Privacy Policy — How gabaje Protects Your Data
Your privacy matters to gabaje. This Policy explains precisely what personal information we collect when you use our platform, how we use and store it, who we share it with, and the rights you hold over your own data as a player based in Bangladesh.
Summary for players: gabaje collects the personal information you provide during registration and KYC verification, data about how you use the platform, and technical data from your device and browser. We use this data to operate your account, process transactions, comply with anti-money-laundering obligations, and improve our service. We do not sell your data to third parties. Full details are below.
1. Data We Collect
gabaje collects personal data from you through several channels: data you provide voluntarily during the registration and verification process; data generated automatically as you use the platform; and, in limited circumstances, data obtained from trusted third-party identity verification partners. The following describes each category in detail.
1.1 Registration & Account Data
When you create a gabaje account, we collect the information you submit in the registration form. This includes:
- Full legal name — as it appears on your government-issued identification document.
- Date of birth — used to verify that you meet the minimum age requirement of 18 years.
- Email address — used for account communications, password reset, and policy update notifications.
- Mobile phone number — used for SMS OTP two-factor authentication and account security alerts.
- Chosen username and password — your password is stored in hashed form only; gabaje staff cannot view your plain-text password at any time.
- Residential address — city and district within Bangladesh, collected for compliance and responsible gaming purposes.
1.2 Identity Verification (KYC) Data
To comply with standard online gaming compliance requirements and to process your first withdrawal, gabaje collects the following identity verification documents as part of the Know Your Customer (KYC) process:
- Scan or photograph of your National ID Card (NID), passport, or other valid government-issued photo identification.
- Screenshot or confirmation of the mobile financial service account (bKash, Nagad, Rocket, or Upay) used for deposits, showing the registered mobile number.
- A selfie photograph holding your identity document, where enhanced verification is required at gabaje's discretion.
KYC documents are reviewed by gabaje's compliance team and retained in accordance with the data retention policy described in Section 5 of this document. Documents are stored in encrypted form and access is restricted to authorised compliance personnel only.
1.3 Transaction & Financial Data
gabaje records all financial transactions associated with your account, including deposit amounts, withdrawal requests, payment method identifiers (such as the last four digits of a card or a masked mobile number), transaction timestamps, and transaction reference numbers. This data is required for account management, dispute resolution, and anti-money-laundering compliance obligations. Full payment card numbers and full mobile wallet credentials are never stored by gabaje — payment processing is handled directly by the relevant payment service provider.
1.4 Usage & Behavioural Data
As you use the gabaje platform, we automatically collect data about your interaction with the service. This includes:
- Games played, bet amounts, game session durations, and win/loss records — used to operate the platform and, where applicable, to support responsible gaming monitoring.
- Pages visited, features accessed, and navigation paths through the platform — used for product improvement and to personalise your experience.
- Bonus and promotion activity — which offers you viewed, opted into, and completed wagering requirements for.
- Customer support interactions — records of any support tickets, chat transcripts, or email correspondence with the gabaje support team.
1.5 Technical & Device Data
gabaje's platform automatically records certain technical data each time you connect, including your IP address, browser type and version, operating system, device type (desktop, smartphone, or tablet), screen resolution, time zone setting, and the referring URL that brought you to the site. This data is used for fraud prevention, security monitoring, and platform optimisation. IP address data may also be used to apply geo-based access restrictions where required.
2. How We Use Your Data
gabaje processes your personal data only for specific, legitimate purposes. We do not process personal data in ways that are incompatible with the purposes for which it was originally collected. The primary purposes for which gabaje uses your data are as follows:
Legal basis: gabaje processes personal data on the basis of contractual necessity (to operate your account and deliver the services you have requested), legal obligation (KYC, anti-money-laundering, and age verification requirements), legitimate interest (fraud prevention and platform security), and, in limited cases, your explicit consent (marketing communications, where opted in).
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation & management | Registration data, contact details | Contractual necessity |
| Identity & age verification | KYC documents, date of birth | Legal obligation |
| Payment processing | Transaction & financial data | Contractual necessity |
| Fraud prevention & AML compliance | Technical data, transaction data | Legal obligation / Legitimate interest |
| Responsible gaming monitoring | Usage & behavioural data | Legal obligation / Legitimate interest |
| Customer support | All relevant account data | Contractual necessity |
| Marketing communications | Email address, preferences | Consent (opt-in only) |
| Platform analytics & improvement | Usage data, technical data | Legitimate interest |
2.1 Marketing Communications
gabaje may send you promotional emails or SMS messages about new games, special offers, BPL cricket promotions, seasonal events (such as Eid or Pohela Boishakh bonuses), and other platform updates — but only if you have explicitly opted in to receive such communications. You may withdraw your consent and unsubscribe from marketing communications at any time by updating your account notification preferences or by contacting support at [email protected] (plain text — not a clickable link). Withdrawal of marketing consent does not affect gabaje's ability to send you transactional or account-essential communications such as deposit confirmations, withdrawal notifications, or security alerts.
3. Data Sharing & Third Parties
gabaje does not sell, rent, or trade your personal data to any third party for their own commercial purposes. We share personal data with third parties only in the circumstances described below, and only to the extent strictly necessary for each stated purpose.
3.1 Game Technology Providers
The games available on the gabaje platform are supplied by internationally certified software providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These providers may process limited technical and session data (such as game round identifiers, bet amounts, and RNG seed values) in order to deliver their games. This processing is governed by data processing agreements between gabaje and each provider. Game providers do not receive your full name, NID number, or payment method details.
3.2 Payment Service Providers
To process deposits and withdrawals, gabaje shares the transaction information required by each payment service provider — including bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, BRAC Bank, Visa, and Mastercard. The data shared is limited to what is technically necessary to execute the transaction. Each payment provider operates under its own privacy policy and is independently responsible for the security of data processed through its infrastructure.
3.3 Identity Verification Partners
Where gabaje engages a third-party identity verification service to assist with KYC processing, your identity documents and biometric data (where applicable) may be shared with that partner solely for the purpose of verification. Such partners are bound by strict data processing agreements and are prohibited from using your data for any purpose other than completing the verification check requested by gabaje.
3.4 Legal & Regulatory Disclosure
gabaje may disclose personal data to law enforcement agencies, regulatory bodies, or other authorities where required to do so by applicable law, by a valid court order, or in connection with the investigation of suspected fraud, money laundering, or other illegal activity. In such cases, gabaje will disclose only the minimum data necessary to comply with the legal obligation, and will notify the affected user where it is legally permitted to do so.
3.5 Business Transfers
In the event that gabaje undergoes a merger, acquisition, or sale of all or part of its assets, your personal data may be transferred to the acquiring entity as part of that transaction. You will be notified of any such transfer and of any material change to this Privacy Policy that results from it, by email to your registered address, at least 30 days before the transfer takes effect. You will retain the right to close your account and request deletion of your data if you do not accept the new terms.
4. Cookies & Tracking Technologies
gabaje uses cookies and similar tracking technologies (including local storage and session tokens) on its web platform to ensure proper functionality, maintain your logged-in session, prevent fraud, and analyse how users navigate the site. The following categories of cookies are used:
| Cookie Category | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Session management, login authentication, CSRF protection | No — required for the platform to function |
| Functional | Language preference, game lobby filter settings, notification preferences | Yes — disabling may affect user experience |
| Analytics | Page view tracking, navigation path analysis, error logging | Yes — opt out via account settings |
| Marketing | Personalised promotion display, re-engagement tracking | Yes — opt out via account settings or browser |
Strictly necessary cookies cannot be disabled as they are essential to the operation of the gabaje platform. For all other cookie categories, you may manage your preferences through your gabaje account settings or through your browser's built-in cookie management tools. Please note that disabling functional or analytics cookies may affect certain features of the platform. gabaje does not use third-party advertising networks or place cookies on behalf of any external advertising platform.
5. Data Retention & Storage
gabaje retains your personal data for as long as your account remains active and for a defined period thereafter, determined by the nature of the data and the legal obligations that apply to it. The table below summarises the principal retention periods applied by gabaje.
| Data Category | Retention Period | Reason |
|---|---|---|
| Registration & account data | Duration of account + 5 years post-closure | AML compliance, dispute resolution |
| KYC identity documents | Duration of account + 5 years post-closure | Regulatory compliance obligation |
| Transaction records | 7 years from transaction date | Financial record-keeping obligations |
| Support correspondence | 3 years from last interaction | Dispute resolution, quality assurance |
| Analytics & usage data | 24 months on a rolling basis | Platform improvement |
| Marketing consent records | Duration of consent + 3 years | Proof of consent in case of dispute |
All personal data held by gabaje is stored on servers that apply industry-standard encryption at rest (AES-256) and in transit (TLS 1.2 or higher). Access to stored personal data is controlled on a strict need-to-know basis and is logged for audit purposes. Data is not transferred to servers located outside of jurisdictions that provide an adequate level of data protection without appropriate safeguards in place.
6. Your Rights Over Your Data
gabaje respects your right to control your own personal information. You have the following rights with respect to the personal data gabaje holds about you. To exercise any of these rights, contact the gabaje support team at [email protected] (plain text — not a clickable link) with the subject line "Data Rights Request" and a clear description of the right you wish to exercise. gabaje will acknowledge your request within 48 hours and provide a substantive response within 30 days.
6.1 Right of Access
You have the right to request a copy of all personal data gabaje holds about you, along with information about how it is used, where it is stored, and with whom it has been shared. gabaje will provide this information in a structured, readable format within 30 days of a valid request. The first copy is provided free of charge; additional copies within the same 12-month period may attract a reasonable administrative fee.
6.2 Right to Rectification
If any personal data gabaje holds about you is inaccurate or incomplete, you have the right to request that it be corrected. Corrections to identity data (name, date of birth) require submission of supporting documentation consistent with the KYC requirements described in Section 1.2. Other corrections (such as an updated email address or phone number) may be made directly in your account settings or via the support team.
6.3 Right to Erasure
You may request that gabaje delete your personal data. This right is not absolute — gabaje is required by law to retain certain categories of data (particularly transaction records and KYC documents) for the periods described in Section 5, and erasure requests cannot override these legal retention obligations. Where a request for erasure is made for data that gabaje is legally required to retain, gabaje will suppress the data from active processing while retaining it in an archived, restricted-access form for compliance purposes only. Data that is not subject to a legal retention obligation will be deleted within 30 days of a valid erasure request.
6.4 Right to Restriction & Objection
You have the right to request that gabaje restrict the processing of your personal data in certain circumstances — for example, where you contest the accuracy of the data and a correction is pending, or where you have objected to processing based on legitimate interest and the objection is under review. You also have the right to object to processing carried out on the basis of legitimate interest, including processing for analytics and platform improvement purposes. Where an objection is upheld, gabaje will cease the relevant processing.
6.5 Right to Data Portability
Where gabaje processes your personal data on the basis of your consent or contractual necessity, and where the processing is carried out by automated means, you have the right to receive a copy of your data in a structured, commonly used, machine-readable format (such as JSON or CSV). You may request that this data be transmitted directly to another service provider where technically feasible.
6.6 Right to Withdraw Consent
Where gabaje processes your personal data based on your consent — most commonly for marketing communications — you have the right to withdraw that consent at any time without any adverse consequence to your account or your ability to use the platform. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
7. Data Security Measures
gabaje takes the security of your personal data seriously and implements a layered set of technical and organisational measures designed to protect your information against unauthorised access, alteration, disclosure, or destruction.
Security highlights: All data transmitted between your device and the gabaje platform is encrypted using TLS 1.2 or TLS 1.3. Data stored at rest is encrypted using AES-256. Administrative access to production systems requires multi-factor authentication and is restricted to authorised personnel only. All access events are logged and monitored.
7.1 Technical Safeguards
- Transport Layer Security (TLS): All connections to the gabaje platform use HTTPS with a minimum of TLS 1.2, ensuring that data in transit between your device and our servers cannot be intercepted in readable form.
- Encryption at rest: Personal data and financial records stored in gabaje's databases are encrypted at rest using AES-256 encryption. Encryption keys are managed separately from the encrypted data.
- Password hashing: User passwords are never stored in plain text. They are processed through a strong one-way cryptographic hashing algorithm with per-user salting before storage.
- Two-factor authentication: SMS OTP-based two-factor authentication is available to all gabaje users and is strongly recommended. Users are encouraged to enable 2FA in their account security settings.
- Intrusion detection: gabaje's infrastructure is monitored 24/7 by automated intrusion detection systems that alert the security team to anomalous access patterns in real time.
7.2 Organisational Safeguards
- Access to personal data is granted only to employees and contractors who require it to perform their specific role. Access is reviewed and revoked when an employee changes role or leaves the organisation.
- All personnel with access to personal data are required to complete data protection training on joining gabaje and at regular intervals thereafter.
- gabaje maintains an incident response plan for data security breaches. In the event of a breach that is likely to result in a risk to your rights or freedoms, gabaje will notify affected users by email within 72 hours of becoming aware of the breach, where technically feasible.
- Third-party suppliers and data processors are assessed for security compliance before engagement and are required to meet gabaje's minimum security standards as a condition of the data processing agreement.
7.3 Your Role in Account Security
While gabaje implements robust security measures on its side, the security of your account also depends on the steps you take to protect your credentials. You should use a strong, unique password for your gabaje account that is not reused on any other website or application. You should enable SMS OTP two-factor authentication. You should never share your password, OTP codes, or account access with any other person. If you receive a suspicious email, message, or communication purporting to be from gabaje and requesting your credentials, do not respond — gabaje will never ask for your password via email or SMS. Report any suspicious communications to [email protected] (plain text — not a clickable link) immediately.
8. Policy Updates & Contact
gabaje reserves the right to update this Privacy Policy from time to time to reflect changes in our data practices, the services we offer, or the legal and regulatory environment in which we operate. The effective date at the top of this document will be updated each time a new version is published.
Where changes to this Privacy Policy are material — meaning they significantly affect how we collect, use, or share your personal data, or the rights available to you — gabaje will notify registered users by email to the address held on their account at least 14 days before the new version takes effect. Minor clarifications and non-material amendments may be made without prior notice.
If you have any questions about this Privacy Policy, wish to exercise any of the data rights described in Section 6, or wish to make a complaint about gabaje's data practices, please contact the gabaje data team at [email protected] (plain text — not a clickable link) with the subject line "Privacy Enquiry". gabaje commits to acknowledging all privacy enquiries within 48 hours and providing a substantive response within 30 days.
Responsible Gaming Reminder: gabaje may use your usage and behavioural data to identify patterns that may indicate problem gambling, and may proactively reach out to offer responsible gaming tools such as deposit limits, session reminders, or self-exclusion. This monitoring is conducted in your interest and is not used for marketing purposes. For full details, visit the Responsible Gaming page. 18+
How gabaje Keeps Your Data Safe
From the moment you register to every transaction you make, gabaje applies multiple layers of protection to ensure your personal information remains private and secure.
End-to-End Encryption
Every connection between your device and gabaje uses HTTPS with TLS 1.2 or higher. All stored data is encrypted at rest with AES-256. Your information is protected at every stage of its journey.
Strict KYC Standards
Identity documents submitted for KYC are stored in encrypted form, accessible only to authorised compliance personnel. gabaje never shares your NID or passport details with game providers or advertisers.
No Data Sales — Ever
gabaje does not sell, rent, or trade your personal data to third parties for their own marketing or commercial use. Data shared with partners is limited to what is strictly necessary to deliver the service.
You Control Your Preferences
Marketing opt-in is strictly voluntary. You can update your communication preferences, manage cookie settings, and exercise your full data rights — including erasure — through your account settings or our support team.
Clear Retention Periods
gabaje retains data only for as long as legally required or operationally necessary. Transaction records are kept for seven years in line with financial compliance obligations. Analytics data is cycled every 24 months.
Breach Notification Commitment
In the event of a data security breach that poses a risk to your rights, gabaje will notify affected users by email within 72 hours of becoming aware of the incident — where technically feasible and legally permitted.
Questions About Your Data or Account?
Our support team is available around the clock on Bangladesh Standard Time. Check our FAQ for quick answers, manage your account, or explore what gabaje has to offer.