Privacy Policy — 20 hibajee
At 20 hibajee, protecting the personal information of every player on our platform is a core commitment, not an afterthought. This Privacy Policy explains exactly what data we collect, how we use it, who we share it with, and how you can exercise your rights at any time.
SSL Encryption
All data transmitted between your device and 20 hibajee servers is protected by 256-bit SSL encryption, the same standard used by global financial institutions. Your personal and payment details are never sent in plain text.
No Third-Party Sale of Data
20 hibajee does not sell, rent, or trade your personal information to any third party for their own marketing purposes. Data shared with service partners is strictly limited to what is required to deliver the platform's features.
Transparent Data Use
We collect only the data that is genuinely necessary to operate your account, process payments, prevent fraud, and comply with responsible gaming obligations. Every collection purpose is documented in this Privacy Policy.
Your Right to Access
You may request a full copy of the personal data held on your 20 hibajee account at any time by contacting our support team. We will respond to data access requests within 15 business days of receipt.
Right to Erasure
Subject to our legal retention obligations — including anti-money laundering (AML) record-keeping requirements — you may request deletion of your personal data at the time of account closure. We will confirm the deletion scope in writing.
Local Payment Privacy
When you use bKash, Nagad, or Rocket to deposit or withdraw, we receive only the transaction reference and your registered mobile number. We do not store your full mobile banking PIN or wallet credentials on 20 hibajee servers.
Section 1
Data We Collect
20 hibajee collects personal data from you in the following circumstances: when you register an account, when you make a deposit or withdrawal, when you contact our support team, when you participate in a promotion, and automatically when you browse and use the platform. The categories of personal data we may collect include:
1.1 Identity & Contact Data
- Full legal name (as shown on your National Identity Card)
- Date of birth (for mandatory age verification)
- Residential address (district, city, postal code — Bangladesh)
- Email address
- Mobile phone number (used for OTP authentication and account notifications)
- Copies of identity documents submitted during KYC verification (National ID, passport, or birth certificate)
1.2 Financial & Transaction Data
- Deposit and withdrawal transaction amounts, dates, and reference numbers
- Payment method identifiers (e.g., bKash account number, Nagad wallet number, Rocket number, bank account details)
- Bonus claim and wagering history
- Account balance history
We do not collect or store your full mobile banking PIN, card CVV, or internet banking password. Payment authentication is handled directly through the respective payment provider's secure gateway.
1.3 Usage & Technical Data
- IP address and approximate geographic location (city-level only)
- Device type, operating system, and browser version
- Pages visited, time spent on each page, and click paths within the 20 hibajee platform
- Game session data (game titles played, session duration, bet amounts, winnings)
- Login timestamps and session tokens
1.4 Communications Data
- Content of messages exchanged with 20 hibajee customer support (live chat transcripts, emails)
- Feedback and survey responses submitted voluntarily
- Preferences indicated regarding marketing communications
Children's Data: 20 hibajee does not knowingly collect personal data from individuals under the age of 18. If we become aware that personal data has been submitted by a minor, we will delete that data immediately and close the associated account. If you believe a minor has registered on our platform, please notify us immediately at [email protected].
Section 2
How We Use Your Data
20 hibajee processes your personal data only for specific, documented purposes. We do not use your data in ways that are incompatible with the purposes for which it was collected. The primary purposes for which we process your personal data are as follows:
2.1 Account Management & Service Delivery
We use your identity and contact data to create and maintain your 20 hibajee account, verify your identity and age, process deposits and withdrawals, deliver your requested game sessions, and provide customer support. This processing is necessary to perform the contract between you and 20 hibajee.
2.2 Fraud Prevention & Security
We analyse usage patterns, IP addresses, and transaction data to detect and prevent fraudulent activity, unauthorised account access, money laundering, and bonus abuse. This processing is in our legitimate interest and is also required to comply with applicable anti-money laundering regulations.
2.3 Responsible Gaming Compliance
We monitor gameplay patterns and session data to identify potential signs of problem gambling behaviour and, where warranted, reach out proactively to offer responsible gaming tools such as deposit limits, session limits, and self-exclusion. This is both a legal obligation and a core commitment of the 20 hibajee platform.
2.4 Marketing Communications
With your consent, we may send you promotional emails or SMS notifications about new games, seasonal offers (such as Eid and BPL season promotions), deposit bonuses, and platform updates. You may withdraw your consent at any time by updating your notification preferences in your account settings or by contacting support. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
2.5 Platform Improvement & Analytics
We use aggregated and anonymised usage data to understand how players navigate the 20 hibajee platform, which games are most popular, and where the user experience can be improved. This analysis does not identify you personally and is used solely to enhance the platform for all players.
2.6 Legal & Regulatory Compliance
We retain and process certain categories of personal data — particularly financial transaction records and identity verification documents — to meet our obligations under applicable anti-money laundering (AML) legislation and responsible gaming requirements. This processing is necessary for compliance with legal obligations to which 20 hibajee is subject.
No Automated Decision-Making: 20 hibajee does not make solely automated decisions that produce significant legal effects on your account, including account suspension or bonus forfeiture, without human review. Where automated systems flag an account for review, a member of our compliance team assesses the case before any action is taken.
Section 3
Data Sharing & Third Parties
20 hibajee does not sell your personal data. We share personal data with third parties only where strictly necessary to deliver the platform's features or to comply with legal obligations. The categories of third parties with whom we may share your data are set out below.
3.1 Payment Processing Partners
To process deposits and withdrawals, we share relevant transaction data with payment service providers including bKash, Nagad, Rocket, Upay, Visa, Mastercard, Dutch-Bangla Bank, and BRAC Bank. These partners receive only the minimum data necessary to authenticate and complete your transaction. Each payment partner operates under its own privacy and security framework, and we encourage you to review their respective policies.
3.2 Game Technology Providers
The games available on 20 hibajee are supplied by licensed third-party studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These providers may receive your account identifier and session data for the purpose of delivering the game, logging results, and ensuring RNG fairness certification. They do not receive your full name, NID, or payment details.
3.3 Identity Verification Services
During KYC checks, your identity documents may be processed by a third-party identity verification provider to authenticate your NID or passport. These providers are bound by strict data processing agreements and are not permitted to use your data for any purpose other than the verification task.
3.4 Legal & Regulatory Authorities
20 hibajee will disclose personal data to law enforcement agencies, regulatory bodies, or judicial authorities when legally required to do so, including in response to a valid court order, subpoena, or regulatory investigation. We will notify you of such disclosure where we are legally permitted to do so.
3.5 Business Transfers
In the event that 20 hibajee undergoes a merger, acquisition, or sale of all or a substantial portion of its assets, your personal data may be transferred to the acquiring entity as part of that transaction. We will provide advance notice of such a transfer and ensure that the receiving entity agrees to honour this Privacy Policy or provide you with equivalent protections.
⚠️ No Cross-Border Transfers to High-Risk Jurisdictions: 20 hibajee does not transfer your personal data to countries or territories that do not provide an adequate level of data protection without implementing appropriate safeguards such as data processing agreements incorporating standard contractual clauses.
Section 4
Cookies & Tracking Technologies
20 hibajee uses cookies and similar tracking technologies (including local storage and session tokens) to operate the platform, remember your preferences, and analyse usage patterns. The types of cookies we use are described below.
4.1 Strictly Necessary Cookies
These cookies are essential for the platform to function. They maintain your login session, remember your language preference, and ensure security tokens are valid. Without these cookies, the platform cannot operate correctly. They do not require your consent as they are technically indispensable.
4.2 Analytics Cookies
We use analytics tools to collect aggregated, anonymised data about how players use the 20 hibajee platform — including which pages are visited most frequently, average session duration, and common navigation paths. This data helps us improve the user experience. Analytics cookies are set only with your consent.
4.3 Preference Cookies
These cookies remember choices you have made — such as your preferred deposit method or notification settings — so that you do not need to re-enter them on each visit. They are set only with your consent.
4.4 Managing Your Cookie Preferences
You may adjust your cookie preferences at any time through your browser settings. Disabling strictly necessary cookies will impair your ability to use the platform; disabling analytics or preference cookies will not affect core functionality. Please note that clearing cookies from your browser will require you to log in again on your next visit to 20 hibajee.
Mobile App & PWA: If you access 20 hibajee via a Progressive Web App (PWA) saved to your home screen on Android or iOS, similar local storage technologies apply. These are governed by the same cookie policy described above.
Section 5
Data Retention
20 hibajee retains your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable legal, regulatory, or accounting obligations. The table below summarises our standard retention periods by data category.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data (name, email, DOB) | Account lifetime + 5 years | AML & legal compliance |
| Identity verification documents (NID, passport) | Account lifetime + 5 years | AML & KYC obligation |
| Financial transaction records | Account lifetime + 7 years | Financial record-keeping law |
| Game session logs | 3 years | Fair play & dispute resolution |
| Customer support communications | 3 years | Dispute resolution & quality assurance |
| Marketing consent records | Until consent withdrawn + 1 year | Consent management |
| Analytics & usage data (anonymised) | 26 months | Platform improvement |
Once the applicable retention period has expired, personal data is securely deleted or irreversibly anonymised. Where data is anonymised rather than deleted, it can no longer be attributed to any individual and falls outside the scope of this Privacy Policy.
If you request account closure, 20 hibajee will cease active processing of your data for marketing and gameplay purposes immediately. Data retained solely for legal and compliance reasons will continue to be held for the periods specified in the table above, in a restricted access environment accessible only to the compliance team.
Section 6
Your Privacy Rights
As a player on the 20 hibajee platform, you have the following rights in respect of your personal data. To exercise any of these rights, contact our support team via live chat or email at [email protected] (plain text — not a clickable link). We aim to respond to all privacy rights requests within 15 business days.
Right of Access
You may request confirmation of whether 20 hibajee holds personal data about you, and if so, a copy of that data along with an explanation of how it is being used. We will provide this in a structured, commonly used format.
Right to Rectification
If any personal data held about you is inaccurate or incomplete, you have the right to request that we correct it. You can update basic account details such as your email address and phone number directly in your account settings without contacting support.
Right to Erasure
You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent on which processing was based. This right is subject to our legal retention obligations; we will clearly explain what data can be deleted immediately and what must be retained for compliance reasons.
Right to Restrict Processing
You may ask us to suspend the processing of your personal data in certain circumstances — for example, while a dispute about the accuracy of the data is being resolved.
Right to Object to Marketing
You have the right to object to the processing of your personal data for direct marketing purposes at any time. You can exercise this right by updating your communication preferences in your account settings or by notifying our support team. Objections to marketing are acted upon immediately.
Right to Data Portability
Where processing is based on your consent or on the performance of a contract, and is carried out by automated means, you may request that we provide your personal data to you in a machine-readable format (e.g., CSV or JSON) so that you can transfer it to another service provider.
⚠️ Identity Verification for Rights Requests: To protect your privacy, 20 hibajee will verify your identity before acting on any personal data rights request. We may ask you to confirm details associated with your account (such as your registered email address or a recent transaction reference) before processing your request.
Section 7
Data Security Measures
20 hibajee implements a layered set of technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include, but are not limited to:
- 256-bit SSL/TLS encryption on all data in transit between your device and 20 hibajee servers
- AES-256 encryption at rest for all sensitive data stored in our databases, including identity documents and financial records
- Role-based access controls (RBAC) ensuring that only authorised staff members can access personal data, and only to the extent required for their specific job function
- Multi-factor authentication (MFA) required for all 20 hibajee staff accounts with access to production systems
- Regular penetration testing conducted by independent security specialists to identify and remediate vulnerabilities
- Automated intrusion detection systems that monitor platform infrastructure for anomalous activity in real time
- Secure data centre facilities with physical access controls, 24/7 monitoring, and redundant power and connectivity
Despite these measures, no online platform can guarantee absolute security. If you have reason to believe that your 20 hibajee account has been compromised, please contact our support team immediately via live chat so that we can take appropriate action, including resetting your credentials and reviewing recent account activity.
In the event of a personal data breach that is likely to result in risk to your rights and freedoms, 20 hibajee will notify affected players without undue delay and will take all reasonable steps to mitigate the impact of the breach.
Section 8
Updates to This Policy
20 hibajee reviews this Privacy Policy on a regular basis and will update it to reflect changes in our data practices, the services we offer, or applicable legal requirements. When we make material changes to this Privacy Policy, we will notify registered players via the email address associated with their account and will display a prominent notice on the platform for at least 30 days following the update.
The date of the most recent revision is displayed at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how 20 hibajee protects your personal data. Your continued use of the platform following notification of any changes constitutes acceptance of the revised Privacy Policy.
If you have questions, concerns, or complaints about this Privacy Policy or about how 20 hibajee handles your personal data, please contact us in the first instance via live chat or in writing at [email protected] (plain text — not a clickable link). We take all privacy concerns seriously and will respond within 15 business days.
Related Policies: This Privacy Policy should be read alongside the 20 hibajee Terms & Conditions and Responsible Gaming Policy, which together form the complete framework governing your use of the platform.
Your Privacy Matters to Us
Have a question about how 20 hibajee handles your data? Our support team is available 24/7 Bangladesh Standard Time. Explore the platform with confidence — your information is in safe hands. 18+ only. Please gamble responsibly.