Privacy Policy of
bajibaji
At bajibaji, your privacy is not an afterthought — it is a core commitment. This Privacy Policy sets out in plain, formal English exactly what personal data we collect from players in Bangladesh, how we use and store it, who we may share it with, and the rights you hold over your own information. We encourage you to read it carefully before creating an account or using our services.
How bajibaji Protects Your Data
All data transmitted between your device and bajibaji is protected by industry-standard SSL/TLS encryption, ensuring your personal and financial details remain private in transit.
Personal data is stored on access-controlled, encrypted servers. Only authorised bajibaji personnel with a legitimate need may access your records, and all access is logged and audited.
bajibaji does not sell, rent, or trade your personal data to third-party advertisers or data brokers. Your information is used solely to operate and improve our services to you.
Data collected for one purpose — such as KYC verification — is not repurposed for unrelated activities. Every data category has a defined and documented processing purpose at bajibaji.
You have the right to access, correct, and request deletion of your personal data at any time. bajibaji responds to all verified data subject requests within 30 days of receipt.
bajibaji uses cookies strictly for platform functionality, session management, and aggregate analytics. We do not deploy third-party advertising cookies or cross-site tracking pixels.
1 Information We Collect
bajibaji collects personal data from you through several routes: directly when you register an account or contact support, automatically when you use the platform, and from third-party verification providers where required. The categories of personal data we collect are set out below.
1.1 Registration and Account Data
When you create a bajibaji account, we collect the personal information you provide during the registration process. This includes:
- Full legal name as it appears on your government-issued identity document.
- Date of birth, used to verify that you meet the 18+ age requirement.
- Residential address in Bangladesh, including district and postal code.
- Mobile phone number, used for account security, transaction notifications, and support communications.
- Email address, used for account management, verification, and correspondence.
- Username and encrypted password — passwords are stored as one-way cryptographic hashes and are never readable by bajibaji staff.
1.2 Identity Verification (KYC) Data
To comply with our Know Your Customer (KYC) obligations and to prevent fraud and money laundering, we collect copies of identity documents including National Identity Cards (NID), passports, driving licences, utility bills, bank statements, and payment method confirmations. These documents are processed securely and retained only for as long as required under our data retention policy.
1.3 Financial and Transaction Data
- Deposit and withdrawal amounts, timestamps, and transaction reference numbers.
- Payment method details — for bKash, Nagad, Rocket, and Upay, we store the registered mobile number associated with the account. For bank transfers, we store the account name and masked account number. Full card numbers are never stored on bajibaji servers.
- Running account balance history and wagering records.
1.4 Technical and Device Data
When you access bajibaji, we automatically collect certain technical information including your IP address, browser type and version, operating system, device model, screen resolution, time zone (Bangladesh Standard Time, UTC+6), referring URL, and the pages you visit on our platform. This data is used for security monitoring, fraud detection, and platform optimisation.
1.5 Communications Data
If you contact bajibaji via live chat, email, or any other support channel, we retain records of those communications — including the content of messages, the date and time, and any attachments — to enable us to resolve your enquiry and to maintain a service history.
2 How We Use Your Data
bajibaji processes your personal data only where a lawful basis exists to do so. The primary lawful bases we rely on are: contractual necessity (processing required to deliver the services you have signed up for), legal obligation (processing required to comply with applicable laws including anti-money laundering regulations), legitimate interests (processing that serves bajibaji's reasonable business interests without overriding your rights), and consent (where we have explicitly asked for and received your agreement to a specific use).
The table below summarises our key data uses and the lawful basis for each:
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Account creation and management | Registration data, contact details | Contractual necessity |
| Age and identity verification (KYC) | KYC documents, date of birth | Legal obligation |
| Processing deposits and withdrawals | Financial and transaction data | Contractual necessity |
| Fraud prevention and AML monitoring | Transaction data, device data, IP address | Legal obligation / Legitimate interests |
| Customer support and complaint handling | Communications data, account data | Contractual necessity / Legitimate interests |
| Responsible gaming monitoring | Wagering records, session data, self-exclusion status | Legal obligation / Legitimate interests |
| Platform security and abuse prevention | Device data, IP address, login history | Legitimate interests |
| Sending account and transaction notifications | Email address, mobile number | Contractual necessity |
| Sending promotional communications | Email address, mobile number, wagering preferences | Consent (you may opt out at any time) |
| Platform analytics and improvement | Technical data, aggregated behavioural data | Legitimate interests |
bajibaji does not use your personal data for automated decision-making that produces significant legal effects on you, except where required by law (for example, automated fraud screening that may temporarily suspend an account pending manual review). In all such cases, you have the right to request human review of the decision.
3 Data Sharing and Disclosure
bajibaji does not sell, rent, or otherwise transfer your personal data to unaffiliated third parties for their own marketing purposes. We share data only in the circumstances described below, and only to the extent necessary for the stated purpose.
- Payment processors and gateways: To process deposits and withdrawals via bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, BRAC Bank, City Bank, Visa, and Mastercard, we share the minimum transactional data necessary with the relevant payment provider. Each payment partner operates under its own privacy policy and is contractually bound to handle your data securely.
- Identity verification providers: Third-party KYC service providers receive copies of identity documents for the sole purpose of verifying your identity. These providers are bound by strict data processing agreements and may not use your documents for any other purpose.
- Game technology providers: Providers such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi receive a session token and anonymised player identifier to serve game content. They do not receive your full name, NID number, or payment details.
- Legal and regulatory authorities: bajibaji will disclose personal data to law enforcement, financial intelligence units, or other government bodies where required by applicable law or court order. We will notify you of any such disclosure to the extent permitted by law.
- Fraud prevention networks: In cases of confirmed or suspected fraud, we may share relevant data with fraud prevention agencies to protect bajibaji and other platform users from financial crime.
- Professional advisers: Our legal counsel, auditors, and accountants may access personal data in strictly controlled circumstances and are bound by professional confidentiality obligations.
- Business transfers: In the event of a merger, acquisition, or sale of all or part of bajibaji's business, your personal data may be transferred to the successor entity. You will be notified of any such transfer and the privacy practices of the acquiring entity before the transfer is completed.
5 Data Retention
bajibaji retains personal data for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following retention periods apply:
- Active account data (registration details, contact information, preferences): Retained for the duration of your account and for a period of 5 years following permanent account closure.
- KYC and identity verification documents: Retained for a minimum of 5 years after the end of the business relationship, in line with anti-money laundering record-keeping obligations.
- Financial and transaction records: Retained for 5 years from the date of each transaction, as required for financial compliance and audit purposes.
- Customer support communications: Retained for 3 years from the date of the last communication in a support thread, to enable ongoing service continuity and dispute resolution.
- Technical and device logs: Retained for 12 months from the date of collection, after which they are permanently deleted or fully anonymised.
- Marketing consent records: Retained for the duration of your consent and for 2 years after you withdraw consent, as evidence that marketing was conducted on a lawful basis.
- Responsible gaming records (self-exclusion history, deposit limits, session logs): Retained for 5 years after account closure to prevent circumvention of responsible gaming protections.
Upon expiry of the applicable retention period, bajibaji securely destroys personal data using industry-standard data destruction methods. Anonymised, aggregate data that cannot be linked to any individual may be retained indefinitely for statistical and research purposes.
6 Your Privacy Rights
As a bajibaji player based in Bangladesh, you hold the following rights in respect of your personal data. To exercise any of these rights, please contact our Privacy team at privacy@bajibaji. We will respond to all verified requests within 30 days of receipt. In complex cases we may extend this period by a further 30 days, in which case we will notify you of the extension and the reason for it.
- Right of Access: You may request a copy of all personal data we hold about you, along with information about how it is being used and with whom it has been shared.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected or updated. You may also update certain account details directly within your bajibaji account dashboard.
- Right to Erasure: You may request deletion of your personal data where we no longer have a legitimate basis to retain it. Note that legal obligations — particularly AML record-keeping requirements — may prevent us from deleting certain categories of data before their mandatory retention period has elapsed.
- Right to Restriction: You may request that we restrict the processing of your personal data in certain circumstances — for example, while a dispute about its accuracy is being resolved.
- Right to Object: You may object at any time to the processing of your personal data for direct marketing purposes. We will cease marketing communications immediately upon receipt of a valid objection.
- Right to Withdraw Consent: Where processing is based on your consent (such as receiving promotional emails), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal. Use the unsubscribe link in any marketing email or contact support@bajibaji to opt out.
- Right to Lodge a Complaint: If you believe bajibaji has not handled your personal data in accordance with this Policy, you have the right to raise a complaint directly with bajibaji (see Section 8) or with the relevant data protection authority in Bangladesh.
7 Data Security
bajibaji implements a layered approach to data security, combining technical controls, organisational policies, and staff training to protect your personal data from unauthorised access, accidental loss, disclosure, or destruction.
Our key technical security measures include:
- TLS 1.2 / TLS 1.3 encryption for all data in transit between your device and our servers.
- AES-256 encryption at rest for all stored personal data and KYC documents.
- One-way password hashing using a modern, salted hashing algorithm — your password is never stored in recoverable form.
- Two-factor authentication (2FA) available to all registered players via SMS or authenticator app — we strongly recommend enabling this feature.
- Role-based access controls limiting internal system access to personnel with a verified business need for specific data categories.
- Continuous security monitoring with automated alerting for anomalous login patterns, bulk data access, and unusual transaction activity.
- Regular penetration testing conducted by independent security professionals to identify and remediate vulnerabilities before they can be exploited.
- Secure backup procedures with encrypted off-site backups tested regularly to ensure data recovery capability in the event of an incident.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, bajibaji will notify affected players without undue delay and will take all reasonable steps to contain and remediate the breach. The nature of the breach, the data affected, and the steps taken will be communicated clearly and promptly.
8 Contact and Complaints
If you have any questions about this Privacy Policy, wish to exercise a data subject right, or wish to raise a privacy-related complaint, please contact the bajibaji Privacy team using the details below. All privacy enquiries are handled separately from general customer support to ensure appropriate confidentiality.
- Privacy Enquiries: privacy@bajibaji
- General Support: support@bajibaji
- Response time: We aim to acknowledge all privacy enquiries within 48 hours and to provide a substantive response within 30 days.
- Support hours: 24/7 via live chat. Email responses within 4–12 hours (BST, UTC+6).
If you are dissatisfied with the outcome of a privacy complaint submitted to bajibaji, you retain the right to escalate your complaint to the relevant supervisory authority. bajibaji will cooperate fully with any regulatory investigation and will not penalise players for exercising their rights under applicable data protection law.
bajibaji reserves the right to update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or platform features. The date of the most recent revision is displayed at the top of this document. Where changes are material, we will notify registered players by email at least 14 days before the updated Policy takes effect. Continued use of bajibaji after the effective date of any revision constitutes your acceptance of the updated Policy.
Ready to Play? Your Data Is in Safe Hands.
Now that you know how bajibaji protects your personal information, explore our full range of casino games, cricket betting markets, and slots — all secured with SSL encryption and instant bKash and Nagad payments.