Data Protection & Privacy
gdaje Privacy Policy — How We Handle Your Personal Data
At gdaje, the privacy and security of your personal information is a responsibility we take seriously. This Privacy Policy explains exactly what data we collect, how we use it, who we may share it with, and what rights you hold as a registered player based in Bangladesh. We are committed to transparent, lawful, and fair data handling at every step.
Our Commitment to You
Privacy at the Core of gdaje
gdaje is a trusted online casino and sports betting platform serving players across Bangladesh. Every piece of personal data you share with us — from your name and contact details at registration to your transaction history and betting activity — is handled with care, stored securely, and used only for clearly defined, lawful purposes. This Privacy Policy applies to all users of the gdaje website, mobile application, and any associated services, regardless of the device or network used to access them.
End-to-End Encryption
All data transmitted between your device and gdaje servers is protected by 256-bit SSL/TLS encryption. Your payment information, login credentials, and personal details are never transmitted or stored in plain text.
No Third-Party Advertising
gdaje does not sell, rent, or trade your personal data to third-party advertisers. Data shared with service providers is strictly limited to what is necessary for the specific operational purpose and is governed by formal data processing agreements.
You Control Your Data
As a gdaje account holder, you have the right to access, correct, and request deletion of your personal data at any time. Requests can be submitted via live chat support and will be processed within 30 calendar days.
Clear Retention Limits
gdaje retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Account data is retained for a minimum of five years following account closure to satisfy anti-money-laundering obligations.
Opt-Out of Marketing
Promotional communications from gdaje — including SMS, email, and in-platform notifications — require your prior consent. You may withdraw marketing consent at any time through your account notification settings without affecting your ability to use the platform.
KYC Handled with Care
Identity documents submitted for Know Your Customer (KYC) verification are stored in an encrypted document vault, accessible only to authorised compliance personnel. KYC documents are never used for any purpose beyond identity and age verification.
Section 1
Data We Collect
gdaje collects personal data in two ways: information you provide directly, and information collected automatically when you use the platform. The following table summarises the categories of personal data we collect, the source of that data, and the lawful basis on which we process it.
| Data Category | Examples | Source | Lawful Basis |
|---|---|---|---|
| Identity Data | Full name, date of birth, national ID number | Provided by you at registration or KYC | Contract performance; legal obligation |
| Contact Data | Email address, mobile number, city of residence | Provided by you at registration | Contract performance; legitimate interest |
| Financial Data | bKash/Nagad/Rocket/Upay account numbers, transaction amounts and timestamps | Provided by you and recorded automatically on transaction | Contract performance; legal obligation (AML) |
| Identity Documents | National ID card, passport, utility bill | Provided by you during KYC verification | Legal obligation (age verification, AML) |
| Technical Data | IP address, device type, operating system, browser, session timestamps | Collected automatically via platform logs | Legitimate interest (security, fraud prevention) |
| Usage Data | Pages visited, games played, bets placed, time on platform | Collected automatically via analytics | Legitimate interest (platform improvement) |
| Communications Data | Live chat transcripts, support emails, dispute records | Generated during your interactions with gdaje support | Legitimate interest (service quality, dispute resolution) |
| Marketing Preferences | Opted-in communication channels, promotion history | Provided by you via account settings | Consent |
Sensitive Data: gdaje does not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. If any such data is inadvertently submitted (for example, within a support message), it will not be processed for any purpose beyond addressing the immediate support query and will be deleted at the earliest opportunity.
gdaje does not collect personal data from individuals known to be under the age of 18. If we discover that personal data has been collected from an individual who is under 18, that data will be deleted immediately and the associated account permanently closed.
Section 2
How We Use Your Data
gdaje uses the personal data we collect for the following specific, documented purposes. We do not use your data for any purpose that is incompatible with those listed below without first obtaining your explicit consent or establishing a fresh lawful basis.
- Account Creation and Management: Processing your registration, verifying your identity and age, maintaining your account profile, and enabling login access to the gdaje platform.
- Transaction Processing: Receiving and recording deposits via bKash, Nagad, Rocket, and Upay; processing withdrawal requests to your registered payment account; maintaining an accurate account balance.
- Regulatory Compliance: Fulfilling Know Your Customer (KYC) obligations, conducting anti-money-laundering (AML) checks, retaining transaction records as required by applicable law, and cooperating with lawful requests from authorities.
- Fraud and Security: Detecting and preventing fraudulent account activity, unauthorised access attempts, collusion, bonus abuse, and other prohibited conduct as defined in the gdaje Terms & Conditions.
- Responsible Gaming: Monitoring betting and deposit patterns to identify indicators of problem gambling; applying self-exclusion restrictions and deposit limits as requested; contacting players where our responsible gaming monitoring flags a concern.
- Customer Support: Responding to your queries, resolving disputes, maintaining records of support interactions for quality-assurance purposes.
- Platform Improvement: Analysing aggregated and anonymised usage data to improve game selection, platform performance, user experience, and payment processing reliability.
- Marketing Communications: Sending promotional emails, SMS messages, and in-platform notifications about offers, bonuses, and seasonal promotions — only where you have given explicit consent and only until consent is withdrawn.
- Personalisation: Where you have consented, using your game and betting history to surface relevant content, promotions, and recommendations within the gdaje platform.
Automated Decision-Making: gdaje uses automated systems to flag accounts for fraud review, to apply bonus restrictions, and to identify responsible gaming risk indicators. Where an automated decision materially affects your account (for example, a suspension), you have the right to request a manual review by a member of the gdaje compliance team. To request a review, contact support via live chat.
Section 3
Data Sharing and Disclosure
gdaje does not sell your personal data. We share personal data only in the limited circumstances described below, and only to the minimum extent necessary for the stated purpose.
- Payment Processing Partners: Financial transaction data is shared with mobile money operators (bKash, Nagad, Rocket, Upay) and any intermediary payment processors strictly for the purpose of executing deposits and withdrawals requested by you.
- Identity Verification Providers: During KYC verification, identity document data may be shared with authorised third-party identity verification service providers operating under formal data processing agreements with gdaje.
- Game and Technology Providers: To facilitate gameplay, technical session data (such as player ID and session token) is shared with game studios and platform technology providers (including Pragmatic Play, Evolution Gaming, Spribe, and others). These providers do not receive personally identifiable contact or financial information beyond what is required to operate the game session.
- Fraud Prevention and AML Services: gdaje may share account and transaction data with specialist fraud-detection and anti-money-laundering service providers for the purpose of protecting the integrity of the platform and its players.
- Legal and Regulatory Authorities: gdaje will disclose personal data to law enforcement agencies, regulatory authorities, or courts where required to do so by applicable law, or where gdaje reasonably believes such disclosure is necessary to protect the rights or safety of any person.
- Business Transfers: In the event of a merger, acquisition, or sale of all or part of the gdaje business, personal data held on registered players may be transferred to the acquiring entity as part of the transaction, subject to the acquiring entity assuming gdaje's obligations under this Privacy Policy.
International Transfers: Some of gdaje's service providers may process data outside of Bangladesh. Where such transfers occur, gdaje takes steps to ensure that the receiving party maintains data security standards at least equivalent to those applied by gdaje itself, including through the use of contractual data protection clauses.
Section 5
Data Retention
gdaje retains personal data for as long as is necessary to fulfil the purpose for which it was collected, and thereafter for as long as required by applicable law or legitimate business need. The following retention periods apply as a baseline:
- Account and Identity Data: Retained for the life of the account plus a minimum of five years following account closure. This retention period is required to satisfy anti-money-laundering record-keeping obligations and to enable gdaje to respond to any post-closure regulatory enquiry or dispute.
- Transaction Records: All deposit and withdrawal records, including amounts, timestamps, and payment method references, are retained for a minimum of seven years following each transaction. This reflects standard financial record-keeping requirements.
- KYC Documents: Identity documents submitted for KYC verification are retained for the life of the account plus five years following closure. Documents are stored in an encrypted vault and access is restricted to authorised compliance personnel only.
- Support and Communication Records: Live chat transcripts, support emails, and dispute records are retained for three years following the closure of the relevant support interaction. These records may be retained for longer where the subject matter relates to an ongoing dispute or regulatory investigation.
- Marketing Consent Records: Records of your marketing consent (including the date consent was given or withdrawn) are retained for the life of the account and for three years after account closure, to enable gdaje to demonstrate compliance with consent obligations.
- Analytics and Usage Data: Anonymised and aggregated usage analytics data may be retained indefinitely as it can no longer be used to identify any individual. Non-anonymised usage logs are deleted or anonymised within 13 months of collection.
When personal data is no longer required for any of the purposes listed above, it is securely deleted or permanently anonymised. gdaje conducts periodic data audits to identify and remove data that has exceeded its applicable retention period.
Section 6
Data Security Measures
gdaje employs a layered, defence-in-depth approach to protecting the personal data of Bangladesh players. The following technical and organisational security measures are in place across the gdaje platform and infrastructure:
- 256-bit SSL/TLS Encryption: All data in transit between your device and gdaje servers is encrypted using industry-standard Transport Layer Security. Our SSL certificate is maintained and renewed on a regular schedule.
- Encrypted Data at Rest: Personal data and financial records stored in gdaje databases are encrypted at rest. Encryption keys are managed using a dedicated key management system with role-based access controls.
- Two-Factor Authentication (2FA): gdaje supports 2FA for player account login, adding a second verification layer via one-time code sent to your registered mobile number. gdaje staff with access to production systems are required to use 2FA at all times.
- Access Controls: Access to personal data is restricted on a strict need-to-know basis. Only authorised personnel in relevant roles (compliance, customer support, finance) can access player data, and all access events are logged for audit purposes.
- Intrusion Detection and Monitoring: gdaje operates continuous security monitoring across its infrastructure, including intrusion detection systems, anomaly detection, and real-time alerting for suspicious access patterns.
- Third-Party Security Audits: The gdaje platform undergoes periodic independent security audits and penetration testing to identify and remediate vulnerabilities before they can be exploited.
- Incident Response: In the event of a confirmed personal data breach that poses a risk to affected individuals, gdaje will notify affected players as promptly as practicable via their registered email address, describing the nature of the incident, the data affected, and the steps taken to contain it.
Your Responsibility: gdaje's security measures protect data on our end, but account security also depends on you. Use a strong, unique password for your gdaje account, enable 2FA, never share your login credentials, and ensure your registered mobile device is kept secure. gdaje will never ask for your password via any channel.
Section 7
Your Privacy Rights
As a registered gdaje player, you hold the following rights in respect of your personal data. These rights can be exercised at any time by contacting gdaje support via live chat. gdaje will respond to all data rights requests within 30 calendar days of receipt.
Right of Access
Request a copy of all personal data gdaje holds about you, along with information on how it is being used and on what basis.
Right of Rectification
Request correction of any inaccurate or incomplete personal data held in your gdaje account profile.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purpose it was collected, subject to any mandatory retention obligations.
Right to Restriction
Request that gdaje restricts processing of your data in certain circumstances — for example, while the accuracy of data is being contested.
Right to Portability
Request a copy of your personal data in a structured, machine-readable format for transfer to another service provider, where technically feasible.
Right to Object
Object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interest and you believe your interests override gdaje's.
Right re: Automated Decisions
Request a manual review of any automated decision — such as an account flag or suspension — that materially affects your rights or your use of the gdaje platform.
Right to Withdraw Consent
Withdraw marketing consent at any time via account notification settings. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of the rights listed above, contact gdaje support via live chat or send a written request to [email protected] (plain text — not a link). Please include your registered name, account username, and a description of the right you wish to exercise. gdaje may request proof of identity before processing a data rights request to prevent unauthorised disclosure.
Limitations on Erasure Requests
The right to erasure is not absolute. gdaje is required by law to retain certain transaction and identity records for a minimum of five to seven years following account closure. Where an erasure request is received for data that falls within a mandatory retention period, gdaje will explain the applicable legal basis and confirm which data, if any, can be deleted ahead of that period.
Section 8
Updates to This Privacy Policy
gdaje reserves the right to update this Privacy Policy at any time to reflect changes in applicable law, updates to platform functionality, changes in data processing practices, or recommendations from data protection authorities. The date of the most recent revision is displayed at the top of this page and in the version history below.
For material changes — those that could affect your rights or the way your data is used — gdaje will notify registered players via their registered email address at least seven calendar days before the change takes effect. For non-material changes such as typographic corrections or clarifications that do not alter the substance of any provision, the updated policy will be published without advance notice.
Your continued use of the gdaje platform after the effective date of any revision constitutes acceptance of the updated Privacy Policy. If you do not accept the revised policy, you must cease using the platform and may request voluntary account closure in accordance with the gdaje Terms & Conditions.
We encourage all registered players to review this Privacy Policy periodically. The current version is always accessible via the footer link on every page of the gdaje platform.
Version History
Your Data is Safe With Us
Ready to Play at gdaje?
Now that you understand how gdaje protects your personal data, explore the platform with confidence. Cricket betting, live casino, and 1,200+ slots — all backed by fast bKash and Nagad payments and 24/7 English support. 18+ only.