond to all reported security concerns promptly.
5.1 Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights or freedoms of affected players, join 9 will notify those players via the email address registered on their account without undue delay. The notification will describe the nature of the breach, the categories of data affected, the likely consequences, and the steps join 9 is taking to address the incident and mitigate its effects.
6 Data Retention
join 9 retains personal data only for as long as is necessary for the purposes described in this Privacy Policy, or as required by applicable legal and regulatory obligations. The following retention periods apply as a general guide:
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account registration data | Duration of active account + 5 years after closure | Legal obligation / dispute resolution |
| KYC / identity documents | Duration of active account + 5 years after closure | Legal obligation (AML compliance) |
| Transaction records | Duration of active account + 5 years after closure | Legal obligation / financial record-keeping |
| Game history and session logs | 3 years from the date of the session | Responsible gaming / dispute resolution |
| Support communications | 24 months from the date of last interaction | Service quality / dispute resolution |
| Technical / usage logs | 12 months from the date generated | Security monitoring / fraud detection |
| Marketing preferences | Until consent is withdrawn | Consent |
After the applicable retention period expires, personal data is securely deleted or anonymised so that it can no longer be attributed to an identifiable individual. Anonymised aggregated data (for example, aggregate wagering statistics used in internal reporting) may be retained indefinitely as it no longer constitutes personal data.
6.1 Dormant Accounts
Where a join 9 account has had no login or transaction activity for a continuous period of 12 months, it may be classified as dormant. join 9 will contact the registered email address before taking any action on a dormant account. Players may reactivate a dormant account at any time by logging in and completing any applicable re-verification steps. If a dormant account is closed by join 9, the retention periods in the table above apply from the date of closure.
Right to erasure: You may request deletion of your personal data before the end of the applicable retention period in certain circumstances — see the Your Privacy Rights section below. However, where data is required by law to be retained (e.g., AML compliance obligations), erasure requests for that specific data category cannot be fulfilled until the mandatory retention period has elapsed.
7 Your Privacy Rights
As a join 9 player, you have a number of rights in relation to the personal data we hold about you. join 9 is committed to honouring these rights in a transparent and timely manner. To exercise any of the rights described below, please contact our support team at [email protected] with the subject line "Privacy Rights Request" and a description of the right you wish to exercise.
- Right of access: You have the right to request a copy of the personal data join 9 holds about you, along with information about how it is used and with whom it is shared. We will respond to access requests within 30 days of receipt.
- Right to rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. You may update basic account information (such as your email address or phone number) directly via your account settings page. For corrections to identity or KYC data, please contact support.
- Right to erasure ("right to be forgotten"): You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent and there is no other legal basis for processing, or where the data has been processed unlawfully. Please note that certain data categories cannot be deleted before the mandatory retention period has elapsed due to legal obligations.
- Right to restriction of processing: You may request that join 9 restrict processing of your personal data in certain circumstances — for example, while the accuracy of the data is being contested, or where you have objected to processing based on legitimate interests pending verification of whether join 9's grounds override yours.
- Right to data portability: Where processing is based on your consent or on the performance of a contract, and where processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) and to transmit it to another service provider where technically feasible.
- Right to object: You have the right to object at any time to processing of your personal data where join 9 relies on legitimate interests as the legal basis for that processing. join 9 will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or where processing is necessary for the establishment, exercise, or defence of legal claims.
- Right to withdraw consent: Where processing is based on your consent (for example, for marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing that occurred before the withdrawal. Withdrawing marketing consent does not affect your ability to use the join 9 platform.
- Right not to be subject to solely automated decisions: Where a significant decision affecting your account is made on a fully automated basis, you have the right to request human review of that decision, as described in Section 2.2 of this Privacy Policy.
Response timeline: join 9 will acknowledge all privacy rights requests within 5 business days and aim to provide a full response within 30 calendar days. Where the complexity or volume of requests requires additional time, we will notify you of the extension and the reason for it before the initial 30-day period expires.
8 Policy Updates & Contact
8.1 Changes to This Privacy Policy
join 9 may update this Privacy Policy from time to time to reflect changes in our data practices, the services we offer, or applicable legal requirements. When material changes are made, we will notify registered players via the email address associated with their account at least 14 days before the changes take effect. The "Effective" date shown in the hero section of this page will be updated to reflect the date on which the current version came into force.
Your continued use of the join 9 platform after the effective date of any updated Privacy Policy constitutes your acknowledgement of and agreement to the revised terms. If you do not agree with any changes, you should discontinue use of the platform and may request account closure by contacting our support team.
8.2 Children's Privacy
The join 9 platform is strictly for adults aged 18 and above. We do not knowingly collect personal data from persons under the age of 18. If we become aware that a player is under 18, their account will be suspended immediately, any pending transactions reversed where possible, and their personal data deleted in accordance with applicable law. If you believe a minor has registered on our platform, please contact us immediately at [email protected].
8.3 Third-Party Links
The join 9 platform may contain references to third-party services such as payment providers (bKash, Nagad) or game software studios. These third parties operate independently and are governed by their own privacy policies. join 9 is not responsible for the data practices of these third parties and encourages you to review their privacy policies before providing any personal information directly to them.
8.4 Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or the way join 9 handles your personal data, please contact our dedicated privacy team using the details below. All privacy-related correspondence is handled in English.
This Privacy Policy was last updated in January 2026. The current version supersedes all previous versions of the join 9 Privacy Policy. If you have any questions before the policy takes effect, please reach out to us at [email protected].
To exercise your privacy rights, email us with the subject "Privacy Rights Request".
Ready to Play at join 9?
Explore cricket betting, live casino, slots, and more — with fast bKash and Nagad withdrawals and 24/7 support for players across Bangladesh.