Privacy Policy
db365 Data Protection
At db365, your privacy is taken seriously. This Privacy Policy explains what personal data we collect when you use our platform, how that data is stored and processed, who it may be shared with, and what rights you hold as a user based in Bangladesh.
Our Privacy Commitments
db365 is committed to handling your personal data with transparency, security, and respect. Below are the core principles that shape how we approach data protection across every aspect of our platform.
SSL Encryption
All data transmitted between your device and db365 is protected by industry-standard SSL/TLS encryption. This applies to account login, payment processing, and all personal data submitted during registration and KYC verification.
Secure Data Storage
Personal data is stored on secure, access-controlled servers. Passwords are hashed using industry-standard algorithms and are never stored in plain text. Payment credentials are tokenised and not stored directly by db365 following the initial transaction.
No Third-Party Selling
db365 does not sell, rent, or trade your personal data to third-party marketers or data brokers under any circumstances. Data shared with partners is limited strictly to what is necessary for payment processing, KYC verification, and legal compliance.
Minimal Data Collection
We collect only the personal data that is genuinely necessary to deliver our services, complete regulatory obligations, and keep your account secure. We do not collect extraneous data points or build behavioural profiles beyond what is required for responsible gaming compliance.
User Control
You have the right to access, correct, and request deletion of your personal data held by db365. Marketing communications can be opted out of at any time via your account preferences or by emailing our support team. Your data control choices are actioned within 30 days of request.
Marketing Opt-Out
All promotional emails and SMS notifications from db365 include a clear unsubscribe mechanism. You may also manage your marketing preferences directly from your account dashboard at any time. Opting out of marketing does not affect transactional or security-related communications.
1. Information We Collect
When you register for and use a db365 account, we collect personal information to provide our services, fulfil our legal obligations, and keep your account secure. The categories of personal data we collect are described below.
Registration & Identity Data
When you create a db365 account, we collect your full legal name, email address, date of birth, Bangladesh mobile phone number, and your chosen username. This data is required to establish your account identity, verify your age eligibility (18+), and communicate with you regarding your account activity.
Know Your Customer (KYC) Data
To comply with anti-money laundering obligations and to verify your identity before processing withdrawals, db365 collects copies of government-issued identification documents such as your Bangladesh National ID card or passport. We may also collect a proof-of-payment document confirming that your registered bKash, Nagad, or bank account is held in your own name. KYC documents are processed by the db365 compliance team and stored securely in encrypted form.
Financial & Transaction Data
We collect records of all deposits, withdrawals, wagers, wins, and bonus transactions associated with your account. This includes the payment method used (bKash, Nagad, Rocket, Upay, Visa, Mastercard, or bank transfer), the transaction amount in BDT, and the timestamp of each transaction. We do not store complete payment card numbers; card data is tokenised by our payment processing partner at the point of entry.
Technical & Usage Data
When you access db365.club, our servers automatically record certain technical information, including your IP address, browser type and version, device type and operating system, referring URL, pages visited, session duration, and in-platform interaction events. This data is used for platform security monitoring, fraud detection, and improving the user experience.
Communications Data
If you contact the db365 support team via email or live chat, we retain a record of that correspondence, including the content of your messages and our responses. This record is used to resolve your query, maintain service quality, and for training and compliance review purposes.
2. How We Use Your Data
db365 processes personal data only for defined, legitimate purposes. We do not use your data in ways that are inconsistent with the purposes set out at the time of collection. The table below summarises the primary purposes for which we process personal data and the legal basis for each.
| Purpose of Processing | Data Categories Used | Legal Basis |
|---|---|---|
| Account creation and management | Registration data, contact details | Contract performance |
| Age verification (18+ compliance) | Date of birth, KYC documents | Legal obligation |
| Payment processing and fraud prevention | Transaction data, IP address, device data | Contract performance / Legal obligation |
| AML and KYC compliance | Identity documents, financial history | Legal obligation |
| Responsible gaming monitoring | Betting patterns, session data, deposit history | Legal obligation / Legitimate interest |
| Customer support | Communications data, account data | Contract performance |
| Platform security and fraud detection | Technical data, usage data, IP address | Legitimate interest |
| Promotional communications (opted-in users) | Contact details, game preferences | Consent |
| Platform analytics and improvement | Anonymised/aggregated usage data | Legitimate interest |
Where we rely on your consent as the legal basis for processing (for example, to send marketing emails or SMS promotions), you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal. Withdrawal of marketing consent does not affect your ability to use the db365 platform.
3. Data Sharing & Disclosure
db365 does not sell, rent, or trade your personal data. We share your data only in the limited circumstances described below, and only to the extent necessary for the specified purpose.
Payment Service Providers
To process deposits and withdrawals, we share relevant transaction data with our payment partners including bKash, Nagad, Rocket, Upay, and card processing networks. These providers receive only the data required to execute the specific transaction and are contractually bound to handle it in accordance with applicable data protection standards.
Identity Verification Partners
For KYC verification, we may use third-party identity verification services to authenticate the government-issued documents you submit. These partners process your identity data solely for the purpose of verification and are prohibited from using it for any other purpose.
Game Content Providers
When you play games powered by third-party studios such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, or Ezugi, those providers may receive a pseudonymous player identifier and your game activity data to facilitate game delivery, fair play certification, and dispute resolution. They do not receive your full name, contact details, or financial data.
Legal and Regulatory Disclosure
db365 may disclose personal data to law enforcement agencies, courts, or regulatory authorities where required to do so by applicable law, including in response to a lawful request, court order, or investigation related to anti-money laundering, fraud, or other criminal activity. We will notify affected users of such disclosures where we are legally permitted to do so.
Business Transfers
In the event that db365 undergoes a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity as part of that transaction. You will be notified of any such transfer and of any changes to this Privacy Policy that result from it, with a minimum of 30 days' notice before the change takes effect.
4. Cookies & Tracking Technologies
db365.club uses cookies and similar tracking technologies to operate the platform, remember your session preferences, detect fraudulent activity, and — where you have consented — deliver relevant promotional content. A cookie is a small text file placed on your device by the website when you visit. It cannot execute programmes or deliver viruses.
Types of Cookies We Use
- Strictly Necessary Cookies: These cookies are essential for the platform to function. They maintain your login session, remember your language preference, and protect against cross-site request forgery (CSRF) attacks. These cookies cannot be disabled without impairing your ability to use the site.
- Functional Cookies: These cookies remember choices you make on the platform, such as your preferred game category, display settings, or last visited section. They improve your experience but are not required for core functionality.
- Analytics Cookies: We use anonymised analytics data to understand how users navigate the platform, which pages perform well, and where users encounter difficulties. This data is aggregated and does not identify you personally.
- Security Cookies: These cookies assist our fraud detection systems in identifying unusual session behaviour, multiple-account patterns, or bot activity. They are necessary for maintaining platform integrity and protecting all users.
Managing Your Cookie Preferences
You can manage cookie settings through your browser's privacy controls. Most modern browsers allow you to block or delete cookies, though disabling strictly necessary cookies will impair your ability to log in and use the platform. Clearing cookies will also log you out of your current session. For guidance on managing cookies in your specific browser, refer to the browser's built-in help documentation.
5. Data Retention & Storage
db365 retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable legal and regulatory obligations. The retention periods below reflect our standard practice:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | AML regulatory obligation |
| KYC identity documents | Duration of account + 5 years after closure | AML / legal compliance |
| Transaction and financial records | 7 years from transaction date | Financial record-keeping requirements |
| Support communications | 3 years from last interaction | Dispute resolution / quality assurance |
| Technical / server log data | 90 days rolling | Security monitoring and fraud detection |
| Marketing consent records | Until consent is withdrawn + 1 year | Proof of consent compliance |
| Self-exclusion records | Minimum 7 years from exclusion date | Responsible gaming regulatory requirement |
After the applicable retention period has elapsed, personal data is securely deleted or anonymised so that it can no longer be attributed to any individual. Anonymised, aggregated data (for example, platform-wide betting volume statistics) may be retained indefinitely for internal research and reporting purposes.
All personal data is stored on servers located within secure, access-controlled data centre facilities. Access to personal data is restricted on a strict need-to-know basis; only authorised personnel with a legitimate operational reason are permitted to view identifiable user data, and all such access is logged and audited.
6. Your Privacy Rights
As a db365 user, you have the following rights with respect to your personal data. To exercise any of these rights, contact our support team at [email protected] with your full name, registered email address, and a description of your request. We will acknowledge your request within 72 hours and respond substantively within 30 calendar days.
- Right of Access: You may request a copy of all personal data db365 holds about you, along with information about how it is being processed and with whom it has been shared.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. Where the correction affects your identity verification status, updated documentation may be required.
- Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent (and no other legal basis applies), or where the data has been processed unlawfully. Note that this right is subject to our legal retention obligations — transaction and KYC records required for AML compliance cannot be deleted prior to their mandatory retention period.
- Right to Restrict Processing: In certain circumstances, you may request that we restrict the processing of your data — for example, while a dispute about data accuracy is being resolved.
- Right to Data Portability: Where processing is based on your consent or on contract performance, you may request a machine-readable copy of the personal data you have provided to db365, for the purpose of transferring it to another service provider.
- Right to Object: You may object at any time to the processing of your personal data for direct marketing purposes. You may also object to processing based on legitimate interests, though this right may be overridden where we can demonstrate compelling legitimate grounds.
- Right to Withdraw Consent: Where processing is based solely on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.
7. Data Security Measures
db365 implements a range of technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. Our security programme includes the following controls:
- Transport Layer Security (TLS): All data in transit between your browser or app and db365 servers is encrypted using TLS 1.2 or higher. This protects your login credentials, financial data, and personal information from interception during transmission.
- Password Hashing: User passwords are stored using a strong one-way cryptographic hashing algorithm with a unique salt per account. db365 staff cannot view your password; only you know it.
- Access Controls: Internal access to personal data is restricted to authorised personnel on a role-based, need-to-know basis. All data access is logged and subject to periodic audit.
- Intrusion Detection: Our infrastructure is monitored continuously by automated security systems that detect and alert on unusual access patterns, brute-force login attempts, and other indicators of compromise.
- Penetration Testing: db365 commissions periodic third-party security assessments to identify and remediate vulnerabilities in our platform infrastructure.
- Two-Factor Authentication (2FA): Players are encouraged to enable 2FA via their registered Bangladesh mobile number to add an additional layer of protection to their account login process.
Despite these measures, no online platform can guarantee absolute security. In the unlikely event of a data breach that poses a significant risk to affected users, db365 will notify impacted users promptly and take all reasonable steps to contain and remediate the incident. You can help protect your account by using a strong, unique password and never sharing your login credentials with any other person.
8. Contact & Policy Updates
If you have any questions, concerns, or requests relating to this Privacy Policy or to the way db365 processes your personal data, please contact our support team. The support team is available 24 hours a day, 7 days a week, and will direct privacy-related enquiries to the appropriate internal team.
Support contact: [email protected] (plain text — not a clickable link; please copy and paste this address into your email client).
Updates to This Policy
db365 reviews and updates this Privacy Policy periodically to reflect changes in our data practices, platform features, or applicable regulations. When material changes are made, we will update the effective date at the top of this document and notify registered users via their registered email address or through a prominent in-platform notice at least 14 days before the change takes effect.
Your continued use of the db365 platform following the effective date of a revised Privacy Policy constitutes your acknowledgement of and agreement to the updated terms. We encourage you to review this page periodically to stay informed about how your data is protected. Previous versions of this Privacy Policy are available upon request by contacting [email protected].
Your Privacy is Protected on db365
Now that you understand how db365 handles your data, explore our full range of cricket betting, live casino games, and slots — all secured by SSL encryption and backed by a transparent privacy commitment.