The operator acts as data controller for the platform.

What personal data is collected

• Identity and contact: full name, username, mobile number, email, address.
• Account details: profile data, preferences, responsible gaming settings.
• Verification documents: national ID, passport or driving licence, proof of address, selfie, screening results against sanctions and PEP lists.
• Financial and transaction data: deposits, withdrawals, payment method type, masked card or account identifiers, amounts, timestamps. Full card numbers are not stored on the platform’s systems.
• Usage and interaction: logins, session logs, bets and game activity, communication with support, complaint records.
• Device and technical: IP address, device identifiers, browser and OS, language, time zone, cookies and similar technologies.
• Location indicators: country or region inferred from IP or documents.
• Risk and fraud indicators: automated risk scores, flags, and audit trails.

Why this information is collected

• To open, verify, and manage accounts, process transactions, and provide online services.
• To meet KYC, AML and CFT duties and to support responsible gaming measures.
• To maintain security, prevent fraud, and ensure system integrity.
• To provide support, handle disputes, and improve service quality and user experience.

Legal bases for processing

• Consent provided by the user for specific purposes, including marketing preferences.
• Contract necessity to deliver the services requested by the user.
• Legal obligation for AML/CFT, tax, accounting, and record-keeping.
• Legitimate interests such as security, fraud prevention, and service improvement, balanced against user rights.

Protection measures

• Encryption in transit and at rest, tokenisation for sensitive fields, and strict access controls.
• Multi-factor authentication for staff, role-based permissions, and logging of administrative actions.
• Network segmentation, firewalls, and intrusion detection and prevention.
• Secure development lifecycle, code reviews, and regular vulnerability testing.
• Vendor due diligence, confidentiality obligations, and data processing agreements.
• Incident response and breach notification workflows.

Retention

• Account and service data: kept for the life of the account and then securely deleted or anonymised.
• KYC and transaction records: retained for at least 5 years after account closure to comply with AML/CFT requirements.
• Cookies and similar technologies: see the Cookies section for a 1-year retention.

User rights

• Access: request a copy of personal information.
• Correction: update inaccurate or incomplete data.
• Deletion: request erasure, subject to legal and regulatory retention duties.
• Restriction and objection: limit or object to certain processing.
• Portability: receive data in a commonly used format where applicable.
• Withdraw consent: for processing that relies on consent, without affecting prior lawful use.

Compliance

• The operator processes information in line with laws applicable in Bangladesh that relate to online services and cyber security, including AML/CFT obligations under the Money Laundering Prevention framework and Bangladesh Bank guidelines, and follows internationally recognised data protection principles such as lawfulness, fairness, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

The company uses information to:

• Provide and manage accounts, verify identity, and deliver online services.
• Process payments, payouts, bonuses, and in-product transactions.
• Operate games and sportsbook features, maintain fairness, and prevent misuse.
• Offer support, manage complaints, and resolve disputes.
• Improve performance, develop new features, and run analytics and statistics.
• Conduct security checks, prevent fraud, and ensure regulatory compliance.
• Send service notices and, where the user has opted in, marketing communications that can be opted out at any time.

Processing is carried out lawfully, fairly, and in a transparent manner that the user can understand, based on the purposes set out in this Policy.

How to access and update

• Users can review and edit certain profile and contact details in account settings.
• For a full data copy or to correct other records, submit a request through the Help Centre or the Contact page. Identity verification may be required.

How to request deletion

• A deletion request can be raised through support. Some data must be retained to meet AML/CFT, fraud prevention, accounting, or legal requirements.

Timelines and responses

• The operator aims to respond within 30 days and may extend this for complex requests, notifying the user of reasons and expected timing.

Security and payment processing consent

• By using Paripesa, the user consents to security checks and the processing of payment information by authorised payment providers for deposits, withdrawals, screening, and fraud control, in accordance with this Policy and the providers’ own legal duties.

• The services are intended for adults aged 18 and above. Registration by minors is not allowed.
• The operator cannot verify age without documents. Identity checks may be conducted and accounts that fail age verification will be restricted and closed.
• If a parent or legal guardian believes a minor has provided personal information, they may contact support to request deletion. After verification, the operator will remove the data subject to any legal hold required for fraud or regulatory evidence.

• Personal information may be stored or processed outside Bangladesh, in locations where the platform or trusted partners operate, such as data centres, payment gateways, game providers, and verification services.
• Use of the site signifies consent to such cross-border transfers for the purposes described in this Policy.
• The operator ensures confidentiality and appropriate safeguards by using contractual protections, access controls, encryption, and by engaging partners that meet recognised security standards.

• This disclaimer forms part of the Privacy Policy and clarifies how the rules apply in specific situations, including limits required by law, system constraints, or regulator guidance.
• Where necessary, the disclaimer may narrow or qualify the scope or effect of certain provisions to ensure legal compliance and service integrity.
• The disclaimer applies when the user accepts this Policy through signature, click acceptance during registration, or accession by continuing to use the services.

Definition

• Cookies are small text files placed on a device to store information. Similar technologies include local storage, pixels, SDKs, and tags.

Purposes

• Essential operation: sign-in, security, and fraud prevention.
• Performance and statistics: measuring site usage and service reliability.
• Behaviour analysis and personalisation: remembering settings and improving user experience.
• Advertising and marketing: subject to user consent where required.

Retention and control

• Cookie data is retained for up to 1 year.
• Users can manage or delete cookies through browser settings or in-site controls where available. Blocking some cookies may affect site functionality.

• Using Paripesa means full acceptance of this Privacy Policy, including any updates.
• The current version published on the site prevails over previous versions or other sources.
• Continued use of the services after changes are posted constitutes consent to the updated terms, within the limits allowed by applicable law.

• Personal information may be shared with third parties when required by law, to establish or defend legal claims, to enforce agreements, or to deliver services. Typical recipients include payment processors, KYC/AML providers, game suppliers, analytics and anti-fraud vendors, auditors, and regulators or law enforcement.
• The website lists key third parties where practicable. If not listed, the operator informs the user of the purpose and scope of sharing as required by law.
• Providing data to the platform constitutes consent to such disclosures for the stated purposes. Each third party may process information under its own privacy policy and legal obligations, and is required to protect confidentiality.

• The site may include links to external websites or services that operate under their own privacy policies.
• The operator is not responsible for how those websites collect, use, or disclose information.
• Users should review the privacy policies of external websites and exercise caution when providing personal information on third-party platforms.