38bet Privacy Policy
At 38bet, your privacy is taken seriously. This Privacy Policy explains exactly what personal data we collect from players across Bangladesh, how that data is used, who it may be shared with, how long we retain it, and what rights you have over your own information.
SSL-Encrypted Transmission
Every byte of data exchanged between your device and the 38bet platform travels over SSL/TLS encrypted connections. This applies to account logins, payment transactions, and any personal information submitted during registration or KYC verification.
No Sale of Personal Data
38bet does not sell, rent, or trade your personal data to third-party advertisers, data brokers, or marketing companies. Information shared with third parties is limited strictly to payment processors and identity verification services necessary for operating the platform.
Player Data Access Rights
Registered players have the right to request a copy of all personal data held about them, request correction of inaccurate information, and request deletion of non-essential data where permitted. All such requests are processed within 30 days of receipt.
Secure BDT Payment Data
Payment method details used for bKash, Nagad, Rocket, and Upay transactions are processed exclusively through certified payment gateways. 38bet does not store full mobile banking credentials or PIN data on its own servers at any point during the transaction lifecycle.
Transparent Cookie Use
38bet uses cookies solely for session management, platform performance analytics, and fraud prevention. We do not deploy third-party advertising cookies or behavioural tracking pixels. You may adjust cookie preferences through your browser settings at any time without affecting core platform functionality.
Defined Retention Periods
38bet retains personal data only for as long as it is necessary for the purposes outlined in this policy or as required by applicable law. Account data is held for a minimum of five years after account closure to satisfy anti-money laundering and fraud prevention obligations.
Information We Collect
38bet collects personal data from players at several points during their relationship with the platform. The categories of information collected, and the context in which each is gathered, are described in full below. We collect only the data that is genuinely necessary for the operation of the platform, the prevention of fraud, and compliance with applicable legal obligations.
| Data Category | Examples | Collection Point |
|---|---|---|
| Identity Data | Full legal name, date of birth, national ID number, passport number | Registration; KYC verification |
| Contact Data | Email address, mobile phone number, residential address | Registration; account updates |
| Payment Data | bKash / Nagad / Rocket / Upay account reference numbers, bank account names | Deposit and withdrawal transactions |
| Technical Data | IP address, device type, browser type, operating system, session timestamps | Platform access; security monitoring |
| Usage Data | Games played, bet amounts, session duration, pages visited, bonus claims | Ongoing platform use |
| Communications Data | Live chat transcripts, support email content, feedback submissions | Support interactions |
38bet does not knowingly collect personal data from individuals under the age of 18. If we become aware that data from an underage individual has been collected, it will be deleted promptly and the associated account will be closed. 18+
How We Use Your Data
38bet processes personal data for clearly defined, lawful purposes. We do not process data in ways that are incompatible with the original purpose for which it was collected. The primary purposes for which 38bet uses your data are set out below, together with the legal basis for each type of processing.
- Account creation and management: Your identity and contact data are used to create and maintain your player account, verify your identity, authenticate logins, and communicate essential account-related information such as password resets, deposit confirmations, and withdrawal notifications. Legal basis: contract performance.
- Payment processing: Payment reference data is used solely to process deposits and withdrawals via your chosen method (bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, or BRAC Bank) and to reconcile transaction records. Legal basis: contract performance.
- Identity verification and KYC compliance: Identity documents and address data are processed to verify that you meet the eligibility requirements for platform use, including the minimum age of 18, and to satisfy anti-money laundering obligations. Legal basis: legal obligation.
- Fraud prevention and security: Technical data including IP addresses, device fingerprints, and session logs are analysed by our security systems to detect suspicious login attempts, account takeover activity, and fraudulent transactions. Legal basis: legitimate interest.
- Responsible gaming monitoring: Usage data including session duration, bet frequency, and deposit patterns is monitored to identify players who may be exhibiting signs of problem gambling behaviour. This enables 38bet to provide appropriate support and apply responsible gaming tools where necessary. Legal basis: legal obligation and legitimate interest.
- Platform improvement and analytics: Anonymised or aggregated usage data is analysed to understand player preferences, identify technical issues, and improve the overall quality and performance of the 38bet platform. This data does not identify individual players. Legal basis: legitimate interest.
- Marketing communications: Where you have provided explicit consent, 38bet may send you promotional communications about bonuses, new games, seasonal offers (such as BPL or Eid promotions), and platform updates. You may withdraw consent at any time by contacting support or using the unsubscribe link in any promotional email. Legal basis: consent.
38bet will not use your personal data for automated decision-making processes that produce legal or similarly significant effects on you as an individual, except where required by law or explicitly agreed to by you.
Data Sharing & Third Parties
38bet does not sell, rent, or otherwise transfer your personal data to third parties for their own commercial purposes. Data sharing is limited to the categories of recipients described below, each of whom processes data strictly in accordance with written agreements and only to the extent necessary for their designated function.
- Payment service providers: Data necessary to execute a transaction (such as account reference numbers and transaction amounts) is shared with the relevant payment processor — bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, or BRAC Bank — to complete the deposit or withdrawal you have requested. These providers operate under their own privacy policies and regulatory obligations.
- Identity verification providers: During KYC processes, identity documents and relevant personal data may be shared with a third-party identity verification service to authenticate your details against official records. All such providers are bound by strict data processing agreements.
- Game content providers: Game studios and providers including Pragmatic Play, Evolution Gaming, Spribe, Ezugi, NetEnt, and Microgaming may receive limited technical data (such as session tokens and player identifiers) to facilitate gameplay. These providers do not receive full identity or payment data.
- Fraud prevention and security services: Anonymised technical data may be shared with specialist fraud detection providers to identify and block suspicious activity. These providers process data under contractual obligations and do not retain data beyond what is required for their specific function.
- Legal and regulatory authorities: Where required by applicable law, court order, or regulatory authority, 38bet may disclose personal data to law enforcement agencies, financial intelligence units, or other competent authorities. 38bet will take reasonable steps to notify affected players of such disclosures where legally permitted to do so.
Cookies & Tracking Technologies
38bet uses cookies and similar technologies — including local storage and session tokens — to ensure the platform functions correctly, to maintain the security of your logged-in session, and to gather anonymised analytics data that helps us improve platform performance. Cookies are small text files stored on your device by your browser when you visit the 38bet platform.
The categories of cookies deployed by 38bet are described in the table below:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Maintain your login session, prevent cross-site request forgery, enable core platform functionality. Cannot be disabled without breaking the platform. | Session / up to 24 hours |
| Performance & Analytics | Collect anonymised data on page load times, error rates, and navigation paths to identify and fix technical issues. No personally identifiable data is stored. | Up to 12 months |
| Security & Fraud Detection | Identify unusual device behaviour, detect bot activity, and flag potentially fraudulent login attempts based on device fingerprint patterns. | Up to 6 months |
| Functional / Preference | Remember your platform preferences such as display settings and notification choices so you do not need to reconfigure them on each visit. | Up to 12 months |
38bet does not deploy advertising cookies, retargeting pixels, or third-party behavioural tracking technologies. You may control cookie settings through your browser's privacy or settings menu. Disabling strictly necessary cookies will impair your ability to log in and use the platform. Disabling performance or functional cookies will not prevent you from accessing the platform but may affect your experience.
Data Retention & Storage
38bet retains personal data for no longer than is necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following retention periods apply to the main categories of player data held by 38bet:
- Account and identity data: Retained for the duration of your active account plus a minimum of five years following account closure. This retention period satisfies anti-money laundering (AML) record-keeping obligations and enables 38bet to investigate disputes or fraud claims that may arise after account closure.
- Transaction records: All deposit and withdrawal records, including amounts, timestamps, and payment method references, are retained for a minimum of five years from the date of each transaction for financial compliance and audit purposes.
- KYC and verification documents: Identity documents submitted during the verification process are retained for a minimum of five years following account closure or the completion of the verification process, whichever is later.
- Support communications: Live chat transcripts and support email records are retained for two years from the date of each interaction to enable quality assurance review and dispute resolution.
- Technical and security logs: IP address logs, device fingerprint records, and session logs are retained for twelve months from the date of generation, after which they are automatically deleted or anonymised.
- Marketing consent records: Records of your consent to receive marketing communications, and any subsequent withdrawal of consent, are retained for three years from the date of the most recent consent action.
Following the expiry of applicable retention periods, personal data is securely deleted or irreversibly anonymised. Where anonymisation is applied, the resulting data may be retained indefinitely as it no longer constitutes personal data and cannot be used to re-identify any individual.
Your Privacy Rights
As a registered player on the 38bet platform, you have specific rights in relation to your personal data. These rights are described below. To exercise any of these rights, submit a written request to [email protected] with the subject line "Privacy Rights Request" and include sufficient information to verify your identity. 38bet will respond to all valid requests within 30 calendar days of receipt.
- Right to access: You may request a copy of all personal data held about you by 38bet. Your request will be fulfilled in a structured, commonly used, and machine-readable format where technically feasible. The first copy is provided free of charge; subsequent requests within a 12-month period may be subject to a reasonable administrative fee.
- Right to rectification: If any personal data held about you is inaccurate or incomplete, you have the right to request that it be corrected. Where the correction affects data used for KYC or payment processing purposes, additional verification may be required before the change is applied.
- Right to erasure: You may request the deletion of personal data held about you where the data is no longer necessary for its original purpose, where you have withdrawn consent (and no other legal basis applies), or where the data has been processed unlawfully. This right is subject to overriding legal retention obligations — for example, 38bet cannot delete transaction records that must be held for AML compliance purposes.
- Right to restriction of processing: In certain circumstances — for example, where you contest the accuracy of data or where processing is unlawful but you prefer restriction over deletion — you may request that 38bet restricts the processing of your data while the issue is resolved.
- Right to data portability: Where processing is based on your consent or on contract performance, you have the right to receive the personal data you have provided in a structured, commonly used format, and to request that it be transmitted directly to another service provider where technically feasible.
- Right to withdraw consent: Where processing is based on your consent (for example, marketing communications), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
- Right to object: You have the right to object to processing carried out on the basis of legitimate interest, including profiling for responsible gaming purposes. 38bet will cease such processing unless it can demonstrate compelling legitimate grounds that override your interests.
Data Security Measures
38bet implements a layered set of technical and organisational security measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. While no online platform can guarantee absolute security against all threats, 38bet's security programme reflects current industry best practice for online gaming and financial services operations.
- Encryption in transit: All data transmitted between players' devices and 38bet's servers is protected using Transport Layer Security (TLS 1.2 or higher). This prevents interception of login credentials, payment data, and personal information during transmission.
- Encryption at rest: Sensitive personal data stored on 38bet's servers — including identity documents and payment references — is encrypted at rest using industry-standard encryption algorithms. Encryption keys are managed separately from the encrypted data.
- Access controls: Access to personal data is restricted on a strict need-to-know basis. Staff members are granted only the minimum level of data access required to perform their specific job functions. All access is logged and subject to periodic review.
- Vulnerability management: 38bet conducts periodic security assessments of its platform infrastructure to identify and remediate vulnerabilities before they can be exploited. Critical patches are applied as a priority within defined response time windows.
- Incident response: 38bet maintains a documented data breach response procedure. In the event of a data security incident that poses a material risk to players, affected individuals will be notified promptly with details of the nature of the breach, the data involved, and the steps taken to address it.
- Staff training: All 38bet staff members with access to personal data receive mandatory data protection training upon joining the organisation and on an annual basis thereafter. Staff are made aware of their obligations under applicable data protection law and the consequences of unauthorised disclosure.
Players also have a role to play in keeping their account data secure. You should use a strong, unique password for your 38bet account, enable any available two-factor authentication options, and ensure that you log out fully after each session, particularly when using a shared or public device. If you suspect your account has been compromised, contact 38bet support immediately at [email protected].
Policy Updates & Contact
38bet reserves the right to update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or operational requirements. Where changes are material — meaning they alter the types of data we collect, the purposes for which we use it, or the rights available to you — we will notify registered players via the email address associated with their account at least 14 days before the changes take effect.
Minor updates — such as corrections of typographical errors, clarifications of existing text that do not change the substance of the policy, or updates to reflect new contact details — may be made without prior notice. The effective date at the top of this document will always reflect when the current version was last updated. Players are encouraged to review this page periodically, particularly before making significant account decisions such as large deposits or bonus claim activity.
Continued use of the 38bet platform following the publication of an updated Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with any update to this policy, you should cease use of the platform and request account closure in accordance with the procedure set out in our Terms & Conditions.
How to contact us about privacy: For any questions, concerns, or requests relating to your personal data or this Privacy Policy, please contact the 38bet data protection team using the details below. We aim to acknowledge all privacy enquiries within 3 business days and to provide a substantive response within 30 calendar days.
Email: [email protected]
Subject line: "Privacy Rights Request" or "Privacy Policy Enquiry"
Live Chat: Available 24/7 via the 38bet platform
Response target: Within 30 calendar days of receipt of a valid written request
If you are dissatisfied with 38bet's response to a privacy complaint, you have the right to escalate your concern to an independent dispute resolution body or relevant data protection authority in the jurisdiction in which you reside. 38bet will cooperate fully with any such investigation.
Your Data is Safe at 38bet. Ready to Play?
Now that you understand how 38bet protects your privacy, explore our full range of cricket betting, live casino tables, slots, and card games — all with instant BDT deposits via bKash and Nagad.
18+ only. Gambling involves risk. Please play responsibly. 18+