gb baji Privacy Policy
At gb baji, protecting your personal information is a core operational commitment — not an afterthought. This Privacy Policy explains precisely what data we collect, why we collect it, how it is used, and the rights you hold over your own information as a player on Bangladesh's trusted online casino and sports betting platform.
How gb baji Safeguards Your Data
These summary cards provide an orientation to the most important aspects of the gb baji Privacy Policy. All binding obligations and full detail are set out in the numbered sections below.
Data Minimisation
gb baji collects only the personal information that is strictly necessary to operate your account, process transactions, and meet legal obligations. We do not harvest data beyond what is required for legitimate operational and compliance purposes.
SSL Encryption
All data transmitted between your browser or device and the gb baji platform is protected by industry-standard 256-bit SSL encryption. Sensitive fields such as passwords and payment details are additionally hashed or tokenised at rest.
No Unauthorised Third-Party Sale
gb baji does not sell, rent, or trade your personal information to third-party advertisers or data brokers. Data shared with third parties is limited to verified service providers who are contractually bound to process it only for the purposes we specify.
Your Rights, Respected
You have the right to access, correct, export, or request deletion of the personal data gb baji holds about you. Requests are processed free of charge within 30 days of receipt, subject to identity verification.
Transparent Cookie Use
Cookies and similar tracking technologies are used on the gb baji platform exclusively for session management, security, platform performance analytics, and responsible gaming monitoring. No cross-site tracking cookies from advertising networks are placed without your awareness.
Defined Retention Periods
Personal data is not held indefinitely. gb baji applies documented retention schedules to all data categories, balancing legal obligations — such as anti-money laundering record-keeping requirements — against the principle that data should not be retained beyond the period for which it serves a clear purpose.
1. Information We Collect
gb baji collects personal information through several channels: directly from you when you register an account or contact support, automatically when you interact with the platform, and from trusted third-party verification services used during the KYC process. The following table summarises the categories of personal data we collect and the primary reason for collecting each category.
| Data Category | Examples | Primary Purpose |
|---|---|---|
| Identity Data | Full legal name, date of birth, NID number, passport number, driving licence number | Account registration; KYC age and identity verification; fraud prevention |
| Contact Data | Email address, Bangladeshi mobile number, residential address in Bangladesh | Account communication; transaction alerts; support correspondence; responsible gaming outreach |
| Financial Data | bKash / Nagad / Rocket / Upay account numbers, Visa / Mastercard last-4 digits, bank account details for BRAC Bank / City Bank / Islami Bank / Sonali Bank transfers, deposit and withdrawal history | Payment processing; anti-money laundering (AML) compliance; withdrawal verification |
| Transaction Data | Deposit amounts in BDT (৳), withdrawal amounts, bonus credits, wager records, game history, bet settlement outcomes | Account management; dispute resolution; regulatory reporting; responsible gaming monitoring |
| Technical Data | IP address, device type, browser type and version, operating system, screen resolution, session timestamps | Platform security; fraud detection; performance optimisation; geolocation verification |
| Usage Data | Pages visited, game sessions initiated, features accessed, navigation paths, session duration | Platform analytics; product improvement; responsible gaming pattern detection |
| Communications Data | Live chat transcripts, email correspondence, support ticket content | Customer service quality assurance; dispute evidence; training |
Information We Do Not Collect
gb baji does not collect biometric data (facial recognition scans, fingerprints) except where a specific KYC vendor requires a liveness check for identity document verification, in which case the check is performed by the vendor and the raw biometric data is not retained by gb baji. We do not collect sensitive personal data relating to racial or ethnic origin, political opinions, religious beliefs, trade union membership, or health data, except where a Player voluntarily discloses a health-related basis for a responsible gaming self-exclusion request.
2. How We Use Your Data
gb baji processes your personal data only where there is a lawful basis for doing so. The primary lawful bases we rely on are: (a) performance of our contract with you as a registered Player; (b) compliance with our legal and regulatory obligations; (c) our legitimate interests in operating a safe, secure, and commercially sustainable gaming platform; and (d) your explicit consent, where consent is specifically sought.
Core Platform Operations
- Creating and managing your gb baji player account, including processing your initial registration and any subsequent profile updates.
- Verifying your identity and age through the KYC process to confirm that you meet the 18+ eligibility requirement and are the legitimate account holder.
- Processing deposits and withdrawals via bKash, Nagad, Rocket, Upay, Visa, Mastercard, and bank transfer channels, and maintaining accurate records of all financial transactions in Bangladeshi Taka (৳).
- Settling sports bets placed on BPL, T20 World Cup, IPL, ICC tournaments, and other cricket, football, kabaddi, and hockey markets, as well as casino game rounds and virtual sports events.
- Administering bonuses, promotional offers, loyalty rewards, and tournament participation.
- Providing customer support via live chat and email correspondence through [email protected].
Security and Fraud Prevention
- Monitoring account activity to detect, investigate, and prevent fraud, money laundering, identity theft, account takeovers, and other prohibited conduct as defined in the gb baji Terms & Conditions.
- Cross-referencing registration data against self-exclusion registers to prevent excluded Players from opening new accounts.
- Analysing IP addresses, device fingerprints, and session metadata to identify multiple accounts operated by the same individual and to detect automated betting software activity.
Legal and Regulatory Compliance
- Retaining transaction records and identity documents in accordance with anti-money laundering (AML) record-keeping obligations.
- Responding to lawful requests from courts, law enforcement agencies, or regulatory authorities in Bangladesh or other applicable jurisdictions.
- Producing audit trails for the purpose of resolving bet disputes or investigating player complaints.
Responsible Gaming Monitoring
- Analysing betting patterns and session data to identify indicators of problem gambling behaviour and, where detected, proactively contacting the Player to offer responsible gaming support tools.
- Enforcing deposit limits, loss limits, session time-outs, and self-exclusion periods elected by the Player through the Responsible Gaming tools available in their account.
Platform Improvement and Communications
- Analysing aggregated, anonymised usage data to improve the gb baji platform's performance, user interface, game offering, and payment experience.
- Sending transactional communications such as deposit confirmations, withdrawal notifications, account security alerts, and KYC status updates.
- Sending promotional communications about new games, bonuses, and seasonal offers (such as Eid, Pohela Boishakh, BPL season promotions) only where you have not opted out of marketing communications. You may opt out at any time by contacting [email protected].
3. Data Sharing and Disclosure
gb baji does not sell, rent, or trade your personal information. We share data with third parties only to the extent necessary for the purposes described in this Policy, and only with parties who are bound by appropriate data protection agreements. The categories of third parties who may receive your data are described below.
Payment Service Providers
To process deposits and withdrawals, we share the minimum necessary financial identifiers with payment partners including bKash, Nagad, Rocket, Upay, and the card networks Visa and Mastercard. These providers operate under their own published privacy policies and are independently responsible for data they hold. Bank transfer processing involves sharing account reference details with partner banks including BRAC Bank, City Bank, Islami Bank, Dutch-Bangla Bank, and Sonali Bank, solely for transaction execution.
Identity Verification Providers
KYC identity verification is performed with the assistance of specialist third-party verification services. These providers receive the identity documents and personal data you submit during verification and return a verification outcome to gb baji. They are contractually prohibited from using your data for any purpose beyond fulfilling the verification service for gb baji.
Game Studio and Technology Partners
When you play games supplied by Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi, or other certified studio partners, certain technical and session identifiers (such as a Player token and session ID) are shared with those studios to launch and operate the game session. These studios do not receive your full identity profile, financial data, or contact information.
Legal and Regulatory Disclosure
gb baji will disclose personal data to courts, law enforcement agencies, regulatory bodies, or government authorities in Bangladesh when required to do so by applicable law, court order, or lawful regulatory demand. Where permitted by law, we will notify the affected Player before making such a disclosure. We will also share data with financial intelligence units or anti-money laundering authorities where we are legally obligated to file a suspicious transaction report.
Business Transfers
In the event that gb baji undergoes a merger, acquisition, restructuring, or sale of assets, personal data held about Players may form part of the transferred assets. In such an event, the acquiring entity would be bound by the obligations of this Privacy Policy or required to obtain fresh consent from Players before processing data under materially different terms.
4. Cookies and Tracking Technologies
The gb baji platform uses cookies and similar client-side tracking technologies to deliver a functional, secure, and consistent experience. A cookie is a small text file placed on your device by a website. The following table summarises the types of cookies used on the gb baji platform.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Session management, authentication tokens, CSRF protection, load balancing. These cookies are essential for the platform to function and cannot be disabled without breaking core functionality. | Session / up to 24 hours |
| Performance and Analytics | Anonymised page-view counts, game load times, error tracking, and funnel analysis. Used to identify performance bottlenecks and improve the platform. No personally identifiable data is transmitted. | Up to 12 months |
| Functional | Remembering user preferences such as display language, preferred payment method, and responsible gaming tool settings elected by the Player. | Up to 12 months |
| Security | Device fingerprinting tokens used to detect unusual login activity and protect against account takeover attacks. These are linked to your account for security purposes only. | Up to 30 days |
Managing Cookies
You can control and delete cookies through your browser settings. Instructions for the most common browsers are available on the browser developer's support pages. Please note that disabling strictly necessary cookies will impair or prevent login and core platform functionality. Disabling functional cookies will mean that your preferences are not remembered between sessions. gb baji does not use third-party advertising network cookies or cross-site tracking pixels.
5. Data Security Measures
gb baji operates a layered data security framework designed to protect your personal information against unauthorised access, disclosure, alteration, and destruction. Our security measures include the following.
Encryption
All data in transit between your device and the gb baji platform is protected by TLS 1.2 or TLS 1.3 encryption. Passwords are stored using a strong, salted cryptographic hash algorithm and are never stored in plaintext. Payment instrument details are tokenised — gb baji does not store raw card numbers or full mobile financial service account details on its own servers.
Access Controls
Access to personal data within gb baji's internal systems is restricted on a strict need-to-know basis. Staff members are granted access only to the data categories required to perform their specific job functions. All internal access is logged and subject to periodic review. Administrative access to production systems requires multi-factor authentication.
Infrastructure Security
The gb baji platform is hosted on infrastructure that employs firewalls, intrusion detection systems, and regular vulnerability assessments. Penetration testing is conducted periodically by independent security professionals. Security patches are applied on a priority basis as and when vulnerabilities are disclosed by software vendors.
Incident Response
In the event of a personal data breach that poses a risk to Players, gb baji will take immediate containment action and notify affected Players via their registered email address without undue delay. The notification will describe the nature of the breach, the categories of data affected, the steps gb baji has taken to address the breach, and any recommended actions for the Player.
6. Data Retention Policy
gb baji retains personal data for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following retention guidelines apply.
- Active account data: Retained for the full duration of your account relationship with gb baji plus a minimum post-closure period of five years to satisfy AML record-keeping requirements.
- KYC identity documents: Retained for a minimum of five years from the date of account closure, consistent with financial crime prevention regulations applicable in the relevant jurisdiction.
- Transaction and betting records: Retained for a minimum of five years from the date of each transaction. These records are required for regulatory reporting, dispute resolution, and audit purposes.
- Customer support communications: Retained for two years from the date of the most recent communication in a support thread, or for the full duration of any open dispute, whichever is longer.
- Marketing consent and opt-out records: Retained for the duration of the account relationship and for three years post-closure, to demonstrate compliance with consent obligations.
- Technical and usage logs: Retained for up to 13 months for performance analytics purposes. Security-related logs (login attempts, IP records, session metadata) may be retained for up to five years for fraud investigation purposes.
- Dormant accounts: Where an account has been inactive for 24 consecutive months and gb baji is unable to contact the Player via their registered contact details, the account may be marked for archival. Archived data is held in secure cold storage for the remainder of the applicable retention period before being permanently deleted.
When the applicable retention period expires, personal data is securely deleted or irreversibly anonymised so that it can no longer be associated with an identifiable individual. Anonymised and aggregated data — which cannot be linked back to any specific Player — may be retained indefinitely for statistical and platform improvement purposes.
7. Your Privacy Rights
As a Player registered on the gb baji platform, you hold the following rights with respect to your personal data. Requests to exercise any of these rights should be submitted in writing to [email protected]. All requests will be acknowledged within 5 business days and actioned within 30 calendar days, subject to identity verification and any applicable legal exceptions.
Right of Access
You have the right to request a copy of the personal data that gb baji holds about you, together with information about how it is used and with whom it has been shared. This is sometimes referred to as a Subject Access Request (SAR). gb baji will provide the requested data in a structured, commonly used, machine-readable format where technically feasible.
Right to Rectification
If any of the personal data gb baji holds about you is inaccurate or incomplete, you have the right to request that it be corrected. Note that certain corrections — particularly to name, date of birth, or national identity details — may require supporting documentation to verify the accuracy of the updated information before the change can be applied.
Right to Erasure
You may request that gb baji delete your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent (and no other lawful basis applies), or where the data has been unlawfully processed. Please be aware that this right is subject to override by our legal obligations: data that must be retained for AML compliance, regulatory reporting, or ongoing dispute resolution cannot be deleted until the applicable retention period has expired.
Right to Restriction
You may request that gb baji restrict processing of your personal data while the accuracy of the data is being verified, while a complaint is being investigated, or where you have objected to processing and we are considering whether our legitimate interests override your objection.
Right to Data Portability
Where processing is based on your consent or on the performance of a contract, and where the processing is carried out by automated means, you may request a portable copy of your personal data in a structured, machine-readable format for the purpose of transferring it to another service provider.
Right to Object
You have the right to object to processing of your personal data carried out on the basis of gb baji's legitimate interests, including profiling for responsible gaming monitoring purposes. Upon receiving an objection, gb baji will cease the processing in question unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You may opt out of direct marketing communications at any time, without needing to provide a reason, by contacting [email protected].
8. Contact and Complaints
If you have any questions about this Privacy Policy, wish to exercise any of your data rights, or want to raise a concern about how gb baji has handled your personal information, please contact the gb baji Data Protection team directly.
Email: [email protected]
Subject line: "Privacy Policy Enquiry" or "Data Rights Request"
Available: 24 hours a day, 7 days a week, in English
Response time: acknowledgement within 5 business days; full response within 30 calendar days
Time zone: Bangladesh Standard Time (UTC+6)
Complaints Procedure
If you believe that gb baji has not handled your personal data in accordance with this Privacy Policy or applicable data protection obligations, you are encouraged to raise the matter directly with us in the first instance so that we have the opportunity to investigate and resolve your concern. Complaints will be acknowledged within 24 hours and investigated thoroughly, with a written outcome communicated to your registered email address.
Updates to This Policy
gb baji reserves the right to update or amend this Privacy Policy at any time. Material changes will be communicated to registered Players via their registered email address and/or a prominent notice on the Platform, with a minimum of seven days' advance notice before the updated Policy takes effect. The effective date at the top of this document will be revised accordingly. Your continued use of the gb baji platform following the effective date of any amendment constitutes acceptance of the revised Privacy Policy.
We encourage all Players to review this Privacy Policy periodically, particularly before making a deposit or commencing a new session, to remain informed about how gb baji protects and processes your personal information. For related reading, please also review the gb baji Terms & Conditions and our Responsible Gaming Policy.
Have Questions About Your Privacy?
Our English-language support team is available around the clock. You can also explore our FAQ for quick answers, or visit the gb baji Casino to start playing on Bangladesh's most trusted platform.
Browse FAQs Responsible Gaming gb baji Casino Terms & Conditions18+ only. Please gamble responsibly. Bangladesh Standard Time (UTC+6).