Updated May 2026. This policy applies to dk88spins.my and all DK88 services available through this domain. “We”, “us”, and “DK88” refer to Flybergom B.V., registered in the Commercial Register of Curacao under number 167086, Schout bij Nacht Doormanweg 40, 1st floor, Willemstad, Curacao, operating under licence OGL/2024/2241/1178.
When Dashking88 launched in February 2026, one of its stated positioning points was a structured, compliance-first approach to data handling. This document translates that into plain language: what data Flybergom B.V. collects when you use DK88, what each category is used for, who outside of DK88 receives any of it, how long we retain each type, and what you can request regarding your own records. If you have read privacy policies at other Malaysian online casino platforms, the structure here is broadly similar because the underlying Curacao licence obligations are similar. The differences are in the specifics of what we collect and how certain categories are handled.
When you register at DK88, you provide a username, password, phone number, email address, and currency selection. You may also register through Google or Telegram social login. Each social login pathway transmits a minimal identifier to DK88 — your Google account email or your Telegram username and user ID — and nothing beyond what is required to create your DK88 account. The social login does not grant DK88 access to your contacts, messages, posts, or any other data from those platforms.
Your password is stored as a one-way hash. The original password value is not stored in any readable form in our systems. When you log in, the entered password is hashed and compared against the stored hash. Even full internal database access cannot retrieve the original password from a stored hash. If you forget your password, it cannot be recovered — only reset through a process that verifies your registered phone number or email.
Identity verification is triggered before your first withdrawal and may also be triggered by high deposit volumes or security flag events. The KYC process requires a photograph of a valid government-issued ID (MyKad, passport, or driving licence) and a selfie photograph. At larger withdrawal amounts, proof of address or source of funds may be required. You can register and play without completing KYC, but you cannot withdraw until verification is complete.
KYC documents are stored in an encrypted document management system with access restricted to compliance team members. Each access event is logged with the accessing staff member’s identity and reason. Documents are never transmitted to game providers, marketing platforms, or any commercial third party. When you launch a game at DK88, the provider’s servers receive an anonymous session token; your name, identity document, and personal details are not included in any game launch communication.
The retention period for KYC documents is five years from account closure, driven by Curacao gaming licence anti-money laundering record-keeping requirements. We cannot delete KYC documents before this period expires regardless of any deletion request. We will confirm the applicable period clearly if you make such a request and will specify the date on which deletion will occur.
| Data Category | What We Collect | Purpose | Retained |
|---|---|---|---|
| Registration | Username, hashed password, phone, email, currency selection | Account auth, communication | 5 yrs post-closure |
| KYC Documents | Government ID photo, selfie, optional proof of address | Withdrawal verification, AML | 5 yrs post-closure |
| Payment Identifiers | E-wallet account IDs, bank account references, transaction amounts and timestamps in MYR | Deposit/withdrawal processing | 7 yrs from transaction |
| Gameplay History | Games opened, bet amounts, win/loss outcomes, session duration, login timestamps | RG monitoring, fraud detection, iTech Labs audit trail | 2 yrs from session |
| Device and Technical | IP address, device type, browser version, OS, approximate geolocation | Jurisdiction verification, fraud, technical performance | 1 yr from collection |
| Support Communications | Live chat transcripts, Telegram messages to support | Dispute resolution, compliance | 2 yrs from last message |
For each deposit or withdrawal, we record the payment method type, the transaction amount in MYR, the timestamp, and the platform-side transaction reference. For e-wallet transactions, we store the e-wallet account identifier (your TNG or GrabPay reference). For bank transfers, we store the bank name and a partial account reference. We do not store full bank account numbers or any payment credentials that would allow independent transaction initiation. Full payment credentials are handled by the payment gateway, not by DK88 systems.
DK88 does not sell personal data to any third party. The following sharing categories exist and are each purposeful and limited.
TnG, DuitNow, GrabPay, Boost, Maybank, CIMB, and banking gateway operators receive transaction-specific data: the payment identifier, amount, and timestamp for each deposit or withdrawal they process. No KYC documents and no gameplay data are shared. Processors are contractually prohibited from secondary use.
When you open a game, an anonymous session token is passed to the provider. No username, email, phone number, payment data, or KYC documents are included. The session token is sufficient for the provider to run the game session and record its outcomes for RTP audit purposes. It contains no personal identifier.
The Curacao Gaming Control Board and, where legally required by valid legal process, Malaysian regulatory or law enforcement bodies may request account data. We comply with valid requests. Where the law permits notification, we inform the affected account holder that a request was received and what was provided.
Anonymised device and session behaviour data is shared with fraud detection services for pattern analysis. This data is not linked to personal identity in what is shared with these services. They are contractually prohibited from using it for any purpose other than fraud and AML pattern detection.
All data transmitted between your device and DK88 servers uses 256-bit SSL. This covers login, deposit and withdrawal initiation, live chat, and all game launch API communications. Sensitive data stored on our servers — KYC documents, payment identifiers, hashed passwords — is encrypted at rest using current encryption standards. Access to each personal data category is limited by role: a support agent handling a withdrawal query does not have access to KYC documents; a compliance officer reviewing KYC has logged access but not access to live chat transcripts from a different support interaction.
In the event of a security incident that results in unauthorised access to personal data, affected accounts are notified within 72 hours of DK88 becoming aware of the breach, including a description of what data was accessed and what mitigation was applied. If you believe your DK88 account has been compromised, contact live chat immediately to request an emergency account freeze. We process this request within minutes and investigate the incident while the account is frozen.
DK88 uses cookies for four operational purposes: session authentication (keeping you logged in), language and display preference storage, analytics on which features and game categories are used most frequently, and security monitoring for unusual session patterns. Advertising cookies are not used. No third-party advertising network receives data through DK88’s cookie implementation. Browser-level cookie management applies normally; disabling session cookies will prevent persistent login and will likely disrupt normal platform use.
Changes to this policy that affect what data is collected, who receives it, or what rights you have are communicated to registered accounts via in-platform notification at least 14 days before taking effect. Minor text clarifications update the policy with a revised date, which is always shown at the top of this page. For privacy queries, contact DK88 live chat identifying your request as a data privacy matter, or use the privacy contact details in the Help section. We respond within 5 business days for general queries and within 30 calendar days for formal data requests. For regulatory escalation, the Curacao Gaming Control Board as the governing jurisdiction for licence OGL/2024/2241/1178 provides the formal regulatory contact process.
