Privacy Policy — How 17bdt Handles Your Personal Data
At 17bdt, we take the privacy of every player in Bangladesh seriously. This Privacy Policy explains precisely what personal information we collect, why we collect it, how we use and protect it, and what rights you have over your own data. We are committed to full transparency in every aspect of our data practices.
Every data exchange between your browser and the 17bdt platform is protected by industry-standard SSL/TLS encryption. Whether you are logging in from Dhaka, Chittagong, or Sylhet, your credentials and financial details travel through a fully encrypted channel at all times.
17bdt only collects the personal data that is strictly necessary for account creation, identity verification, payment processing, and regulatory compliance. We do not harvest data for advertising profiling, and we do not sell your personal information to third parties under any circumstances.
We do not share your browsing behaviour, game history, or personal details with advertising networks or data brokers. Any analytics tools we use operate in an anonymised, aggregated manner to help us improve the platform experience — not to build a profile for sale to outside parties.
You have the right to request a full copy of the personal data 17bdt holds about you, to correct inaccuracies, and — subject to our regulatory retention obligations — to request deletion of your account data. Submit all data requests to [email protected] and we will respond within 30 days.
17bdt does not store full card numbers or mobile financial service PINs. Payment transactions via bKash, Nagad, Rocket, and Upay are processed through the respective provider's own secure infrastructure. 17bdt retains only the minimal transaction metadata required for account reconciliation.
Whenever 17bdt makes a material change to this Privacy Policy, we will notify all registered players via their verified email address before the change takes effect. You will always know what data we hold, how we use it, and when our approach has changed — no surprises, no hidden amendments.
Data Controller Information
For the purposes of this Privacy Policy, the data controller responsible for the personal information of all registered players is the operating entity behind the 17bdt platform, accessible at https://17bdt.club. As data controller, 17bdt determines the purposes and means by which your personal data is processed in connection with the provision of its online casino, sportsbook, and associated services to players based in Bangladesh.
If you have any questions, concerns, or requests relating to the processing of your personal data under this Privacy Policy, please contact us directly:
- Email: [email protected] (plain text — not a clickable link)
- WhatsApp: +880 1700 000 000
- Operating hours: 24 hours a day, 7 days a week — Bangladesh Standard Time (UTC+6)
All data-related requests, including subject access requests, correction requests, erasure requests, and objections to processing, should be submitted to the email address above with the subject line "Data Privacy Request — [Your Registered Email]". 17bdt will acknowledge all requests within 5 business days and provide a full response within 30 calendar days of receipt.
Information We Collect
17bdt collects personal data from players through several channels: directly from you when you register an account or contact our support team, automatically when you use the platform, and from third-party identity verification and payment providers where applicable. Below is a full breakdown of the categories of personal data we collect.
2.1 Registration and Identity Data
When you create a 17bdt account, we collect the following registration information:
- Full legal name (as it appears on your government-issued identity document)
- Date of birth (for age verification — you must be 18 years or older to register)
- Email address (used for account communications and notifications)
- Bangladesh mobile phone number (used for account verification and as the reference number for bKash, Nagad, Rocket, or Upay transactions)
- Username and encrypted password (your password is stored as a one-way cryptographic hash — 17bdt staff cannot read your plain-text password)
- City or region of residence within Bangladesh (e.g., Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, Mymensingh)
2.2 Identity Verification (KYC) Data
As part of our Know Your Customer (KYC) compliance process, we may request and securely store copies of the following documents:
- National Identity Card (NID) — front and back scan or photograph
- Valid passport (bio-data page)
- Proof of address — utility bill, bank statement, or mobile financial service statement dated within 90 days
- Proof of payment method ownership — screenshot or confirmation from bKash, Nagad, Rocket, or Upay confirming the registered mobile number
2.3 Transaction and Financial Data
17bdt records the following financial data in connection with deposits and withdrawals on the platform:
- Deposit amounts and timestamps
- Withdrawal requests, amounts approved, and processing timestamps
- Payment method used (bKash, Nagad, Rocket, Upay, Visa, or Mastercard)
- Mobile wallet reference numbers (for reconciliation with your payment provider)
- Account balance history and transaction ledger entries
17bdt does not store full card numbers, CVV codes, or mobile financial service PINs. Card payment data is handled directly by the relevant payment gateway, which is PCI-DSS compliant.
2.4 Gaming Activity Data
- Games played, bet amounts, win/loss records, and session durations
- Sports betting selections, stake amounts, and settlement outcomes
- Bonus activation history and wagering requirement progress
- Responsible gaming tool usage (deposit limits set, cooling-off periods activated, self-exclusion requests)
2.5 Technical and Usage Data
- IP address and approximate geolocation derived from IP
- Device type, operating system, and browser version
- Pages visited, navigation paths, and time spent on pages
- Referring URL (if you arrived at 17bdt from a link)
- Session identifiers and authentication tokens
2.6 Communication Data
- Support tickets and messages submitted via email or WhatsApp
- Feedback, complaints, and dispute records
- Marketing email preferences and opt-in/opt-out history
| Data Category | Collection Method | Required / Optional |
|---|---|---|
| Registration & identity data | Provided directly by you at sign-up | Required |
| KYC documents | Uploaded by you on request | Required (before first withdrawal) |
| Transaction data | Generated automatically by platform | Required |
| Gaming activity data | Generated automatically by platform | Required |
| Technical & usage data | Collected automatically via cookies and server logs | Required (security and fraud prevention) |
| Communication data | Provided directly by you via support channels | Optional (only when you contact us) |
How We Use Your Information
17bdt processes your personal data only for legitimate, clearly defined purposes. We do not process your data in ways that are incompatible with the original purpose for which it was collected. The primary purposes for which we use your personal information are as follows:
- Account creation and management: To register your account, maintain your player profile, and ensure the correct functioning of your login credentials, account balance, and transaction history.
- Age and identity verification: To confirm that all players are 18 years of age or older and that the account holder's identity is genuine, in line with our responsible gaming obligations.
- Payment processing: To facilitate deposits via bKash, Nagad, Rocket, Upay, Visa, and Mastercard, and to process withdrawal requests to your registered payment method.
- Fraud prevention and security: To detect, investigate, and prevent fraudulent transactions, account takeover attempts, bonus abuse, money laundering, and other prohibited activities outlined in our Terms & Conditions.
- Responsible gaming compliance: To monitor gaming patterns for indicators of problem gambling, to apply and enforce player-set deposit limits and self-exclusion requests, and to flag accounts that may require a responsible gaming intervention.
- Customer support: To respond to your support enquiries, process complaints, and resolve disputes relating to your account, transactions, or gameplay.
- Platform improvement: To analyse aggregated, anonymised usage data and understand how players interact with the 17bdt platform, enabling us to improve navigation, game selection, and overall user experience.
- Marketing communications: To send you promotional emails about bonuses, new games, BPL season offers, Eid promotions, and other 17bdt news — but only where you have opted in to receive such communications. You can opt out at any time by contacting [email protected].
- Legal and regulatory obligations: To maintain records required for anti-money-laundering (AML) compliance, to respond to lawful requests from competent authorities, and to enforce our Terms & Conditions.
Sharing and Disclosure of Data
17bdt does not sell, rent, or trade your personal data to any third party for commercial or marketing purposes. We share your data only in the limited circumstances described below, and only to the extent strictly necessary for the specified purpose.
4.1 Payment Processors
When you make a deposit or request a withdrawal, the relevant transaction data is shared with your chosen payment provider — bKash, Nagad, Rocket, Upay, Visa, or Mastercard — solely to facilitate the transaction. Each of these providers operates under its own privacy policy and data protection obligations.
4.2 Game Providers
17bdt's casino and sportsbook content is powered by licensed third-party game studios including Pragmatic Play, Evolution Gaming, Ezugi, Spribe, NetEnt, and Microgaming. These providers may receive a session token and anonymised player identifier to launch game sessions. They do not receive your full name, mobile number, or financial data.
4.3 Identity Verification Partners
To fulfil our KYC obligations, 17bdt may work with third-party identity verification service providers. These partners receive only the documents and data necessary to complete a specific verification check and are contractually prohibited from using that data for any other purpose.
4.4 Legal and Regulatory Disclosures
17bdt may disclose your personal data to law enforcement agencies, courts, or regulatory authorities where we are legally required to do so — for example, in response to a court order, subpoena, or lawful investigation. In such cases, we will disclose only the minimum data required to comply with the legal obligation.
4.5 Business Transfers
In the event of a merger, acquisition, or sale of 17bdt's business or assets, your personal data may be transferred to the successor entity as part of that transaction. In such circumstances, 17bdt will take reasonable steps to ensure that the successor entity honours the privacy commitments set out in this Privacy Policy, and will notify affected players by email in advance of any such transfer.
Cookies and Tracking Technologies
17bdt uses cookies and similar technologies (such as local storage tokens and session identifiers) to operate the platform securely, remember your login state, and gather anonymised analytics data. Below is a summary of the cookie categories in use on the 17bdt website.
| Cookie Category | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly necessary | Session management, login authentication, CSRF protection, fraud prevention | No — required for the site to function |
| Functional | Remembering your preferred language, display settings, and recent game history | Yes — disabling may affect user experience |
| Analytics | Anonymised page view tracking, navigation path analysis, error logging — used to improve platform performance | Yes — opt out by contacting support |
| Marketing | Tracking which promotions you have viewed or interacted with, to avoid sending repetitive offers | Yes — opt out via your account email preferences |
Most web browsers allow you to control cookie settings through the browser's privacy or settings menu. You can choose to block all cookies, block only third-party cookies, or delete existing cookies. Please note that disabling strictly necessary cookies will prevent you from logging into your 17bdt account and using the platform. For any questions about specific cookies in use on the platform, contact [email protected].
Data Retention
17bdt retains your personal data for as long as your account remains active and for a defined period thereafter, in accordance with our legal and regulatory obligations. The retention periods applicable to each data category are summarised below:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | Legal / AML compliance |
| KYC identity documents | Duration of account + 5 years after closure | Legal / AML compliance |
| Transaction records | Duration of account + 7 years after closure | Financial record-keeping obligations |
| Gaming activity logs | Duration of account + 3 years after closure | Dispute resolution and responsible gaming |
| Support communications | 3 years from last interaction | Dispute resolution and quality assurance |
| Technical / server logs | 90 days rolling | Security monitoring and fraud detection |
| Marketing preferences | Until you opt out or close your account | Consent-based |
Once the applicable retention period has elapsed, 17bdt will securely delete or irreversibly anonymise the relevant data. Where anonymisation is used rather than deletion, the resulting data cannot be re-linked to any individual and is retained only in aggregated form for statistical and platform-improvement purposes.
If you submit an erasure request before the end of a mandatory retention period, 17bdt will explain which categories of data must be retained by law and for how long. Data that is not subject to a mandatory retention obligation will be deleted promptly upon a valid erasure request.
Security Measures
Protecting the personal and financial data of 17bdt players is a core operational priority. We implement a multi-layered security architecture designed to prevent unauthorised access, accidental loss, and malicious interference with your data.
- SSL/TLS encryption: All data transmitted between your browser and the 17bdt server is encrypted using TLS 1.2 or higher. The 17bdt website operates exclusively over HTTPS.
- Password hashing: Player passwords are stored using a strong one-way cryptographic hashing algorithm (bcrypt). Plain-text passwords are never stored or accessible to any 17bdt staff member.
- Access controls: Access to player data within 17bdt's internal systems is restricted on a strict need-to-know basis. Staff members are granted only the minimum level of data access required to perform their specific role.
- Infrastructure security: 17bdt's servers are hosted in secured data centre environments with physical access controls, network intrusion detection systems, and regular security patching schedules.
- Fraud detection systems: Automated systems monitor all account and transaction activity in real time to identify unusual patterns indicative of account takeover, identity fraud, or financial crime.
- KYC document storage: Identity documents submitted for KYC verification are encrypted at rest and accessible only to the authorised verification team. Documents are not shared with any third party beyond the verification partner required to complete the check.
- Regular security assessments: 17bdt conducts periodic internal security reviews and vulnerability assessments to identify and remediate potential weaknesses in our data handling infrastructure.
Your Rights as a Player
As a registered 17bdt player, you have the following rights in relation to the personal data we hold about you. To exercise any of these rights, submit a request to [email protected] with the subject line "Data Privacy Request". We will respond within 30 calendar days.
- Right of access: You may request a copy of all personal data 17bdt holds about you, along with information about how it is being used and with whom it has been shared.
- Right to rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it without undue delay.
- Right to erasure: You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where processing is unlawful. This right is subject to our legal retention obligations described in Section 6.
- Right to restriction of processing: In certain circumstances — for example, while a dispute about data accuracy is being resolved — you may request that we temporarily restrict processing of your personal data.
- Right to data portability: You may request a copy of the personal data you have provided to 17bdt in a structured, commonly used, machine-readable format (such as CSV or JSON), so that it can be transferred to another service provider.
- Right to object: Where 17bdt processes your data based on legitimate interests, you may object to that processing. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent: Where processing is based on your consent (for example, marketing email subscriptions), you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
Third-Party Services and Providers
17bdt integrates with a number of carefully selected third-party technology and service providers to deliver a high-quality platform experience to players in Bangladesh. Each category of provider is described below, along with the nature of data they may access.
- Game studios (Pragmatic Play, Evolution Gaming, Ezugi, Spribe, NetEnt, Microgaming): These providers power the casino games and live dealer tables on the 17bdt platform. They receive anonymised session tokens and game event data to operate game mechanics and calculate outcomes. They do not receive personally identifiable player information beyond what is technically required to launch an authenticated session.
- Mobile payment providers (bKash, Nagad, Rocket, Upay): These providers process deposits and withdrawals on behalf of 17bdt players. Transaction metadata — including your registered mobile number and transaction reference — is shared with the relevant provider solely to execute each payment. Each provider's own privacy policy governs how they handle that data.
- Card payment gateways (Visa, Mastercard processors): Card transactions are routed through a PCI-DSS compliant payment gateway. Full card numbers and security codes are handled exclusively by the gateway and are never transmitted to or stored on 17bdt servers.
- Identity verification services: Where 17bdt engages a third-party KYC provider to verify NID documents or conduct enhanced due diligence, that provider receives only the specific identity documents required to complete the check and is contractually prohibited from retaining or reusing that data.
- Email delivery services: Transactional and marketing emails are sent via a third-party email delivery service. This provider processes your email address and the content of communications on 17bdt's behalf but is not permitted to use your email address for its own marketing.
- Analytics services: Platform performance and user experience analytics are collected using tools that operate on anonymised, aggregated data. No personally identifiable information is shared with analytics providers.
17bdt maintains data processing agreements with all third-party providers that handle personal data on its behalf. These agreements require providers to process data only on 17bdt's documented instructions, to implement appropriate security measures, and to return or delete data upon termination of the service relationship.
Updates to This Privacy Policy
17bdt reviews this Privacy Policy at least once per calendar year and whenever there is a material change to our data collection or processing practices. The effective date shown at the top of this document reflects the date on which the current version was last updated.
When a material change is made — for example, a new category of data is collected, a new third-party provider is engaged, or data is shared for a purpose not previously disclosed — 17bdt will notify all registered players via the email address associated with their account at least 14 days before the change takes effect. The updated policy will also be published on this page at https://17bdt.club/privacy-policy.
Minor, non-material updates (such as correction of typographical errors or clarification of existing practices without substantive change) may be made without advance notice, but the effective date will always be updated to reflect when the revision was published.
Your continued use of the 17bdt platform after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with the updated policy, you should stop using the platform and request voluntary account closure by contacting [email protected].
Explore 17bdt With Confidence
Your data is safe with us. Now that you understand how 17bdt protects your privacy, dive into the platform and discover live casino, cricket betting, slots, and arcade games — all secured with SSL encryption.