Privacy Policy — How 33mbd Collects, Uses & Protects Your Data
At 33mbd, your privacy is not an afterthought — it is a core operating principle. This Privacy Policy explains exactly what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you hold over your own information as a player on our platform.
Who This Policy Applies To
This Privacy Policy applies to all individuals who access or use the 33mbd platform, including registered account holders, visitors browsing the site without an account, and individuals who contact our support team. By using the 33mbd platform, you acknowledge that you have read and understood this policy and that your data will be handled as described herein. If you do not agree with any element of this policy, you should discontinue use of the platform and contact [email protected] to request account closure and data deletion.
Information We Collect
33mbd collects personal data only to the extent necessary to operate a safe, compliant, and enjoyable online gaming platform for players in Bangladesh. We do not collect data speculatively or sell your personal information to third-party advertisers. The categories of data we collect fall into the following groups:
Registration and Identity Data
When you create a 33mbd account, we collect the information you provide in the registration form. This includes your full legal name, date of birth, gender (optional), residential address, email address, and mobile phone number registered in Bangladesh. This data is required to create and maintain your account, to verify your identity, and to comply with our age verification and Know Your Customer (KYC) obligations.
Identity Verification Documents
As part of our KYC programme, we may request and retain copies of government-issued identity documents. These may include your National Identity Card (NID), passport, driving licence, or birth certificate accompanied by a photo ID. Utility bills or bank statements may also be requested as proof of current residential address. These documents are stored securely and used solely for verification purposes.
Financial and Transaction Data
We collect data relating to all financial transactions conducted through your 33mbd account. This includes deposit amounts, withdrawal requests, payment method details (bKash wallet number, Nagad wallet number, Rocket number, bank account details), transaction timestamps, and transaction reference numbers. We do not store full card numbers or mobile banking PINs — payment processing is handled by our payment partners using their own secure, encrypted infrastructure.
Gaming and Betting Activity Data
We record all gaming and betting activity conducted on the 33mbd platform. This includes bets placed, games played, bet amounts, bet outcomes, bonus usage, session start and end times, and game-specific event logs. This data is used for account management, dispute resolution, responsible gaming monitoring, fraud detection, and regulatory compliance purposes.
Technical and Device Data
When you access the 33mbd platform, our servers automatically collect certain technical information. This includes your IP address, browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, referring URL, pages visited within the platform, and session duration. This data is collected via server logs and analytics tools and is used to maintain platform security, detect fraudulent access, and improve the user experience.
Communications Data
When you contact 33mbd's support team via live chat or email, we retain a record of the communication. This includes the content of your messages, the date and time of the exchange, and the support agent's responses. These records are kept for quality assurance, dispute resolution, and compliance purposes.
Data We Collect at a Glance
A summary of the main categories of personal data 33mbd processes:
- Full name, date of birth, address
- Email address, mobile number
- Identity documents (NID, passport)
- Payment method details (wallet/bank)
- Transaction history
- Betting and gaming activity
- IP address, device info
- Support communications
Minimal Data Principle
33mbd collects only the data that is genuinely necessary for the purposes described in this policy. We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, or health data unless directly relevant to a responsible gaming assessment and shared by you voluntarily.
How We Use Your Data
33mbd processes your personal data on the basis of contractual necessity (to deliver the services you have signed up for), legal obligation (to comply with applicable anti-money-laundering and age verification requirements), legitimate interest (to operate a secure and well-functioning platform), and — where applicable — your explicit consent (for marketing communications). Each specific use of your data is tied to one or more of these lawful bases.
Account Management and Service Delivery
Your registration and identity data is used to create and maintain your 33mbd account, authenticate your login sessions, process deposits and withdrawals, manage your bonus entitlements, and provide you with a personalised gaming experience. Without this data, we cannot deliver the core services of the platform to you.
Identity Verification and Fraud Prevention
We use your identity documents, transaction history, IP address data, and device information to verify your identity, confirm your age, prevent duplicate account creation, detect suspicious access patterns, and investigate potential fraud or money laundering activity. This processing is both a contractual requirement and a legal obligation under applicable anti-fraud standards.
Responsible Gaming Monitoring
33mbd's responsible gaming programme relies on the analysis of your gaming activity data — including bet frequency, session duration, deposit patterns, and self-imposed limit usage — to identify early indicators of problem gambling behaviour. Where such indicators are present, our responsible gaming team may proactively reach out with information about support tools. This processing is in your vital interest and forms part of our duty of care as a platform operator.
Customer Support
Communications data collected via live chat and email is used to respond to your queries, resolve disputes, investigate complaints, and improve the quality of our support service. Support records are retained for a minimum of 12 months following account closure for dispute resolution purposes.
Marketing Communications
With your explicit consent, we may use your email address and mobile number to send you promotional communications about 33mbd bonuses, new games, seasonal offers (including BPL cricket promotions, Eid offers, and Pohela Boishakh campaigns), and platform updates. You may withdraw your consent to marketing communications at any time via account settings or by emailing [email protected]. Withdrawal of marketing consent does not affect the lawfulness of processing that occurred before the withdrawal.
Platform Improvement and Analytics
Aggregated and anonymised technical and gameplay data is used to analyse platform performance, identify user experience issues, test new features, and optimise the overall 33mbd experience. This analytics processing uses data that cannot identify you individually and is subject to strict internal access controls.
Lawful Basis Summary
Every data processing activity at 33mbd is tied to a lawful basis: contract performance, legal obligation, legitimate interest, or your explicit consent. We do not process your data without a clearly identified lawful basis for each use.
Marketing Opt-Out
You can opt out of all marketing communications at any time via your account settings or by contacting [email protected]. During any active self-exclusion period, marketing is automatically suspended regardless of your opted-in preferences.
Responsible Gaming Data
Data used for responsible gaming monitoring is handled with additional care. It is never used for marketing profiling and is accessible only to 33mbd's designated responsible gaming team members.
| Purpose of Processing | Data Categories Used | Lawful Basis |
|---|---|---|
| Account creation and management | Registration data, identity documents | Contract performance |
| Age verification and KYC compliance | Identity documents, date of birth | Legal obligation |
| Payment processing | Financial and transaction data | Contract performance |
| Fraud detection and prevention | Technical data, transaction data, IP address | Legitimate interest |
| Responsible gaming monitoring | Gaming activity, deposit patterns | Legitimate interest / vital interest |
| Customer support and dispute resolution | Communications data, account data | Contract performance / legitimate interest |
| Marketing communications | Email, mobile number | Explicit consent |
| Platform analytics and improvement | Anonymised technical and gameplay data | Legitimate interest |
Data Sharing & Disclosure
33mbd does not sell, rent, or trade your personal data to third parties for commercial purposes. Your data is shared with external parties only in the specific, limited circumstances described below, and only to the extent necessary for each identified purpose.
Payment Processing Partners
To process your deposits and withdrawals, 33mbd shares necessary financial data with our payment processing partners. These partners include the operators of bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, BRAC Bank, City Bank, Islami Bank, and Sonali Bank. Data shared is limited to the transaction details required to complete the specific transaction — for example, your wallet number and transaction amount. Payment partners are contractually obligated to process this data solely for payment fulfilment and are prohibited from using it for any other purpose.
Identity Verification Service Providers
33mbd may use third-party identity verification service providers to assist with KYC document verification. These providers receive only the specific documents and data points required to complete the verification check and are bound by strict data processing agreements. Verification data is not retained by these providers beyond the period required to complete and log the verification outcome.
Game Content Providers
The games available on the 33mbd platform are supplied by third-party game studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi, among others. When you play a game supplied by a third-party provider, a session identifier and your account reference may be shared with that provider's game server to facilitate the game session. Individual providers' data practices are governed by their own privacy policies; however, all providers integrated into the 33mbd platform are required to meet minimum data security standards as a condition of their integration agreement.
Legal and Regulatory Disclosure
33mbd may disclose your personal data to law enforcement agencies, regulatory bodies, or other competent authorities where we are legally required to do so, or where such disclosure is necessary to prevent, detect, or prosecute criminal activity including fraud and money laundering. Such disclosures are made only to the extent legally required or permitted and are logged internally for accountability purposes.
Business Transfers
In the event that 33mbd undergoes a merger, acquisition, or sale of all or substantially all of its assets, your personal data may be transferred to the acquiring entity as part of that transaction. In such circumstances, you will be notified of the transfer and the identity of the new data controller via a notice on the 33mbd platform and/or by email to your registered address, and your rights over your data will be unaffected.
We Never Sell Your Data
33mbd does not sell, rent, or otherwise transfer your personal data to third-party advertisers, data brokers, or commercial data buyers. Your data is shared externally only for the operational purposes described in this policy and only with parties bound by data processing agreements.
Third-Party Agreements
Every third party that receives 33mbd player data is bound by a formal data processing agreement that specifies the permitted purposes, data security requirements, and obligations in the event of a data breach. We review these agreements periodically to ensure ongoing compliance.
Cookies & Tracking Technologies
The 33mbd platform uses cookies and similar tracking technologies to deliver a functional, secure, and personalised experience. This section explains what cookies we use, why we use them, and how you can manage your cookie preferences.
What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device on subsequent visits and to remember certain preferences or session states. Cookies set by the website you are visiting are called first-party cookies; cookies set by third-party services embedded on the page are called third-party cookies.
Categories of Cookies We Use
Strictly Necessary Cookies: These cookies are essential for the 33mbd platform to function. They maintain your logged-in session, remember your language and currency preferences, and enable core security features such as CSRF protection. These cookies cannot be disabled without breaking core platform functionality. No consent is required for strictly necessary cookies under applicable standards.
Performance and Analytics Cookies: These cookies collect anonymised information about how visitors use the 33mbd platform — which pages are visited most frequently, how long users spend on each section, and where users exit the platform. This data is aggregated and cannot identify you personally. It is used to improve the design and performance of the platform.
Functional Cookies: These cookies remember your preferences and personalisation choices — such as your preferred game category, display settings, and notification preferences — so you do not have to re-enter them on every visit.
Third-Party Game Provider Cookies: Games supplied by third-party providers such as Pragmatic Play, Evolution Gaming, and Spribe may set their own session cookies within the game frame to manage the game session state. These cookies are governed by the respective provider's cookie policy.
Managing Your Cookie Preferences
You can control non-essential cookies via your browser settings. Most modern browsers allow you to block or delete cookies, or to receive a notification before a cookie is placed. Please note that blocking strictly necessary cookies will impair your ability to use the 33mbd platform, including your ability to log in and place bets. Detailed cookie management instructions for the most commonly used browsers (Chrome, Firefox, Safari, Edge) are available in each browser's help documentation.
Cookie Control
Non-essential cookies (performance, functional, and third-party cookies) can be managed or disabled via your browser settings. Strictly necessary cookies cannot be disabled as they are required for basic platform operation including login session management and security.
Cookie Summary
Types of cookies used on 33mbd:
- Strictly Necessary — always active
- Performance / Analytics — anonymised
- Functional — preference storage
- Game Provider — third-party session
Data Retention & Storage
33mbd retains your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable legal, regulatory, or contractual obligations. The retention periods described below represent our standard schedules; individual data categories may be retained for shorter or longer periods where specific circumstances require it, in which case those circumstances will be documented.
Account Data
Registration data, identity documents, and KYC verification records are retained for the duration of your account's active life plus a minimum of five (5) years following permanent account closure. This retention period reflects our obligations under applicable anti-money-laundering standards and allows us to respond to regulatory enquiries that may arise after an account has been closed.
Transaction Records
All financial transaction records — including deposit confirmations, withdrawal records, and payment method details — are retained for a minimum of five (5) years from the date of the transaction. This retention period supports our obligations under financial record-keeping requirements and enables the investigation of historical disputes.
Gaming Activity Logs
Detailed gaming activity logs — including individual bet records, game session logs, and outcome data — are retained for a minimum of three (3) years from the date of the activity. These records are used for dispute resolution, responsible gaming auditing, and fraud investigation purposes.
Support Communications
Live chat transcripts and email correspondence with the 33mbd support team are retained for a minimum of twelve (12) months following the closure of the relevant support ticket or, where the communication relates to a formal complaint, for a minimum of three (3) years following final resolution of that complaint.
Marketing Consent Records
Records of your marketing consent (including the date, method, and specific consent given) and any subsequent opt-out requests are retained indefinitely to protect both your rights and 33mbd's ability to demonstrate compliance in the event of a complaint or enquiry.
Data Deletion
Upon expiry of the relevant retention period, data is securely deleted or irreversibly anonymised. Where data has been anonymised (rather than deleted), the resulting anonymised dataset can no longer be linked to you as an individual and is not subject to further data protection obligations. You may submit a request for early deletion of data that is no longer required for its stated purpose — see the Your Privacy Rights section below for details of how to exercise this right.
Retention at a Glance
- Account & KYC data — 5 years post-closure
- Transaction records — 5 years from transaction date
- Gaming activity logs — 3 years
- Support comms — 12 months minimum
- Marketing consent records — indefinitely
Data Storage Location
All 33mbd player data is stored on secure servers. Data is encrypted at rest using AES-256 encryption. Backups are maintained on separate encrypted infrastructure. Access to player data is restricted to authorised personnel on a strict need-to-know basis, enforced via role-based access controls and audit logging.
Your Privacy Rights
As a 33mbd player, you hold a number of rights in relation to the personal data we hold about you. These rights are described below. To exercise any of these rights, contact the 33mbd Data Privacy team at [email protected] with the subject line "Privacy Rights Request". We will acknowledge your request within 3 business days and respond fully within 30 days. Complex requests may require an extension of up to an additional 30 days; you will be informed if this is the case.
Right of Access
You have the right to request a copy of the personal data 33mbd holds about you, along with information about the purposes for which it is processed, the categories of data held, and the recipients to whom it has been disclosed. This is commonly known as a Subject Access Request (SAR). We will provide the data in a structured, machine-readable format where technically practicable.
Right to Rectification
You have the right to request the correction of any personal data that 33mbd holds about you that is inaccurate or incomplete. For minor corrections — such as updating a mobile number — this can be done directly via account settings. For corrections that affect identity documents or legally significant data, the rectification process requires written confirmation and supporting documentation.
Right to Erasure
You have the right to request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent (and no other lawful basis applies), or where the data has been unlawfully processed. This right is not absolute — it does not apply where retention is required by law (for example, financial records subject to anti-money-laundering retention obligations) or where the data is necessary for the establishment, exercise, or defence of legal claims.
Right to Restrict Processing
You have the right to request that 33mbd restricts the processing of your data — meaning we may store it but not use it — in certain circumstances, such as while you are contesting the accuracy of data we hold, or while an objection to processing is being assessed.
Right to Data Portability
For data that you have provided to 33mbd directly and that is processed on the basis of your consent or contractual performance, you have the right to receive that data in a structured, commonly used, machine-readable format so that it can be transferred to another service provider if you wish.
Right to Object to Marketing
You have an unconditional right to object to the processing of your personal data for direct marketing purposes at any time. Upon receipt of your objection, we will cease all marketing communications to you immediately. You can also exercise this right directly via account settings without needing to contact support.
Your Rights Summary
- Right of Access (SAR)
- Right to Rectification
- Right to Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object to Marketing
How to Submit a Request
Email [email protected] with the subject line "Privacy Rights Request". Include your registered username and a clear description of the right you wish to exercise. We will acknowledge within 3 business days and respond fully within 30 days of receipt.
Access Your Data
Request a full copy of the personal data 33mbd holds about you at any time. We provide it in a structured, readable format within 30 days.
Correct Your Data
If any personal data we hold about you is inaccurate or outdated, you can request a correction directly via account settings or by contacting our support team.
Delete Your Data
Request erasure of personal data that is no longer needed, subject to our legal retention obligations. Submit your request to [email protected].
Export Your Data
Exercise your data portability right to receive a machine-readable copy of data you have provided to 33mbd directly under consent or contract.
Data Security Measures
33mbd implements a layered, defence-in-depth approach to data security. Our security programme combines technical controls, organisational policies, and procedural safeguards to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. While no system can guarantee absolute security, we maintain the following measures as a minimum standard:
Encryption in Transit
All data transmitted between your device and the 33mbd platform is encrypted using Transport Layer Security (TLS) protocol version 1.2 or higher. This means that data travelling across the network — including login credentials, personal data, and financial transaction details — cannot be intercepted or read by unauthorised third parties. The 33mbd platform enforces HTTPS on all pages and connections, and HTTP connections are automatically redirected to HTTPS.
Encryption at Rest
Personal data stored on 33mbd's servers and databases is encrypted at rest using AES-256 encryption. This includes all personally identifiable information, identity documents, and transaction records. Database-level encryption is complemented by file-system-level encryption on all storage media, including backup media.
Access Controls
Access to 33mbd's player data systems is restricted to authorised personnel only. Access rights are assigned on a strict need-to-know basis, enforced via role-based access control (RBAC) policies. All access to production data systems is logged and subject to periodic audit. Privileged access — such as database administrator access — requires multi-factor authentication (MFA) and is reviewed quarterly.
Vulnerability Management
33mbd conducts regular vulnerability assessments and penetration testing of its platform infrastructure. Identified vulnerabilities are triaged and remediated according to a risk-based priority schedule. Critical and high-severity vulnerabilities are remediated within defined response-time targets. We also operate a responsible disclosure process for externally identified security issues.
Incident Response
In the event of a personal data breach, 33mbd has a documented incident response plan. Where a breach is likely to result in a high risk to affected individuals, we will notify affected players without undue delay, providing details of the nature of the breach, the categories and approximate number of records affected, the likely consequences, and the measures taken or proposed to address the breach. Incident records are maintained for a minimum of five years.
Staff Training
All 33mbd personnel who handle personal data are required to complete data protection and information security training upon joining the company and at regular intervals thereafter. Training covers data handling responsibilities, recognition of phishing and social engineering attacks, and the correct procedures for reporting suspected security incidents.
256-bit SSL Encryption
Every connection to the 33mbd platform is protected by industry-standard TLS encryption. Your login credentials, personal data, and financial transactions are fully encrypted in transit at all times.
Role-Based Access
Access to player data is limited to staff who genuinely need it to perform their role. All access is logged, audited, and requires multi-factor authentication for privileged operations.
Breach Notification
If a data breach occurs that poses a high risk to your rights, 33mbd will notify you promptly with full details and the steps being taken to mitigate the impact and prevent recurrence.
Policy Updates & Contact
33mbd reviews and updates this Privacy Policy periodically to reflect changes in our data processing practices, changes in the services we offer, and developments in applicable privacy standards. When we make material changes to this policy — meaning changes that significantly affect how we collect, use, or share your personal data — we will notify you via a prominent notice on the 33mbd platform homepage and, where we hold a verified email address for your account, by email to that address.
The effective date of the current version of this policy is stated at the top of the document. We recommend that you review this policy periodically, particularly before making a significant deposit or providing additional personal data, to ensure you remain comfortable with how your information is handled. Minor changes — such as corrections to typographical errors, formatting updates, or clarifications that do not alter the substantive meaning of any provision — may be made without specific notification, though the effective date will be updated to reflect the revision.
Children and Minors
The 33mbd platform is strictly for adults aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. Our registration process includes an age verification step requiring players to confirm they are 18 or older, and our KYC process includes date-of-birth verification against identity documents. If we discover that personal data belonging to a person under 18 has been collected, we will delete it immediately and close the associated account. If you believe a minor has registered on the 33mbd platform, please notify us immediately at [email protected].
Third-Party Links
The 33mbd platform may contain references to or integrations with third-party service providers such as game studios. Third-party services have their own privacy policies that are independent of this policy. 33mbd is not responsible for the privacy practices of third-party services and encourages you to review the relevant provider's privacy policy before engaging with any third-party content.
Contact the 33mbd Privacy Team
If you have any questions about this Privacy Policy, wish to exercise any of your privacy rights, or wish to raise a concern about how 33mbd handles your personal data, please contact our Privacy team using the details below. We aim to respond to all privacy-related enquiries within 3 business days and to resolve them fully within 30 days.
Email: [email protected] — subject line: "Privacy Policy Enquiry"
Response time: Acknowledgement within 3 business days; full response within 30 days.
Support availability: 24 hours a day, 7 days a week via live chat on the platform or email.
Policy Change Notifications
Material changes to this Privacy Policy will be communicated via a homepage notice and by email to your registered address. The effective date at the top of the document is always updated to reflect the latest revision. Check back periodically to stay informed.
18+ Only Platform
33mbd does not knowingly collect or process personal data belonging to individuals under 18 years of age. If you suspect a minor has registered, contact [email protected] immediately. The account will be closed and all associated data deleted without delay.
Privacy Contact
For all privacy enquiries, rights requests, or data concerns: [email protected] — subject line "Privacy Policy Enquiry". 24/7 live chat also available on the platform for urgent concerns.
Explore 33mbd With Confidence
Your data is protected. Your privacy is respected. Now discover Bangladesh's premier online casino and sports betting platform — cricket, slots, live casino, and more, all accessible via bKash, Nagad, and Rocket. 18+ only. Play responsibly.