Data Protection
Privacy Policy for 09bdt
At 09bdt, protecting your personal data is a responsibility we take seriously. This Privacy Policy explains exactly what information we collect, why we collect it, how it is stored and protected, and the rights you hold over your own data as a player on Bangladesh's leading online casino platform.
Our Commitments
How 09bdt Protects Your Privacy
These six principles underpin every data-handling decision we make. They summarise — but do not replace — the full policy text below.
Every piece of data you transmit to or from 09bdt — including login credentials, payment details, and personal information — travels over a TLS 1.3 encrypted connection. No data is sent in plain text under any circumstances.
09bdt collects only the personal data that is strictly necessary for account registration, identity verification, payment processing, and regulatory compliance. We do not harvest data speculatively or sell personal profiles to third-party advertisers.
Your personal data is never sold, rented, or traded to external advertising networks. The only third parties who may access limited data are those directly involved in delivering our platform services — payment processors, game providers, and fraud-prevention partners.
Every category of data we collect is listed in this policy alongside a clear explanation of why we need it and the legal basis for processing it. There are no hidden data practices at 09bdt. What you read here is the complete picture.
You retain the right to access, correct, export, and request deletion of your personal data at any time. 09bdt will respond to all valid data rights requests within 30 days of receipt. Contact our data team at [email protected] with the subject line "Data Rights Request".
09bdt does not retain personal data indefinitely. Clear retention schedules are applied to every data category. Once the retention period expires and there is no ongoing legal obligation to retain the data, it is securely deleted or anonymised.
1. Introduction & Scope
09bdt ("the Platform", "we", "us", or "our") is committed to handling your personal information with transparency, integrity, and care. This Privacy Policy describes the types of personal data we collect from players and visitors based primarily in Bangladesh, the purposes for which that data is used, the conditions under which it may be shared with third parties, and the measures we take to keep it secure.
This policy applies to all individuals who visit the 09bdt website at https://09bdt.net, register a player account, deposit or withdraw funds, place bets, interact with our customer support team, or engage with any feature or service made available through the platform. It covers data collected via the website, through email and live chat communications, and through payment processing interactions.
This policy does not apply to third-party websites, payment services, or game providers that may be linked to or integrated within the 09bdt platform. Those third parties operate under their own privacy policies, and we encourage you to review those documents independently. 09bdt is not responsible for the privacy practices of any third-party service.
We may update this Privacy Policy from time to time to reflect changes in applicable law, our data practices, or the services we offer. Material changes will be communicated to registered players via email notification sent to the address associated with their account. The "Last Updated" date in the hero section above will always reflect the date of the most recent revision.
2. Personal Data We Collect
09bdt collects personal data through several routes: directly from you when you register or interact with the platform, automatically through your device and browser when you access the site, and from third-party partners involved in payment processing and identity verification. The categories of data we collect are described below.
| Data Category | Specific Data Points | Collection Method |
|---|---|---|
| Identity Data | Full legal name, date of birth, national identity card (NID) number, passport number | Provided by you at registration or during KYC verification |
| Contact Data | Email address, mobile number, residential address (city, district, division) | Provided by you at registration or in Account Settings |
| Financial Data | bKash / Nagad / Rocket wallet numbers, bank account references, transaction amounts in ৳ BDT, deposit and withdrawal history | Collected during deposit/withdrawal transactions via payment gateway |
| Verification Documents | Copies of NID, passport, utility bills, bank statements (for KYC purposes) | Uploaded by you in response to KYC requests |
| Technical Data | IP address, device type, operating system, browser type and version, screen resolution, time zone (Bangladesh Standard Time UTC+6) | Collected automatically when you access the platform |
| Usage Data | Games played, bets placed, session duration, pages visited, click paths, search queries within the platform | Collected automatically via server logs and analytics tools |
| Communications Data | Live chat transcripts, support ticket content, email correspondence with 09bdt | Collected when you contact the support team |
| Responsible Gaming Data | Deposit limits set, session time-out settings, self-exclusion status and history | Collected when you use responsible gaming tools in Account Settings |
We do not collect sensitive personal data such as racial or ethnic origin, religious beliefs, political opinions, genetic data, or biometric data for identification purposes beyond what is strictly required for age and identity verification under applicable compliance obligations.
Players under the age of 18 are strictly prohibited from registering or using the 09bdt platform. We do not knowingly collect personal data from individuals under 18. If we become aware that an account has been opened by a minor, we will close it immediately and delete the associated personal data.
3. Legal Basis for Processing
09bdt processes your personal data only where a lawful basis for doing so exists. The primary legal bases on which we rely are as follows:
- Contractual Necessity: Processing your identity data, contact data, and financial data is necessary to fulfil the contract between you and 09bdt — specifically, to operate your account, accept deposits, process withdrawals, and credit winnings. Without this processing, we cannot provide the service.
- Legal Obligation: We are required to collect and retain certain data — including identity verification documents and transaction records — in order to comply with anti-money laundering (AML) obligations, know-your-customer (KYC) requirements, and applicable financial regulations. This processing is not optional.
- Legitimate Interests: We process technical data, usage data, and communications data on the basis of our legitimate interests in maintaining the security, integrity, and performance of the platform; detecting and preventing fraud; and improving our services. These interests are balanced against your right to privacy and do not override your fundamental data rights.
- Consent: Where we send you optional marketing communications (such as promotional offers or seasonal newsletters), we will do so only where you have given explicit consent. You may withdraw this consent at any time by updating your communication preferences in Account Settings or by contacting [email protected].
4. How We Use Your Data
09bdt uses the personal data we collect for the following specific purposes. We will not use your data for any purpose that is incompatible with the purpose for which it was originally collected without first obtaining your consent.
- Account Management: Creating, maintaining, and administering your player account; verifying your identity at registration and during ongoing account reviews; updating account details at your request.
- Payment Processing: Processing deposits and withdrawals via bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, and Sonali Bank; maintaining accurate transaction histories; detecting and preventing unauthorised payment activity.
- KYC and Compliance: Conducting age verification to confirm that all account holders are 18 years of age or above; performing identity checks required under AML and KYC obligations; screening against fraud and financial crime databases.
- Game and Betting Services: Recording bets placed and game rounds played; calculating and crediting winnings; resolving disputes regarding game outcomes using server-side logs as the authoritative record.
- Security and Fraud Prevention: Monitoring account activity for signs of fraud, collusion, multi-accounting, or use of prohibited automated tools; investigating suspected breaches of our Terms & Conditions; sharing data with fraud-prevention partners where justified.
- Responsible Gaming: Tracking deposit limits, session time-outs, and self-exclusion status that you have set; enforcing self-exclusion periods; monitoring for behavioural patterns that may indicate problem gambling and acting on those patterns in accordance with our Responsible Gaming Policy.
- Customer Support: Responding to your support tickets, live chat messages, and email enquiries; maintaining records of prior interactions to provide consistent and informed support.
- Platform Improvement: Analysing aggregated and anonymised usage data to understand how players interact with the platform; identifying technical issues; improving game selection, layout, and overall user experience.
- Marketing (with consent): Sending promotional offers, bonus notifications, seasonal campaigns, and platform updates to players who have opted in to receive marketing communications. You can opt out at any time.
5. Data Sharing & Third Parties
We may share your personal data with the following categories of third parties, strictly on a need-to-know basis and subject to appropriate data processing agreements:
- Payment Service Providers: bKash, Nagad, Rocket, Upay, and our banking partners receive the minimum financial data necessary to process your deposit or withdrawal transaction. These providers are independently regulated and operate under their own privacy and security frameworks.
- Game Providers and Content Partners: Game software providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi may receive technical session data (e.g., a session token, bet amount, and game round ID) necessary to operate the game. They do not receive your identity data, contact data, or payment data as part of this integration.
- Identity Verification Services: Third-party KYC and AML screening providers may receive identity documents and personal details as part of the verification process. These providers are contractually bound to use your data solely for verification purposes.
- Fraud Prevention and Security Services: Where we have reasonable grounds to suspect fraudulent activity, we may share relevant account and transaction data with specialist fraud-prevention partners to investigate and mitigate the risk.
- IT Infrastructure and Hosting Providers: The technical systems that power the 09bdt platform are hosted on secure cloud infrastructure. Our hosting and infrastructure providers may have access to data stored on those systems as part of their service delivery, and are bound by strict data processing agreements.
- Legal and Regulatory Authorities: We will disclose personal data to law enforcement agencies, regulatory bodies, or courts when required to do so by applicable law, a valid court order, or a lawful regulatory request. We will notify you of any such disclosure to the extent we are legally permitted to do so.
All third-party data processors engaged by 09bdt are selected with care, bound by contractual data processing agreements, and required to maintain data security standards commensurate with the sensitivity of the data they handle. We conduct periodic reviews of our third-party data processors to confirm ongoing compliance.
6. Cookies & Tracking Technologies
09bdt uses cookies and similar tracking technologies to deliver a functional, personalised, and secure experience on the platform. A cookie is a small text file placed on your device by a web server. It is not an executable programme and cannot carry viruses or access other files on your device.
The cookies used on the 09bdt platform fall into the following categories:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Maintain your login session, remember your language and currency preferences, preserve your shopping cart / bet slip state, enable security features such as CSRF protection | Session (deleted when browser closes) or up to 24 hours |
| Performance & Analytics | Measure page load times, identify broken pages, analyse which sections of the platform receive the most traffic — all data is aggregated and anonymised | Up to 12 months |
| Functional | Remember your preferred game categories, bet size defaults, and table limits so you do not need to reconfigure these on each visit | Up to 6 months |
| Marketing (consent required) | Track whether you have viewed or clicked a promotional banner so we can measure campaign effectiveness and avoid showing you the same promotion repeatedly — only active where you have consented to marketing communications | Up to 30 days |
You can control cookies through your browser settings. Most browsers allow you to block all cookies, block third-party cookies only, or delete existing cookies. Please be aware that disabling strictly necessary cookies will impair the functionality of the 09bdt platform — in particular, you may not be able to remain logged in across page navigation. Disabling performance or functional cookies will not prevent you from using the platform but may result in a less personalised experience.
7. Data Retention Periods
09bdt retains personal data for only as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following retention schedule applies:
- Active Account Data (identity, contact, financial): Retained for the lifetime of your active account plus a minimum of 5 years following account closure. This extended period is required to satisfy AML record-keeping obligations and to resolve any disputes that may arise after closure.
- KYC Verification Documents: Retained for 5 years from the date of submission or from the date of account closure, whichever is later. Documents are stored in encrypted form and access is restricted to authorised compliance personnel only.
- Transaction Records (deposits, withdrawals, bet history): Retained for a minimum of 5 years from the date of the transaction. This is required for financial compliance, audit, and dispute resolution purposes.
- Technical and Usage Data: Retained for up to 24 months from collection. After this period, data is either deleted or anonymised so that it can no longer be linked to an individual player.
- Customer Support Communications: Retained for 3 years from the date of the last interaction in that support thread. This allows us to provide consistent support and to evidence our handling of any complaint or dispute.
- Marketing Consent Records: Retained for the duration of your account or until you withdraw consent, plus 3 years thereafter to evidence that communications were sent with valid consent.
- Self-Exclusion Records: Retained indefinitely to ensure that self-exclusion commitments can be honoured if a player later requests re-registration. These records are never deleted.
At the end of the applicable retention period, personal data is securely deleted from live systems and from backup archives. Where complete deletion is not technically feasible (for example, in highly aggregated analytical datasets), the data is anonymised beyond re-identification.
8. Security of Your Personal Data
The security measures implemented by 09bdt include, but are not limited to, the following:
- TLS 1.3 Encryption in Transit: All data transmitted between your device and the 09bdt platform is encrypted using Transport Layer Security (TLS) protocol version 1.3, which is the current industry gold standard for in-transit data protection.
- AES-256 Encryption at Rest: Sensitive personal data — including identity documents, financial records, and password hashes — is stored using AES-256 encryption. Plain-text storage of sensitive data is not permitted under any circumstances.
- Password Hashing: User passwords are never stored in plain text. They are processed using a strong one-way cryptographic hashing algorithm. 09bdt staff cannot view your password — only you know it. If you forget your password, it must be reset (not retrieved).
- Two-Factor Authentication (2FA): All players are encouraged to enable 2FA on their accounts via Account Settings. 2FA adds an additional verification layer that significantly reduces the risk of unauthorised account access even if login credentials are compromised.
- Role-Based Access Controls: Access to personal data within 09bdt's internal systems is restricted on a strict need-to-know basis. Only personnel whose job function requires access to specific data categories are authorised to view it, and all access is logged and auditable.
- Regular Security Audits: 09bdt conducts periodic internal security reviews and engages third-party security professionals to perform penetration testing and vulnerability assessments. Identified vulnerabilities are remediated according to a risk-prioritised schedule.
- Incident Response: In the event of a confirmed personal data breach that poses a risk to players, 09bdt will notify affected account holders promptly via the email address associated with their account, describing the nature of the breach, the data affected, and the remedial steps taken.
9. Your Data Rights
As a player whose personal data is processed by 09bdt, you hold the following rights in relation to that data. These rights are not absolute — in some cases they are subject to exceptions required by law (for example, we cannot delete transaction records that we are legally required to retain) — but we will always explain clearly if and why an exception applies to your request.
- Right of Access: You may request a copy of all personal data that 09bdt holds about you. We will provide this in a structured, readable format within 30 days of your verified request.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. Minor corrections (such as updating your mobile number or email address) can be made directly in Account Settings without a formal request.
- Right to Erasure: You may request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent and there is no other lawful basis for processing, or where processing is unlawful. This right is subject to our legal retention obligations — for example, transaction records held for AML compliance cannot be deleted on request.
- Right to Restriction: In certain circumstances (such as where you contest the accuracy of your data or have objected to processing pending our verification), you may request that we restrict processing of your data while the matter is resolved.
- Right to Data Portability: Where processing is carried out by automated means on the basis of consent or contractual necessity, you may request that we provide your personal data in a machine-readable format (e.g., CSV or JSON) for transfer to another service.
- Right to Object: You have the right to object at any time to the processing of your personal data for direct marketing purposes. Upon receipt of such an objection, we will cease all marketing communications immediately. You may also object to processing based on legitimate interests, in which case we will review and balance your objection against our interests.
- Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
To exercise any of the above rights, please contact our data team at [email protected] with the subject line "Data Rights Request", your registered account username, and a description of the right you wish to exercise. We may request proof of identity before actioning your request to protect against unauthorised access to your data. All requests are responded to within 30 calendar days.
10. Contact & Data Enquiries
If you have any questions, concerns, or requests relating to this Privacy Policy or to the way 09bdt handles your personal data, please contact us using the details below. All enquiries are handled in English and will be acknowledged within 48 hours of receipt, with a full response provided within 14 business days.
- Email: [email protected] — Subject line: "Privacy Enquiry" or "Data Rights Request"
- Live Chat: Available 24/7 via the platform — select "Account & Privacy" from the support menu
- Operating Hours: 24 hours a day, 7 days a week — Bangladesh Standard Time (BST, UTC+6)
- Response Commitment: Acknowledgement within 48 hours; full written response within 14 business days for data rights requests and within 30 calendar days for formal access requests
Policy Reference: Privacy Policy v2.1 — Effective January 2026. This document supersedes all previous versions of the 09bdt Privacy Policy. Previous versions are available on request from the support team. This policy is written in English and the English-language version is the authoritative text for all purposes.
Continue Exploring 09bdt
Your Data Is Safe — Now Play with Confidence
09bdt is committed to keeping your personal data secure so you can focus on what matters: enjoying 2,500+ certified games, live cricket betting, and instant bKash & Nagad withdrawals. For adults aged 18 and above only.