3900 Privacy Policy – Protecting Your Personal Data

1. Information Collected by 3900

When you register and use the 3900, we collect various types of information to ensure the services we offer run smoothly, securely, and in a way that meets your needs as a user in Malaysia. This information is collected directly from you during registration, while you use our services, or through automated technology when you browse our platform. All data collection is carried out transparently and responsibly in accordance with Malaysia's Personal Data Protection Act 2010 (PDPA). We do not collect any information beyond what is operationally necessary, and we will never misuse the data you provide. Each category of data we collect has a clear purpose, as described in the sections that follow.

Personal Account Information

During the registration process, you are required to provide basic personal information such as your full name, date of birth, identity card or passport number, email address, and an active mobile number. This information is used to verify your identity and to fulfil legal compliance requirements Know Your Customer (KYC), and allows us to contact you regarding your account or transactions. Your current residential address in Malaysia may also be required for further verification when you submit your first withdrawal request. All personal information is stored in protected systems and accessible only to authorised personnel. You are responsible for ensuring that all information provided remains accurate and up to date throughout your use of your 3900 account.

Device & Browser Information

The 3900 platform automatically collects certain technical information when you access our website or mobile app, including IP address, device type, mobile phone model, operating system, browser version, screen resolution, and time zone. This technical data helps us detect suspicious activity, optimise platform performance for a better mobile experience, and resolve technical issues more efficiently. Approximate location data derived from your IP address is used solely for security and geographic compliance purposes, not for highly targeted marketing. We will not access your device's GPS or precise location without your explicit prior consent. Device data is linked to your account record to help detect unauthorised login attempts.

Payment Information in MYR

To facilitate MYR (RM) deposits and withdrawals, 3900 collects the necessary banking details such as your bank name, bank account number, or the e-wallet details you use for transactions. It is important to note that 3900 does not store your credit or debit card information directly in our systems — all payments are processed through licensed third-party payment gateways that meet PCI-DSS security standards. Transaction records covering deposit and withdrawal amounts, dates, and payment methods are retained in our systems for financial audit and anti-money laundering (AML) compliance purposes. Your payment information will not be shared with any third party except where required by law or necessary to process your transaction. We recommend that you always use a bank account or e-wallet registered in your own name to avoid any verification issues.

Cookies, Usage Data & Session Tracking

The 3900 platform uses cookies and similar session tracking technologies to record how you interact with our website, including pages visited, time spent on each page, buttons clicked, and your overall navigation journey. This usage data is collected in aggregate form and used to improve interface design, enhance page loading speed, and tailor content recommendations based on your interests. Session cookies are required to maintain your logged-in state and ensure a seamless experience as you move between pages on the 3900 platform. You can control or block cookies through your browser settings, though doing so may affect certain platform functions. Further details on cookies are covered in the dedicated section of this document.

3. Cookies & Tracking Technologies

Cookies are small text files stored in your browser or on your device when you visit the 3900, and they play an important role in ensuring a smooth and secure user experience. We use several types of cookies, each serving a different function and stored for varying durations depending on technical requirements. Session cookies are required to maintain your logged-in status during an active session and are automatically deleted when you close your browser. Preference cookies store your language settings, interface display, and personal preferences so you do not need to reconfigure them each time you visit the 3900 platform. We also use internal analytics cookies to understand how users interact with our platform for improvement purposes, without exposing any individual's identity to third parties.

In addition to cookies, 3900 uses supplementary tracking technologies such as web beacons and session identifiers that help us connect your browsing activity across multiple pages within the platform to better understand user flow. All data collected through these mechanisms is processed in a secure environment and is not used to build user profiles for third-party advertising. You can manage your cookie preferences at any time through your browser settings; most modern browsers provide granular controls to accept, block, or delete cookies by category. Do note that blocking essential cookies may disrupt critical platform functions such as login, two-factor authentication, and transaction processing. If you have any questions about 3900's use of cookies, our support team is ready to help you understand and manage your privacy settings.

5. Sharing Information with Third Parties

Platform 3900 does not sell, rent, or trade users' personal data to any third party for commercial or marketing purposes. That said, there are limited situations where sharing your information with certain parties is necessary for our services to function properly and to meet applicable legal obligations in Malaysia. Any data sharing is carried out under strict confidentiality agreements and involves only the minimum information required for the relevant purpose. 3900 takes full responsibility for ensuring that any third party receiving user data upholds data protection standards equivalent to or higher than our own. Users will be informed of any changes to our data sharing practices through updates to this privacy policy.

Situations in which data sharing may occur:

• Payment service providers — Licensed payment gateways that process deposit and withdrawal transactions in MYR require the minimum payment details necessary to complete those transactions securely.
• Government authorities & law enforcement — 3900 will disclose user information to the relevant authorities when required by a court order, legal directive, or in the course of a legitimate financial crime investigation.
• Identity verification services — Licensed third-party KYC providers are used to help verify new users' identities securely and efficiently, with only the minimum data necessary shared for the verification process.
• Auditors & professional advisors — In the context of financial audits or compliance obligations required by law, professional advisors bound by professional confidentiality obligations may require limited access to certain records.

In all data sharing scenarios above, 3900 ensures that only the information strictly necessary is shared, and recipients are subject to strict usage restrictions. We do not permit any third party to use your data for their own purposes unrelated to providing services to 3900.