dafa Privacy Policy —
Your Data, Handled With Care
At dafa, your privacy is not an afterthought — it is a core pillar of how we build and operate our platform. This Privacy Policy explains what personal data we collect from players in Bangladesh, how we use and protect that data, and what rights you have over your own information. We encourage all dafa players to read this document carefully before using the Platform.
Contents
Overview
Our Commitment to Your Privacy
Please Read Carefully: This Privacy Policy applies to all visitors and registered players of the dafa Platform, including individuals accessing the site from Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, and all other regions of Bangladesh. By using the dafa Platform, you acknowledge that you have read and understood this Policy. If you do not agree with any part of this Policy, you should discontinue use of the Platform immediately.
SSL Encryption
All data transmitted between your device and the dafa Platform is protected by industry-standard SSL/TLS encryption. Your financial and personal details travel securely at all times.
KYC Confidentiality
Identity documents submitted for KYC verification are stored in an isolated, access-controlled environment. They are reviewed only by authorised compliance staff and are never shared with third parties for marketing.
No Data Selling
dafa does not sell, rent, or trade your personal data to any third party for commercial purposes. Your information is used solely to operate, improve, and secure the Platform and your account.
Mobile Wallet Privacy
Your bKash, Nagad, Rocket, and Upay account details are processed securely through the respective payment gateways. dafa retains only the minimum transaction reference data required for account reconciliation.
Your Consent Matters
Certain data processing activities — particularly marketing communications — require your explicit consent. You may withdraw marketing consent at any time by contacting support or updating your account notification preferences.
Right to Access & Erasure
You have the right to request a copy of the personal data dafa holds about you, and in certain circumstances the right to request its deletion. We aim to respond to all such requests within 30 calendar days.
Section 1
Data We Collect
dafa collects personal data through your registration, account activity, payment transactions, and general use of the Platform. Below is a full breakdown of the categories of data we may hold about you.
Registration & Identity Data
When you create a dafa account, we collect the following information to establish and maintain your player profile:
- Full legal name as it appears on your government-issued identification document
- Date of birth (used to verify that you are aged 18 or above)
- Email address (used for account communications, bonus notifications, and security alerts)
- Bangladeshi mobile number (used for two-factor authentication and as your linked payment wallet identifier)
- Preferred username and encrypted account password
- Residential address in Bangladesh (district/city, postal code)
Identity Verification (KYC) Documents
As part of our Know Your Customer process, we may request and securely store copies of the following documents:
- Bangladesh National Identity Card (NID) — front and back
- Valid Bangladeshi passport (biographical data page and photo page)
- Valid Bangladeshi driving licence
- Proof of address such as a utility bill, bank statement, or official government correspondence dated within 90 days
Financial & Transaction Data
dafa records all financial activity associated with your account for regulatory compliance, fraud prevention, and customer service purposes. This includes:
- Deposit amounts, dates, and reference numbers from bKash, Nagad, Rocket, Upay, and card transactions
- Withdrawal requests, amounts, processing status, and destination wallet references
- Bonus credits, wagering activity, and promotional rewards claimed
- Account balance history and running transaction ledger
Gameplay & Betting Data
We collect records of your in-platform activity including game sessions played, bet amounts, game outcomes, sports markets accessed, and time spent per session. This data is used for responsible gaming monitoring, dispute resolution, fraud detection, and improving the Platform experience.
Technical & Device Data
When you access the dafa Platform, our servers automatically record certain technical information:
- IP address and approximate geolocation (country/city level)
- Browser type and version, operating system, and device type
- Pages visited, time on page, referral URL, and navigation path through the Platform
- Session duration and login/logout timestamps in Bangladesh Standard Time (BST, UTC+6)
Sensitive Data: dafa does not intentionally collect sensitive personal data categories such as racial or ethnic origin, religious beliefs, political opinions, biometric data (other than identity document photographs for KYC), or health information — except where a player voluntarily discloses health-related information in the context of a responsible gaming self-exclusion request. Any such information is handled with additional care and used solely for the responsible gaming purpose for which it was provided.
Data Categories at a Glance
| Category | Examples |
|---|---|
| Identity | Name, DOB, NID |
| Contact | Email, mobile number |
| Financial | bKash / Nagad refs |
| Gameplay | Bets, sessions, results |
| Technical | IP, browser, device |
| KYC Docs | Passport, NID scan |
Legal Bases for Collection
- Contract performance (account operation)
- Legal obligation (KYC / AML compliance)
- Legitimate interest (fraud prevention)
- Consent (marketing communications)
- Vital interest (responsible gaming alerts)
Section 2
How We Use Your Data
Every piece of data dafa collects has a defined purpose. We do not process personal data beyond the purposes described in this section without first obtaining your consent or establishing another valid legal basis.
Account Management & Platform Operation
The primary use of your personal data is to create, manage, and operate your dafa player account. This includes processing deposits and withdrawals via your registered bKash or Nagad wallet, delivering game results and bet settlements accurately to your account balance, and providing customer support when you contact us at [email protected] or via live chat.
Identity Verification & Fraud Prevention
dafa uses your identity data and KYC documents to verify that you are who you say you are, that you meet the 18+ age requirement, and that your account is not being used for fraudulent activity. Our compliance team and automated fraud detection systems analyse transaction patterns, login behaviour, and account activity to identify and respond to suspicious activity. Where fraud is suspected, dafa may share relevant data with payment providers, law enforcement, or other relevant authorities as required by law.
Responsible Gaming Monitoring
Your gameplay and financial data is monitored to identify patterns that may indicate problem gambling behaviour — including rapid or escalating deposit sequences, large single-session losses, or self-exclusion circumvention attempts. Where such patterns are detected, dafa's responsible gaming team may intervene by sending a responsible gaming notification, temporarily limiting your account, or initiating contact to offer support resources. For more information, visit our Responsible Gaming page.
Bonus & Promotion Administration
dafa uses your account activity data to determine your eligibility for bonuses, calculate wagering progress, and detect bonus abuse. Promotional communications — such as alerts about Eid special offers, BPL cricket season promotions, or Pohela Boishakh reload bonuses — are sent only to players who have opted in to receive marketing communications from dafa.
Platform Improvement & Analytics
Aggregated and anonymised usage data helps dafa understand which games are most popular, where players experience friction in the deposit or registration flow, and how to optimise the Platform for players accessing from Dhaka, Chittagong, Sylhet, and other cities across Bangladesh. This analytical processing does not identify individual players.
Legal & Regulatory Compliance
dafa retains certain categories of data — particularly financial transaction records and KYC documentation — for the minimum periods required by applicable anti-money laundering (AML) standards and general record-keeping obligations. This data may be disclosed to competent authorities where dafa is required to do so by law or valid legal process.
Marketing Opt-Out: If you have previously consented to receive marketing emails or SMS messages from dafa and wish to withdraw that consent, contact our support team at [email protected] or use the unsubscribe link included in any marketing email. Withdrawal of marketing consent does not affect your ability to use the Platform or receive transactional communications (e.g., deposit confirmations, withdrawal notifications, security alerts).
Section 3
Data Sharing & Third Parties
dafa shares your personal data only with carefully selected categories of third parties, and only to the extent necessary to operate the Platform safely and legally.
dafa does not sell your personal data. We share data with third parties only in the circumstances described below:
Payment Service Providers
To process your deposits and withdrawals, dafa shares the minimum necessary transaction data with your chosen payment provider — bKash, Nagad, Rocket, Upay, or Visa/Mastercard processing networks. These providers operate under their own privacy policies and are independently responsible for data they process as a data controller. dafa shares only the data required to complete the specific transaction and does not provide payment providers with your full dafa account history.
Game Content Providers
The games available on dafa are powered by internationally accredited studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These providers may process session-level technical data (such as game round IDs and bet results) to deliver game outcomes and resolve disputes. They do not receive your identity data, KYC documents, or payment wallet details.
KYC & Identity Verification Services
dafa may engage third-party identity verification providers to assist with the KYC process. These providers verify identity document authenticity and cross-reference personal data against relevant databases to confirm age and identity. All such providers are contractually bound to process data only on dafa's behalf and for no other purpose.
Legal & Regulatory Disclosure
dafa may disclose your personal data to law enforcement agencies, financial intelligence units, or other competent authorities where required to do so by law, court order, or valid legal process. dafa will make reasonable efforts to notify you of such disclosures unless legally prohibited from doing so.
Business Transfers
In the event that dafa undergoes a corporate restructuring, merger, or acquisition, your personal data may be transferred to the successor entity as part of that transaction. dafa will ensure that any successor entity is bound by privacy obligations no less protective than those set out in this Policy, and will notify registered players of any such transfer via their registered email address.
No Third-Party Marketing: dafa will never provide your contact details — including your mobile number or email address — to any third-party advertiser, data broker, or marketing company. Any dafa promotional communications you receive will come exclusively from dafa itself, using your registered contact details, and only where you have given consent to receive them.
Who We Share Data With
- Payment Providers bKash, Nagad, Rocket, Upay, Visa/MC — transaction data only
- Game Studios Pragmatic Play, Evolution, NetEnt — session data only
- KYC Providers Identity verification services — identity data only
- Legal Authorities Law enforcement — when legally required
- Never Shared Advertisers, data brokers, marketing networks
Section 5
Data Security
dafa applies multiple layers of technical and organisational security measures to protect your personal data from unauthorised access, loss, or disclosure.
dafa takes the security of your personal data seriously. We implement and maintain the following security measures across our Platform and internal systems:
- SSL/TLS Encryption in Transit: All data transmitted between your browser or app and the dafa servers is protected by Transport Layer Security (TLS). Look for the padlock icon in your browser address bar when accessing the Platform.
- Encryption at Rest: Sensitive data stored in dafa's databases — including identity documents and payment references — is encrypted using industry-standard algorithms. Plaintext copies of sensitive data are not retained.
- Access Controls: Access to player personal data is restricted on a strict need-to-know basis. Only authorised dafa employees and contractors whose job role requires access to specific data categories are granted that access. All access is logged and audited.
- Two-Factor Authentication (2FA): dafa supports and encourages players to enable 2FA on their accounts. 2FA adds a second verification step — typically an OTP sent to your registered Bangladeshi mobile number — before account login is completed.
- Intrusion Detection & Monitoring: dafa's infrastructure is monitored continuously for security anomalies. Intrusion detection systems flag and respond to unusual activity patterns automatically.
- Staff Training: All dafa staff who handle personal data undergo data protection and security training. Our internal data handling procedures are reviewed and updated regularly.
Data Breach Response
Despite our best efforts, no security measure is entirely foolproof. In the unlikely event of a data breach that affects your personal information, dafa will notify affected players via their registered email address without undue delay, providing details of what data was affected, what steps dafa has taken in response, and what actions you should take to protect your account. We will also report the breach to relevant authorities where required.
Your Role in Security: dafa's security measures protect data on our side of the connection. You are also responsible for keeping your own device and account credentials secure. Never share your dafa password with anyone — including anyone claiming to be from dafa support. Our team will never ask for your password. Use a strong, unique password for your dafa account and enable 2FA where available.
Security Measures
- SSL / TLSEnd-to-end encrypted data transmission
- Encrypted StorageSensitive data encrypted at rest
- 2FA SupportOTP to your registered mobile number
- 24/7 MonitoringContinuous intrusion detection
- Access ControlsRole-based, audited staff access
Section 6
Data Retention
dafa retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable legal obligations.
Different categories of personal data are subject to different retention periods, depending on the purpose for which they were collected and the legal obligations that apply:
Active Account Data
While your dafa account is active, we retain all account data — including identity records, transaction history, and gameplay logs — as this data is necessary to operate your account, resolve disputes, and meet our ongoing AML and responsible gaming obligations.
Post-Closure Retention
Following the closure of a dafa account (whether voluntary or by dafa), we retain certain categories of data for the periods set out in the table below. These periods reflect standard record-keeping obligations in the online gaming and financial services context:
| Data Category | Retention Period After Closure | Reason |
|---|---|---|
| Identity & KYC documents | 5 years | AML compliance obligations |
| Financial transaction records | 5 years | AML / financial record-keeping |
| Gameplay & betting history | 3 years | Dispute resolution & fraud analysis |
| Account registration data | 3 years | Legal claims & contract evidence |
| Support communications | 2 years | Service quality & dispute records |
| Marketing consent records | 2 years after withdrawal of consent | Evidence of consent management |
| Self-exclusion records | 7 years | Responsible gaming obligations |
Anonymisation
Once the applicable retention period has expired, dafa will either securely delete your personal data or anonymise it so that it can no longer be linked to you as an individual. Anonymised data may be retained indefinitely for statistical and analytical purposes.
Key Retention Periods
- KYC Documents 5 years
- Transaction Records 5 years
- Gameplay History 3 years
- Account Data 3 years
- Support Records 2 years
- Self-Exclusion 7 years
Section 7
Your Privacy Rights
As a dafa player, you have meaningful rights over your personal data. We are committed to honouring these rights promptly and transparently.
Right to Access
You have the right to request a copy of the personal data that dafa holds about you. This is sometimes called a Subject Access Request (SAR). To submit a SAR, contact our support team at [email protected] with the subject line "Data Access Request" and include your registered name and mobile number so we can verify your identity. dafa will respond within 30 calendar days of receiving a valid, verified request.
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. For straightforward corrections — such as a misspelled name or an outdated email address — you may update these directly in your account settings. For corrections to KYC-verified identity data, please contact support as additional document verification may be required.
Right to Erasure
In certain circumstances you have the right to request that dafa delete your personal data. This right applies where: the data is no longer necessary for the purpose for which it was collected; you withdraw consent (where consent was the basis for processing); or the data has been unlawfully processed. Please note that this right is not absolute — dafa may be required to retain certain data to comply with legal obligations (such as AML record-keeping requirements), to exercise or defend legal claims, or to protect the interests of third parties. Where erasure is not possible in full, dafa will inform you of what data must be retained and why.
Right to Restrict Processing
You may request that dafa restricts its processing of your personal data in certain circumstances — for example, while the accuracy of data you have contested is being verified, or where you have objected to processing based on legitimate interests pending resolution of that objection. During a restriction period, dafa will continue to store your data but will not actively process it beyond storage.
Right to Object
You have the right to object to dafa processing your personal data where that processing is based on our legitimate interests. You also have an unconditional right to object to the use of your data for direct marketing purposes — including profiling for marketing — at any time. To exercise this right, contact [email protected] or use the opt-out link in any marketing communication.
Right to Data Portability
Where processing is based on your consent or on contract performance, and is carried out by automated means, you have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format, and to request that this data be transmitted directly to another controller where technically feasible.
How to Exercise Your Rights
To exercise any of the rights described above, contact dafa's support team at [email protected]. Please include your full registered name, registered mobile number, and a clear description of the right you wish to exercise. dafa will acknowledge your request within 5 business days and respond in full within 30 calendar days. Where a request is complex or involves multiple rights, we may extend this period by a further 30 days and will inform you accordingly.
Identity Verification for Rights Requests: To protect the privacy and security of all players, dafa requires identity verification before processing any data rights request. We will not action a request from an unverified individual, as doing so could expose another player's data. Verification is typically completed by confirming your registered name and mobile number against our records.
Your Rights at a Glance
- Access — Get a copy of your data
- Rectification — Correct inaccurate data
- Erasure — Request deletion
- Restriction — Limit how we use it
- Object — Stop certain processing
- Portability — Export your data
Submit a Data Request
To exercise any privacy right, contact our Data Protection team:
[email protected]
Subject line: "Data Access Request"
Include: registered name + mobile number
Response time: within 30 calendar days
Section 8
Policy Updates & Contact
Changes to This Privacy Policy
dafa reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, Platform features, or applicable legal requirements. When we make material changes to this Policy — that is, changes that affect how we collect, use, or share your personal data in a meaningful way — we will notify registered players via their registered email address and/or via a prominent notice on the Platform at least 14 days before the changes take effect.
Minor or clarificatory changes (such as correcting typographical errors, updating contact details, or adding additional explanatory language that does not alter the substance of the Policy) may be made without advance notice. The "Effective Date" at the top of this Policy will always reflect the date of the most recent update. We encourage you to review this Policy periodically so that you remain informed of how dafa handles your personal data.
Your continued use of the dafa Platform after the effective date of any updated Policy constitutes your acceptance of the revised terms. If you do not agree with the revised Policy, you should discontinue use of the Platform and may request account closure by contacting support.
Contact & Data Queries
If you have any questions, concerns, or complaints about this Privacy Policy or about how dafa handles your personal data, please contact our support team. We take all privacy-related enquiries seriously and aim to provide clear, helpful responses within five (5) business days.
Contact: [email protected]
Available: 24 hours a day, 7 days a week
Average live chat response time: under 2 minutes
Responsible Gaming & Privacy: If you are concerned about your gambling behaviour and wish to use dafa's responsible gaming tools — including self-exclusion, deposit limits, or account cooling-off periods — any personal data you provide in that context will be handled with the highest level of confidentiality. It will not be used for marketing and will not be shared beyond what is strictly necessary to enforce the responsible gaming measure you have requested. Visit our Responsible Gaming page for more information.
Policy Update Process
- Material change identified by dafa compliance team
- Updated Policy drafted and reviewed
- Email notification sent to all registered players
- 14-day notice period before changes take effect
- New effective date published at top of this page
- Continued use = acceptance of updated Policy
Related Policies
- Terms & Conditions — platform rules and player obligations
- Responsible Gaming — self-exclusion and deposit limit tools
- FAQ — quick answers to common privacy questions
Questions About Your Privacy?
Our support team is available around the clock to answer any privacy or data-related questions. You can also explore our FAQ for quick answers, review our Terms & Conditions, or head straight to the dafa Casino to enjoy our full game library.