AW33
Current Online User: 74,468
Register
AW33 · Legal · Data Protection

AW33 Privacy Policy

This Privacy Policy describes how AW33 ("AW33", "we", "us", "our") collects, uses, shares, and protects your personal data when you use our website aw-33.com, the AW33 mobile application, and related services (collectively, the "Platform").

We take your privacy seriously. This policy explains in plain language what data we collect, why we collect it, who we share it with, how long we keep it, and the rights you have to access, correct, or delete it.

This Privacy Policy works together with our Terms and Conditions and Responsible Gaming Policy to form the agreement governing your use of AW33.

1. Introduction and Scope

1.1 This Privacy Policy applies to all personal data processed by AW33 in connection with your use of the Platform.

1.2 By registering for an Account, depositing funds, or otherwise using the Platform, you confirm that you have read, understood, and agree to the data practices described in this policy.

1.3 This policy may be supplemented by additional notices at the point of data collection (for example, when claiming a specific bonus or completing KYC) — those supplementary notices form part of this policy.

1.4 Capitalised terms not defined here have the meanings given in our Terms and Conditions.

2. Data Controller and Contact

2.1 Data Controller. AW33 is the data controller responsible for the personal data described in this policy. [LEGAL: Insert formal company name and registered jurisdiction]

2.2 Data Protection Officer. For questions about your personal data or this policy, contact our Data Protection Officer:

3. Personal Data We Collect

We collect the following categories of personal data when you use AW33:

3.1 Identity and Registration Data

  • Full name (first, middle, last)
  • Date of birth
  • Gender (optional)
  • Username
  • Password (stored as a one-way encrypted hash; never in plain text)
  • Email address
  • Mobile or WhatsApp number
  • Country and region of residence
  • Preferred language

3.2 Identity Verification (KYC) Data

  • Government-issued ID number and document images (Citizenship Certificate, Passport, Driving License, Voter ID, or PAN Card)
  • Selfie photograph for biometric matching against ID
  • Proof of address documentation when requested
  • Source-of-funds documentation when requested for larger transactions

3.3 Financial and Transaction Data

  • Payment method details (eSewa, Khalti, IME Pay, ConnectIPS) — typically tokenised by the payment provider; AW33 does not store full account numbers in plain form
  • Deposit and withdrawal history with amounts, timestamps, and method
  • Account balance and bonus credit balance
  • Currency conversion records (where applicable)

3.4 Gameplay and Behavioural Data

  • Games accessed, bets placed, stakes, outcomes, and winnings
  • Session duration and frequency
  • Bonus claims and wagering progress
  • Sports betting history (markets, odds, settlements)
  • Behavioural patterns analysed for fraud prevention and responsible gaming monitoring

3.5 Technical Data

  • IP address
  • Device type, operating system, browser type and version
  • Device identifier (for the AW33 mobile app)
  • General location derived from IP (city/region — not precise location)
  • Mobile network operator (e.g., NTC, Ncell)
  • Login timestamps and session tokens

3.6 Communications Data

  • Live chat transcripts with our support team
  • Email correspondence
  • Telegram and WhatsApp messages exchanged with our support channels
  • Voice call recordings (if applicable, with prior notice and consent)

3.7 Marketing Preferences

  • Your consent status for marketing communications
  • Promotion preferences (cricket alerts, slot promotions, VIP offers)
  • Subscription history for the AW33 Telegram channel

4. How We Collect Your Personal Data

We collect your data through the following means:

4.1 Directly from you — when you register, complete KYC, deposit funds, place bets, contact support, or update Account preferences.

4.2 Automatically — when you visit the website or use the AW33 app, certain technical data (IP, device, session) is collected via cookies, server logs, and similar technologies.

4.3 From third parties — including:

  • Payment providers (eSewa, Khalti, IME Pay, ConnectIPS) confirming transactions
  • KYC verification partners performing document and biometric checks
  • Game providers (Pragmatic Play, PG Soft, JILI, Spribe, Evolution) reporting game outcomes
  • Fraud prevention services flagging suspicious activity
  • Public databases for AML screening (sanctions lists, politically exposed persons databases)

4.4 From referrals — if you register using a referral code, we record your association with the referring Player to credit the referral bonus.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

5.1 Account creation and management. To register, verify, secure, and maintain your AW33 Account, including authenticating your logins and processing your transactions.

5.2 Service delivery. To provide the gaming services you request — placing bets, settling outcomes, crediting winnings, processing deposits and withdrawals, and managing bonus eligibility.

5.3 Identity verification and AML compliance. To meet legal obligations under anti-money-laundering and counter-terrorism-financing regulations, including KYC, source-of-funds checks, and screening against sanctions lists.

5.4 Fraud prevention and security. To detect and prevent fraud, money laundering, multi-accounting, bonus abuse, account takeover, and other security threats — including AI-driven anomaly detection on transaction and gameplay patterns.

5.5 Responsible gaming. To monitor for early signs of problem gambling and proactively offer player-protection tools, as described in our Responsible Gaming Policy.

5.6 Customer support. To respond to your inquiries, resolve complaints, and provide technical assistance through live chat, Telegram, WhatsApp, and email.

5.7 Service improvement. To analyse usage patterns and improve the Platform's functionality, performance, and design.

5.8 Marketing communications (with consent). To send you promotional offers, bonus announcements, and platform updates — only where you have given marketing consent. You can opt out at any time.

5.9 Legal compliance. To meet legal obligations, respond to lawful requests from regulators or law enforcement, and protect AW33's legal rights.

6. Legal Basis for Processing

Where applicable data protection law requires us to identify a legal basis for processing your data, we rely on the following:

6.1 Performance of a contract — to deliver the gaming services you request under our Terms and Conditions.

6.2 Legal obligation — to meet AML, KYC, tax, and other regulatory requirements.

6.3 Legitimate interests — for fraud prevention, security, service improvement, and Account analytics, balanced against your fundamental rights.

6.4 Consent — for marketing communications, optional cookies, and other purposes where consent is the appropriate legal basis. You may withdraw consent at any time.

6.5 Vital interests — in rare cases involving the safety of any person, including responsible gaming interventions for at-risk Players.

7. Sharing Your Personal Data

AW33 shares your personal data with the following categories of recipients only as necessary:

7.1 Payment processors. eSewa, Khalti, IME Pay, ConnectIPS — to process deposits and withdrawals. These providers handle your payment data under their own privacy policies.

7.2 KYC and identity verification providers. Specialised third-party services that verify your government-issued ID and biometric photograph against fraud databases.

7.3 Game providers. Pragmatic Play, PG Soft, JILI, Spribe, Evolution, and other certified game studios — to deliver the games you play. Game providers receive only the minimum data required to deliver the service (typically a session ID, bet amount, and game outcome).

7.4 Communication platforms. WhatsApp (Meta) and Telegram — when you use these channels for login, 2FA verification, or support. These platforms process your messages under their own privacy policies.

7.5 Fraud prevention and AML compliance partners. Third-party services that screen accounts for fraud risk, money laundering, and sanctions compliance.

7.6 Cloud and infrastructure providers. Hosting providers, content delivery networks (CDNs), and analytics platforms that operate the technical infrastructure of the Platform. These providers act as our processors under contractual data processing agreements.

7.7 Regulators and law enforcement. Where required by law, court order, or lawful regulatory request, we may disclose data to government authorities, regulators, tax authorities, or courts.

7.8 Professional advisers. Our legal counsel, auditors, and accountants, where necessary for the operation of our business.

7.9 Business transfers. In the event of a merger, acquisition, or restructuring of AW33, your data may be transferred to the new entity, subject to equivalent privacy protections.

7.10 We do not sell your personal data. AW33 does not sell or rent your personal information to third-party advertisers or data brokers under any circumstances.

8. International Data Transfers

8.1 AW33 operates as an international platform. Your personal data may be transferred to, stored in, and processed in countries other than Nepal — including jurisdictions where our infrastructure providers, KYC partners, and game providers are based.

8.2 Where data is transferred internationally, we apply appropriate safeguards, including:

  • Standard contractual clauses with international partners
  • Encryption of data in transit and at rest
  • Vendor security assessments before engagement
  • Limiting transferred data to the minimum required for the specified purpose

8.3 [LEGAL: Specify primary processing jurisdictions and confirm appropriate transfer mechanisms — e.g., GDPR Standard Contractual Clauses where EU data is involved]

9. How Long We Retain Your Data

We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by law.

Data CategoryRetention Period
Active Account dataWhile your Account is active
KYC documentation5 years after Account closure (AML requirement)
Transaction records5 years after Account closure (AML requirement)
Gameplay history5 years after Account closure
Marketing dataUntil consent is withdrawn
Customer support records2 years from the date of the interaction
Cookies and technical dataPer cookie expiry rules in §10

9.1 [LEGAL: Confirm retention periods against applicable Nepali AML, tax, and consumer-protection law. The 5-year default is consistent with international iGaming AML standards]

9.2 After the retention period expires, we either delete or anonymise the data so it can no longer be linked to you.

10. Cookies and Tracking Technologies

The Platform uses cookies and similar technologies to operate, secure, and improve your experience.

10.1 Categories of cookies we use

  • Strictly necessary cookies — required for the Platform to function (e.g., session tokens, security cookies, language preferences). These cannot be disabled.
  • Functional cookies — remember your preferences (e.g., language toggle, "remember me" on login).
  • Analytics cookies — help us understand how the Platform is used (anonymised analytics).
  • Marketing cookies — used only with your consent for promotional measurement and personalisation.

10.2 Managing cookies

You can manage cookie preferences through your browser settings or via the cookie banner displayed on your first visit. Disabling strictly necessary cookies will prevent core Platform features from working.

10.3 Do Not Track signals

The Platform does not currently respond to Do Not Track browser signals, as no consistent industry standard exists for honouring them.

11. Your Privacy Rights

Subject to applicable law, you have the following rights over your personal data:

11.1 Right to access — request a copy of the personal data we hold about you.

11.2 Right to rectification — request correction of inaccurate or incomplete data.

11.3 Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal retention requirements (e.g., we cannot delete KYC data during the AML retention period).

11.4 Right to restriction — request that we limit how we process your data while a complaint is being investigated.

11.5 Right to data portability — receive your data in a structured, commonly used, machine-readable format.

11.6 Right to object — object to processing based on legitimate interests, including profiling.

11.7 Right to withdraw consent — for processing based on consent, including marketing communications. Withdrawal does not affect the lawfulness of prior processing.

11.8 Right to lodge a complaint — with your local data protection authority. [LEGAL: For Nepal, reference the relevant authority once the Personal Data Protection framework is enacted]

11.9 How to exercise your rights

Submit your request via:

  • Email to our DPO: [LEGAL: Insert email]
  • In-app live chat — mention "data protection request" for priority routing

We will respond within 30 days of receiving a verified request. Identity verification may be required before we process your request, to protect your data from unauthorised disclosure.

12. Marketing Communications

12.1 Consent. AW33 sends marketing communications only to Players who have explicitly opted in.

12.2 Channels. With your consent, you may receive marketing via email, SMS, WhatsApp, Telegram, and in-app push notifications.

12.3 Opt-out. You may opt out of marketing at any time by:

  • Tapping the unsubscribe link in any marketing email
  • Replying STOP to any marketing SMS
  • Adjusting your preferences in Account → Notifications
  • Contacting our DPO directly

12.4 Service communications. Even after opting out of marketing, you will continue to receive essential service communications (e.g., account verification, security alerts, transaction confirmations) — these cannot be opted out of while your Account is active.

13. Children's Privacy

13.1 AW33 is strictly for users aged 18 and over. We do not knowingly collect personal data from anyone under 18.

13.2 If we discover that we have collected personal data from a person under 18, we will close the Account immediately and delete the associated data, except where retention is required for legal or compliance purposes.

13.3 If you are a parent or guardian and believe your child has provided us with personal data, please contact our DPO immediately. We will act on every report.

13.4 Parents are encouraged to use device-level parental controls (Google Family Link, Apple Screen Time) to block gambling content on minors' devices.

14. How We Protect Your Data

We take a layered approach to data security:

14.1 Encryption in transit. All data exchanged between your device and AW33 servers is encrypted with 256-bit SSL / TLS 1.3 — the same standard used by Nepali commercial banks.

14.2 Encryption at rest. Sensitive data — including KYC documents, payment tokens, and authentication credentials — is encrypted on our servers.

14.3 Tokenisation. Payment account details (eSewa, Khalti, IME Pay, ConnectIPS) are tokenised by the respective providers; AW33 stores only the token, not the underlying account number.

14.4 Password security. Passwords are stored as one-way cryptographic hashes (using industry-standard algorithms such as bcrypt) and are never recoverable in plain text — not even by AW33.

14.5 Access controls. Only authorised AW33 personnel with a legitimate business need can access personal data, with audit logs maintained for sensitive operations.

14.6 Biometric and 2FA options. Players are encouraged to enable 2FA and biometric login (in the AW33 app) for additional Account protection.

14.7 Regular security audits. Our infrastructure undergoes regular security assessments by qualified third parties.

14.8 Employee training. All AW33 staff handling personal data complete privacy and security training.

15. Data Breach Notification

15.1 In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, AW33 will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by applicable law
  • Notify affected Players without undue delay where the breach is likely to result in a high risk to your rights
  • Provide clear information about what happened, what data was affected, what we are doing in response, and what you can do to protect yourself

15.2 Maintained breach response procedures ensure rapid containment, investigation, and notification.

16. Third-Party Links and Integrations

16.1 The Platform may contain links to third-party websites (e.g., game providers, payment partners, the AW33 Telegram channel, AW33 WhatsApp support).

16.2 Once you leave the Platform, this Privacy Policy no longer applies. Each third party operates under its own privacy policy. We encourage you to review the privacy practices of any third party before sharing data with them.

16.3 AW33 is not responsible for the content or privacy practices of third-party services.

17. Changes to This Privacy Policy

17.1 We may update this Privacy Policy from time to time. The current version is always published at aw-33.com/privacy/, with the "Last updated" date displayed at the top.

17.2 Material changes. Where changes materially affect how we process your data, we will notify you in advance via email or in-app notification — at least 14 days before the changes take effect.

17.3 Continued use. Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

17.4 Archive. Previous versions of this Privacy Policy are available on request from our DPO.

18. Contact Us

For any questions, requests, or concerns about your personal data or this Privacy Policy, contact our Data Protection Officer:

  • Email: [LEGAL: Insert DPO email]
  • In-app live chat — mention "data protection" for priority routing
  • Telegram: official AW33 Telegram channel
  • Postal address: [LEGAL: Insert registered office address]

We will acknowledge your request within 5 business days and provide a substantive response within 30 days, in line with international data protection best practices.