Customer Support
Privacy Policy
Privacy Policy
Last Updated: 2026-05-18
Skip to content
Introduction
hype247, operated by One Crane Studio Ltd. (hereinafter referred to as "the Company", "we", "us"), is committed to protecting the privacy of our users and handling personal information with the highest standards of care and transparency.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and what rights you have in relation to your data. Our practices comply with applicable data protection laws, including the Personal Data Protection Act 2010 (PDPA) of Malaysia, the 2005 Anjouan Betting and Gaming Act, and applicable Anti-Money Laundering (AML) legislation. hype247 operates under a valid iGaming licence issued by the Anjouan Gaming Board (AGB), Licence Number ALSI-202604043-FI2 (issued 2026-04-29, valid until 2027-04-28).
This Privacy Policy is available in English. A Malay language version will be made available in due course.
By registering an account and using our services, you acknowledge that you have read and understood this Privacy Policy. This policy should be read in conjunction with our Terms and Conditions.
Information We Collect
Due to the regulated nature of online gambling, the Company collects a variety of personal information during the course of your relationship with us. The types of information we collect include, but are not limited to:
Registration Data Your name, date of birth, email address, residential address, telephone number, username, and password.
KYC (Know Your Customer) Documentation Government-issued identification (e.g., passport) required for identity and age verification. KYC documents are processed through secure, authorized third-party verification providers. The Company retains only the outcome of the verification process, not the original documents.
Biometric Data As part of the KYC process, the Company collects a real-time facial recognition photograph for identity verification purposes. This constitutes sensitive personal data under the PDPA 2010. Such data is collected only with your explicit consent, processed solely for identity verification, and is not used for any other purpose.
Financial Information Transaction history, deposit and withdrawal records, and payment method details.
Usage and Technical Data Login records, IP address, device information, browser type, session data, game play history, and activity logs.
Customer Support and Communication Records Email correspondence, messaging records, self-exclusion requests, and account inquiry history.
Promotional and Survey Data Responses to competitions, surveys, promotions, and bonus-related activities.
How We Collect Your Information
We collect personal information directly from you through lawful, transparent, and fair means. Collection takes place upon account registration, when using or accessing our services, when making deposits or withdrawals, when contacting our customer support team, and when participating in promotions or surveys.
In certain circumstances, we may also receive information from third-party sources, including identity and age verification providers, credit reporting agencies, and law enforcement agencies.
Personal information may also be collected automatically through cookies, web beacons, and log files. Please refer to Section 10 (Cookies) for further details.
Why We Use Your Information
We collect and process your personal information for the following purposes:
To register and maintain your account and verify your identity
To provide, operate, and maintain our services
To process payments, deposits, and withdrawals
To comply with legal and regulatory obligations, including AML, KYC, and licensing requirements
To prevent underage gambling and verify user age
To investigate and prevent fraudulent activity or unauthorized transactions
To send promotional materials and marketing communications, subject to your explicit prior consent (opt-in)
To provide customer support and respond to your inquiries
To manage self-exclusion requests and responsible gaming measures
To analyze usage patterns in order to improve our services and user experience
To ensure the security and integrity of our platform
KYC and Age Verification
The Company strictly prohibits the use of its services by individuals under the age of 18. We reserve the right to request KYC documentation at any time to verify your age and identity.
The Company operates the following KYC process:
Stage 1 (Registration): Email verification — a temporary account is created upon successful verification.
Stage 2 (Full Member Activation): Submission of a valid passport and a real-time facial recognition photograph. As facial recognition data constitutes sensitive personal data under the PDPA 2010, this data is collected only upon your explicit consent. Full account privileges are activated upon successful verification.
Withdrawal Authentication: Google OTP (one-time password) verification is required as a final identity check prior to each withdrawal.
KYC documentation is processed by authorized third-party providers. The Company retains only the result of the verification process, not the original documents.
Malaysia PDPA 2010 Compliance
The Company processes the personal data of users in compliance with the Personal Data Protection Act 2010 (PDPA). The following seven principles govern all aspects of our data handling practices.
6-1. General Principle Personal data is collected and processed only through lawful and fair means, solely for the purposes disclosed at the time of collection.
6-2. Notice and Choice Principle At the time of account registration, you will be informed of the purposes for which your personal data is being collected. Marketing and promotional communications are subject to your explicit prior consent (opt-in) and are separated from mandatory account registration consent.
Mandatory: Acceptance of Terms and Conditions and Privacy Policy
Optional: Consent to receive promotional and marketing communications
6-3. Disclosure Principle Your personal data will not be disclosed to third parties without your prior consent, except where required by law. Only the minimum data necessary will be shared.
6-4. Security Principle The Company implements appropriate technical and organizational security measures including encryption, role-based access controls, and secure server environments.
6-5. Retention Principle Personal data is retained only for as long as necessary:
KYC and transaction records: minimum 5 years following account closure (AML compliance)
Biometric data: retained only for the duration of identity verification; only the result is retained thereafter
Access and system logs: up to 1 year
Customer support records: for the period reasonably necessary to resolve the relevant matter
Marketing data: until consent is withdrawn or as required by law
6-6. Data Integrity Principle The Company takes reasonable steps to ensure that all personal data held is accurate, complete, and up to date.
6-7. Access and Correction Principle You have the right to request access to or correction of your personal data. Requests will be processed within 21 days of receipt. A reasonable processing fee may apply in accordance with the PDPA 2010. To submit a request, contact us at [email protected].
Marketing Communications
The Company will only send marketing communications where you have provided explicit prior consent (opt-in).
You may withdraw consent at any time through any of the following methods:
Clicking the unsubscribe link in any marketing email
Updating your preferences in your account settings
Sending a request to [email protected]
Sharing Your Information
We do not sell or rent your personal information to third parties. We may share information with the following trusted third parties only where necessary:
KYC and Identity Verification providers [to be updated upon contract] — verification result data only
Customer Support providers [to be updated upon contract]
Game Providers (e.g., Evolution, Pragmatic Play) — User ID and currency information only
Payment Service Providers — for processing financial transactions
Cloud Infrastructure providers (e.g., AWS, Google Cloud) — for secure data storage
IT Consultants and Professional Advisors — bound by confidentiality obligations
Law Enforcement and Regulatory Authorities — when required by applicable law
Business Successors — in the event of a merger, acquisition, or reorganization
All third parties are contractually required to maintain equivalent confidentiality and security standards.
International Data Transfers
Your personal information may be transferred to or processed in countries outside Malaysia when engaging overseas service providers, sharing data within the One Crane Studio Ltd. group, or when required by regulatory or law enforcement agencies.
Under the PDPA 2010, personal data may only be transferred outside Malaysia to approved countries, or where you have given explicit consent, or where transfer is necessary for the performance of a contract between you and the Company.
Where data is transferred internationally, the Company ensures appropriate contractual safeguards are in place requiring equivalent protection standards.
10. Cookies
We use essential, functional, and analytical cookies to ensure proper website functioning and to improve user experience. Cookies are not used to collect account credentials or financial transaction details.
You may manage cookie preferences through your browser settings or the Privacy Settings in your account. For full details, please refer to our separate Cookie Policy.
11. Your Rights
In accordance with the PDPA 2010, you have the following rights:
Right of Access: Request a copy of your personal data (a reasonable processing fee may apply)
Right of Correction: Request correction of inaccurate or incomplete data
Right to Withdraw Consent: Withdraw consent for marketing communications at any time
Right to Lodge a Complaint: Submit a complaint to the relevant supervisory authority
To exercise these rights, contact us at [email protected].
Supervisory Authority: Personal Data Protection Department (JPDP) — http://www.pdp.gov.my/
12. Security
The Company implements appropriate technical and organizational measures including encrypted servers, role-based access controls, and confidentiality obligations for all staff and partners.
You are responsible for maintaining the security of your own account. If you believe your account has been accessed by an unauthorized party, notify us immediately at [email protected].
13. Complaints and Supervisory Authority
Personal Data Complaints: [email protected] (response within 21 days)
Group Privacy Officer (GPO): [email protected]
Supervisory Authority: Personal Data Protection Department (JPDP) — http://www.pdp.gov.my/
14. Changes to This Policy
You will be notified of significant changes via email or in-site notice no less than 30 days prior to the changes taking effect, except where immediate amendment is required by law.
15. Contact Us
General Privacy Inquiries: [email protected]
Group Privacy Officer (GPO): [email protected]
Customer Support and Self-Exclusion: [email protected]
Operator: One Crane Studio Ltd. Registered Address: Suite 3, Global Village, Jivan' Complex, Mont Fleuri, Mahe, Seychelles Company Number: 248135 Licence Number: ALSI-202604043-FI2 | Issued: 2026-04-29 | Valid until: 2027-04-28
Hype247 Casino
Get Hype! Where Every Heartbeat Feels Like Victory.