Privacy Policy — df999 Platform
Your privacy matters to df999. This document explains exactly what personal data we collect when you use our platform, how that data is used, who it may be shared with, how long we retain it, and what rights you have over your own information as a player in Bangladesh.
Our Commitments
How df999 Protects Your Privacy
Six foundational commitments that define how df999 handles every piece of data you share with us.
Secure Data Storage
All personal data collected by df999 is stored on encrypted servers protected by industry-standard SSL/TLS protocols. Access to stored data is restricted to authorised personnel only, under strict internal access-control policies.
No Unauthorised Sharing
df999 does not sell, rent, or trade your personal information to third parties for marketing purposes. Data is only shared with verified service providers who are contractually bound to process it solely on our behalf and under our instructions.
Player Data Rights
Every registered player on df999 has the right to access, correct, export, or request deletion of their personal data. Requests are acted upon within 30 days of receipt and are handled at no charge through our support team.
Clear Retention Periods
df999 retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable legal and regulatory obligations. Retention periods for each data category are documented in this policy.
Transparent Cookie Use
df999 uses cookies and similar tracking technologies exclusively for session management, platform performance, and fraud prevention. We do not use third-party advertising cookies or behavioural profiling technologies that track your activity off our platform.
Breach Notification
In the event of a data security breach that is likely to result in a risk to your rights or freedoms, df999 will notify affected players without undue delay — and in any event within 72 hours of becoming aware of the breach — via the registered contact email on your account.
1. Information We Collect
df999 collects personal data from you in the following ways: (a) information you provide directly during account registration and ongoing use of the platform; (b) information generated automatically through your interactions with the platform; and (c) information received from third-party payment processors and identity verification providers in connection with your account.
1.1 Registration & Account Data
When you create a df999 account, we collect the following information, all of which is required to provide the service:
- Full legal name — used for identity verification (KYC) and payment processing
- Date of birth — used to verify that you meet the 18+ age requirement
- Residential address — used for identity verification and regulatory compliance
- Email address — used for account communications, security alerts, and support correspondence
- Mobile number — used for two-factor authentication and payment method linkage (bKash, Nagad, Rocket, Upay)
- Username and password — used to authenticate your access to the platform; passwords are stored in hashed form only
1.2 Identity Verification (KYC) Data
As part of our Know Your Customer (KYC) process, we may collect copies of government-issued identity documents such as your National ID card, passport, or driver's licence, as well as a recent proof of address (utility bill, bank statement). These documents are processed by our verification partner and stored securely in encrypted form. KYC documents are not used for any purpose other than identity and age verification.
1.3 Financial & Transaction Data
We collect details of all deposits and withdrawals made through your df999 account, including transaction amounts in BDT (৳), transaction timestamps, payment method identifiers (bKash wallet numbers, Nagad account references, bank account names — but never full bank account numbers or card numbers in unmasked form), and transaction status records. This data is retained for financial audit and anti-money-laundering compliance purposes.
1.4 Technical & Usage Data
When you access the df999 platform, we automatically collect certain technical data, including:
- IP address and approximate geographic location (city/region level only)
- Device type, operating system, and browser version
- Session start and end timestamps
- Pages visited, games played, and betting activity within the platform
- Referring URL (the website from which you arrived at df999, if applicable)
This technical data is used for platform security, fraud detection, responsible gaming monitoring, and aggregate analytics that help us improve the df999 experience for all players.
2. How We Use Your Data
df999 processes your personal data on the basis of one or more of the following legal grounds: (a) performance of the contract between you and df999 (i.e., operating your account and delivering the service); (b) compliance with legal obligations; (c) our legitimate interests in operating a secure and fair gaming platform; and (d) your consent, where specifically requested.
| Purpose of Processing | Data Used | Legal Basis |
|---|---|---|
| Account creation & management | Registration data, contact details | Contract performance |
| Identity & age verification | KYC documents, date of birth | Legal obligation |
| Payment processing | Financial & transaction data | Contract performance |
| Fraud & security monitoring | Technical data, transaction history | Legitimate interests |
| Responsible gaming monitoring | Betting activity, session data | Legal obligation |
| Customer support | Account data, correspondence | Contract performance |
| Platform analytics & improvement | Aggregated technical & usage data | Legitimate interests |
| Promotional communications | Email address, game preferences | Consent (opt-in) |
3. Data Sharing & Disclosure
3.1Service Providers. df999 works with a limited number of carefully selected third-party service providers who process personal data on our behalf. These include our identity verification partner, payment processing partners (including bKash, Nagad, Rocket, Upay, and card payment processors), platform security and fraud detection vendors, cloud infrastructure providers, and customer support software providers. All service providers are bound by written data processing agreements that prohibit them from using your data for any purpose other than delivering their contracted service to df999.
3.2Game Content Providers. df999 licenses game content from international providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. When you play a game from one of these providers, the provider's game server may receive your player session token and bet/win transaction data as part of the technical integration. These providers do not receive your name, address, or payment details. Each provider operates under strict contractual data processing obligations.
3.3Legal Disclosure. df999 may disclose your personal data to law enforcement agencies, regulatory bodies, or courts where required to do so by applicable law or court order, or where df999 believes in good faith that such disclosure is necessary to prevent fraud, protect the rights of other users, or ensure the safety and security of the platform.
3.4Business Transfers. In the event of a merger, acquisition, or sale of all or substantially all of df999's business assets, your personal data may be transferred to the successor entity as part of that transaction. You will be notified via email if such a transfer results in a material change to how your data is processed.
3.5No Sale of Data. df999 does not and will not sell, rent, auction, or otherwise transfer your personal data to third parties for their own marketing, advertising, or commercial purposes. This commitment applies without exception.
4. Cookies & Tracking Technologies
df999 uses cookies and similar browser-based storage technologies to operate the platform effectively and provide a personalised, secure experience. The following categories of cookies are used:
Required for the platform to function. These include your authentication session token (which keeps you logged in), CSRF protection tokens, and load-balancing cookies. These cannot be disabled without breaking core functionality.
Used to measure how the platform is used in aggregate — which game categories are most visited, typical session lengths, and error rates. Data collected is anonymised before analysis. No individual player behaviour is profiled for commercial purposes.
Used to identify unusual access patterns, detect automated bot activity, and flag login attempts from unrecognised devices or locations. These cookies are a core part of df999's account security infrastructure.
Store your platform preferences such as default language setting, display preferences, and notification opt-in status. These cookies improve your experience by remembering your choices between sessions.
df999 does not use third-party advertising cookies, social media tracking pixels, or any technology that tracks your activity outside of the df999 platform. You may manage cookie preferences via your browser settings, though disabling strictly necessary cookies will prevent you from logging in to your account.
5. Data Retention & Storage
5.1Active Account Data. While your df999 account is active, we retain all account registration data, KYC documents, transaction history, and communication records as necessary to operate your account and comply with our legal obligations.
5.2Post-Closure Retention. After an account is closed — whether by the player or by df999 — we retain certain categories of data for a period of five (5) years from the date of closure. This retention period is required to comply with anti-money-laundering regulations, resolve any outstanding disputes, and respond to regulatory enquiries. The data categories retained post-closure are: full name, date of birth, identity verification records, transaction history, and support correspondence.
5.3Self-Excluded Accounts. For accounts subject to permanent self-exclusion, df999 retains a minimal record (name, email address, and self-exclusion date) for the purpose of preventing the former player from re-registering in violation of their self-exclusion request. This minimal record is retained indefinitely for permanently self-excluded players.
5.4Technical Logs. Server access logs, security event logs, and fraud detection records are retained for a period of twelve (12) months from the date of generation, after which they are securely deleted.
5.5Storage Location. All personal data processed by df999 is stored on servers located in secure data centres. Data transfers to third-party service providers are conducted over encrypted connections. df999 takes all reasonable technical and organisational measures to ensure that data transferred to service providers is subject to the same level of protection as data held directly by df999.
6. Your Privacy Rights
As a df999 player, you have the following rights with respect to your personal data. To exercise any of these rights, contact our support team at [email protected] with the subject line "Privacy Rights Request". All requests are processed within 30 days at no charge.
-
Right of Access You may request a copy of all personal data df999 holds about you, together with information about how it is processed and on what legal basis.
-
Right to Rectification If any personal data df999 holds about you is inaccurate or incomplete, you may request that it be corrected or updated. For account details you can update directly, please use your account settings first.
-
Right to Erasure You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you have withdrawn the consent on which processing was based, subject to any overriding legal retention obligations.
-
Right to Restriction You may request that df999 restrict the processing of your personal data in certain circumstances — for example, while a rectification request is being assessed, or where you have objected to processing based on our legitimate interests.
-
Right to Data Portability Where processing is based on your consent or on contract performance, you may request that df999 provide your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) so that you can transfer it to another service provider.
-
Right to Object You may object to processing based on df999's legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for legal claims.
-
Right to Withdraw Marketing Consent You may withdraw your consent to receive promotional communications from df999 at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
7. Data Security Measures
7.1Encryption. All data transmitted between your browser or device and the df999 platform is protected by TLS 1.2 or higher encryption. Sensitive data fields — including passwords and payment method identifiers — are encrypted at rest using AES-256 encryption. Passwords are stored exclusively as salted cryptographic hashes and are never recoverable in plain text, even by df999 staff.
7.2Access Controls. Access to systems that hold personal player data is restricted on a strict need-to-know basis. All df999 staff with access to player data are subject to confidentiality obligations. Administrative access to production systems requires multi-factor authentication and is logged for audit purposes.
7.3Fraud Detection. df999 operates continuous automated fraud detection systems that monitor login attempts, transaction patterns, and game play activity for indicators of account compromise, identity fraud, and money laundering. Suspicious activity is flagged for review by our security team and may result in temporary account holds pending investigation.
7.4Third-Party Security Standards. All third-party service providers who process personal data on df999's behalf are required to maintain security standards at least equivalent to those described in this section. Security standards are reviewed as part of the vendor onboarding process and periodically thereafter.
7.5Player Responsibility. While df999 takes all reasonable technical and organisational measures to protect your data, the security of your account also depends on you maintaining the confidentiality of your login credentials, using a strong unique password, and notifying df999 promptly if you suspect any unauthorised access to your account. df999 cannot be held responsible for security breaches that result from a player's failure to maintain adequate credential security on their own device.
8. Policy Updates & Contact
8.1Policy Amendments. df999 reserves the right to amend this Privacy Policy at any time. When material changes are made, we will notify all registered players via the email address on file at least 14 days before the updated policy takes effect. The "Effective Date" shown at the top of this page will be updated to reflect the date of the most recent revision. Continued use of the df999 platform after the effective date of any revision constitutes your acceptance of the updated policy.
8.2Scope of This Policy. This Privacy Policy applies exclusively to personal data processed by df999 in connection with the platform at https://df999.my. It does not apply to the privacy practices of any third-party websites, applications, or services that may be linked from or integrated with the df999 platform — players should review the privacy policies of those third parties independently.
8.3Minors. df999 is strictly an 18+ platform. We do not knowingly collect or process personal data from individuals under the age of 18. If df999 becomes aware that personal data has been collected from a minor, that data will be deleted immediately and the associated account closed. If you believe a minor has submitted data to df999, please contact [email protected] immediately.
8.4Contact for Privacy Enquiries. All privacy-related questions, data subject rights requests, and concerns regarding this Privacy Policy should be directed to the df999 support team. Our support team is available 24 hours a day, 7 days a week. Contact details are as follows:
- Email: [email protected] (plain text — not a clickable link)
- Response target: within 1 business day for general enquiries; within 30 days for formal data subject rights requests
- Support hours: 24 hours a day, 7 days a week, including Bangladesh public holidays
Continue Exploring df999
You have reviewed how df999 handles your personal data. Ready to get back to the platform? Browse our full game library, check the latest cricket betting markets, or log in to your account.