bdoko Privacy Policy
Your privacy matters to us. This policy explains exactly what personal data bdoko collects, how we use it, who we share it with, and the rights you hold as a registered player on our Bangladesh-based betting platform.
Privacy at a Glance
What This Policy Covers
Identity & Account Data
We collect your name, date of birth, email address, and mobile wallet number (bKash, Nagad, Rocket, or Upay) when you register. This data is required to verify your identity and process transactions securely.
Device & Usage Data
We automatically collect IP addresses, browser type, device identifiers, and page interaction data. This helps us detect fraud, optimise platform performance, and personalise your gaming experience.
Financial Data
Deposit and withdrawal records are retained for regulatory and anti-money-laundering (AML) compliance purposes. Card details are tokenised and never stored on bdoko servers in plain text.
Trusted Third Parties Only
We share data only with game studios (Pragmatic Play, Evolution Gaming, NetEnt), payment processors (bKash, Nagad), and fraud prevention services. We never sell your personal data to advertisers or data brokers.
Cookies & Analytics
bdoko uses essential, functional, and analytical cookies to keep sessions active, remember your preferences, and measure site performance. You can manage non-essential cookie preferences through your browser settings.
Your Rights
You have the right to access, correct, and request deletion of your personal data. You may also object to certain types of processing. Submit requests to our Data Protection Officer at [email protected].
Section 1
Data We Collect
bdoko collects personal data through three primary channels: information you provide directly during registration and account management; information generated automatically when you interact with the platform; and information received from trusted third-party partners such as payment processors and game studios. The specific categories of data collected are detailed below.
Information You Provide Directly
When you create a bdoko account, place bets, make deposits or withdrawals, or contact our support team, you provide us with the following types of personal information:
- Identity data: Full legal name, date of birth, nationality, and a copy of your government-issued identification document (National Identity Card or passport) submitted during KYC verification.
- Contact data: Email address and mobile phone number linked to your registered bKash, Nagad, Rocket, or Upay wallet.
- Account credentials: Your chosen username and an encrypted hash of your password. bdoko never stores passwords in plain text.
- Financial data: Mobile wallet identifiers used for deposit and withdrawal transactions, transaction amounts, and timestamps. If you use Visa or Mastercard, card numbers are tokenised by the payment gateway and are not stored on bdoko's servers.
- Communications data: Content of messages you send via live chat, WhatsApp support, or email, including any attachments or screenshots you share.
- Responsible gaming data: Self-exclusion preferences, deposit limit settings, and time-out durations you set through the account dashboard.
Information Collected Automatically
When you access bdoko.net, our systems automatically collect certain technical and behavioural data necessary for security, performance, and legal compliance:
- Device and network data: IP address, device type (mobile, desktop, tablet), operating system, browser type and version, screen resolution, and network connection type.
- Session data: Pages visited, time spent on each page, clicks and scroll depth, game sessions initiated and completed, bet amounts and outcomes, and session start and end timestamps.
- Geolocation data: Approximate geographic location derived from your IP address, used to verify that you are accessing the platform from a permitted location. We do not collect precise GPS coordinates.
- Cookie and tracking data: Session cookies, persistent preference cookies, and analytical tracking identifiers. Full details are provided in the Cookies section of this policy.
Information Received from Third Parties
bdoko may receive supplementary personal data from the following third-party sources:
- Payment processors: Transaction status updates, fraud flags, and wallet verification confirmations from bKash, Nagad, Rocket, Upay, and card payment gateways.
- Identity verification services: Results of document authenticity checks carried out by our KYC partner during the verification process.
- Fraud prevention providers: Risk scores and device fingerprint data used to identify patterns consistent with bonus abuse, money laundering, or account takeover attempts.
Section 2
How We Use Your Data
bdoko processes your personal data only where we have a lawful basis to do so. The primary purposes for which we use your data, and the corresponding legal basis for each, are set out in the table below.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation and authentication | Identity data, contact data, credentials | Contractual necessity |
| Processing deposits and withdrawals | Financial data, identity data | Contractual necessity |
| Age verification and KYC compliance | Identity data, document copies | Legal obligation |
| Anti-money-laundering (AML) monitoring | Financial data, session data | Legal obligation |
| Fraud detection and account security | Device data, IP address, session data | Legitimate interest |
| Customer support and dispute resolution | Communications data, account data | Contractual necessity |
| Responsible gaming monitoring | Session data, financial data, RG settings | Legal obligation / legitimate interest |
| Platform analytics and improvement | Anonymised session and device data | Legitimate interest |
| Promotional communications (opted-in only) | Contact data, preference data | Consent |
Marketing Communications
bdoko will only send you promotional emails or SMS notifications if you have explicitly opted in to receive them during registration or via your account settings. You may withdraw your consent to marketing communications at any time by updating your preferences in the account dashboard or by contacting our support team. Withdrawing marketing consent does not affect your ability to receive transactional notifications (such as deposit confirmations and withdrawal approvals), which are sent as a necessary part of the service.
Automated Decision-Making
bdoko uses automated systems for certain functions including fraud scoring, bonus eligibility checking, and responsible gaming alerts. Where an automated decision has a significant effect on your account (for example, triggering a temporary hold on a withdrawal pending review), you have the right to request human review of that decision. Contact our support team to exercise this right.
Section 3
Data Sharing & Third Parties
bdoko does not sell, rent, or trade your personal data to any third party for commercial or advertising purposes. We share data only where strictly necessary to deliver our services, comply with legal obligations, or protect the security of the platform and its users. The categories of third parties with whom we may share your data are as follows:
Service Providers
- Payment processors: bKash, Nagad, Rocket, Upay, and card payment gateway partners receive the minimum financial data required to process your transactions. These providers operate under their own privacy policies and are subject to data processing agreements with bdoko.
- Game studios: Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi receive session identifiers and game result data to facilitate gameplay and resolve disputes. These studios do not receive your full identity or financial data.
- KYC and identity verification: Our identity verification partner receives copies of your ID document and selfie solely for the purpose of confirming your age and identity. Verification results are returned to bdoko; raw document images are not retained by the partner beyond the verification period.
- Fraud prevention services: Device fingerprint data, IP addresses, and behavioural risk scores are shared with our fraud detection provider to protect the platform from account takeover, bonus abuse, and financial crime.
- Cloud infrastructure: bdoko's platform is hosted on secure cloud infrastructure. Server-side data is stored in encrypted form and access is restricted to authorised personnel only.
Legal and Regulatory Disclosure
bdoko may disclose your personal data to law enforcement agencies, regulatory bodies, or other authorities when required to do so by applicable law, court order, or formal legal process. We will notify you of such requests where we are legally permitted to do so. We may also share data where necessary to prevent, investigate, or prosecute suspected criminal activity including fraud and money laundering.
Business Transfers
In the event that bdoko undergoes a merger, acquisition, restructuring, or asset sale, your personal data may be transferred as part of that transaction. We will ensure that any acquiring entity is bound by data protection obligations no less stringent than those set out in this Privacy Policy, and we will notify affected players prior to any such transfer taking effect.
Section 4
Cookies & Tracking
bdoko uses cookies and similar tracking technologies (such as local storage and session storage) to ensure the platform functions correctly, to remember your preferences, and to gather analytics that help us improve the user experience. Cookies are small text files stored on your device by your browser when you visit bdoko.net.
Types of Cookies We Use
| Cookie Type | Purpose | Retention | Can Be Disabled? |
|---|---|---|---|
| Essential | Session management, login state, security tokens, CSRF protection | Session / up to 24 hours | No — required for core functionality |
| Functional | Language preference, last-visited game category, responsible gaming alert states | Up to 30 days | Yes — disabling affects personalization |
| Analytical | Page view counts, session duration, bounce rate — used in anonymised aggregate form | Up to 13 months | Yes — via browser settings |
| Security | Device fingerprinting, fraud risk scoring, bot detection | Up to 90 days | No — required for account protection |
Managing Your Cookie Preferences
You can control non-essential cookies through your browser's settings menu. Most modern browsers allow you to block, delete, or receive notifications before a cookie is stored. Please note that disabling essential or security cookies will impair your ability to log in and use core platform features. Instructions for managing cookies in the most widely used browsers in Bangladesh are available via the browser help pages for Chrome, Firefox, Samsung Internet, and Opera Mini.
bdoko does not currently support third-party advertising cookies or retargeting pixels. No data collected through cookies on bdoko.net is shared with advertising networks.
Section 5
Data Security
Protecting your personal data is a core operational priority for bdoko. We implement a combination of technical, organisational, and procedural controls to guard against unauthorised access, accidental loss, disclosure, or destruction of your personal information.
Technical Safeguards
- 256-bit SSL/TLS encryption: All data transmitted between your device and bdoko.net is encrypted using industry-standard TLS protocols. The padlock icon in your browser confirms an active encrypted connection.
- Password hashing: Account passwords are stored as one-way cryptographic hashes using bcrypt. Even in the unlikely event of a database exposure, passwords cannot be reconstructed from stored hashes.
- Payment tokenisation: Card payment details are tokenised by our payment gateway partner before reaching bdoko's servers. Raw card numbers are never stored on bdoko's infrastructure.
- Access controls: Internal access to personal data is restricted on a strict need-to-know basis using role-based access control (RBAC). All internal access events are logged and subject to periodic audit.
- Intrusion detection: Continuous monitoring systems scan for anomalous access patterns and trigger alerts for immediate investigation by the security team.
Organisational Safeguards
- All staff handling personal data undergo mandatory data protection training before being granted access to production systems.
- Third-party service providers are vetted for data security standards before being onboarded and are required to sign data processing agreements.
- bdoko maintains a documented incident response plan. In the event of a data breach that poses a risk to your rights, we will notify affected players without undue delay.
Your Responsibility
While bdoko takes all reasonable measures to protect your data on our end, you also play an important role in keeping your account secure. Use a strong, unique password for your bdoko account. Never share your login credentials with anyone. Log out of your account when using a shared or public device. If you suspect your account has been compromised, contact our support team immediately.
Section 6
Data Retention
bdoko retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, and to resolve disputes or enforce our agreements. The retention periods applicable to the main categories of personal data are outlined below.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account identity and registration data | Duration of account + 5 years after closure | AML / legal compliance |
| KYC verification documents | Duration of account + 5 years after closure | Regulatory obligation |
| Financial transaction records | 7 years from transaction date | Tax and AML compliance |
| Betting and gaming history | 5 years from the date of each session | Dispute resolution |
| Customer support communications | 3 years from last interaction | Dispute resolution / quality assurance |
| Analytical and session data (anonymised) | 13 months on a rolling basis | Platform improvement |
| Marketing consent records | Until withdrawn + 2 years | Compliance with consent obligations |
When retention periods expire, personal data is securely deleted or anonymised so that it can no longer be associated with an individual. Anonymised, aggregated data may be retained indefinitely for statistical and product improvement purposes.
In cases where an account has been closed due to confirmed fraud or criminal activity, bdoko may retain relevant data beyond the standard retention periods where required by law or ongoing legal proceedings.
Section 7
Your Privacy Rights
bdoko respects your right to control how your personal data is used. As a registered player, you are entitled to exercise the following rights in relation to your personal data held by bdoko:
Right of Access
You have the right to request a copy of all personal data that bdoko holds about you. We will provide this information in a structured, commonly used format within 30 days of receiving a verified request. There is no charge for a first access request in any 12-month period.
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. You can update certain account details (such as your email address and phone number) directly through the account dashboard. For identity document corrections, contact our support team.
Right to Erasure ("Right to Be Forgotten")
You may request that we delete your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (and there is no other legal basis for processing), or where the data has been processed unlawfully. Please note that we may be unable to fully erase certain data that we are legally required to retain — for example, financial transaction records held for AML compliance. In such cases, we will delete all data that is not subject to a legal retention requirement and inform you of what has been retained and why.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while you contest the accuracy of data we hold, or while an objection is being assessed. Where processing is restricted, we will continue to store your data but will not actively process it beyond storage.
Right to Data Portability
Where processing is based on your consent or on a contractual basis and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, machine-readable format, and to request that we transmit it directly to another service provider where technically feasible.
Right to Object
You have the right to object to processing carried out on the basis of legitimate interests, including profiling for fraud detection purposes. Where you object, we will assess whether our legitimate interests override your rights and inform you of the outcome. You also have an unconditional right to object to processing for direct marketing purposes at any time.
Exercising Your Rights
To exercise any of the rights described above, submit a written request to our Data Protection Officer at [email protected] with the subject line "Privacy Rights Request". We will acknowledge your request within 5 business days and respond in full within 30 days. We may ask you to verify your identity before processing the request to protect against fraudulent data access claims.
Section 8
Contact & Data Controller
bdoko acts as the data controller for all personal data collected through the bdoko.net platform. If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or want to raise a concern about how your data is being handled, please contact our Data Protection Officer using the details below.
- Email: [email protected] — subject line "Privacy Rights Request" or "Data Protection Query"
- Live Chat: Available 24/7 at bdoko.net, all days including public holidays. Ask to be connected to the data protection team.
- WhatsApp: Available after login, 09:00–01:00 BST. Reference "Privacy Policy" at the start of the conversation.
- Response time: Initial acknowledgement within 5 business days; full response within 30 calendar days of receiving a verified request.
Changes to This Privacy Policy
bdoko reserves the right to update this Privacy Policy at any time to reflect changes in our data practices, legal obligations, or platform features. When we make material changes, we will notify registered players by email and display a prominent notice on bdoko.net for at least 30 days prior to the changes taking effect. The "Effective" date at the top of this page will be updated accordingly.
We encourage you to review this Privacy Policy periodically. Continued use of the bdoko platform after any changes take effect constitutes your acceptance of the revised policy. If you do not agree with the updated terms, you may close your account by contacting our support team before the effective date of the changes.
Ready to Play?
Explore bdoko — Bangladesh's Trusted Betting Platform
Now that you've reviewed our Privacy Policy, you know exactly how your data is protected. Enjoy cricket betting, live slots, and live dealer games — all secured with 256-bit SSL encryption.