hibij Privacy Policy — How We Handle Your Personal Data
Your privacy matters to us. This Privacy Policy explains exactly what personal data hibij collects from players in Bangladesh, how that data is stored and processed, who it may be shared with, and what rights you hold over your own information.
Our Commitment
Privacy at hibij — Six Core Principles
These six principles guide every data-related decision we make at hibij. They do not replace the full legal text of this Privacy Policy — please read all sections below for complete information.
Minimal Data Collection
hibij collects only the personal data that is strictly necessary to operate the platform, verify your identity, process transactions, and comply with applicable anti-money laundering obligations. We do not collect data speculatively.
Encryption at Every Step
All personal data in transit between your browser or device and hibij's servers is protected by 256-bit SSL encryption. Data at rest in hibij's databases is stored in encrypted format. Sensitive fields such as payment details are tokenised.
No Sale of Personal Data
hibij does not sell, rent, or trade your personal data to third parties for their own commercial purposes under any circumstances. Your data is used only to deliver and improve hibij's own platform and services.
Transparent Processing
We tell you clearly what data we collect, why we collect it, and how long we keep it. There are no hidden data practices at hibij. This Privacy Policy is written in plain English so every player in Bangladesh can understand it.
Your Rights, Respected
You have the right to access, correct, export, or request deletion of your personal data at any time. hibij honours these rights promptly. Submit a data request via email to [email protected] and we will respond within 30 days.
Secure Third-Party Standards
Where hibij shares data with third-party processors — such as payment gateways and game studios — we require those partners to uphold data protection standards consistent with our own. We do not work with partners who cannot demonstrate adequate security practices.
1 Data We Collect
When you register an account with hibij, use the platform, or contact our support team, we collect certain categories of personal data. The specific data collected depends on the nature of your interaction with us. Below is a comprehensive overview of the categories of personal data that hibij may collect from players based in Bangladesh.
1.1 Registration and Identity Data
When you create a hibij account, we collect the following information directly from you:
- Full legal name as it appears on your government-issued identification document
- Date of birth (used to verify that you meet the 18+ age requirement)
- Email address (used for account communications and verification)
- Mobile phone number (used for SMS verification and Two-Factor Authentication)
- Chosen username and encrypted password
- Preferred currency and payment method selection
- Country of residence (Bangladesh) and city or district
1.2 Identity Verification (KYC) Data
As part of our Know Your Customer (KYC) verification process, which is mandatory before your first withdrawal, hibij may collect copies of the following documents:
- Bangladesh National ID Card (NID) front and back
- Valid passport biographical data page
- Driving licence (where used as proof of identity or address)
- Proof of address document such as a utility bill or bank statement dated within 90 days
- Screenshots of your registered bKash, Nagad, Rocket, or Upay account showing your name and mobile number
KYC documents are stored securely and used solely for identity verification and fraud prevention purposes. They are not used for marketing or profiling.
1.3 Transaction and Financial Data
When you make deposits or withdrawals, hibij records transaction data including the payment method used, the mobile financial service account reference (e.g., your bKash or Nagad wallet number), transaction amount in BDT or cryptocurrency, transaction timestamps in Bangladesh Standard Time (BST, UTC+6), and transaction status. hibij does not store full payment card numbers. Card transactions processed via Visa or Mastercard are handled by a PCI-DSS compliant payment gateway and tokenised before storage.
1.4 Gameplay and Betting Data
hibij records detailed logs of all betting and gaming activity associated with your account, including bets placed (sport, market, odds, stake, outcome), casino game sessions (game title, provider, bet amounts, results), crash game sessions (entry multiplier, cashout point, stake), deposit and withdrawal requests linked to gameplay, and bonus claims and wagering progress. This data is used to manage your account, settle bets, detect fraud, and comply with responsible gaming obligations.
1.5 Technical and Device Data
When you access hibij from a browser or device, we automatically collect certain technical information including your IP address, browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution, preferred language settings, and session duration and page interaction data. This data is used for security purposes (detecting unauthorised access), fraud prevention, platform optimisation, and aggregate analytics.
Note on Sensitive Data: hibij does not intentionally collect sensitive personal data such as religious beliefs, political opinions, health information, or biometric data. If you voluntarily provide such information in support messages or communications, it will be handled with additional care and not used for any profiling purpose.
1.6 Summary of Data Categories and Legal Basis
| Data Category | Purpose | Legal Basis |
|---|---|---|
| Registration & identity data | Account creation, age verification, authentication | Contractual necessity |
| KYC documents | Identity verification, fraud & AML compliance | Legal obligation |
| Transaction data | Payment processing, withdrawal verification | Contractual necessity |
| Gameplay data | Bet settlement, responsible gaming monitoring | Contractual necessity & legal obligation |
| Technical & device data | Security, fraud detection, analytics | Legitimate interests |
| Marketing preferences | Sending promotional communications | Consent |
2 How We Use Your Data
hibij uses the personal data collected from players for the following specific purposes. We process your data only where we have a valid legal basis to do so, as indicated in the table in Section 1.6 above.
2.1 Account Management and Service Delivery
The primary use of your personal data is to create and manage your hibij account, authenticate your identity each time you log in, process deposits and withdrawals via bKash, Nagad, Rocket, Upay, USDT, BTC, Visa, and Mastercard, settle sports bets and casino game outcomes accurately, apply bonuses and promotional credits to your account, and provide you with access to all features of the hibij platform.
2.2 Identity Verification and Fraud Prevention
hibij uses identity and KYC data to verify that each player is who they claim to be, that they are at least 18 years of age, and that they are not subject to any self-exclusion that would prevent them from accessing the platform. Transaction and device data are analysed on an ongoing basis to detect patterns indicative of fraud, money laundering, bonus abuse, and other prohibited activities described in the hibij Terms & Conditions.
2.3 Responsible Gaming Monitoring
hibij uses gameplay and transaction data to monitor player behaviour for signs of problem gambling, such as unusually rapid escalation of bet sizes, extended uninterrupted play sessions, or patterns of chasing losses. Where such indicators are detected, hibij may proactively reach out to the player with responsible gaming information or apply precautionary account restrictions in accordance with its responsible gaming obligations.
2.4 Customer Support
When you contact hibij support via live chat or by email, the content of that communication — including any personal data you provide — is recorded and stored. This record is used to resolve your query, maintain a support history for your account, and improve the quality of our support service. Support communications are not used for marketing purposes without your explicit consent.
2.5 Marketing Communications
Where you have opted in to receive promotional communications from hibij at the time of registration or at any subsequent point, hibij may use your email address and in-platform notification channel to send you information about bonuses, promotions, new game releases, and seasonal offers relevant to players in Bangladesh (such as Eid promotions or BPL cricket season specials). You may withdraw your consent to receive marketing communications at any time using the unsubscribe mechanism in any marketing email or via Account Settings.
2.6 Platform Improvement and Analytics
Aggregated and anonymised technical and gameplay data is used by hibij to understand how players navigate and use the platform, identify and resolve technical issues, optimise page load performance, improve game lobby layout and search functionality, and make data-informed product decisions. This analytics use does not involve identifying individual players.
No Automated Decision-Making: hibij does not use fully automated decision-making processes that produce legal or similarly significant effects on players. Where automated tools flag an account for review (for example, for suspected fraud), a human member of the compliance team reviews and makes the final determination.
3 Cookies and Tracking Technologies
hibij uses cookies and similar tracking technologies on its website and platform. A cookie is a small text file placed on your device by your browser when you visit a website. Cookies allow hibij to recognise your device across sessions, maintain your login state, and collect analytics data.
3.1 Types of Cookies Used
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly necessary | Session authentication, security tokens, CSRF protection | Session / up to 24 hours |
| Functional | Remembering language preference, odds format, game history | Up to 12 months |
| Analytics | Aggregate page-view and session data for platform improvement | Up to 13 months |
| Performance | Monitoring platform response times and error rates | Up to 30 days |
3.2 Managing Cookies
You can control cookie behaviour through your browser settings. Most modern browsers allow you to block all cookies, block third-party cookies only, or delete cookies after each session. Please note that disabling strictly necessary cookies will prevent you from logging in to your hibij account and using the platform. Disabling functional cookies may affect your ability to retain preferences between sessions.
3.3 Local Storage and Session Storage
In addition to cookies, hibij may use browser local storage and session storage to hold temporary data such as your active game state, bet slip contents, and UI preference settings. This data is stored on your device only and is not transmitted to hibij's servers independently of your normal platform interactions.
4 Data Sharing and Third Parties
hibij does not sell your personal data. However, in the course of operating the platform, hibij works with a limited number of carefully selected third-party service providers who may process your personal data on our behalf. All such third parties are bound by data processing agreements that restrict their use of your data to the specific purpose for which it was shared.
4.1 Categories of Third-Party Processors
- Payment processors: bKash, Nagad, Rocket, Upay, and card payment gateways process transaction data necessary to complete deposits and withdrawals. These providers operate under their own regulatory frameworks and privacy policies.
- Identity verification providers: Third-party KYC and document verification services may process copies of your identity documents to confirm their authenticity.
- Game studios and content providers: Providers such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi operate the games available on the hibij platform. These studios receive session and bet data necessary to run games and verify outcomes.
- Cloud infrastructure providers: hibij's platform is hosted on third-party cloud infrastructure. Server-level data access is restricted to infrastructure management only and is covered by strict confidentiality obligations.
- Analytics providers: Aggregated, anonymised analytics data may be processed by third-party analytics tools. No personally identifiable information is transmitted to analytics providers.
4.2 Legal Disclosures
hibij may disclose your personal data to law enforcement agencies, financial intelligence units, or other competent authorities where required to do so by applicable law, court order, or regulatory obligation. hibij will notify you of such disclosure where it is legally permitted to do so.
4.3 Business Transfers
In the event that hibij undergoes a merger, acquisition, or sale of all or a substantial portion of its assets, player personal data may be transferred to the acquiring entity as part of that transaction. hibij will notify affected players via email or in-platform notification in advance of any such transfer and will ensure that the acquiring entity is bound by data protection obligations no less stringent than those set out in this Privacy Policy.
No Cross-Border Transfers Without Safeguards: Where hibij transfers personal data outside Bangladesh to a third-party processor, we ensure appropriate contractual safeguards are in place to protect that data. We do not transfer data to jurisdictions that do not provide an adequate level of protection for personal information.
5 Data Retention
hibij retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following retention periods apply as a general guide.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | AML and fraud investigation obligations |
| KYC verification documents | Duration of account + 5 years after closure | Regulatory compliance |
| Transaction records | Duration of account + 7 years after closure | Financial record-keeping requirements |
| Gameplay and betting logs | Duration of account + 3 years after closure | Dispute resolution, responsible gaming |
| Support communications | 3 years from date of communication | Quality assurance and dispute evidence |
| Marketing preferences | Until consent is withdrawn | Consent-based processing |
| Technical / device logs | 90 days rolling | Security monitoring |
After the applicable retention period has expired, personal data is securely deleted or irreversibly anonymised so that it can no longer be associated with an identifiable individual. Anonymised data may be retained indefinitely for aggregate statistical purposes.
6 Your Privacy Rights
As a player using the hibij platform, you hold the following rights with respect to your personal data. hibij is committed to honouring these rights promptly and without undue delay. To exercise any of the rights listed below, please contact hibij's data team by emailing [email protected] with the subject line "Data Rights Request" and a description of your request.
6.1 Right of Access
You have the right to request a copy of all personal data that hibij holds about you. Upon receipt of a verified access request, hibij will compile and deliver a structured, machine-readable summary of your personal data within 30 days. This is provided free of charge for the first request in any 12-month period.
6.2 Right to Rectification
If any personal data that hibij holds about you is inaccurate or incomplete, you have the right to request that it be corrected. Many data fields — such as email address and phone number — can be updated directly via Account Settings. For fields that require verification (such as your legal name or date of birth), please contact support with supporting documentation.
6.3 Right to Erasure
You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent and no other legal basis applies, or where you object to processing and there are no overriding legitimate grounds. Please note that hibij is required by law to retain certain categories of data (particularly KYC and financial records) for defined periods after account closure, during which erasure requests for those categories cannot be fulfilled.
6.4 Right to Restriction of Processing
In certain circumstances — such as where you contest the accuracy of your data or have objected to processing pending verification of hibij's legitimate grounds — you may request that hibij restricts its processing of your data to storage only while the matter is resolved.
6.5 Right to Data Portability
You have the right to receive personal data you have provided to hibij in a structured, commonly used, machine-readable format (such as JSON or CSV) and to transmit that data to another controller where technically feasible. This right applies to data processed by automated means on the basis of your consent or a contract.
6.6 Right to Withdraw Consent
Where hibij processes your data on the basis of your consent — for example, for marketing communications — you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. You can withdraw marketing consent via the unsubscribe link in any promotional email or through Account Settings.
Response Time Commitment: hibij will acknowledge all data rights requests within 5 business days and will provide a full response within 30 calendar days. Where a request is complex or involves a large volume of data, hibij may extend this period by up to a further 30 days, in which case you will be informed of the extension and the reason for it.
7 Data Security Measures
hibij takes the security of your personal data seriously and implements a layered set of technical and organisational security measures designed to protect your data against unauthorised access, accidental loss, alteration, or disclosure.
7.1 Technical Safeguards
- Transport Layer Security (TLS): All data transmitted between your device and hibij's servers is encrypted using TLS 1.2 or higher, enforced site-wide with HTTP Strict Transport Security (HSTS).
- Database encryption: Personal data fields stored in hibij's databases are encrypted at rest using AES-256 encryption. Sensitive payment data is tokenised via PCI-DSS compliant processing systems.
- Access controls: Access to personal data within hibij is restricted on a strict need-to-know basis. Staff access is role-based, individually authenticated, and audit-logged.
- Two-Factor Authentication: 2FA is available to all players and is encouraged for all accounts. Staff with access to player data are required to use 2FA for all internal systems.
- Intrusion detection and monitoring: hibij operates 24/7 automated monitoring of its infrastructure for suspicious access patterns, anomalous data queries, and security events.
7.2 Organisational Safeguards
All hibij staff with access to personal data receive regular data protection training. hibij maintains written data processing procedures and incident response protocols. Third-party vendors with access to personal data are subject to security assessments prior to onboarding and are contractually bound to maintain appropriate security standards.
7.3 Data Breach Response
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, hibij will notify affected players without undue delay. Notification will be sent to your registered email address and will describe the nature of the breach, the categories of data affected, the likely consequences, and the measures hibij has taken or proposes to take to address the breach.
Your Role in Security: hibij's security measures protect your data on our side. You play an equally important role by keeping your hibij password confidential, enabling Two-Factor Authentication, logging out of shared devices, and notifying hibij immediately at [email protected] if you suspect any unauthorised access to your account.
8 Policy Updates and Contact
hibij reserves the right to update this Privacy Policy at any time to reflect changes in our data practices, applicable law, or platform features. The current version of this Privacy Policy is always available on this page at hibij.com/privacy-policy.
8.1 Notification of Material Changes
Where changes to this Privacy Policy are material — meaning they affect the type of data collected, the purposes for which it is used, or the rights available to players — hibij will provide advance notice of at least 14 days via in-platform notification and, where appropriate, by email to your registered address. Your continued use of the hibij platform following the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms.
8.2 Version History
The current version of this Privacy Policy is Version 2.4, effective 1 January 2026. Prior versions are archived internally and are available on request by contacting [email protected].
8.3 Contact Details
If you have any questions, concerns, or complaints about this Privacy Policy or about hibij's data practices, please contact the hibij data team using the following details:
- Email: [email protected] (subject line: "Privacy Enquiry")
- Response time: Within 5 business days for acknowledgement; within 30 days for full resolution
- Language: All privacy enquiries are handled in English
hibij is committed to resolving all privacy concerns fairly and transparently. If you are not satisfied with hibij's response to a privacy complaint, you may seek further recourse through the appropriate data protection authority or judicial remedy available in your jurisdiction.
Ready to Play at hibij?
Your data is protected. Your privacy is respected. Now explore hibij's full range of cricket betting, casino games, and slots — built for players across Bangladesh.