gibaje Privacy Policy
Your privacy matters to us. This policy explains exactly what personal data gibaje collects, why we collect it, how we use and protect it, and the rights you hold as a registered player on Bangladesh's premier VIP betting platform.
Transparent Data Collection
We collect only the personal data necessary to operate your account, process transactions, and comply with responsible gaming obligations. We never sell your data to third-party advertisers.
SSL Encryption
All data transmitted between your device and the gibaje platform is protected using industry-standard TLS/SSL encryption. Your payment details and account credentials are never stored in plain text.
Your Consent Matters
Where we rely on your consent to process personal data — such as for optional marketing communications — you may withdraw that consent at any time by updating your account preferences or contacting our support team.
Mobile Wallet Privacy
When you transact via bKash, Nagad, Rocket, or Upay, your mobile wallet number is processed solely to facilitate your deposit or withdrawal. We do not store full wallet credentials beyond what is required for transaction verification.
Data Access Rights
As a registered gibaje player, you have the right to request a copy of all personal data we hold about you, to correct inaccuracies, and to request deletion of your data subject to our legal retention obligations.
Responsible Gaming Alignment
Some personal data we collect — including account activity patterns and self-reported limits — is used specifically to support our responsible gaming programme and to protect vulnerable players, including those under 18.
Information We Collect
gibaje collects personal data through several channels: directly from you when you register an account or contact our support team, automatically as you interact with the platform, and from trusted third-party service providers such as payment processors and identity verification partners. The categories of data we collect are described below.
Account Registration Data
When you create a gibaje account, we collect the following information:
- Full legal name (as it appears on your government-issued identity document)
- Date of birth (to verify that you are aged 18 or above)
- Residential address, including division, district, and postal code
- Email address (used for account communications and security alerts)
- Mobile phone number (used for two-factor authentication and transaction notifications)
- Username and encrypted password
- Preferred language and currency settings
Identity Verification (KYC) Data
As part of our Know Your Customer (KYC) obligations, we may collect copies of the following documents:
- National Identity Card (NID) issued by the Bangladesh Election Commission
- Valid passport or Bangladesh driving licence
- Recent utility bill, bank statement, or equivalent proof of address (issued within 90 days)
- Selfie photograph for liveness verification, where required
Financial Transaction Data
Each time you make a deposit or withdrawal on gibaje, we record:
- Payment method type (bKash, Nagad, Rocket, Upay, Visa, Mastercard, or bank transfer)
- Transaction amount in Bangladeshi Taka (৳)
- Transaction reference number and timestamp
- Partial identifier of the payment instrument (e.g., last four digits of a card or masked wallet number)
Platform Usage Data
We automatically collect technical and behavioural data as you use the gibaje platform:
- IP address and approximate geographic location derived from it
- Device type, operating system, browser type and version
- Pages visited, games played, bet amounts, session duration, and navigation path
- Login timestamps and session frequency
- Clicks, scroll depth, and interaction events (collected via analytics tools)
Communications Data
When you contact our customer support team via live chat or email, we retain records of those communications including the content of your messages, the resolution provided, and any attachments submitted. This data is used for quality assurance, dispute resolution, and staff training purposes.
How We Use Your Data
gibaje uses the personal data we collect for clearly defined purposes. We do not use your data in ways that are incompatible with the purposes for which it was originally collected. The primary purposes for which we process your personal data are as follows:
| Purpose | Data Categories Used |
|---|---|
| Creating and managing your gibaje account | Registration data, KYC documents |
| Processing deposits and withdrawals | Financial transaction data, KYC documents |
| Verifying your age and identity | Date of birth, KYC documents, selfie photo |
| Preventing fraud, money laundering, and account abuse | Transaction data, IP address, device data, usage patterns |
| Delivering customer support and resolving disputes | Communications data, account history |
| Operating our responsible gaming programme | Account activity, session data, self-exclusion records |
| Personalising your platform experience | Usage data, game preferences, betting history |
| Sending promotional communications (with consent) | Email address, mobile number, communication preferences |
| Complying with legal and regulatory obligations | All categories as required by applicable law |
| Improving platform performance and fixing technical issues | Device data, session logs, error reports |
Marketing Communications
With your prior consent, gibaje may send you promotional emails and SMS notifications regarding new games, bonus offers, VIP programme updates, and seasonal promotions relevant to the Bangladesh market (such as Eid or Pohela Boishakh offers). You may opt out of marketing communications at any time by clicking the unsubscribe link in any promotional email, by updating your communication preferences in the account settings panel, or by contacting our support team.
Opting out of marketing communications does not affect the delivery of service-critical transactional messages such as deposit confirmations, withdrawal notifications, security alerts, or account status updates.
Legal Basis for Processing
gibaje processes your personal data on the following legal bases, each of which applies to specific processing activities as outlined below:
Contractual Necessity
The majority of data processing on gibaje is necessary for the performance of the contract between you and the platform — that is, the Terms & Conditions you accepted upon registration. Processing your registration data, financial transactions, KYC verification, and account management activities all fall under this basis. Without processing this data, we would be unable to provide the services you have signed up for.
Legal Obligation
Certain data processing activities are required for gibaje to comply with applicable legal and regulatory obligations. This includes retaining financial transaction records for anti-money-laundering (AML) compliance, maintaining age verification records, and cooperating with lawful requests from competent authorities.
Legitimate Interests
gibaje processes some data on the basis of its legitimate interests as a platform operator, provided those interests are not overridden by your rights and interests. This includes fraud detection and prevention, platform security monitoring, abuse prevention, and general analytics to improve platform performance. Where we rely on legitimate interests, we have conducted a balancing assessment confirming that the processing is proportionate and does not unduly prejudice your privacy.
Consent
Where gibaje relies on your consent as the legal basis for processing — most notably for optional marketing communications and for the use of non-essential cookies — we will always obtain that consent in a clear and unambiguous manner. You have the right to withdraw consent at any time without affecting the lawfulness of processing that occurred before withdrawal.
Data Sharing and Disclosure
gibaje does not sell, rent, or trade your personal data to any third party for commercial purposes. We share personal data only in the limited circumstances described below, and only to the extent necessary for each specific purpose.
Payment Processing Partners
To process your deposits and withdrawals, we share the minimum necessary financial and identity data with our payment processing partners including bKash, Nagad, Rocket, Upay, Visa, Mastercard, Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, and Sonali Bank. These partners process your data under their own privacy policies and are bound by contractual obligations to protect your information.
Identity Verification Providers
We engage specialist third-party KYC and identity verification providers to assist with document validation and liveness checks. These providers process your KYC documents and verification photographs solely for the purpose of confirming your identity and age on behalf of gibaje.
Game Content Providers
Games hosted on the gibaje platform are provided by licensed studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. To enable game play, a pseudonymous player identifier and session token may be shared with the relevant game studio. No directly identifying information such as your full name or payment details is shared with game studios for routine game play sessions.
Analytics and Technology Providers
gibaje uses third-party analytics tools and cloud infrastructure providers to operate and improve the platform. These providers may process technical data such as IP addresses, session logs, and device identifiers. They act as data processors under our instructions and are not permitted to use your data for their own independent purposes.
Legal and Regulatory Disclosure
gibaje may disclose personal data to competent governmental, regulatory, judicial, or law enforcement authorities where required by applicable law, court order, or regulatory direction. In such cases, we will disclose only the minimum data required and, where legally permissible, will notify you of such disclosure.
Cookies and Tracking Technologies
The gibaje platform uses cookies and similar tracking technologies (such as local storage objects and session tokens) to deliver a functional, personalised, and secure experience. This section explains what cookies we use and how you can manage your preferences.
What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They allow the website to recognise your device on subsequent visits and to store certain preferences or session data. Cookies do not contain executable code and cannot directly access other files on your device.
Categories of Cookies We Use
| Cookie Category | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Session management, security tokens, login state, fraud prevention signals | No — required for core function |
| Functional | Remembering your language preference, display settings, and responsible gaming limits | Yes — via browser settings |
| Analytics | Understanding how players navigate the platform, identifying technical issues, measuring feature usage | Yes — via cookie preferences |
| Marketing | Tracking campaign effectiveness, measuring conversion from promotional content (only with consent) | Yes — withdraw consent at any time |
Managing Your Cookie Preferences
Most modern web browsers allow you to view, manage, block, and delete cookies through the browser's settings menu. Please note that disabling strictly necessary cookies will impair your ability to log in and use core features of the gibaje platform. Instructions for managing cookies in commonly used browsers are available from the respective browser's support documentation.
For analytics and marketing cookies, you may also manage your preferences directly through your gibaje account settings panel under the Privacy & Communications section.
Data Retention
gibaje retains personal data for as long as is necessary to fulfil the purposes for which it was collected, including any legal, regulatory, accounting, or reporting requirements. The following retention periods apply as a general guide:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account plus 5 years after closure | Legal / AML compliance |
| KYC identity documents | Duration of account plus 5 years after closure | Legal / regulatory obligation |
| Financial transaction records | 7 years from transaction date | AML and financial regulation |
| Customer support communications | 3 years from last interaction | Dispute resolution / legitimate interest |
| Self-exclusion records | Duration of exclusion plus 5 years | Responsible gaming obligation |
| Platform usage / analytics logs | 13 months on a rolling basis | Legitimate interest (platform improvement) |
| Marketing consent records | 3 years from the date consent was last given or withdrawn | Legal requirement to evidence consent |
When personal data is no longer required for any of the above purposes, gibaje securely destroys or anonymises it in accordance with our internal data destruction procedures. Anonymised, aggregated data (from which no individual can be identified) may be retained indefinitely for statistical and research purposes.
Your Privacy Rights
As a registered user of the gibaje platform, you have a number of rights in relation to the personal data we hold about you. gibaje is committed to honouring these rights promptly and transparently. To exercise any of the rights described below, please contact our privacy team at [email protected] with the subject line "Privacy Rights Request", including your account username and a brief description of your request.
We will respond to all valid privacy rights requests within 30 days of receipt. Where a request is particularly complex or numerous, we may extend this period by a further 60 days, in which case we will notify you of the extension and the reasons for it within the initial 30-day window.
Data Security
gibaje implements a comprehensive set of technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. While no platform can guarantee absolute security, the measures we have in place reflect current industry best practice for online gaming and financial service providers.
Technical Safeguards
- All data in transit between your browser and the gibaje servers is encrypted using TLS 1.2 or higher with strong cipher suites
- Passwords are stored using strong one-way cryptographic hashing algorithms — plain-text passwords are never stored or accessible to gibaje staff
- Sensitive financial data (such as card or wallet identifiers) is tokenised and stored in compliance with PCI DSS standards
- Access to production databases and player data is restricted to authorised personnel only, using role-based access control and multi-factor authentication
- Regular automated and manual security scanning, including vulnerability assessments and penetration testing, is conducted against the platform infrastructure
- Platform activity is monitored continuously via automated intrusion detection systems to identify and respond to anomalous behaviour
Organisational Safeguards
- All gibaje staff with access to personal data receive privacy and data security training upon onboarding and on a regular refresh basis
- Internal data handling procedures and access control policies are reviewed and updated at least annually
- Third-party vendors with access to personal data are assessed for security compliance before engagement and are bound by contractual data processing agreements
- A formal incident response plan is in place to manage any personal data breach efficiently and in accordance with applicable notification obligations
What to Do If You Suspect a Security Incident
If you suspect that your gibaje account has been accessed without your authorisation, or that your credentials have been compromised, you should immediately change your password via the account settings panel and contact our security team at [email protected]. We will investigate promptly and take appropriate action to secure your account.
Third-Party Services
The gibaje platform integrates a number of third-party services to deliver its full range of features. While gibaje takes care in selecting trusted service partners, each third-party service operates under its own privacy policy and data practices. gibaje is not responsible for the privacy practices of third parties beyond the contractual obligations we impose on them as data processors.
Game Studios
Games from studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi are delivered via embedded iframes or direct API integrations. When you play a game, a pseudonymous session identifier is passed to the game studio to enable game delivery. The game studios do not receive your full name, email address, or payment details for routine game sessions. Their independent privacy policies govern any data they collect directly during game play.
Payment Processors
When you initiate a payment via bKash, Nagad, Rocket, Upay, Visa, Mastercard, or a bank transfer, you are interacting with that payment provider's own systems. The data shared with each payment provider is limited to what is required to authenticate and complete the transaction. Please refer to the relevant provider's privacy policy for details of how they handle your financial data.
Analytics Providers
gibaje uses web analytics tools to understand aggregate platform usage patterns and improve the user experience. These tools may collect anonymised or pseudonymised data including page views, session duration, and device type. We configure these tools to anonymise IP addresses where technically possible and to refrain from cross-site tracking.
Updates to This Policy
gibaje reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, applicable law, or the services we offer. When we make material changes to this policy, we will notify registered players via email to the address associated with their account and by posting a prominent notice on the gibaje platform for a minimum of 30 days following the update.
The "Last Updated" date displayed at the top of this page will be revised each time the policy is amended. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of the gibaje platform following notification of a material policy change constitutes your acknowledgement of the updated terms.
Where a proposed change to this Privacy Policy would require your fresh consent — for example, if we were to introduce a materially new purpose for processing your data — we will seek that consent before applying the change to your account. You will always have the option to decline and to close your account if you do not wish to accept revised terms.
Contact Our Privacy Team
If you have any questions, concerns, or requests relating to this Privacy Policy or to the personal data gibaje holds about you, please contact our dedicated privacy team using the details below. We are committed to resolving all privacy-related enquiries promptly and transparently.
Privacy Enquiries
For general privacy questions, data access requests, or to exercise any of your rights described in this policy, please write to us at:
- Email: [email protected] — use the subject line "Privacy Rights Request" for data subject requests
- Response Time: We aim to acknowledge all privacy enquiries within 2 business days and to provide a substantive response within 30 days
- Operating Hours: Our support team is available 24 hours a day, 7 days a week, Bangladesh Standard Time (BST, UTC+6)
What to Include in Your Request
To help us process your request efficiently, please include the following information when contacting us about a privacy matter:
- Your full registered name and gibaje account username
- A clear description of your request or concern (e.g., "I would like a copy of all data you hold about me" or "I would like to correct my registered address")
- Your preferred contact method for our response (email is standard)
For security purposes, we may need to verify your identity before processing a data subject request. This is to ensure that personal data is not disclosed to or altered by an unauthorised party. Verification may involve confirming account details or asking you to authenticate via your registered mobile number.
Explore gibaje with Full Confidence
Now that you understand how gibaje protects your data, dive into the platform. Bet on live cricket matches, spin the reels on top slots, or join the live casino — all within a secure, fair, and privacy-conscious environment built for Bangladesh's VIP players.