lbaje Privacy Policy
At lbaje, your personal data is handled with the same care we apply to every aspect of the platform. This Privacy Policy explains exactly what information we collect, why we collect it, how it is used, and the controls you have over your own data as a registered player in Bangladesh.
How lbaje Protects Your Data
These cards summarise the key principles of our Privacy Policy. They are provided for convenience and do not replace the full policy text below.
SSL Encryption
All data transmitted between your device and lbaje is protected by industry-standard SSL (Secure Socket Layer) encryption. Payment details, login credentials, and personal information are never sent in plain text over the network.
No Data Selling
lbaje does not sell, rent, or trade your personal data to third-party marketers or data brokers. Your information is used solely to operate and improve the lbaje platform and to fulfil our legal obligations.
Purpose Limitation
Data collected by lbaje is used only for the specific purposes stated in this Privacy Policy. We do not repurpose your data for unrelated activities without first obtaining your explicit consent.
KYC Compliance
Identity verification data collected during the KYC process is stored securely and used exclusively for age verification, fraud prevention, and anti-money-laundering compliance. It is never shared for commercial purposes.
Your Right to Access
You have the right to request a full copy of the personal data lbaje holds about you at any time. Submit a data access request to [email protected] and we will respond within 30 days.
Cookie Transparency
lbaje uses cookies to keep the platform running smoothly and to understand how players use the site. We distinguish between essential cookies (always on) and optional analytics cookies, which you can manage.
Information We Collect
lbaje collects personal data from you in several ways: directly when you register an account or contact our support team, automatically when you use the Platform, and in some cases from third-party sources such as payment processors and identity verification services. We collect only the minimum data necessary to deliver our services safely and in compliance with responsible gaming and anti-money-laundering obligations.
1.1 Registration Data
When you create a lbaje account, you provide the following information:
- Full legal name (as it appears on your National Identity Card or passport);
- Date of birth (for mandatory age verification — players must be 18 or older);
- Residential address in Bangladesh (city, district, and full postal address);
- Mobile phone number, which must be linked to your preferred MFS payment account (bKash, Nagad, Rocket, or Upay);
- Email address (used for account notifications and formal communications);
- A username and password of your choosing (password is stored in hashed form — never in plain text).
1.2 Identity Verification (KYC) Data
As part of our Know Your Customer (KYC) process, which is required before any withdrawal is approved, you may be asked to submit:
- A scanned copy or photograph of your Bangladesh National Identity Card (NID);
- A valid Bangladesh passport (biographical data page);
- A recent utility bill or bank statement confirming your residential address;
- A screenshot confirming your registered MFS account (bKash, Nagad, Rocket, or Upay) matching the mobile number on file;
- A selfie photograph for liveness verification where required.
KYC documents are handled with the highest level of confidentiality and are stored in an encrypted environment with access restricted to authorised compliance personnel only.
1.3 Financial Transaction Data
When you make a deposit or request a withdrawal on lbaje, we record:
- The payment method used (e.g., bKash, Nagad, Rocket, Upay, Visa, Mastercard);
- The mobile number or partial card number associated with the transaction;
- Transaction amounts in Bangladeshi Taka (৳);
- Timestamps of all deposit and withdrawal requests and their processing outcomes.
lbaje does not store full payment card numbers. Card transactions are processed by PCI-DSS compliant third-party payment processors who handle card data directly.
1.4 Technical and Usage Data
When you access the lbaje Platform, our servers automatically record:
- Your IP address and approximate geographic location (city/region level);
- Device type, operating system, and browser version;
- Pages visited, time spent on each page, and navigation path through the Platform;
- Game sessions, bet amounts, game outcomes, and session duration;
- Login timestamps and logout events;
- Error logs and crash reports generated by the Platform on your device.
1.5 Communications Data
When you contact lbaje's customer support team via live chat or email, we retain records of the conversation, including the content of your messages, your contact details, and the outcome of any support request. These records are used for quality assurance, dispute resolution, and training purposes.
How We Use Your Data
lbaje processes your personal data only for lawful, specified, and legitimate purposes. The table below summarises each processing activity, the data categories involved, and the legal basis on which lbaje relies to carry out that processing.
| Processing Purpose | Data Categories Used | Legal Basis |
|---|---|---|
| Account creation and authentication | Registration data, device/IP data | Contract performance |
| Age and identity verification (KYC) | KYC documents, registration data | Legal obligation; contract performance |
| Processing deposits and withdrawals | Financial transaction data, registration data | Contract performance |
| Fraud prevention and AML monitoring | Financial data, usage data, KYC data, IP data | Legal obligation; legitimate interests |
| Responsible gaming monitoring | Usage data, game session data, self-exclusion records | Legal obligation; legitimate interests |
| Customer support and dispute resolution | Communications data, account data | Contract performance; legitimate interests |
| Platform analytics and improvement | Usage data, technical data | Legitimate interests |
| Promotional communications (opted-in) | Email address, game preferences, usage data | Consent |
| Legal and regulatory compliance | All categories as required | Legal obligation |
2.1 Marketing Communications
lbaje may send you promotional emails or in-platform notifications about bonuses, new games, cricket betting markets, and seasonal offers (including Eid, Pohela Boishakh, BPL season, and IPL promotions) where you have explicitly opted in to receive such communications during registration or at a later date via your account settings. You may withdraw your consent to marketing communications at any time by updating your notification preferences in your account settings or by emailing [email protected] with the subject line "Unsubscribe". Withdrawal of marketing consent does not affect your ability to use the Platform or receive transactional account communications.
2.2 Automated Decision-Making
lbaje uses automated systems for certain fraud detection and responsible gaming monitoring tasks. These systems analyse patterns in deposit behaviour, gameplay, and account activity to identify potential issues. Where an automated process results in a restriction on your account (such as a temporary hold or a request for additional KYC documentation), you have the right to request human review of that decision by contacting our support team at [email protected].
Data Sharing & Disclosure
lbaje does not sell, rent, or trade your personal data to any third party. We share your data only in the specific, limited circumstances described in this section, and only to the extent necessary for each stated purpose.
3.1 Payment Processors
To process your deposits and withdrawals, lbaje shares the minimum necessary financial and identity data with our payment processing partners, including the operators of bKash, Nagad, Rocket, Upay, and our card payment gateway for Visa and Mastercard transactions. These partners are contractually obligated to handle your data only for the purpose of completing the relevant transaction and are not permitted to use your data for any other purpose.
3.2 Game Studios and Content Providers
Third-party game studios such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi operate their game engines on the lbaje Platform. These studios may receive a pseudonymous player session identifier and stake/outcome data for the purpose of operating the game, processing game outcomes, and calculating RTP. They do not receive your full name, email address, physical address, or KYC documentation.
3.3 Identity Verification Services
Where lbaje uses a third-party KYC or identity verification service to assist in processing your NID, passport, or other identity documents, that service provider will receive the documents you submit. Such providers are bound by strict data processing agreements and are not permitted to retain or use your identity documents beyond the scope of the verification task.
3.4 Legal and Regulatory Disclosure
lbaje may disclose your personal data to law enforcement agencies, government authorities, or regulatory bodies where we are legally required to do so — for example, in response to a court order, a formal law enforcement request, or an anti-money-laundering investigation. In such cases, lbaje will disclose only the minimum data required to satisfy the legal obligation and will notify you of the disclosure where permitted by law to do so.
3.5 Business Continuity
In the event of a corporate restructuring, merger, acquisition, or sale of all or part of lbaje's business, your personal data may be transferred to the acquiring entity as part of that transaction. We will notify you of any such transfer and ensure that the acquiring entity is bound by data protection obligations at least as protective as those set out in this Privacy Policy before any transfer takes place.
Data Retention & Storage
lbaje retains your personal data only for as long as is necessary to fulfil the purposes described in this Privacy Policy, or as required by applicable law and regulatory obligations. The following retention schedule applies to the main categories of data we hold.
| Data Category | Retention Period | Reason for Retention |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | AML compliance; dispute resolution; regulatory audit trail |
| KYC identity documents | Duration of account + 5 years after closure | Legal obligation (AML / KYC regulatory requirements) |
| Financial transaction records | 7 years from transaction date | Financial recordkeeping obligations; AML audit trail |
| Game session logs | 3 years from session date | Dispute resolution; responsible gaming review |
| Customer support communications | 3 years from last interaction | Dispute resolution; quality assurance; training |
| Marketing consent records | Until consent is withdrawn + 1 year | Proof of consent for regulatory purposes |
| Anonymised analytics data | Indefinitely (no personal identifiers) | Platform improvement; trend analysis |
| Self-exclusion records | Duration of exclusion period + 5 years | Responsible gaming compliance; re-registration prevention |
5.1 Data Storage Location
lbaje stores personal data on secure servers protected by industry-standard physical and technical security measures. All data is encrypted at rest using AES-256 encryption. Access to production data systems is restricted to authorised personnel only, with access logs maintained and reviewed regularly.
5.2 Data Deletion Requests
If you request deletion of your personal data following account closure, lbaje will fulfil that request subject to the retention obligations described above. Data that we are legally required to retain (such as KYC documents and financial transaction records) cannot be deleted before the mandatory retention period expires, even where a deletion request has been submitted. lbaje will confirm in writing which data has been deleted and which data is being retained, along with the legal basis for retention and the date on which retained data will be scheduled for deletion.
Your Privacy Rights
As a player on lbaje, you have a number of rights in relation to the personal data we hold about you. These rights are outlined below. To exercise any of these rights, contact our data team at [email protected] with the subject line "Privacy Rights Request". lbaje will acknowledge your request within 5 business days and will respond in full within 30 days, free of charge.
Right of Access
Request a copy of all personal data lbaje holds about you, including how it is used and with whom it is shared.
Right to Rectification
Request correction of any inaccurate or incomplete personal data lbaje holds about you.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
Right to Restrict Processing
Request that lbaje limits processing of your data in specific circumstances, such as while a dispute is under investigation.
Right to Data Portability
Request a machine-readable copy of your personal data that you can transfer to another service provider.
Right to Object
Object to processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
Right to Withdraw Consent
Withdraw consent for any processing activity where consent is the legal basis (e.g., marketing emails), without affecting the lawfulness of prior processing.
Right Against Automated Decisions
Request human review of any automated decision that has a significant effect on your account, such as an automated fraud flag or account restriction.
Data Security Measures
lbaje takes the security of your personal data seriously and has implemented a multi-layered security framework to protect against unauthorised access, disclosure, alteration, or destruction of the data we hold. The following measures are in place at all times.
7.1 Technical Security Controls
- TLS/SSL encryption on all data transmitted between your device and lbaje's servers, preventing interception of data in transit;
- AES-256 encryption for all personal data stored in lbaje's databases;
- Bcrypt password hashing — your password is never stored in recoverable plain text;
- Two-factor authentication (2FA) available to all players and mandatory for all lbaje staff accounts;
- Web Application Firewall (WAF) to block common attack vectors including SQL injection, cross-site scripting (XSS), and brute-force login attempts;
- Rate limiting on login endpoints to prevent credential-stuffing attacks;
- Intrusion detection systems (IDS) that monitor server traffic in real time and alert the security team to anomalous activity.
7.2 Organisational Security Controls
- Role-based access control (RBAC) — lbaje staff are granted access only to the data systems they require to perform their specific job functions;
- All staff with access to personal data complete data protection and security awareness training before being granted system access;
- Access to production data systems is logged, and those logs are reviewed regularly by the security team;
- lbaje conducts periodic internal security audits and engages third-party penetration testing firms to assess the Platform's security posture;
- A formal data breach response procedure is in place, with defined escalation steps and notification timelines.
7.3 Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, lbaje will notify affected players without undue delay — and in any case within 72 hours of becoming aware of the breach — by email to the address registered on your account. The notification will describe the nature of the breach, the categories of data affected, the likely consequences, and the steps lbaje is taking to address the breach and mitigate its effects.
Policy Updates & Contact
lbaje reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, changes in applicable law, or improvements to our Platform. When we make material changes to this Policy, we will notify you by email to your registered address and by displaying a prominent notice on the lbaje Platform for at least 14 days before the changes take effect.
The "Last Updated" date at the top of this Policy will always reflect the date on which the most recent version was published. We encourage you to review this Privacy Policy periodically to stay informed about how lbaje protects your personal data. Your continued use of the Platform following the effective date of any update constitutes your acceptance of the revised Policy.
8.1 Previous Versions
If you would like to review a previous version of this Privacy Policy, you may request it by contacting our support team. lbaje maintains an archive of all previous policy versions with their effective dates.
8.2 Contact Our Data Team
If you have any questions about this Privacy Policy, wish to exercise any of your privacy rights, or have a concern about how lbaje handles your personal data, please contact our data team using the details below. All data-related enquiries are handled separately from general customer support to ensure they receive appropriate specialist attention.
Response Time
Within 30 calendar days
Acknowledgement within 5 business days
Platform Region
Bangladesh (BST, UTC+6)
Service available nationwide
Security Standard
SSL Encrypted · Fair Play Certified
18+ only. Play responsibly.
Your Data Is Safe — Enjoy lbaje
You've read the policy — your privacy is protected at every step. Now explore everything lbaje has to offer: slots, live casino, cricket betting, and more, all with fast bKash and Nagad payments.
18+ only. Please gamble responsibly. SSL secured. Fair play certified.