db baji
Privacy Policy
At db baji, your privacy matters. This Privacy Policy explains exactly what personal data we collect when you use our platform, why we collect it, how it is stored and protected, and what rights you hold over your own information.
Every data transmission between your device and db baji's servers is protected by 256-bit SSL encryption, the same standard used by major banks in Bangladesh and around the world.
db baji does not sell, rent, or trade your personal data to third-party advertisers. Your information is used exclusively to operate and improve your gaming experience on our platform.
Registered players on db baji have the right to access, correct, export, or request deletion of their personal data at any time. Submit a request to our support team and we will respond within 30 days.
We do not store full bKash, Nagad, Rocket, or Upay account numbers. Payment credentials are processed directly by the respective mobile financial service providers and are never held on db baji servers.
Marketing communications, including SMS and email promotions, are optional. You may unsubscribe from all marketing at any time through your account settings or by contacting db baji support directly.
db baji maintains internal data governance procedures to ensure that personal information is accessed only by authorised personnel with a legitimate operational need. Regular reviews are conducted to minimise data exposure.
1. Information We Collect
db baji collects personal data only to the extent necessary to provide our services, maintain account security, fulfil legal obligations, and deliver a safe and fair gaming environment. The categories of data we collect are described below.
1.1 Registration Data
When you create an account on db baji, we collect the following information that you provide voluntarily:
- Full legal name as it appears on your government-issued identification document.
- Date of birth, required to verify that you are at least 18 years of age.
- Email address, used for account verification, transaction notifications, and (where opted in) promotional communications.
- Mobile phone number, used for SMS-based one-time password (OTP) verification and security alerts.
- Residential address, collected as part of our Know Your Customer (KYC) process where applicable.
- Username and password (passwords are stored in hashed form and are never accessible in plain text by db baji personnel).
1.2 Identity Verification (KYC) Data
To comply with responsible gaming standards and anti-fraud requirements, db baji may request copies of identity documents including your National Identity Card (NID), passport, or a recent utility bill confirming your residential address. These documents are used solely for the purpose of verifying your identity and are stored in an encrypted environment with restricted access.
1.3 Financial Transaction Data
We record details of all deposits, withdrawals, and bets placed on the platform. This includes transaction amounts, timestamps, payment method identifiers (e.g., the last four digits of a registered mobile wallet account), and transaction reference numbers provided by bKash, Nagad, Rocket, or Upay. Full payment credentials — including mobile wallet PINs — are never transmitted to or stored by db baji.
1.4 Usage and Behavioural Data
When you use the db baji platform, we automatically collect certain technical and behavioural data including:
- IP address and approximate geographic location (city/region level).
- Device type, operating system, and browser version.
- Pages visited, features used, and duration of sessions on the platform.
- Betting history, game session logs, and sports markets accessed.
- Login timestamps and session identifiers.
This data is used to detect fraud, identify unusual account activity, improve platform performance, and personalise your experience where permitted.
1.5 Customer Support Data
If you contact our support team — whether by email, live chat, or any other channel — we retain a record of the communication, including its content and any attachments or screenshots you submit. This enables us to resolve disputes, track unresolved issues, and improve our support quality over time.
| Data Category | Examples | Primary Purpose |
|---|---|---|
| Registration Data | Name, email, mobile number, date of birth | Account creation, age verification, security |
| KYC Documents | NID, passport, utility bill | Identity verification, fraud prevention |
| Financial Data | Transaction amounts, payment method IDs, timestamps | Payment processing, withdrawal verification |
| Usage Data | IP address, device info, session logs, bet history | Security monitoring, platform improvement |
| Support Data | Chat logs, email correspondence, attachments | Dispute resolution, service quality |
2. How We Use Your Data
db baji uses the personal data we collect for specific, clearly defined purposes. We do not use your data in ways that are incompatible with the purposes described at the time of collection. The lawful bases on which we rely to process your personal data include the performance of a contract, compliance with a legal obligation, legitimate interests, and (for marketing communications) your explicit consent.
2.1 Account Management and Service Delivery
The primary use of your personal data is to open and maintain your db baji account, process deposits and withdrawals in Bangladeshi Taka via bKash, Nagad, Rocket, and Upay, settle bets and casino game outcomes, and provide you with access to all features of the platform. Without this data, we cannot deliver the services you have contracted us to provide.
2.2 Identity Verification and Fraud Prevention
We use registration data, KYC documents, and usage data to verify that all players are who they claim to be, are above the age of 18, and are not engaged in fraudulent, money-laundering, or bonus-abuse activity. This processing is necessary to protect the integrity of the platform and the interests of all players.
2.3 Responsible Gaming Monitoring
db baji uses behavioural and financial data to monitor for signs of problem gambling, including unusually frequent or large bets, rapid loss-chasing patterns, and repeated deposit attempts following a withdrawal. Where such patterns are detected, our responsible gaming team may reach out proactively to offer support tools such as deposit limits, cooling-off periods, or self-exclusion, in line with our Responsible Gaming Policy.
2.4 Legal and Regulatory Compliance
db baji may be required by applicable law or regulation to retain, disclose, or report certain player data to competent authorities. We will comply with such requirements in full. Where a legal obligation compels us to share data with a third party, we will do so only to the extent strictly necessary and in accordance with applicable data protection principles.
2.5 Marketing Communications
With your explicit consent, db baji may use your email address and mobile phone number to send you personalised promotional offers, BPL and IPL season bonuses, seasonal offers tied to Eid, Pohela Boishakh, and Victory Day, and platform news. You may withdraw your consent at any time through the notification preferences in your account settings. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.
2.6 Platform Improvement and Analytics
Aggregated and anonymised usage data is used to understand how players navigate the platform, which games and markets are most popular, and where technical issues occur. This data is processed in aggregate form and is not linked back to identifiable individuals in any analytical reporting.
3. Data Sharing & Disclosure
db baji does not sell, rent, or otherwise commercialise your personal data. We share personal data with third parties only in the limited circumstances described below.
3.1 Payment Service Providers
To process deposits and withdrawals, db baji transmits the minimum necessary data to our payment partners — bKash, Nagad, Rocket, and Upay. This typically includes your registered mobile number, transaction amount, and a platform-generated transaction reference. These providers operate under their own privacy policies and are responsible for the security of data within their systems.
3.2 Identity Verification Partners
Where enhanced KYC verification is required, db baji may use a third-party identity verification service to cross-check the documents you submit. These partners are contractually bound to process your data only for the purpose of identity verification and to apply security measures equivalent to our own.
3.3 Technology and Infrastructure Providers
db baji uses third-party providers for cloud hosting, database management, security monitoring, and customer support tooling. These providers act as data processors on our behalf and are permitted to process your data only on our documented instructions. They are not authorised to use your data for their own purposes.
3.4 Legal Disclosures
db baji will disclose personal data to law enforcement agencies, regulatory bodies, courts, or other competent authorities where required to do so by law, court order, or in connection with the prevention, detection, or prosecution of criminal activity including fraud and money laundering. We will endeavour to notify you of any such disclosure where we are legally permitted to do so.
4. Cookies & Tracking
db baji uses cookies and similar tracking technologies to operate the platform, maintain your logged-in session, and gather anonymised usage analytics. A cookie is a small text file placed on your device by a website; it does not execute code and cannot access other files on your device.
4.1 Essential Cookies
These cookies are strictly necessary for the platform to function. They maintain your login session, remember your account preferences, protect against cross-site request forgery (CSRF), and ensure that the platform displays correctly on your device. Essential cookies cannot be disabled without severely impairing your ability to use db baji.
4.2 Analytics Cookies
db baji uses anonymised analytics cookies to understand aggregate usage patterns — for example, which pages are visited most frequently, how long sessions last, and at which points players navigate away from the platform. This data is collected in a form that does not identify any individual player. It is used solely to guide platform improvements.
4.3 Security Cookies
Certain cookies are used specifically for fraud detection and account security purposes. These cookies help us identify unusual login patterns — such as a login from an unrecognised device or geographic region — and trigger appropriate security checks including OTP verification.
4.4 Managing Cookies
You may control non-essential cookies through your browser settings. Most modern browsers allow you to block, delete, or receive notifications about cookies. Please note that disabling cookies may affect the functionality of certain features of the db baji platform, including maintaining your logged-in state between sessions. Detailed guidance on managing cookies is available through your browser's help documentation.
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Essential | Session management, CSRF protection, platform rendering | No — required for core functionality |
| Analytics | Anonymised usage reporting, feature optimisation | Yes — via browser settings |
| Security | Fraud detection, unrecognised device alerts | Not recommended — affects account security |
5. Data Security
db baji takes the security of your personal data seriously. We implement a layered set of technical and organisational measures designed to protect your information against unauthorised access, accidental loss, alteration, or disclosure.
5.1 Technical Safeguards
- Transport Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (256-bit SSL). The padlock icon visible in your browser's address bar confirms that your connection is encrypted.
- Password Hashing: Passwords are never stored in plain text. We use industry-standard one-way hashing algorithms with salting to store password credentials securely.
- Two-Factor Authentication: Players are strongly encouraged to enable SMS OTP-based two-factor authentication on their accounts. This adds a critical additional layer of security beyond the password alone.
- Server-Side Firewalls: Our infrastructure is protected by web application firewalls (WAF) and intrusion detection systems that monitor for and block malicious traffic in real time.
- Data Minimisation: We collect only the data that is genuinely necessary for the stated purpose. Data that is no longer required for operational or legal purposes is securely deleted in accordance with our retention schedule.
5.2 Organisational Safeguards
Access to personal data within db baji is strictly limited to personnel who require it to perform their job functions. All staff with access to player data are subject to confidentiality obligations. Access rights are reviewed regularly and revoked promptly when no longer required. KYC documents are stored in an access-controlled environment with a full audit log of every access event.
5.3 Breach Response
In the event of a data security breach that poses a risk to the rights of affected players, db baji will notify affected individuals as promptly as practicable, providing details of the nature of the breach, the categories of data involved, the likely consequences, and the steps we are taking to address it. If you believe that your account has been compromised, please contact us immediately at [email protected].
6. Data Retention
db baji retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following retention guidelines apply:
- Active account data (registration details, transaction history, bet records) is retained for the full duration of your account's active status plus a minimum of five (5) years following account closure, to satisfy record-keeping obligations.
- KYC documents are retained for a minimum of five (5) years from the date of submission or from the date of account closure, whichever is later.
- Financial transaction records are retained for a minimum of seven (7) years in accordance with standard financial record-keeping requirements.
- Customer support correspondence is retained for a minimum of two (2) years from the date of the final communication in each support case.
- Analytics data is retained in anonymised, aggregated form indefinitely for trend analysis and platform improvement purposes, as it cannot be linked back to any identifiable individual.
- Marketing consent records are retained for as long as you remain subscribed to marketing communications, and for a further two (2) years after unsubscription to demonstrate compliance with consent requirements.
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised using processes that render the data irreversibly non-identifiable. Players who request early deletion of their data (see Section 7) may have their request fulfilled ahead of the standard retention schedule, subject to any overriding legal obligations that require us to retain the data for a longer period.
7. Your Privacy Rights
As a registered player on db baji, you hold a number of rights in relation to your personal data. We are committed to honouring these rights promptly and without undue bureaucratic burden. To exercise any of the rights described below, contact our support team at [email protected] with your registered account email address and a clear description of your request.
7.1 Right of Access
You have the right to request a copy of the personal data that db baji holds about you. We will provide a structured, commonly used, machine-readable copy of your data within thirty (30) days of receiving a valid access request. There is no charge for a first access request within any twelve-month period.
7.2 Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. Where the data in question has been shared with third-party processors, we will notify those processors of the correction as promptly as reasonably practicable.
7.3 Right to Erasure
You may request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent and no other lawful basis for processing applies, or where the data has been unlawfully processed. Please note that db baji may be required by law to retain certain data (such as financial transaction records) for a mandatory minimum period, in which case full erasure may not be immediately possible. We will inform you clearly of any such limitation when responding to your request.
7.4 Right to Restrict Processing
In certain circumstances — for example, while the accuracy of data is being contested or while an objection to processing is being assessed — you may request that we restrict the processing of your personal data. During a restriction period, db baji will store the data but not actively process it beyond what is required to maintain the restriction.
7.5 Right to Data Portability
Where processing is based on your consent or on the performance of a contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller of your choice.
7.6 Right to Object to Marketing
You have an unconditional right to object to the processing of your personal data for direct marketing purposes, including profiling carried out in connection with direct marketing. Upon receiving such an objection, db baji will cease processing your data for marketing purposes immediately and update your communication preferences accordingly.
8. Policy Updates & Contact
db baji reserves the right to update this Privacy Policy at any time. Where material changes are made — for example, changes that affect the categories of data we collect, the purposes for which we use it, or the rights available to players — we will notify registered players via the email address on file at least fourteen (14) days before the updated Policy takes effect. The "Effective Date" displayed at the top of this page will be updated to reflect the date on which the most recent version of the Policy came into force.
For non-material changes — such as corrections to typographical errors, clarifications that do not affect the substance of the Policy, or updates to contact details — we reserve the right to update the Policy without prior notification, although the Effective Date will still be updated accordingly.
Continued use of the db baji platform after any update to this Privacy Policy constitutes acceptance of the revised Policy. Players who do not agree with the updated terms should cease using the platform and submit an account closure request.
8.1 Contact Details
For any queries, concerns, or requests relating to this Privacy Policy or to the personal data db baji holds about you, please contact our support team using the details below:
- Email: [email protected]
- Response Time: Within 5 business days (Bangladesh Standard Time, UTC+6)
- Subject Line for Privacy Matters: Privacy Policy Enquiry
Have Questions About Your Privacy?
Our support team is available around the clock to address any data protection concerns or privacy requests.