Your Privacy Matters: This Privacy Policy applies to all users of the bahi88 platform, including visitors, registered players, and any person who contacts bahi88 via live chat or email. By using the bahi88 platform, you acknowledge that you have read and understood the practices described in this document.
Overview
bahi88 is an online casino and sports betting platform operating at bahi88.app, designed primarily for adult players in Bangladesh. As part of delivering our services, bahi88 necessarily collects and processes certain categories of personal data. We are committed to handling that data responsibly, transparently, and securely.
This Privacy Policy has been prepared in accordance with general international data protection principles. It describes the categories of personal data we process, the purposes and legal bases for that processing, the parties with whom data may be shared, the safeguards we apply to protect your information, and the rights available to you as a data subject.
This policy should be read alongside the bahi88 Terms and Conditions, which govern the contractual relationship between you and bahi88. In the event of any conflict between this Privacy Policy and the Terms and Conditions on a matter relating to personal data, this Privacy Policy shall prevail.
Data Controller
For the purposes of this Privacy Policy, the data controller responsible for your personal data is bahi88, operating the platform accessible at bahi88.app. The data controller determines the purposes and means of processing personal data collected through the bahi88 platform.
All data protection enquiries, subject access requests, and formal complaints relating to the handling of your personal data should be directed to the bahi88 support team via live chat (available 24/7 from your account dashboard) or by email at the address shown in Section 14 of this document.
bahi88 designates a dedicated data protection point of contact within its support team. All data-related requests are handled with priority and acknowledged within 48 hours of receipt (Bangladesh Standard Time, UTC+6).
Personal Data We Collect
bahi88 collects personal data across several categories depending on the nature of your interaction with the platform. The table below summarises the categories of data we may collect and specific examples within each category:
| Category | Examples of Data Collected |
|---|---|
| "Identity Data" | Full legal name, date of birth, gender, government-issued ID number (where provided for KYC verification). |
| "Contact Data" | Mobile phone number (used as primary account identifier), email address (where provided), city or district of residence (e.g., Dhaka, Chittagong, Sylhet). |
| "Account Data" | Username, encrypted password hash, account creation date, account preferences, communication preferences, self-exclusion or limit settings. |
| "Financial Data" | MFS account number or mobile number associated with bKash, Nagad, Rocket, or Upay (masked after verification); transaction amounts; deposit and withdrawal history; bonus balances. |
| "Transaction Data" | Details of bets placed, games played, stakes, winnings, cashback received, and bonus utilisation history. |
| "Technical Data" | IP address, device type and model, operating system version, browser type and version, screen resolution, session identifiers, and approximate geographic location derived from IP. |
| "Usage Data" | Pages visited, features used, time spent on platform sections, click-path data, session duration, and error logs generated during your session. |
| "Communications Data" | Records of live chat conversations with the bahi88 support team, email correspondence, and any documents or images you submit during KYC verification. |
bahi88 does not collect or store sensitive financial credentials. Specifically, we do not collect your bKash PIN, Nagad PIN, Rocket PIN, Upay PIN, or any banking password. Payment confirmations are received directly from the respective MFS provider's API in tokenised form.
How We Collect Personal Data
4.1 Directly from You
The majority of personal data we hold is provided directly by you during the following interactions with the bahi88 platform:
- When you create a bahi88 account and complete the registration form.
- When you submit KYC verification documents (photo ID, proof of MFS account ownership).
- When you initiate a deposit or withdrawal via bKash, Nagad, Rocket, or Upay.
- When you contact bahi88 customer support via live chat or by email.
- When you update your account profile, set responsible gaming limits, or request self-exclusion.
4.2 Automatically via the Platform
When you access and use the bahi88 platform, certain technical and usage data is collected automatically by our servers and analytics infrastructure. This includes your IP address, device identifiers, session tokens, page-load timestamps, and interaction logs. This data is collected using standard web server log mechanisms and first-party session cookies.
4.3 From Third-Party Service Providers
bahi88 may receive limited personal data from third-party partners in the following contexts:
- MFS Providers (bKash, Nagad, Rocket, Upay): Transaction confirmation data including the originating mobile number (masked) and transaction reference number, to match payments to accounts.
- Game Providers (e.g., Pragmatic Play, Evolution Gaming, Spribe): Game session identifiers and outcome data necessary for crediting winnings and maintaining a complete transaction record.
- Fraud and AML screening services: Risk signals associated with your IP address or device fingerprint, used solely for fraud prevention purposes.
Purposes of Processing
bahi88 processes personal data only for specific, legitimate purposes. The table below maps each processing purpose to the categories of personal data used:
| Purpose | Data Categories Used |
|---|---|
| "Account Management" | Identity, Contact, Account Data |
| "Payment Processing" | Identity, Contact, Financial, Transaction Data |
| "KYC & Age Verification" | Identity, Contact, Communications Data |
| "Game Delivery & Fair Play" | Account, Transaction, Technical Data |
| "Fraud Prevention & AML" | Identity, Financial, Technical, Usage Data |
| "Customer Support" | Identity, Contact, Account, Communications Data |
| "Responsible Gaming Tools" | Account, Transaction, Usage Data |
| "Platform Security" | Technical, Usage Data |
| "Legal Compliance" | Identity, Financial, Communications Data |
| "Service Improvement" | Usage, Technical Data (aggregated and anonymised) |
bahi88 does not process personal data for the purpose of selling it, sharing it with advertisers, or building advertising profiles. Data used for service improvement is aggregated and anonymised before analysis — it cannot be linked back to any individual player.
Legal Basis for Processing
bahi88 processes personal data under one or more of the following legal bases:
- Contractual necessity: Processing that is necessary to perform the contract with you — specifically, to operate your account, process your deposits and withdrawals, deliver games and sports betting services, and provide customer support.
- Legal obligation: Processing required to comply with applicable legal and regulatory obligations, including anti-money-laundering (AML) checks, Know Your Customer (KYC) requirements, and record-keeping obligations.
- Legitimate interests: Processing carried out for purposes that represent legitimate interests of bahi88 that are not overridden by your data protection rights — principally fraud prevention, platform security, responsible gaming monitoring, and aggregated service analytics.
- Consent: For any processing activities that fall outside the above bases — such as sending you promotional communications about new games, seasonal offers (e.g., Eid, Pohela Boishakh promotions), or BPL cricket betting specials — bahi88 will obtain your explicit consent and will offer a straightforward way to withdraw that consent at any time.
You may withdraw consent for marketing communications at any time by contacting bahi88 support via live chat. Withdrawal of consent does not affect the lawfulness of any processing carried out before withdrawal, and it does not affect processing carried out under other legal bases.
Data Sharing & Disclosure
7.1 Third-Party Service Providers
bahi88 shares personal data with a limited number of third-party service providers who assist in delivering the platform. These providers are permitted to process personal data only as instructed by bahi88 and only to the extent necessary for their specific service function. They are contractually bound to maintain appropriate technical and organisational security measures. Current categories of third-party processors include:
- MFS payment gateway integrators (for routing deposit and withdrawal requests to bKash, Nagad, Rocket, and Upay).
- Game content providers (Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi, and others) — who receive only the session identifiers and stake/outcome data required to run games.
- Fraud detection and risk scoring service providers — who receive device fingerprint and IP reputation data to flag suspicious activity.
- Cloud infrastructure providers — who host the bahi88 platform and its databases under strict data processing agreements.
7.2 Legal and Regulatory Disclosures
bahi88 may disclose personal data to law enforcement authorities, government agencies, or regulatory bodies where required by applicable law, court order, or where disclosure is necessary to prevent, detect, or prosecute fraud, money laundering, or other criminal activity. bahi88 will, where legally permitted, notify the affected player of any such disclosure request.
7.3 No Sale of Personal Data
bahi88 does not sell, rent, lease, or otherwise commercially transfer your personal data to any third party for their own marketing or commercial purposes. Data shared with service providers is strictly for operational delivery of the bahi88 service and is governed by binding data processing agreements.
If you ever receive a communication purporting to be from bahi88 and requesting sensitive personal or financial information outside the platform, treat it as suspicious. bahi88 will never ask for your MFS PIN or password via any channel. Report suspicious contacts to the bahi88 support team immediately.
Data Retention
bahi88 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following retention principles apply:
- Active accounts: Personal data is retained for the duration of your account's active status and for a minimum of five years following the permanent closure of your account, to comply with AML record-keeping obligations.
- Transaction records: Deposit, withdrawal, and betting transaction records are retained for a minimum of five years from the date of the transaction.
- KYC documents: Identity verification documents are retained for the duration of the account relationship and for five years after account closure.
- Support communications: Live chat transcripts and email correspondence are retained for three years from the date of the interaction.
- Technical and usage logs: Server logs and session data are retained for 12 months, after which they are either deleted or irreversibly anonymised for aggregate analytics purposes.
- Consent records: Records of marketing consent and consent withdrawal are retained for the lifetime of the account plus five years.
Where retention beyond these periods is required by a specific legal obligation or is necessary for the establishment, exercise, or defence of legal claims, bahi88 will retain the relevant data until that obligation or claim is resolved.
Security Measures
bahi88 implements a comprehensive set of technical and organisational security measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. Key measures include:
- Transport-layer encryption: All data transmitted between your device and the bahi88 platform is encrypted using TLS 1.3 with 256-bit AES cipher suites. Unencrypted HTTP connections are not accepted.
- Password security: Account passwords are stored exclusively as salted cryptographic hashes. bahi88 has no mechanism to retrieve your plain-text password — only to verify it.
- Database access controls: Access to production databases containing personal data is restricted to authorised personnel on a strict need-to-know basis, protected by multi-factor authentication.
- Intrusion detection and monitoring: bahi88 operates continuous automated monitoring of platform infrastructure for anomalous access patterns, injection attempts, and other security threats.
- Data minimisation at rest: Financial data — including MFS account numbers — is masked after the initial verification step. Only the last four digits are retained in operational systems; the full number is stored exclusively in the encrypted KYC record vault.
- Incident response: bahi88 maintains a documented data breach response procedure. In the event of a breach that is likely to result in a risk to your rights and freedoms, affected players will be notified as promptly as practicable.
Your Responsibility: While bahi88 employs robust security infrastructure, you also play a role in keeping your account safe. Use a strong, unique password for your bahi88 account, do not share your login credentials with anyone, and contact bahi88 support immediately via live chat if you suspect unauthorised access to your account.
Cookies & Tracking Technologies
10.1 What Are Cookies
Cookies are small text files placed on your device by a web server when you visit a website. bahi88 uses first-party cookies — cookies set directly by the bahi88.app domain — to deliver and operate the platform. bahi88 does not use third-party advertising cookies or cross-site tracking technologies.
10.2 Cookies Used by bahi88
| Cookie Name / Type | Purpose | Duration |
|---|---|---|
| "session_token" | Maintains your authenticated login session so you do not need to log in on every page load. | Session (deleted on browser close) |
| "csrf_token" | Cross-Site Request Forgery protection token — prevents malicious third-party sites from performing actions on your behalf. | Session |
| "locale_pref" | Stores your language and time-zone preference (defaults to English / BST UTC+6). | 12 months |
| "rg_limits_ack" | Records that you have acknowledged your responsible gaming limit settings during the current session. | Session |
| "analytics_anon" | Anonymous first-party session analytics — records page views and feature interactions in aggregate form with no personal identifier attached. | 30 days |
10.3 Cookie Control
You can control and delete cookies via your browser settings. Disabling session cookies will prevent you from logging in to your bahi88 account. Disabling the analytics cookie will not affect your ability to use any platform feature. Detailed instructions for managing cookies are available in the help documentation of your browser (Chrome, Firefox, Safari, or any other browser you use).
Your Data Subject Rights
As a data subject, you hold the following rights in relation to the personal data bahi88 holds about you. You may exercise any of these rights at any time by contacting the bahi88 support team via live chat or by email (see Section 14).
bahi88 will respond to all verified data subject requests within 30 days of receipt. Where a request is complex or high in volume, this period may be extended by a further 60 days, in which case bahi88 will notify you of the extension and the reason for it within the initial 30-day period. bahi88 will not charge a fee for exercising any of the above rights unless a request is manifestly unfounded or excessive.
For the protection of your data, bahi88 will require satisfactory identity verification before acting on any data subject request. Requests submitted via live chat from a logged-in session satisfy this requirement automatically. Requests submitted by email will require you to verify your identity through a brief authentication step.
Children & Minors
The bahi88 platform is strictly intended for adults aged 18 and above. bahi88 does not knowingly collect, process, or retain personal data from any individual under the age of 18. Age verification is a mandatory step in the bahi88 registration process, and bahi88 reserves the right to request additional documentary proof of age at any time.
If bahi88 discovers or has reasonable grounds to believe that personal data has been collected from a person under the age of 18, that data will be immediately deleted, the associated account will be permanently closed, and any funds in the account will be handled in accordance with bahi88's underage player procedure as described in the Terms and Conditions.
If you are a parent or guardian and believe that a minor in your care has registered an account on bahi88, please contact the bahi88 support team immediately via live chat or email. bahi88 will investigate and resolve such reports with priority.
18+ Only: bahi88 takes the protection of minors extremely seriously. No person under the age of 18 is permitted to use the bahi88 platform under any circumstances. Parents and guardians are encouraged to use parental control software to restrict access to gambling websites on shared or family devices.
Changes to This Privacy Policy
bahi88 may revise this Privacy Policy from time to time to reflect changes in our data processing practices, changes in applicable law, or improvements to our platform. Where any change is material — meaning it alters the nature of data we collect, the purposes for which it is used, or the rights available to you — bahi88 will provide advance notice via account notification before the change takes effect.
The effective date of the current version of this Privacy Policy is clearly stated at the top of this document and in the hero section above. Continued use of the bahi88 platform after the effective date of any revised Privacy Policy constitutes your acceptance of the changes. If you do not accept the revised policy, you should cease using the platform and contact support to close your account.
bahi88 recommends reviewing this page periodically. Previous versions of the Privacy Policy are available on request by contacting the bahi88 support team.
This Privacy Policy was last reviewed and updated as of 1 January 2026. All prior versions are superseded by this document.
Contact & Data Requests
For any questions, concerns, or requests relating to this Privacy Policy or to the personal data bahi88 holds about you, please contact the bahi88 data protection point of contact through one of the following channels:
- Live Chat: Available 24/7 from your account dashboard. This is the fastest channel — average first-response time is under 3 minutes.
- Email: The bahi88 support email address is shown below as plain text. It is not a clickable link.
When submitting a data subject request by email, please include your registered mobile number (the one linked to your bahi88 account), the nature of your request (e.g., access, rectification, erasure), and a brief description of the data concerned. This enables bahi88 to process your request efficiently and verify your identity without unnecessary delay.
bahi88 aims to acknowledge all formal data-related correspondence within 48 hours (Bangladesh Standard Time, UTC+6) and to resolve requests fully within 30 days of receipt of all required information.
Every connection between your device and bahi88 is protected by TLS 1.3 with 256-bit AES encryption. Your data is never transmitted in plain text across any network.
bahi88 does not sell, rent, or commercially transfer your personal data to advertisers or third-party data brokers. Your information is used solely to deliver and improve the bahi88 service.
You hold full rights over your personal data — access, rectification, erasure, restriction, portability, and objection. Submit any data request via live chat or email, and we will respond within 30 days.
bahi88 never stores your bKash, Nagad, Rocket, or Upay PIN. Payment confirmations are received via tokenised API responses from the MFS provider — your banking credentials never touch our servers.
bahi88 retains personal data only as long as legally required or operationally necessary. Usage logs are anonymised after 12 months, and all data is deleted within defined periods following account closure.
bahi88 applies mandatory age verification at registration and reserves the right to request documentary proof at any point. No personal data from individuals under 18 is knowingly retained on the platform.
Your Privacy Is Our Priority. Play with Confidence.
Now that you understand how bahi88 handles your data, explore the full platform — cricket betting, live casino, slots, Plinko, and more — knowing your information is protected.