2agame Privacy Policy
— How We Handle Your Personal Data

2agame operates as the data controller in respect of personal data collected through the 2agame platform. As data controller, 2agame determines the purposes for which personal data is processed and the means by which processing is carried out, in accordance with applicable international data protection standards and the obligations imposed by 2agame's gaming licensing authority.

All enquiries, requests, and complaints relating to this Privacy Policy or 2agame's data processing activities should be directed to the 2agame Data Protection contact point. Contact details are provided in Section 15 of this Policy. 2agame will respond to all data-related enquiries within 30 calendar days of receipt.

2agame collects the following categories of personal data from players during the account lifecycle:

We do not collect sensitive special categories of personal data (such as health information, religious beliefs, or political opinions) except where specifically required by our responsible gaming obligations — for example, recording a player's self-exclusion request and the reason provided, where voluntarily disclosed.

2agame collects personal data through the following channels and mechanisms:

• Direct Provision by You: When you register a 2agame account, complete the KYC verification process, make a deposit or withdrawal, contact our support team, participate in a promotion, or complete any other platform interaction that requires data input, you provide personal data directly to us.
• Automated Technical Collection: When you access and use the 2agame platform, our servers and analytics systems automatically collect technical and behavioural data including your IP address, device identifiers, browser characteristics, session duration, pages navigated, and interaction patterns. This collection occurs whether or not you are logged into your 2agame account.
• Cookies and Similar Technologies: 2agame uses cookies, web beacons, and similar tracking technologies to collect data about your browsing behaviour, maintain your login session, and personalise your platform experience. See Section 9 of this Policy for full details of our cookie usage.
• Payment Processor Data: When you deposit or withdraw via JazzCash, EasyPaisa, or bank transfer, our payment processing partners may share confirmation data — including transaction references and wallet identifiers — with 2agame to facilitate payment recording and reconciliation.
• Third-Party Identity Verification: Where 2agame uses external KYC service providers to verify identity documents, those providers may return verification status data and risk scores to 2agame as part of the compliance process.

2agame processes your personal data on the following legal bases, consistent with internationally recognised data protection principles:

• Contractual Necessity: Processing required to perform our contract with you — that is, to provide you with a functioning 2agame account, process your deposits and withdrawals, credit your winnings, and deliver the games and features you have signed up to use.
• Legal Obligation: Processing required to comply with our legal and regulatory obligations under international gaming licensing requirements, including KYC identity verification, anti-money laundering (AML) record-keeping, responsible gaming monitoring, and regulatory reporting.
• Legitimate Interests: Processing that serves 2agame's legitimate business interests where those interests are not overridden by your data protection rights — including fraud prevention, platform security, abuse detection, improving our services through analytics, and direct marketing to existing customers (subject to opt-out rights).
• Consent: Where we rely on your consent as the legal basis for processing — most commonly for optional marketing communications and for non-essential cookies — you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

2agame uses your personal data for the following specific purposes:

• Creating and managing your 2agame player account, including authentication and session management.
• Processing your deposits and withdrawals through your chosen Pakistani payment channels (JazzCash, EasyPaisa, HBL, UBL, Meezan Bank, Raast, 1LINK, USDT).
• Conducting KYC identity verification and age confirmation before withdrawal functionality is activated.
• Complying with anti-money laundering obligations, including transaction monitoring and suspicious activity reporting.
• Crediting bonuses and managing wagering requirement tracking within your account.
• Detecting and preventing fraud, money laundering, multi-accounting, bonus abuse, and other prohibited activities on the 2agame platform.
• Monitoring gaming patterns to identify potential problem gambling indicators and to administer responsible gaming interventions, including self-exclusion enforcement.
• Providing customer support and resolving disputes, including maintaining records of all support interactions.
• Sending transactional communications essential to your account — including deposit confirmations, withdrawal updates, security alerts, and account notifications.
• Sending promotional communications about 2agame bonuses, new games, and special offers — where you have consented to receive such communications or where we rely on legitimate interests for direct marketing to existing customers. You may opt out at any time.
• Analysing aggregated, anonymised usage data to improve 2agame's platform functionality, game library, and user experience.
• Complying with requests from competent regulatory authorities, law enforcement agencies, or courts of competent jurisdiction.

2agame does not sell your personal data to any third party under any circumstances. We share your personal data only in the following limited and controlled circumstances:

• Payment Processors: We share necessary payment and identity data with our payment processing partners (including JazzCash and EasyPaisa network integrators, and banking partners for HBL, UBL, and Meezan Bank transfers) solely to execute your requested transactions. These partners are contractually obligated to process your data only for payment purposes and not to use it for any independent purpose.
• KYC / Identity Verification Providers: We may share your identity document images and personal details with third-party KYC verification services to automate and support the verification process. These providers operate under strict data processing agreements and may only use your data for verification purposes.
• Game Content Providers: Where 2agame integrates games from third-party software providers, limited session and wagering data may be transmitted to those providers to facilitate game play, RNG processing, and jackpot network participation. Providers receive only the data necessary for game delivery.
• Regulatory and Law Enforcement Authorities: We are required to share certain data with our licensing authority as part of ongoing compliance monitoring. We may also be required to disclose personal data to law enforcement agencies, courts, or other governmental bodies where we receive a valid legal order or where we are otherwise legally obligated to do so.
• Self-Exclusion Registers: Where required by our licensing obligations or where a player requests cross-operator self-exclusion, we may share necessary identifying data with industry self-exclusion registers to facilitate exclusion from multiple gaming platforms simultaneously.
• Professional Advisers: We may share data with legal counsel, auditors, and compliance consultants where necessary for the conduct of their professional services, subject to confidentiality obligations.

As 2agame operates under an international gaming licence and uses technology infrastructure and service providers that may be located in various countries, your personal data may be transferred to and processed in countries outside Pakistan. 2agame takes the following measures to ensure that international transfers of your personal data maintain adequate levels of protection:

• Transfers to service providers are governed by contractual data protection clauses that impose equivalent data protection obligations on the recipient regardless of where they are located.
• We conduct due diligence on all international data processors to assess their security standards, privacy practices, and compliance posture before entrusting them with 2agame player data.
• Where possible, we minimise the categories of personal data transferred internationally to only those data points strictly necessary for the specific processing purpose involved.

By using the 2agame platform, you acknowledge and accept that your personal data may be transferred internationally as described in this section for the purposes outlined in this Privacy Policy.

2agame retains your personal data for the periods specified in the table below, after which data is securely deleted or irreversibly anonymised:

After the applicable retention period, 2agame will securely delete or anonymise your personal data so that it can no longer be associated with your identity. Where deletion is technically impractical (for example, in encrypted backup systems), data will be isolated and overwritten in the next scheduled backup cycle.

2agame uses cookies and similar tracking technologies when you access our platform. Cookies are small text files stored on your device that allow us to recognise you across sessions and deliver a personalised platform experience. The following categories of cookies are used by 2agame:

• Strictly Necessary Cookies: Essential for the operation of the 2agame platform. These cookies maintain your login session, secure your connection, and ensure the platform functions correctly. They cannot be disabled without breaking platform functionality and do not require your consent.
• Functional Cookies: These cookies remember your preferences — such as language settings, last game played, and preferred payment method — to personalise your 2agame experience across sessions. They are set with your implicit consent through account use.
• Analytics Cookies: Used to collect aggregated, anonymised data about how players navigate and use the 2agame platform. This data helps us identify technical issues, understand feature popularity, and improve the platform. We rely on legitimate interests for these cookies but you may opt out through your browser settings.
• Security Cookies: Used to detect suspicious activity, prevent fraudulent account access, and implement rate limiting on login attempts. These are strictly necessary for platform security and operate without user-facing controls.

2agame recognises and will honour the following data subject rights for all players, including those accessing the platform from Pakistan. To exercise any of these rights, contact us using the details in Section 15. We will respond within 30 days; complex requests may require up to 60 days, in which case we will notify you of the extension and the reason for it.

• Right of Access: You may request a copy of all personal data 2agame holds about you, including your account details, gaming history, KYC status, and transaction records. We will provide this in a structured, commonly used format.
• Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. Some data (such as CNIC details and date of birth) can only be corrected upon submission of updated identity documentation.
• Right to Erasure ("Right to Be Forgotten"): You may request deletion of your personal data where it is no longer necessary for the purposes it was collected, where you withdraw consent (where consent was the basis), or where you object to processing and there is no overriding legitimate interest. This right is subject to our regulatory data retention obligations — we cannot delete data we are legally required to retain.
• Right to Restriction: You may request that we restrict the processing of your personal data in certain circumstances — for example, while we verify the accuracy of disputed data, or while an objection to processing is under consideration.
• Right to Data Portability: You may request a copy of personal data you have provided to 2agame in a machine-readable format (JSON or CSV), suitable for transfer to another service provider where technically feasible.
• Right to Object: You have the right to object to processing based on legitimate interests, including direct marketing. Where you object to direct marketing, we will stop processing your data for that purpose immediately with no requirement to justify the objection.
• Right to Withdraw Consent: Where consent is the legal basis for processing, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

2agame implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include:

• 256-bit SSL / TLS Encryption: All data transmitted between your device and 2agame servers — including login credentials, payment data, and personal information — is encrypted using 256-bit SSL/TLS encryption, the same standard used by major international banks.
• Password Hashing: Passwords are never stored in plain text. 2agame uses industry-standard cryptographic hashing algorithms with per-user salts to store credential data, meaning that even internal systems cannot read your actual password.
• Database Encryption at Rest: Databases containing sensitive personal data, including KYC documents and financial records, are encrypted at rest using strong encryption standards.
• Access Controls: Access to personal data within 2agame's systems is restricted on a strict need-to-know basis. Staff members can only access the data categories necessary to perform their specific role.
• Two-Factor Authentication (Internal): All 2agame staff access to systems containing personal data requires multi-factor authentication.
• Penetration Testing and Security Audits: 2agame conducts regular security assessments, including penetration testing by independent security specialists, to identify and remediate vulnerabilities before they can be exploited.
• Incident Response: 2agame maintains a documented data breach incident response procedure. In the event of a breach that poses a risk to your rights, we will notify affected players within 72 hours of becoming aware of the breach, in accordance with our licensing obligations.

The 2agame platform is strictly prohibited to persons under the age of 21. 2agame does not knowingly collect personal data from anyone under 21 years of age. Our registration process includes age verification measures, and KYC verification using CNIC confirms date of birth before withdrawal functionality is enabled.

The 2agame platform may contain links to or integrations with third-party services — including game content providers, payment gateways, and identity verification services. While 2agame exercises due diligence in selecting third-party partners and imposes data protection obligations through contractual agreements, 2agame cannot be held responsible for the independent privacy practices of third parties once data is processed under their direct control.

2agame's Privacy Policy does not extend to the data processing activities of third-party services. Players are encouraged to review the privacy policies of any third-party service with which they interact independently of the 2agame platform — for example, the JazzCash privacy policy when using the JazzCash payment app, or the policies of game software providers whose titles are accessible through 2agame.

When you access 2agame's platform from a mobile device operating Jazz, Telenor, or Zong data services, your network operator may collect certain metadata about your data sessions independently of 2agame. Such collection is governed by your mobile operator's own privacy policy, not by this document.

2agame reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, regulatory requirements, or our platform's features and functionality. When we make material changes to this Policy, we will notify registered players through:

• A notification presented upon next login to your 2agame account, requiring acknowledgment of the updated Policy before continued platform use.
• An email notification sent to your registered email address summarising the nature of the changes made.
• A prominent notice published on the 2agame website for a minimum of 30 days following the update.

The version of this Policy currently in force is the version published on the 2agame website. The effective date and last-updated date at the top of this document reflect the most recent revision. Continued use of the 2agame platform following notification of an updated Policy constitutes acceptance of the revised Privacy Policy. If you do not accept the revised Policy, you may close your account in accordance with our Terms and Conditions, and your data will be retained only to the extent required by our regulatory obligations as set out in Section 8.

For any questions, requests, or concerns relating to this Privacy Policy or 2agame's data processing activities, please contact our Data Protection team through the following channels. Please do not include your full password, full CNIC number, or full financial account details in any initial contact message — our team will guide you through the secure verification process before accessing your account data.

If you are dissatisfied with 2agame's response to a data protection complaint and believe your data rights have been violated, you may escalate your complaint to the independent dispute resolution body designated by 2agame's licensing authority. Details of the applicable regulatory body are available upon request through our support team.

2agame is committed to resolving all data-related complaints fairly and promptly. We treat every privacy complaint as a serious matter and will not retaliate against any player for making a legitimate complaint about our data practices.