joya 90 Privacy Policy — How We Protect Your Data
At joya 90, your privacy is a core commitment, not an afterthought. This Privacy Policy explains in plain, formal English what personal data we collect, why we collect it, how we use and store it, and what rights you hold over that data as a player based in Bangladesh.
At a Glance
Our Privacy Commitments to You
The following cards summarise how joya 90 approaches data privacy. These are not a substitute for reading the full policy below — they are orientation points to help you locate topics quickly.
Minimal Data Collection
joya 90 collects only the personal data that is strictly necessary for account management, payment processing, identity verification, and legal compliance. We do not collect data speculatively or for purposes unrelated to platform operation.
SSL Encryption
All data transmitted between your device and joya 90 servers is protected by industry-standard SSL/TLS encryption. Sensitive data — including payment details and identity documents — is encrypted at rest using AES-256 standards.
No Unauthorised Third-Party Sales
joya 90 does not sell, rent, or trade your personal data to third-party marketers. Data is shared only with trusted service partners required to operate the platform, under strict confidentiality obligations.
Your Rights Respected
You have the right to access, correct, and in certain circumstances delete the personal data joya 90 holds about you. Requests can be submitted at any time via our support email and will be handled within a reasonable timeframe.
Transparent Cookie Use
joya 90 uses cookies and similar tracking technologies solely for platform functionality, session management, fraud detection, and anonymous analytics. We do not use third-party advertising cookies or behavioural profiling tools.
Defined Retention Periods
joya 90 retains personal data only for as long as is necessary to fulfil the purposes set out in this policy, or as required by applicable law. Data no longer required for any legitimate purpose is securely deleted or anonymised.
Section 1
Data We Collect
joya 90 collects personal data through three primary channels: data you provide directly during registration and account use, data generated automatically through your interaction with the platform, and data received from third-party verification and payment partners.
1.1 Data You Provide Directly
When you register for a joya 90 account or update your profile, you provide us with information that is necessary to establish and maintain your account. This includes:
- Your full legal name, as it appears on your government-issued identity document.
- Your date of birth, used to verify that you meet the 18+ age requirement.
- Your current residential address in Bangladesh.
- Your mobile phone number, used for account verification and security notifications.
- Your chosen username and password (the password is stored in hashed form and is never visible to joya 90 staff).
- Your preferred payment method details, including the bKash, Nagad, Rocket, or Upay mobile number or bank account number registered in your own name.
- Any identity documents submitted during KYC verification, including national identity card (NID), passport, or other government-issued photo identification.
- Communications you send to the joya 90 support team, including the content of emails and live chat transcripts.
1.2 Data Collected Automatically
When you access and use the joya 90 platform, certain data is collected automatically by our systems as a technical necessity of delivering the service. This includes:
- Your IP address and approximate geographic location derived from it.
- Device identifiers, browser type, browser version, and operating system.
- Pages visited, time spent on each page, click patterns, and navigation paths within the joya 90 platform.
- Session start and end timestamps, login frequency, and session duration.
- Game activity data, including games played, wager amounts, win/loss outcomes, and session history.
- Transaction logs covering all deposits, withdrawals, and bonus activity associated with your account.
- Cookies and similar tracking data as described in Section 4 of this policy.
1.3 Data Received from Third Parties
joya 90 may receive personal data about you from third-party service providers engaged to support platform operations. These include:
- Identity verification providers who confirm the authenticity of documents submitted during KYC.
- Payment processors including bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, BRAC Bank, and international card networks (Visa, Mastercard), who provide transaction confirmation and fraud-signal data.
- Anti-fraud and AML screening services that check player details against watchlists and sanctions databases.
- Analytics providers who supply aggregated, anonymised behavioural insights used to improve platform performance.
Section 2
How We Use Your Data
joya 90 processes your personal data only for defined, legitimate purposes. The table below maps each category of data use to its legal basis and operational justification.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation and management | Name, date of birth, address, mobile number, username | Contractual necessity |
| Age and identity verification (KYC) | Name, date of birth, NID / passport, address | Legal obligation; contractual necessity |
| Payment processing and fraud prevention | Payment method details, transaction history, IP address | Contractual necessity; legitimate interest |
| AML screening and compliance | Name, date of birth, address, transaction data | Legal obligation |
| Customer support and dispute resolution | Account data, support correspondence, transaction logs | Contractual necessity; legitimate interest |
| Responsible gaming monitoring | Game activity, deposit frequency, session data | Legal obligation; legitimate interest |
| Platform security and abuse prevention | IP address, device identifiers, login patterns | Legitimate interest |
| Service improvement and analytics | Anonymised / aggregated behavioural data | Legitimate interest |
| Marketing communications (opted-in only) | Email address, mobile number, game preferences | Consent |
joya 90 will not use your personal data for any purpose that is incompatible with those listed above without first obtaining your explicit consent or establishing a new legal basis for doing so. Where we rely on your consent as the legal basis for processing — for example, to send you promotional communications — you may withdraw that consent at any time by contacting [email protected] or by using the unsubscribe mechanism included in any marketing message we send.
2.1 Automated Decision-Making
joya 90 uses automated systems for certain operational functions, including fraud detection, AML transaction monitoring, and responsible gaming alerts. These systems may flag accounts for review or apply temporary restrictions without human intervention as an initial step. Where an automated process results in a material decision affecting your account — such as a deposit block or withdrawal hold — you have the right to request human review of that decision by contacting [email protected]. joya 90 will review such requests in a fair and timely manner.
Section 3
Data Sharing and Disclosure
joya 90 does not sell or rent your personal data to any third party. Disclosure of your data outside of joya 90 occurs only in the limited circumstances described in this section.
3.1 Trusted Service Partners
joya 90 engages a limited number of third-party service providers who process personal data on our behalf as data processors. These partners include identity verification services, payment processors, cloud hosting providers, fraud and AML screening platforms, and customer support tooling providers. Each of these partners is bound by contractual data processing agreements that restrict their use of your data strictly to the tasks we have engaged them to perform. They may not use your data for their own independent purposes.
3.2 Legal and Regulatory Disclosure
joya 90 may be required to disclose personal data about a player to law enforcement agencies, financial intelligence units, regulatory bodies, or courts where we are legally compelled to do so — for example, in response to a valid court order, a regulatory investigation, or a statutory reporting obligation related to AML or fraud. In such cases, joya 90 will disclose only the minimum data required to satisfy the legal obligation and, where permitted by law, will notify the affected player that a disclosure has occurred.
3.3 Business Transfers
In the event that joya 90 undergoes a merger, acquisition, or sale of substantially all of its assets, player personal data may be transferred to the acquiring entity as part of that transaction. In such circumstances, joya 90 will notify affected players via their registered email address prior to the transfer taking effect and will ensure that the acquiring entity is contractually committed to honouring the privacy protections set out in this policy.
Section 4
Cookies and Tracking
joya 90 uses cookies and similar technologies to enable core platform functionality and to understand how players interact with the site. This section explains what we use, why, and how you can manage your preferences.
A cookie is a small text file placed on your device by a website you visit. Cookies allow the website to recognise your device on subsequent visits and to maintain continuity of your session and preferences. joya 90 uses the following categories of cookies:
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Session management, authentication, security tokens, anti-CSRF protection. These are required for the platform to function. Without them, login and gameplay are not possible. | No — required for service |
| Functional | Remembering your language and display preferences, storing your last visited game category, and maintaining responsible gaming tool settings you have configured. | Yes — via browser settings |
| Analytics | Measuring page performance, identifying navigation bottlenecks, and tracking aggregate usage patterns to improve the joya 90 platform. Data is anonymised before analysis. | Yes — via browser settings |
| Fraud Detection | Device fingerprinting and session anomaly detection used to identify and prevent account takeover, bonus abuse, and AML-related activity. These cannot be disabled without affecting account security. | No — required for security |
joya 90 does not use third-party advertising cookies, retargeting pixels, or social media tracking scripts. You will not be tracked across other websites for the purpose of serving joya 90 advertisements.
4.1 Managing Cookie Preferences
You may manage or disable non-essential cookies at any time through your browser's privacy or cookie settings. The exact steps vary by browser — consult your browser's help documentation for instructions specific to your software. Please note that disabling functional or analytics cookies will not affect your ability to use the core joya 90 platform, but may result in certain preference settings not being retained between sessions.
Section 5
Data Retention
joya 90 retains personal data for defined periods that reflect the purpose for which the data was collected and any applicable legal retention obligations. The following retention schedule applies.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | AML legal obligation; dispute resolution |
| KYC identity documents | Duration of account + 5 years post-closure | Regulatory compliance; fraud prevention |
| Transaction records | 7 years from transaction date | Financial record-keeping obligations |
| Support correspondence | 3 years from last interaction | Dispute resolution; quality assurance |
| Game activity logs | 3 years from date of activity | Responsible gaming monitoring; dispute resolution |
| Marketing preferences | Until consent is withdrawn | Consent-based processing |
| Analytics data (anonymised) | Indefinite (no personal identifiers) | Platform improvement; anonymised data carries no privacy risk |
At the end of the applicable retention period, joya 90 will securely delete or irreversibly anonymise the relevant personal data. Where data is anonymised rather than deleted — for example, in aggregate game statistics — no individual player can be identified from that data and it falls outside the scope of this privacy policy.
Where a player submits a deletion request (see Section 7 — Your Privacy Rights), joya 90 will assess that request against any overriding legal retention obligations before acting. Where a legal obligation requires us to retain certain data beyond the player's deletion request, we will inform the player of that obligation and retain only the minimum data required to satisfy it.
Section 6
Data Security
joya 90 implements a layered set of technical and organisational security measures to protect your personal data against unauthorised access, loss, alteration, or disclosure.
Our security infrastructure includes the following controls:
- Transport Layer Security (TLS): All data transmitted between your device and joya 90 servers is encrypted in transit using TLS 1.2 or higher. Connections to the joya 90 platform via unencrypted HTTP are automatically redirected to HTTPS.
- Encryption at rest: Sensitive data stored on joya 90 servers — including identity documents, payment method records, and password hashes — is encrypted at rest using AES-256.
- Access controls: Internal access to personal data is restricted on a strict need-to-know basis. Staff with access to player data are subject to confidentiality obligations and receive privacy and security training as part of their onboarding and ongoing role requirements.
- Network security: The joya 90 platform is protected by firewalls, intrusion detection systems, and regular vulnerability scanning. External penetration testing is conducted periodically to identify and remediate security weaknesses.
- Incident response: joya 90 maintains a documented data breach response procedure. In the event of a security incident that creates a material risk to player data, affected players will be notified without undue delay, together with details of the nature of the incident and the steps being taken to address it.
- Password security: Passwords are stored using a one-way cryptographic hash function. joya 90 staff cannot retrieve your password in plaintext. If you forget your password, you must reset it — it cannot be recovered.
Section 7
Your Privacy Rights
As a joya 90 player, you hold the following rights with respect to the personal data we process about you. To exercise any of these rights, contact us at [email protected] with your registered account username and the specific right you wish to invoke.
Right of Access
You have the right to request a copy of all personal data joya 90 holds about you. We will provide this information in a structured, readable format within a reasonable period of receiving your verified request.
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. Account profile data can often be updated directly within your joya 90 account settings; for KYC-related data, please contact support.
Right to Erasure
You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you withdraw consent and no other legal basis applies. Deletion requests are assessed against applicable legal retention obligations before action is taken.
Right to Restriction of Processing
In certain circumstances — for example, while the accuracy of data you have disputed is being verified — you may request that joya 90 restrict the processing of your personal data to storage only until the matter is resolved.
Right to Data Portability
Where processing is based on your consent or on a contract with you, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to have that data transmitted directly to another controller where technically feasible.
Right to Object
You have the right to object at any time to processing of your personal data based on joya 90's legitimate interests, including profiling carried out for fraud prevention or responsible gaming monitoring purposes, where you believe your individual circumstances override our legitimate interest. You also have an unconditional right to object to processing for direct marketing purposes.
Right Regarding Automated Decisions
Where a significant decision affecting your joya 90 account has been made solely by automated means — without human review — you have the right to request that the decision be reviewed by a member of the joya 90 team. Submit such requests to [email protected], clearly identifying the decision you wish to have reviewed.
joya 90 will respond to all valid privacy rights requests within 30 days of receipt. Where a request is complex or we have received multiple requests from the same individual simultaneously, we may extend this period by a further 60 days, in which case we will notify you of the extension and the reasons for it. We will not charge a fee for processing a valid rights request unless the request is manifestly unfounded or excessive, in which case we reserve the right to charge a reasonable administrative fee or decline to act.
Section 8
Policy Updates and Contact
This section explains how joya 90 will notify you of changes to this Privacy Policy and how to contact us with any privacy-related enquiry or complaint.
8.1 Policy Amendments
joya 90 reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, operational requirements, or applicable law. Where a proposed amendment is material — meaning it significantly affects how we collect, use, or share your personal data — we will provide at least 14 days' advance notice to registered players via their registered email address and via a prominent notice on the joya 90 platform before the amendment takes effect.
Minor amendments — such as corrections of typographical errors, clarifications that do not change the substance of the policy, or updates to reflect new contact details — may be made without prior notice, though the "Effective" date at the top of the policy will always be updated to reflect the most recent revision. We encourage you to review this policy periodically to stay informed of how joya 90 protects your data.
8.2 How to Contact Us
If you have any questions about this Privacy Policy, wish to exercise any of your privacy rights, or wish to raise a complaint about how joya 90 has handled your personal data, please contact our support team using the details below:
Email: [email protected] (plain text — not a clickable link)
Please include your registered username, the nature of your enquiry, and any relevant supporting information. We aim to acknowledge all privacy-related enquiries within 2 business days and to provide a substantive response within 30 days.
8.3 Complaints
If you are dissatisfied with joya 90's handling of your personal data or with our response to a privacy rights request, you are entitled to escalate your complaint. We ask that you first give joya 90 the opportunity to address your concern directly by contacting [email protected]. If the matter remains unresolved after our internal review, you may pursue the matter through any dispute resolution mechanism available to you under applicable law.
This Privacy Policy was last reviewed and updated in January 2026. It is published in English and governs the personal data of players accessing the joya 90 platform from Bangladesh.
Have Questions About Your Data?
Our support team is available around the clock. You can also explore our FAQ for quick answers, review our Terms & Conditions, or head back to the joya 90 homepage. 18+ only. Play responsibly.