Privacy &
Data Protection
Policy of 662brt
At 662brt, your personal data is handled with the highest standards of care. This Privacy Policy explains exactly what information we collect, why we collect it, how it is stored and protected, and the rights you hold over your own data as a registered player on our Bangladesh platform.
How 662brt Safeguards Your Privacy
These six principles capture the spirit of our approach to your personal data. The detailed legal text for each topic follows in the numbered sections below.
End-to-End Encryption
Every data transmission between your device and the 662brt platform is protected by TLS/SSL encryption. Your login credentials, payment details, and personal information are never sent in plain text across any channel.
Minimal Data Collection
662 brt collects only the data that is strictly necessary for account management, identity verification, payment processing, and regulatory compliance. We do not harvest data beyond what serves a clear, documented purpose.
No Unauthorised Third-Party Sales
662brt does not sell, rent, or trade your personal data to third-party marketing companies. Data shared with external partners is limited to what is operationally required — for example, payment processors and KYC verification providers.
Full User Control
You have the right to access, correct, export, restrict, or request deletion of your personal data at any time. Requests are processed by the 662brt compliance team within a documented response window — see the Your Data Rights section for details.
Transparent Cookie Use
We use cookies only for session management, platform performance analytics, and fraud prevention. We do not deploy third-party advertising cookies. You can manage your cookie preferences at any time through your browser settings.
Defined Retention Periods
Personal data is retained only for as long as is necessary for the purpose for which it was collected, or as required by applicable anti-money laundering and financial record-keeping standards. Inactive account data is reviewed and purged on a scheduled basis.
Information We Collect
662brt collects personal data through three primary channels: information you provide directly during registration and account usage, information generated automatically through your interaction with the platform, and information received from trusted third-party verification and payment partners. The following table summarises the categories of data we collect and the reason for each.
| Data Category | Specific Examples | Collection Reason |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, NID or passport number | Account registration, KYC compliance, age verification |
| Contact Data | Email address, mobile phone number (used for bKash/Nagad), residential address in Bangladesh | Account communication, withdrawal verification, support |
| Financial Data | bKash/Nagad/Rocket/Upay wallet numbers, bank account references (not full card numbers), transaction history | Deposit and withdrawal processing, AML monitoring |
| Technical Data | IP address, device type, browser version, operating system, session timestamps | Fraud prevention, security monitoring, platform optimisation |
| Usage Data | Pages visited, games played, bet history, bonus activity, session duration | Responsible gaming monitoring, personalisation, analytics |
| Verification Documents | Scanned NID, utility bill, bank statement, selfie with ID | KYC identity and address verification as required by AML standards |
Data You Provide Directly
When you register a 662brt account, you provide your name, date of birth, email address, mobile number, and residential address. If you choose to contact our support team via email at [email protected], the contents of that correspondence — including any attachments — are retained as part of your account record.
Data Collected Automatically
Each time you access the 662brt platform, our servers automatically log your IP address, the type of device you are using, your browser version, and the pages or game sections you visit. This technical data is essential for maintaining platform security, diagnosing errors, and identifying unusual access patterns that may indicate account compromise or fraud.
Data from Third Parties
Where you use a mobile wallet such as bKash, Nagad, or Rocket to deposit funds, the relevant payment processor shares transaction confirmation data with 662brt. This includes the sender wallet number, transaction reference, and timestamp. 662brt does not have access to your mobile wallet PIN or full account credentials — only the minimum data required to confirm and reconcile the transaction.
How We Use Your Data
662brt uses your personal data only for specific, documented purposes. We do not process data in ways that are incompatible with the original purpose for which it was collected. The table below maps each data category to its processing purpose and the legal basis on which 662brt relies for that processing.
Primary Processing Purposes
- Account Management: Creating, maintaining, and securing your 662brt account. This includes processing your registration, verifying your identity, managing password resets, and responding to support enquiries.
- Payment Processing: Executing deposit crediting and withdrawal disbursements through bKash, Nagad, Rocket, Upay, and supported bank transfer channels. Financial transaction data is processed to confirm, reconcile, and audit all monetary movements in and out of your account.
- Regulatory Compliance: Fulfilling know-your-customer (KYC) and anti-money laundering (AML) obligations. This includes verifying your identity, monitoring transaction patterns for suspicious activity, and maintaining records as required by applicable international gaming and financial regulations.
- Responsible Gaming: Monitoring your betting and gaming activity to identify patterns that may indicate problem gambling behaviour. This processing is in your interest — it enables 662brt to proactively offer deposit limit adjustments, cooling-off periods, or self-exclusion referrals where appropriate.
- Security and Fraud Prevention: Detecting and investigating account takeover attempts, unauthorised access, bonus abuse, match-fixing-linked accounts, and money laundering activity. Technical data such as IP addresses, device fingerprints, and login patterns are analysed by automated and manual security systems.
- Platform Improvement: Using anonymised and aggregated usage data to understand how players interact with the platform — which game categories are most popular, which pages have high drop-off rates, and where navigation improvements would be beneficial. This processing uses data in a form that cannot identify any individual player.
- Customer Communications: Sending transactional communications such as deposit confirmations, withdrawal receipts, KYC status updates, and security alerts. With your separate consent, we may also send promotional communications about 662brt offers, seasonal bonuses (BPL, Eid, Pohela Boishakh promotions), and new game launches.
Automated Decision-Making
Some of 662brt's fraud detection, AML screening, and responsible gaming monitoring processes involve automated decision-making — meaning a computer system analyses your data and reaches a conclusion without direct human review of each case. Where an automated decision results in a significant outcome for you (such as an account freeze or withdrawal block), you have the right to request a manual review by a member of the 662brt compliance team. Contact [email protected] to exercise this right.
Data Sharing & Disclosure
662brt does not sell your personal data to any third party. Data is shared externally only where it is strictly necessary for the operation of the platform or where 662brt is under a legal obligation to do so. The following categories of recipients may receive limited personal data:
Payment Processors
To process deposits and withdrawals, 662brt shares the minimum required transaction data with mobile wallet operators (bKash, Nagad, Rocket, Upay) and partner banks (Dutch-Bangla Bank, BRAC Bank, City Bank, Islami Bank, Sonali Bank). This sharing is limited to the data required to authenticate and complete the transaction. Payment processors are contractually bound to process this data solely for the stated payment purpose.
KYC and Identity Verification Partners
To verify your identity and comply with AML obligations, 662brt may share identity documents and supporting data with specialist KYC service providers. These providers operate under strict data processing agreements and are prohibited from using your data for any purpose other than identity verification on behalf of 662brt.
Game Providers
Live casino and slot game providers (such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi) receive session identifiers and in-game action data necessary to operate the game, settle the round, and return results to the 662brt platform. Game providers do not receive your full identity data, financial data, or contact information — only the anonymised session data needed to run the game.
Legal and Regulatory Disclosure
662brt may disclose personal data to law enforcement agencies, financial intelligence units, or regulatory authorities where required to do so by a lawful request, court order, or applicable regulation. In such cases, 662brt will disclose only the minimum data required by the relevant authority and will, where legally permitted, notify you of the disclosure.
Business Transfers
In the event that 662brt undergoes a merger, acquisition, or sale of all or part of its business assets, your personal data may be transferred to the acquiring entity as part of that transaction. You will be notified by email in advance of any such transfer that materially affects how your data is processed, and you will be given the opportunity to request deletion of your data before the transfer completes.
Cookies & Tracking Technologies
662brt uses cookies and similar client-side storage technologies to operate the platform correctly, maintain session continuity, and monitor for security threats. This section explains the types of cookies used, their purpose, and how you can manage them.
Types of Cookies Used
- Strictly Necessary Cookies: These cookies are essential for the 662brt platform to function. They maintain your login session, remember your language preference, and protect against cross-site request forgery (CSRF) attacks. Without these cookies, core platform features — including account login, deposit, and game launch — would not operate correctly. These cookies cannot be disabled without breaking platform functionality.
- Performance and Analytics Cookies: First-party analytics cookies collect anonymised data about how users navigate the platform — which pages are most visited, how long sessions last, and where errors occur. This data is used exclusively to improve platform performance and is never shared with advertising networks.
- Security Cookies: Device fingerprinting cookies help 662brt identify the devices associated with your account. If a login attempt is made from an unrecognised device, these cookies trigger an additional verification step to protect your account.
Cookies 662brt Does NOT Use
- Third-party advertising or retargeting cookies
- Social media tracking pixels (e.g., Facebook Pixel, Twitter Pixel)
- Cross-site behavioural tracking cookies
Managing Your Cookie Preferences
You can control and delete cookies through your browser settings. Most modern browsers allow you to block all cookies, block third-party cookies only, or delete stored cookies on exit. Please note that disabling strictly necessary cookies will impair or prevent your use of the 662brt platform. For guidance on managing cookies in your specific browser, consult your browser's help documentation.
Data Retention & Storage
662brt retains personal data for the minimum period required to fulfil the purpose for which it was collected, after which it is securely deleted or anonymised. The following retention periods apply:
| Data Type | Retention Period | Reason for Retention |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | AML record-keeping obligations |
| KYC verification documents | Duration of account + 5 years post-closure | Regulatory compliance and audit trail |
| Financial transaction records | Duration of account + 7 years post-closure | Financial record-keeping and AML audit requirements |
| Betting and game history | Duration of account + 3 years post-closure | Dispute resolution and responsible gaming review |
| Support correspondence | 3 years from last interaction | Quality assurance and dispute reference |
| Technical/session logs | 12 months | Security monitoring and fraud investigation |
| Marketing consent records | Until consent is withdrawn + 3 years | Proof of lawful basis for marketing communications |
Data Storage Location
All personal data processed by 662brt is stored on secure servers protected by industry-standard physical and logical access controls. Data is backed up regularly, and backup media is subject to the same encryption and access-control standards as primary data stores.
Data Deletion Process
When a retention period expires, personal data is securely deleted using methods that prevent reconstruction. Where full deletion is not possible due to technical constraints (for example, data embedded in encrypted backup archives), the data is anonymised so that it can no longer be associated with any identifiable individual. Deletion requests submitted under your data rights (see Section 6) are processed within 30 calendar days.
Your Data Rights
As a registered user of the 662brt platform, you hold meaningful rights over your personal data. These rights are described below. To exercise any of these rights, contact the 662brt data team at [email protected] with the subject line "Data Rights Request" and a description of the right you wish to exercise. 662brt will acknowledge your request within 48 hours and provide a substantive response within 30 calendar days.
- Right of Access: You may request a copy of all personal data that 662brt holds about you, together with an explanation of how that data is being used. We will provide this in a clear, readable format.
- Right to Rectification: If any personal data held by 662brt is inaccurate or incomplete, you may request that it be corrected. For identity data, correction may require submission of supporting documentation.
- Right to Erasure ("Right to be Forgotten"): You may request that 662brt delete your personal data. This right is subject to limitations — we cannot delete data that we are legally required to retain for AML or financial record-keeping purposes. Where erasure is not possible in full, we will explain what data must be retained and why.
- Right to Restriction of Processing: You may ask 662brt to restrict how we process your data while a dispute about its accuracy or a request for erasure is being resolved.
- Right to Data Portability: You may request a machine-readable copy of the personal data you have provided to 662brt, suitable for transfer to another service provider.
- Right to Object: You may object to the processing of your personal data for direct marketing purposes at any time. Upon receipt of such an objection, 662brt will immediately cease all marketing communications to your contact details.
- Right to Review Automated Decisions: Where an automated decision has produced a significant outcome for your account (such as an account freeze or a withdrawal refusal), you have the right to request a manual review by a human member of the compliance team.
Security Measures
662brt employs a layered security architecture to protect your personal data against unauthorised access, loss, alteration, or disclosure. Our security programme covers technical controls, organisational processes, and staff training.
Technical Controls
- TLS/SSL Encryption: All data in transit between your browser or app and 662brt servers is encrypted using current TLS standards. The 662brt.app domain enforces HTTPS at all times; unencrypted HTTP connections are automatically redirected.
- Data Encryption at Rest: Sensitive data fields — including identity document scans, financial account references, and password hashes — are encrypted at rest using AES-256 encryption. Password hashes use a salted, industry-standard hashing algorithm; plain-text passwords are never stored.
- Two-Factor Authentication (2FA): 662brt supports optional two-factor authentication for player accounts using SMS one-time passwords sent to your registered mobile number. Enabling 2FA significantly reduces the risk of unauthorised account access.
- Intrusion Detection: Real-time network monitoring tools scan for anomalous access patterns, brute-force login attempts, and data exfiltration indicators. Security alerts are triaged by the platform security team around the clock.
- Access Controls: Internal access to personal data is restricted on a strict need-to-know basis. 662brt staff can access only the data required for their specific role. All internal data access is logged and periodically audited.
Organisational Controls
- Regular internal security training for all staff who handle personal data
- A documented data breach response plan, with regulatory notification timelines
- Periodic review of third-party data processor security credentials and compliance status
- Scheduled vulnerability assessments and penetration testing of the 662brt platform
What Happens in a Data Breach
In the event of a personal data breach that poses a risk to your rights and freedoms, 662brt will notify affected users without undue delay — and in any case within 72 hours of becoming aware of the breach — providing a clear description of what happened, what data was affected, and what steps 662brt and you should take in response. Notification will be sent to your registered email address.
Policy Updates & Contact
662brt reviews this Privacy Policy periodically and updates it whenever there are material changes to how we collect, use, or protect your personal data, or when required by changes in applicable regulations. The effective date at the top of this page reflects the date of the most recent review.
How We Notify You of Changes
Where a change to this Privacy Policy is material — for example, a new category of data being collected, a new third-party data processor being engaged, or a change to data retention periods — 662brt will notify registered users by email to their registered address at least 14 calendar days before the change takes effect. Minor clarificatory changes (correcting typos, improving readability, adding examples) may be made without advance notice. Your continued use of the 662brt platform after the effective date of any update constitutes acceptance of the revised Privacy Policy.
Children's Privacy
The 662brt platform is strictly for adults aged 18 and above. We do not knowingly collect personal data from any person under the age of 18. If 662brt becomes aware that it has inadvertently collected data from a minor, that data will be permanently deleted and the associated account closed immediately. If you believe a minor has registered a 662brt account, please notify us at [email protected] without delay.
Links to Third-Party Sites
The 662brt platform does not contain links to external third-party websites. This Privacy Policy applies solely to data collected and processed by 662brt through the 662brt.app platform and its associated services.
Contact the 662brt Data Team
For all privacy-related enquiries — including data rights requests, questions about this policy, concerns about how your data is being processed, or to report a suspected data breach — please contact us at:
[email protected]
Subject line: "Privacy Enquiry" or "Data Rights Request"
We aim to acknowledge all privacy-related emails within 48 hours and to provide a full response within 30 calendar days. For requests requiring identity verification, the 30-day clock begins once verification is complete.
Ready to Play on a Platform That Respects Your Privacy?
Your data is safe with 662brt. Explore our cricket betting markets, dive into the casino, or check the FAQ if you have questions about how we protect your information.