27bd
Privacy Policy
At 27bd, your privacy is a core commitment — not an afterthought. This Privacy Policy explains exactly what personal data we collect when you use the 27bd platform, why we collect it, how we store and protect it, and what rights you have over your own information. We operate with full transparency so you can engage with confidence.
Our Core Privacy Commitments
These six principles summarise how 27bd approaches your personal data. The full legal detail follows in the sections below — these cards are a quick orientation, not a substitute for reading the complete policy.
27bd collects only the personal data that is strictly necessary to provide and improve our services, process your transactions, verify your identity, and comply with responsible gaming obligations. We do not collect data speculatively or beyond what is needed for these defined purposes.
27bd does not sell, rent, or trade your personal data to any third-party advertiser, data broker, or marketing company. Your information is used solely within the 27bd ecosystem and shared with service partners only where necessary to deliver our platform — never for commercial gain at your expense.
All data transmitted between your device and the 27bd platform is protected by industry-standard SSL (Secure Sockets Layer) encryption. Sensitive data such as payment details and identity documents are stored using encryption at rest and are accessible only to authorised personnel with a legitimate operational need.
You have the right to access, correct, and in certain circumstances request the deletion of your personal data held by 27bd. You also have the right to withdraw consent for non-essential processing at any time. All data rights requests are handled by our support team within 30 days of receipt.
27bd does not keep your personal data indefinitely. Retention periods are defined for each data category and are set only as long as required by our service obligations, legal requirements, and responsible gaming compliance needs. Once those periods expire, data is securely deleted or anonymised.
This Privacy Policy is written in plain English so that every 27bd player — regardless of legal background — can understand exactly how their data is handled. We update this policy whenever our practices change and always display the effective date at the top of the document so you are never surprised.
1. Information We Collect
27bd collects personal information through multiple channels: directly from you during registration and account management, automatically through your use of the platform, and in some cases from third-party verification and payment service providers. Below we outline each category of data we collect and the circumstances in which it arises.
1.1 Registration and Identity Data
When you create a 27bd account, we collect the following information:
- Full legal name as it appears on your government-issued identification.
- Date of birth — required to verify that you meet the 18+ age requirement.
- Email address — used for account communications, transaction confirmations, and promotional messages (where you have opted in).
- Mobile phone number — used for account security, two-factor authentication, and bKash/Nagad payment processing.
- Residential address — collected during advanced verification stages and required for certain withdrawal thresholds.
- Username and encrypted password — used solely for account authentication.
1.2 Identity Verification Documents
In accordance with responsible gaming and anti-money laundering obligations, 27bd may request copies of the following documents at various stages of your account lifecycle:
- National Identity Card (NID) or passport.
- Proof of address (utility bill, bank statement, or mobile banking statement dated within the last three months).
- Proof of payment method ownership (screenshot of bKash or Nagad account showing your registered name and number).
These documents are stored securely and accessed only by authorised verification personnel. Copies are retained for the period specified in Section 5 (Data Retention) and then permanently deleted.
1.3 Financial Transaction Data
When you make a deposit or withdrawal on 27bd, we record the transaction amount in BDT, the payment method used (bKash, Nagad, Rocket, Upay, Visa, or Mastercard), the transaction reference number issued by the payment provider, and the timestamp of the transaction. We do not store full card numbers or mobile banking PINs — payment processing is handled by our payment partners using their own secure infrastructure.
1.4 Gameplay and Betting Data
27bd records all wagers placed on the platform, including the game or event, stake amount in BDT, outcome, and associated timestamps. This data is used for account balance management, dispute resolution, responsible gaming monitoring, and the calculation of wagering requirement progress on active bonuses.
1.5 Technical and Device Data
When you access 27bd, our servers and analytics systems automatically collect the following technical data:
- IP address and approximate geolocation (country and city level).
- Device type, operating system, and browser version.
- Session start and end times, pages visited, and clickstream data within the platform.
- Referral URL (the page from which you navigated to 27bd, if applicable).
This technical data is used for platform security, fraud detection, performance optimisation, and aggregate analytics. It is not used to build individual advertising profiles.
2. How We Use Your Data
27bd uses personal data collected from players for the following defined purposes only. We do not use your data for any purpose that is incompatible with the reason for which it was originally collected.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation and management | Registration data, identity documents | Contractual necessity |
| Processing deposits and withdrawals | Financial transaction data, payment method details | Contractual necessity |
| Age verification and KYC compliance | Date of birth, identity documents | Legal obligation |
| Responsible gaming monitoring | Gameplay data, deposit history, session data | Legal obligation / Legitimate interest |
| Fraud prevention and AML checks | Transaction data, IP address, device data | Legal obligation / Legitimate interest |
| Customer support communications | Email, name, account history | Contractual necessity |
| Promotional communications (opt-in only) | Email, phone number, gameplay preferences | Consent |
| Platform analytics and improvements | Technical data, clickstream data (anonymised) | Legitimate interest |
Where our legal basis for processing is consent (for example, for promotional emails or SMS notifications), you may withdraw that consent at any time by contacting [email protected] or by using the unsubscribe mechanism included in any marketing communication. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
3. Data Sharing and Disclosure
27bd does not sell or rent your personal data to third parties. We share personal data only in the limited circumstances described below, and only to the minimum extent necessary to fulfil the relevant purpose.
3.1 Payment Service Providers
To process your deposits and withdrawals, 27bd shares relevant transaction data with its payment partners — including bKash, Nagad, Rocket, Upay, and card processing networks. Each payment partner operates under its own privacy policy and is independently responsible for data it processes on its own systems. 27bd shares only the data necessary to initiate and confirm payment transactions.
3.2 Game Providers
When you play a game supplied by a third-party studio (such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Ezugi, or Spribe), a session token and anonymous player identifier are passed to the game provider's servers to authenticate your session and track game outcomes for the purposes of result logging and RTP (Return to Player) monitoring. We do not pass your name, email address, or financial details to game providers.
3.3 Identity Verification Partners
27bd may use third-party identity verification services to assist with KYC (Know Your Customer) checks. In such cases, the documents you submit are processed by the verification partner under a data processing agreement with 27bd. These partners are prohibited from using your data for any purpose other than completing the verification task for which they were engaged.
3.4 Legal and Regulatory Disclosure
27bd may disclose personal data to law enforcement agencies, financial intelligence units, or other regulatory bodies where we are legally required to do so, or where disclosure is necessary to prevent fraud, money laundering, or other criminal activity. In such cases, 27bd will disclose only the minimum information required by the legal obligation or request.
3.5 Business Transfers
In the event that 27bd undergoes a merger, acquisition, or sale of all or substantially all of its assets, player data may form part of the transferred assets. In such a scenario, 27bd will notify affected players via the registered email address before their data is transferred and subject to a different privacy policy.
4. Cookies and Tracking Technologies
27bd uses cookies and similar tracking technologies on the platform to provide core functionality, maintain your session, remember your preferences, and gather anonymised analytics data. Below is a summary of the categories of cookies we use.
| Cookie Category | Purpose | Consent Required |
|---|---|---|
| Strictly Necessary | Session authentication, CSRF protection, load balancing, keeping you logged in during a session. | No — required for platform operation |
| Functional | Remembering your language preference, display settings, and last-used payment method. | No — required for user experience |
| Analytics | Anonymised measurement of page visits, session duration, and feature usage to improve the platform. | Yes — opt-in basis |
| Marketing | 27bd does not use third-party advertising or retargeting cookies. No marketing cookies are set by external ad networks. | N/A — not used |
You can manage or disable cookies through your browser settings. Note that disabling strictly necessary cookies will prevent the 27bd platform from functioning correctly and you will not be able to log in or complete transactions. Disabling analytics cookies will have no impact on your ability to use the platform.
5. Data Retention Periods
27bd retains personal data only for as long as necessary to fulfil the purpose for which it was collected and to comply with applicable legal and regulatory retention obligations. The following table outlines our standard retention periods by data category.
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | AML and legal compliance |
| Identity verification documents | Duration of account + 5 years after closure | KYC legal obligation |
| Financial transaction records | 7 years from transaction date | Financial regulatory obligation |
| Gameplay and betting history | 5 years from account closure | Dispute resolution / responsible gaming |
| Customer support records | 3 years from last contact | Legitimate interest (service improvement) |
| Marketing consent records | Until consent is withdrawn + 1 year | Legal obligation to document consent |
| Technical / server logs | 90 days rolling | Security and fraud detection |
| Anonymised analytics data | Indefinitely (no personal identifiers retained) | Platform improvement (no personal impact) |
When a retention period expires, 27bd will either securely delete the data or anonymise it such that it can no longer be linked to any individual. Deletion requests submitted by players are processed subject to our ability to fulfil any overriding legal retention obligation.
6. Your Privacy Rights
As a user of the 27bd platform, you have the following rights with respect to your personal data. To exercise any of these rights, contact our support team at [email protected] with the subject line "Data Rights Request". We will acknowledge your request within 5 business days and fulfil it within 30 days.
Please note that some of these rights are not absolute. Where 27bd is required by law to retain certain data (for example, transaction records for AML compliance), we may be unable to fulfil a deletion request for that specific data. In such cases, we will explain clearly which data cannot be deleted and why.
7. Data Security Measures
27bd takes the security of your personal data seriously. We have implemented a range of technical and organisational measures to protect your information against unauthorised access, accidental loss, disclosure, alteration, or destruction. Key security measures in place include:
- SSL/TLS Encryption in Transit: All communications between your browser or device and the 27bd platform are encrypted using TLS 1.2 or higher. The padlock symbol in your browser address bar confirms that your connection is secure.
- Encryption at Rest: Sensitive data including identity document files and payment references are encrypted when stored on 27bd servers using AES-256 or equivalent standards.
- Access Controls: Access to personal data within 27bd's systems is restricted on a need-to-know basis. Staff who do not have a legitimate operational reason to access specific data categories are prevented from doing so by role-based access controls.
- Password Security: User passwords are stored as salted cryptographic hashes. 27bd staff cannot view your plaintext password and will never ask for it.
- Fraud and Anomaly Detection: 27bd's platform monitors account activity in real time for indicators of unauthorised access, including unusual login locations, rapid successive login failures, and atypical transaction patterns.
- Data Minimisation: We do not store data beyond what is operationally or legally necessary. Full payment card numbers and mobile banking PINs are never stored on 27bd servers.
Despite these measures, no internet-based platform can guarantee 100% security. If you suspect that your 27bd account has been compromised or that your credentials may have been accessed without your authorisation, you should contact support immediately at [email protected] and change your password without delay.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, 27bd will notify affected users via their registered email address within a reasonable timeframe and will outline the nature of the breach, the data affected, and the steps we are taking to contain and remediate it.
8. Policy Updates and Contact
27bd may update this Privacy Policy from time to time to reflect changes in our data processing practices, changes in applicable law, or improvements to our platform. When we make material changes to this policy, we will update the "Last Updated" date at the top of this page and, where the changes are significant, notify registered players via their registered email address.
We encourage you to review this Privacy Policy periodically. Your continued use of the 27bd platform following any update to this policy constitutes your acknowledgement of the revised version. If you do not agree with the revised policy, you should discontinue use of the platform and request account closure by contacting our support team.
This Privacy Policy is provided in English and the English text is the authoritative version. Any informal summaries or translated materials are provided for convenience only and do not supersede the English-language policy.
For any privacy-related questions, concerns, or rights requests, contact the 27bd data team at:
- Email: [email protected]
- Subject Line: "Privacy Enquiry" or "Data Rights Request"
- Response Time: Within 5 business days (BST, UTC+6)
- Support Hours: 24/7, all days including public holidays
Your Data Is Safe — Now Let's Play
You now know exactly how 27bd handles your personal data. Log in to your account and explore cricket betting, live casino, slots, and more — all secured and managed with the privacy principles outlined above. 18+ only. Play responsibly.