Privacy Policy — 33mwm Bangladesh
At 33mwm, your privacy is a core commitment, not an afterthought. This policy explains exactly what personal data we collect, why we collect it, how we protect it, and the rights you hold as a player on our Bangladesh online casino platform.
How 33mwm Protects You
All data transmitted between your device and 33mwm servers is protected by TLS 1.3 encryption. Your login credentials, payment details, and personal information are never sent in plain text.
33mwm does not sell, rent, or trade your personal data to any third party for their own marketing purposes. Your information is used solely to operate and improve the 33mwm platform.
Stored personal data — including KYC documents, payment records, and account information — is encrypted at rest using AES-256, the same standard used by leading financial institutions worldwide.
We follow a data minimisation principle — collecting only what is strictly necessary to verify your identity, process transactions, and deliver a personalised gaming experience on 33mwm.
Identity verification documents submitted during KYC are processed securely, stored with restricted access, and used exclusively for age verification, fraud prevention, and regulatory compliance purposes.
You have the right to access, correct, export, or request deletion of your personal data at any time. Submit a request to [email protected] and we will respond within 30 days.
01 Introduction & Scope
This Privacy Policy ("Policy") describes how 33mwm ("Platform", "we", "us", "our") collects, uses, stores, and discloses personal information about individuals ("Player", "you", "your") who register for or use the 33mwm online casino and sports betting platform available at 33mwm.app.
This Policy applies to all personal data collected through: (a) the 33mwm website and any associated mobile or progressive web applications; (b) the account registration and KYC verification process; (c) deposit and withdrawal transactions; (d) gameplay activity and sports betting; (e) communications with our customer support team; and (f) participation in promotions, tournaments, or loyalty programmes.
By creating a 33mwm account or otherwise using our platform, you acknowledge that you have read and understood this Policy and that you consent to the collection and use of your personal data as described herein. If you do not agree with the terms of this Policy, you must not use the 33mwm platform.
This Policy is incorporated by reference into the 33mwm Terms & Conditions. In the event of any conflict between this Policy and the Terms & Conditions regarding the handling of personal data, this Policy takes precedence.
We review and update this Policy periodically. The effective date at the top of this page indicates when the most recent version came into force. Continued use of the platform following any update constitutes acceptance of the revised Policy.
02 Data We Collect
We collect personal data in three principal ways: information you provide directly, information collected automatically as you use the platform, and information received from third-party partners such as payment processors and identity verification services.
Information You Provide Directly:
- Registration data: Full legal name, date of birth, gender, residential address, email address, and mobile phone number submitted during account creation.
- KYC documents: Copies of government-issued identity documents (National ID card, passport, or driving licence), selfie photographs for liveness checks, and proof of address documents such as utility bills or bank statements.
- Payment information: Mobile banking account numbers (bKash, Nagad, Rocket, Upay), bank account details, and card information (Visa, Mastercard). Full card numbers are never stored on our servers — payment card data is handled exclusively by our PCI-DSS compliant payment processing partners.
- Communications: Messages, support tickets, chat transcripts, and email correspondence you send to our support team.
- Responsible gaming preferences: Deposit limits, self-exclusion requests, session time reminders, and cooling-off preferences set through your account dashboard.
Information Collected Automatically:
- Device and technical data: IP address, device type, operating system, browser type and version, screen resolution, and time zone (Bangladesh Standard Time, UTC+6).
- Usage data: Pages visited, games played, bets placed, session duration, click-path data, and feature interactions within the platform.
- Transaction data: Deposit amounts, withdrawal requests, bet histories, win/loss records, and bonus utilisation data.
- Cookies and similar technologies: Session identifiers, authentication tokens, preference cookies, and analytics cookies. See Section 5 (Cookies) for full details.
Information from Third Parties:
- Identity verification results from KYC/AML screening partners.
- Fraud risk scores from payment fraud prevention services.
- Transaction confirmation data from mobile banking providers (bKash, Nagad, Rocket, Upay) and card networks (Visa, Mastercard).
- Self-exclusion status flags from responsible gaming databases, where applicable.
Data Categories Overview:
| Data Category | Examples | Source |
|---|---|---|
| Identity Data | Name, DOB, National ID, passport | You / KYC provider |
| Contact Data | Email, phone, address | You |
| Financial Data | bKash number, bank account, card (tokenised) | You / payment processor |
| Technical Data | IP address, device ID, browser | Automatic collection |
| Usage Data | Games played, bets placed, session logs | Automatic collection |
| Communications Data | Support tickets, chat logs | You |
| Responsible Gaming Data | Limits set, exclusion status | You / third-party databases |
03 How We Use Your Data
We use the personal data we collect for the following purposes, each grounded in a legitimate basis for processing:
- Account management: Creating and maintaining your player account, authenticating your identity at login, and communicating essential account-related notices (e.g., password resets, security alerts).
- Age and identity verification: Confirming that you are 18 years of age or older and that the identity you have provided is genuine, as required under our responsible gaming obligations.
- Transaction processing: Facilitating deposits and withdrawals via bKash, Nagad, Rocket, Upay, and other supported payment methods. Processing bonus credits and wagering calculations.
- Platform delivery: Serving casino games, live dealer tables, sports betting markets, fishing arcade games, and crash titles to your device. Maintaining session state across gameplay.
- Fraud and AML prevention: Monitoring transactions and account behaviour for signs of financial crime, bonus abuse, collusion, or money laundering. Blocking or reporting suspicious activity as required.
- Responsible gaming enforcement: Applying deposit limits, cooling-off periods, and self-exclusion requests that you have set. Monitoring for signs of problem gambling behaviour and proactively offering support resources.
- Customer support: Responding to your support requests, resolving disputes, and maintaining records of communications for quality assurance purposes.
- Marketing and promotions: Sending you promotional offers, bonus notifications, and event alerts by email or SMS — but only where you have opted in to marketing communications. You may withdraw consent at any time through your account settings or by contacting [email protected].
- Platform analytics and improvement: Analysing usage patterns, game performance, and player journeys to improve the 33mwm platform experience for all Bangladesh players.
- Legal compliance: Meeting obligations under applicable laws, responding to lawful requests from government authorities, and maintaining records required for audit purposes.
We do not use your personal data for any purpose that is incompatible with the purposes listed above without first obtaining your explicit consent or having a separate lawful basis to do so.
04 Data Sharing & Disclosure
33mwm does not sell your personal data. We share personal information only in the limited circumstances described below, and only to the extent necessary for the stated purpose:
- Payment processors: We share necessary transaction data (name, account number, amount) with mobile banking providers (bKash, Nagad, Rocket, Upay) and card networks (Visa, Mastercard) to process your deposits and withdrawals. These partners process your data under their own privacy policies and are bound by applicable financial data protection standards.
- KYC and identity verification providers: We share identity documents with contracted KYC/AML screening partners to verify your age and identity. These partners are contractually prohibited from using your data for any purpose other than identity verification on behalf of 33mwm.
- Game studio providers: Game software providers (Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi, and others) may receive anonymised session and technical data necessary to deliver their game content to your device. Individual identity data is not shared with game studios.
- Fraud prevention services: Anonymised or pseudonymised risk signals may be shared with third-party fraud detection platforms to identify suspicious activity patterns. These providers do not receive your full identity profile.
- Legal and regulatory authorities: We may disclose personal data to law enforcement agencies, financial intelligence units, tax authorities, or other competent government bodies when required to do so by law, court order, or regulatory direction. We will notify you of such disclosures where legally permitted to do so.
- Business transfers: In the event of a merger, acquisition, or sale of substantially all of our assets, your personal data may be transferred to the acquiring entity, subject to equivalent privacy protections. You will be notified of any such transfer via a prominent notice on the platform.
- With your explicit consent: In any circumstance not covered above, we will seek your prior written consent before sharing your personal data with any third party.
All third-party data processors engaged by 33mwm are subject to written data processing agreements that require them to implement appropriate technical and organisational security measures and to process personal data only on documented instructions from 33mwm.
06 Data Security
33mwm implements a multi-layered security architecture designed to protect your personal data against unauthorised access, disclosure, alteration, and destruction. Our key security measures include:
- Transport Layer Security (TLS 1.3): All data in transit between your browser or device and our servers is encrypted using TLS 1.3. Our SSL certificate is maintained and renewed continuously to prevent lapses in encryption coverage.
- AES-256 encryption at rest: All stored personal data — including KYC documents, account records, and transaction histories — is encrypted at rest using AES-256 symmetric encryption.
- Access controls: Access to personal data is restricted to authorised 33mwm personnel on a strict need-to-know basis. All internal access is logged, audited, and subject to role-based access control (RBAC) policies.
- Password security: Account passwords are stored as salted hashes using bcrypt. Plain-text passwords are never stored or logged anywhere in our systems.
- Two-factor authentication (2FA): Players are strongly encouraged to enable 2FA on their 33mwm accounts. 2FA adds a second verification step at login, significantly reducing the risk of unauthorised account access even if a password is compromised.
- Fraud monitoring: Automated real-time monitoring systems flag unusual account activity, suspicious login patterns, and anomalous transaction behaviour for manual review by our security team.
- Penetration testing: Our platform undergoes regular security assessments and penetration testing by independent security researchers to identify and remediate vulnerabilities before they can be exploited.
- Data breach response: In the event of a confirmed personal data breach affecting your information, we will notify you without undue delay (and no later than 72 hours after becoming aware of the breach) via your registered email address, and will take immediate steps to contain the breach and mitigate harm.
While we take all reasonable and practicable steps to protect your data, no internet-based system can be guaranteed to be 100% secure. You are responsible for maintaining the confidentiality of your 33mwm account password and for ensuring that your device is free from malware or keylogging software. If you suspect your account has been compromised, contact us immediately at [email protected].
07 Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal, regulatory, or audit obligations. The following general retention periods apply:
| Data Type | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | Legal / AML compliance |
| KYC documents | Duration of account + 5 years post-closure | Regulatory obligation |
| Transaction records | Duration of account + 7 years post-closure | Financial record-keeping |
| Betting and game history | Duration of account + 3 years post-closure | Dispute resolution |
| Support communications | 3 years from last interaction | Quality assurance / disputes |
| Marketing consent records | Until withdrawal of consent + 1 year | Consent record compliance |
| Analytics / usage data | 13 months (rolling) | Platform improvement |
| Self-exclusion records | Permanent (or until re-activation where applicable) | Responsible gaming obligation |
When personal data is no longer required within its retention period, it is securely deleted or irreversibly anonymised in accordance with our data disposal procedures. Anonymised, aggregated data that cannot be used to identify you may be retained indefinitely for statistical and platform improvement purposes.
Requests for early deletion of personal data are subject to our ability to fulfil ongoing legal and regulatory obligations. We cannot delete data that we are legally required to retain, but we will restrict processing of such data to compliance purposes only.
08 Your Privacy Rights
As a 33mwm player, you hold the following rights in respect of your personal data. To exercise any of these rights, submit a written request to [email protected]. We will respond within 30 calendar days of receiving a valid request. Identity verification may be required before we can action certain requests.
09 Third-Party Services
The 33mwm platform integrates with several third-party service providers to deliver payment processing, game content, identity verification, and analytics functionality. While we carefully vet all third-party partners and require them to meet our data protection standards through contractual data processing agreements, we are not responsible for the privacy practices of these third parties in respect of data they collect independently through their own platforms.
Key third-party service categories and their data interaction with 33mwm include:
- Payment providers (bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, Sonali Bank, Visa, Mastercard): These providers receive transaction data necessary to execute your payment instructions. Their own privacy policies govern how they handle data on their platforms. 33mwm does not store full card numbers — card data is tokenised at the point of entry by the payment processor.
- Game studio providers (Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi, and others): Game software is delivered via licensed APIs. Game studios may receive anonymised session identifiers and gameplay event data to enable game functionality. They do not receive your full personal profile or financial data.
- Identity verification providers: KYC and AML screening is conducted by specialist third-party verification services. These providers process your identity documents under strict contractual controls and are prohibited from using your data for any purpose other than verification for 33mwm.
- Analytics platforms: We use privacy-respecting analytics tools to understand aggregate platform usage. Where individual-level analytics data is processed, it is pseudonymised before being shared with analytics providers.
The 33mwm platform does not contain links to external third-party websites. All games, payment flows, and account management features are delivered within the 33mwm domain environment. If you independently navigate to any third-party website, the privacy practices of that site are entirely outside 33mwm's control and responsibility.
10 Updates to This Policy
33mwm reserves the right to update this Privacy Policy at any time to reflect changes in our data practices, applicable laws, or the services we offer. When we make changes, we will update the "Effective" date displayed at the top of this page and, where the changes are material, provide advance notice through a prominent on-platform notification or by email to your registered address.
Material changes include, but are not limited to: changes to the categories of data we collect, new purposes for which we use your data, changes to third-party data sharing arrangements, or significant changes to your rights or our security practices.
Your continued use of the 33mwm platform after an updated Policy has been published constitutes your acceptance of the revised terms. If you disagree with any change to this Policy, you should stop using the platform and may request account closure by contacting [email protected].
We recommend bookmarking this page and reviewing it periodically — particularly before making significant deposits or engaging with new platform features — to ensure you remain fully informed about how your personal data is handled.
Questions About Your Privacy?
Our support team is available around the clock to answer privacy questions, process data requests, and help you manage your account settings. You can also explore our full terms and responsible gaming resources. 18+ only.