Data Protection

Privacy Policy — gitabet

Your privacy matters to us. This Privacy Policy explains what personal data gitabet collects, how it is used, who it may be shared with, and what rights you hold over your information as a player in Bangladesh.

Effective Date: 1 January 2026 Jurisdiction: Bangladesh Language: English SSL Encrypted
Last updated: 1 January 2026

SSL Encryption

All data transmitted between your browser and gitabet is protected by industry-standard SSL/TLS encryption at all times.

Minimal Data Collection

We collect only the personal data necessary to operate your account, process payments, and comply with our legal obligations.

No Unauthorised Sharing

Your personal data is never sold to third parties. Sharing occurs only with verified service partners under strict data-processing agreements.

Mobile Banking Privacy

gitabet never stores or accesses your bKash, Nagad, or Rocket banking PIN. Payment credentials remain exclusively within your banking app.

Your Consent Controls

You may update your marketing preferences, request data corrections, or close your account at any time by contacting our support team.

Defined Retention Periods

We retain personal data only for as long as required to fulfil the purposes described in this policy or to meet legal and regulatory obligations.

Section 1

Data Controller

gitabet operates as the data controller in respect of all personal data collected through the Platform. As the data controller, gitabet determines the purposes and means by which your personal information is processed. All data-processing activities are conducted in accordance with this Privacy Policy and applicable data protection principles.

If you have any questions, concerns, or requests relating to your personal data, you may contact our dedicated privacy team at any time. Our support team is available 24 hours a day, 7 days a week, in Bangladesh Standard Time (BST, UTC+6).

gitabet is committed to handling your personal data responsibly, transparently, and in a manner consistent with the principles of data minimisation, purpose limitation, and storage limitation. We do not process personal data in ways that are incompatible with the purposes stated in this policy without first obtaining your consent.

Section 2

Information We Collect

gitabet collects personal data in several ways: information you provide directly when registering or using the Platform, information generated automatically through your use of the Platform, and information received from third-party payment and verification partners. The categories of personal data we collect are outlined below.

Registration Data
  • Full name
  • Date of birth
  • Mobile phone number
  • Username and password hash
  • Residential address (city/district)
Financial Data
  • Mobile banking account number (bKash / Nagad / Rocket / Upay)
  • Transaction reference IDs
  • Deposit and withdrawal amounts
  • Payment method type (Visa / Mastercard)
Usage Data
  • Login timestamps and IP address
  • Device type and browser version
  • Pages visited and session duration
  • Games played and bet history
  • Bonus claims and wagering progress
Verification Data
  • National Identity Card (NID) scan
  • Passport copy (if provided)
  • Selfie photograph for liveness check
  • Mobile banking statement (if requested)
Support Communications
  • Email message content
  • Live chat transcripts
  • Complaint and dispute records
  • Feedback and survey responses
Cookie & Technical Data
  • Session cookies and persistent cookies
  • Analytics identifiers
  • Referring URL and traffic source
  • Screen resolution and OS version
Sensitive Data: gitabet does not intentionally collect sensitive personal data categories such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data beyond the facial photograph used solely for age and identity verification purposes. If you voluntarily disclose such information in a support communication, it will be handled with heightened care and deleted once the enquiry is resolved.
Section 3

How We Use Your Data

gitabet processes personal data for specific, clearly defined purposes. We do not use your data for any purpose beyond those listed below without your prior consent. Our legal bases for processing include the performance of your account contract, compliance with legal obligations, our legitimate interests as a platform operator, and — where required — your freely given consent.

Core platform operations:

  • Creating and managing your gitabet Account, including authentication and session management.
  • Processing deposits and withdrawals via bKash, Nagad, Rocket, Upay, Visa, and Mastercard, and reconciling transaction records.
  • Verifying your identity and age (KYC) to comply with our responsible gaming and anti-fraud obligations.
  • Delivering casino games, sports betting markets, and crash game products to your device.
  • Calculating and crediting bonus funds, tracking wagering requirements, and applying promotional entitlements.
  • Providing 24/7 customer support via email and live chat, and maintaining records of support interactions.

Safety, security, and legal compliance:

  • Detecting, investigating, and preventing fraud, money laundering, multi-accounting, bonus abuse, and other prohibited conduct described in our Terms & Conditions.
  • Complying with applicable anti-money laundering (AML) obligations, including transaction monitoring and suspicious activity reporting.
  • Enforcing self-exclusion periods and responsible gaming restrictions requested by Users.
  • Responding to lawful requests from regulatory or law enforcement authorities.
  • Maintaining audit logs and records for the periods required by applicable law.

Platform improvement and analytics:

  • Analysing aggregated, anonymised usage data to understand how players interact with the Platform and to improve game selection, navigation, and performance.
  • Monitoring Platform stability, diagnosing technical errors, and testing new features before release.
  • Conducting internal research into responsible gaming patterns to refine our player-protection tools.

Marketing communications (where you have opted in):

  • Sending you information about promotions, reload bonuses, BPL cricket offers, and seasonal campaigns (e.g., Eid, Pohela Boishakh) via SMS or email, where you have provided explicit consent to receive such communications.
  • You may withdraw marketing consent at any time by contacting . Withdrawal of marketing consent does not affect your ability to use the Platform.
Section 4

Data Sharing & Disclosure

gitabet does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share your data only in the limited circumstances described below, and always under contractual obligations that require the recipient to protect your information to the same standard we apply internally.

Payment processors: When you make a deposit or request a withdrawal, the necessary transaction data (mobile number, amount, reference ID) is shared with the relevant payment partner — bKash, Nagad, Dutch-Bangla Bank (Rocket), Upay, or the applicable card network — solely to execute the transaction. gitabet does not receive or store your banking PIN or OTP codes.

Game providers: When you launch a casino game or slot title, your Account identifier and session token are shared with the game provider (e.g., Pragmatic Play, Evolution Gaming, Spribe, Ezugi, Microgaming, NetEnt) to enable real-time gameplay and to return game results and winnings to your Wallet. Providers receive the minimum data necessary for session management and are bound by their own data protection obligations.

Identity verification services: During the KYC process, identity documents and selfie images may be passed to a third-party identity verification provider for automated document authenticity checks. These providers act as data processors under our instruction and do not use your data for their own purposes.

Legal and regulatory disclosure: We may disclose personal data to law enforcement agencies, regulatory authorities, or courts when required to do so by law, court order, or in connection with the investigation of fraud or financial crime. We will notify you of such disclosures where we are legally permitted to do so.

Business continuity: In the event of a merger, acquisition, or restructuring of the business operating gitabet, personal data held by the Platform may be transferred to the successor entity as part of that transaction, subject to the same privacy protections described in this policy. Users will be notified in advance of any such transfer.

Section 5

Cookies & Tracking Technologies

gitabet uses cookies and similar tracking technologies to provide a functional, personalised, and secure experience on the Platform. A cookie is a small text file placed on your device by a web server when you visit a website. Cookies allow the Platform to remember your session, preferences, and activity across pages.

Types of cookies we use:

  • Strictly necessary cookies: These are essential for the Platform to function. They maintain your login session, protect against cross-site request forgery (CSRF), and ensure that your Wallet balance and game state are accurately reflected. These cookies cannot be disabled without breaking core Platform functionality.
  • Performance and analytics cookies: These cookies collect anonymised information about how visitors use the Platform — which pages are visited most frequently, how long sessions last, and where users navigate from. This data helps us improve Platform performance and content. No personally identifiable information is collected by these cookies.
  • Functional cookies: These cookies remember choices you make — such as your preferred game lobby view or notification settings — so that you do not need to reconfigure them on each visit.
  • Marketing cookies (where consented): If you have opted in to marketing communications, cookies may be used to understand whether you have engaged with a promotional message and to avoid showing you the same promotion repeatedly.

Managing cookies: You may configure your browser to refuse or delete cookies at any time. Please note that disabling strictly necessary cookies will prevent you from logging in to your gitabet Account. Instructions for managing cookies vary by browser — consult your browser's help documentation for guidance. Clearing cookies will log you out of your current session.

Third-Party Cookies: Game providers and analytics partners may set their own cookies when you interact with their content on the Platform. gitabet does not control third-party cookies. Each provider's cookie policy governs those cookies. gitabet only integrates providers whose cookie practices are consistent with responsible data handling standards.
Section 6

Data Retention

gitabet retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention principles apply across all data categories.

  • Account data: Retained for the duration of your active Account plus a period of 5 years following permanent account closure, to enable us to respond to any retrospective disputes, regulatory enquiries, or legal claims.
  • Financial transaction records: Retained for a minimum of 5 years from the date of each transaction, consistent with standard financial record-keeping obligations and anti-money laundering requirements.
  • KYC and identity documents: Retained for the duration of your Account plus 5 years after closure. Documents are stored in encrypted form and accessible only to authorised compliance personnel.
  • Support communications: Retained for 2 years from the date of the last communication in a support thread, after which they are anonymised or deleted.
  • Analytics and usage data: Retained in anonymised, aggregated form for up to 3 years for the purpose of Platform analytics and improvement. Raw session logs are retained for no more than 90 days before being aggregated or deleted.
  • Marketing consent records: Retained for as long as you remain opted in, plus 2 years following your withdrawal of consent, as evidence of the consent history.

When personal data is no longer required, gitabet deletes it securely or renders it permanently anonymous so that it can no longer be attributed to you. Physical documents, if any, are shredded. Digital records are overwritten or cryptographically erased.

You may request early deletion of specific data categories by contacting . We will honour deletion requests where we are not legally required to retain the data. Where deletion is not possible within the retention window, we will restrict processing of the data to the minimum necessary for legal compliance.

Section 7

Your Privacy Rights

As a User of gitabet, you hold a number of rights over your personal data. gitabet is committed to facilitating the exercise of these rights promptly and without undue difficulty. To exercise any of the rights below, please contact us at with a clear description of your request and sufficient information to verify your identity.

Right of Access

Request a copy of the personal data we hold about you, along with information about how it is being used.

Right to Rectification

Request correction of inaccurate or incomplete personal data held in your Account at any time.

Right to Erasure

Request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.

Right to Restrict Processing

Request that we limit the processing of your data in certain circumstances, such as while a rectification request is being assessed.

Right to Data Portability

Receive a copy of the personal data you provided to us in a structured, commonly used, machine-readable format.

Right to Object

Object to the processing of your personal data for direct marketing purposes. We will honour such objections immediately and without question.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

Right to Lodge a Complaint

If you believe your privacy rights have been infringed, you may raise a formal complaint with gitabet by writing to .

We will respond to all verified rights requests within 30 calendar days. In complex cases, we may extend this period by a further 30 days, in which case we will notify you of the extension and the reason for it before the initial 30-day period expires. Exercising your privacy rights is free of charge in all standard circumstances.

Section 8

Data Security

gitabet implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures are reviewed and updated regularly to reflect current best practices in information security.

Technical safeguards include:

  • Transport Layer Security (TLS) encryption for all data in transit between your device and Platform servers.
  • Encryption of sensitive data fields (including identity documents and financial records) at rest using strong cryptographic algorithms.
  • Password hashing using a one-way cryptographic hash function — gitabet never stores your password in readable form.
  • Multi-factor authentication (MFA) options available for Account login to provide an additional layer of security beyond your password.
  • Intrusion detection and prevention systems monitoring Platform infrastructure for anomalous activity in real time.
  • Regular penetration testing and vulnerability scanning by qualified security professionals.
  • Segregation of production and development environments to prevent test processes from accessing real User data.

Organisational safeguards include:

  • Access to personal data is restricted to staff members who require it to perform their job functions (principle of least privilege).
  • All personnel with access to personal data are bound by confidentiality obligations and receive regular data protection training.
  • Formal incident response procedures are in place to detect, contain, and report data breaches promptly. In the event of a breach likely to affect your rights, you will be notified without undue delay.
  • Third-party data processors are vetted for security compliance before onboarding and subject to contractual data security obligations.
Your Responsibility: While gitabet takes all reasonable steps to protect your data, the security of your Account also depends on the strength of your password and the confidentiality of your login credentials. Use a strong, unique password for your gitabet Account and never share it with anyone. If you suspect your Account has been accessed without your authorisation, contact immediately.

Questions About Your Privacy?

Our English-speaking support team is available 24/7 in Bangladesh Standard Time to assist with any data protection query. You can also explore our full Terms & Conditions, review our Responsible Gaming guidelines, or head to the casino lobby.