krikkya Privacy Policy
At krikkya, your privacy is not an afterthought — it is a foundational commitment. This Privacy Policy explains in plain, formal English exactly what personal data we collect from Bangladesh players, how we use it, who we share it with, and what rights you hold over that data. We encourage you to read this document in full.
1.Introduction and Scope
krikkya ("we", "us", "our") operates an online sports betting and casino platform serving registered players in Bangladesh. We are committed to handling the personal data of our users — including all players from Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, Mymensingh, and Cox's Bazar — with transparency, care, and strict purpose limitation.
This Privacy Policy describes the categories of personal data collected by krikkya, the legal bases and purposes for which that data is processed, the circumstances in which data may be shared with third parties, the retention periods applied to different data categories, and the rights available to you as a data subject. By registering an account on krikkya or continuing to use the platform after this Policy's effective date, you acknowledge that you have read, understood, and accepted the practices described herein.
This Policy applies to all krikkya digital properties, including the main web platform, any mobile-optimised browser version, and any future native mobile applications. It applies to both active account holders and visitors who browse the platform without registering.
If you have questions about any part of this Privacy Policy, you may contact our data handling team at support@krikkya. We aim to respond to all privacy-related enquiries within 2 business hours (Bangladesh Standard Time, UTC+6).
2.Data We Collect
krikkya collects personal data through several channels: directly from you when you complete the registration form or update your account profile; automatically through your interaction with the platform (including technical and behavioural data); and, in limited circumstances, from third-party identity verification or payment processing partners.
Registration and Identity Data
When you create an account on krikkya, we collect the following information which you supply directly:
- Full legal name (as it appears on your national identity card or passport).
- Date of birth — collected to verify that you meet the 18+ age requirement.
- Residential address in Bangladesh (street, area, city/division, postal code).
- Mobile phone number registered in your own name in Bangladesh.
- Email address used for account communications.
- Username and hashed password (the plain-text password is never stored).
- Preferred language and currency settings.
Identity Verification Documents
Where identity verification is required — either at registration or prior to your first withdrawal — we may collect scanned copies or photographs of:
- National Identity Card (NID) issued by the Bangladesh Election Commission.
- Passport (for players who use a passport as their primary identity document).
- Birth certificate issued by a recognised Bangladeshi civil authority (for date-of-birth verification where NID is unavailable).
- Proof of address document (e.g., utility bill, bank statement issued within the last 3 months).
Financial and Transaction Data
We collect data relating to the financial transactions you conduct on the platform. This includes:
- Deposit amounts, timestamps, and associated payment method identifiers (e.g., the last 4 digits of a bKash or Nagad mobile wallet number, or the last 4 digits of a Visa or Mastercard).
- Withdrawal requests, including amount, destination payment method, and processing status.
- Transaction reference numbers assigned by krikkya and by third-party payment processors.
- Bonus credits applied to your account and associated wagering activity.
Betting and Gaming Activity Data
We record all betting and gaming activity conducted through your krikkya account, including:
- Markets and games accessed, bet amounts, odds accepted, outcomes, and winnings.
- Session start and end times, total session duration, and active product categories visited.
- Responsible gaming tool usage (e.g., deposit limit changes, self-exclusion requests).
Technical and Device Data
When you access krikkya, our servers automatically collect certain technical data about your device and connection:
| Data Type | Examples | Purpose |
|---|---|---|
| IP Address | IPv4 / IPv6 address at time of access | Fraud detection, geolocation check |
| Device Identifiers | Browser fingerprint, device type, OS version | Multi-account detection, security |
| Browser Data | Browser name, version, language setting | Platform optimisation, analytics |
| Referral Data | URL that directed you to krikkya | Marketing channel attribution |
| Session Logs | Pages visited, clicks, time on page | UX improvement, fraud detection |
3.How We Use Your Data
krikkya processes your personal data only for legitimate, defined purposes. We do not process personal data in ways that are incompatible with the purposes for which it was originally collected. The following table summarises the primary processing activities and the legal basis applicable to each:
| Processing Activity | Legal Basis |
|---|---|
| Account registration and identity verification | Contractual necessity |
| Processing deposits and withdrawals | Contractual necessity |
| Age verification (18+ compliance) | Legal obligation |
| Anti-money laundering (AML) checks | Legal obligation |
| Fraud detection and platform security | Legitimate interests |
| Responsible gaming monitoring and intervention | Legal obligation / Legitimate interests |
| Customer support communications | Contractual necessity |
| Platform analytics and UX improvement | Legitimate interests |
| Promotional communications (where opted in) | Consent |
| Compliance with legal or regulatory requests | Legal obligation |
krikkya will only send you promotional communications — including bonus offers, tournament announcements, and seasonal promotions — if you have explicitly opted in during registration or through your account settings. You may withdraw this consent at any time by updating your communication preferences in your account dashboard or by contacting support@krikkya.
4.Cookies and Tracking Technologies
krikkya uses cookies and similar tracking technologies to operate certain platform features, remember your session and preferences, and gather aggregate analytics data. A cookie is a small text file stored on your browser or device by websites you visit. Cookies do not contain executable code and cannot access other files on your device.
Categories of Cookies Used
- Strictly Necessary Cookies: Essential for the platform to function. These include session authentication cookies that keep you logged in, CSRF protection tokens, and load-balancing identifiers. These cannot be disabled without rendering the platform non-functional.
- Functional Cookies: Remember your preferences, such as your chosen language, currency display setting, and whether you have dismissed a platform notice. Disabling these may affect your experience but will not prevent access.
- Analytics Cookies: Collect anonymised, aggregate data about how users interact with the platform — such as which game categories are most visited and at what times of day. This data helps us improve platform design and performance. No personally identifying information is included in analytics reports.
- Security and Fraud Prevention Cookies: Used to detect anomalous session behaviour, identify bots, and flag potential multi-account activity. These are classed as legitimate-interest processing and cannot be individually disabled.
Managing Cookies
You may manage or delete cookies through your browser settings at any time. Most modern browsers (Chrome, Firefox, Samsung Internet, and others commonly used in Bangladesh) allow you to view, block, or delete cookies stored by individual websites. Please note that blocking strictly necessary cookies will prevent you from logging into your krikkya account. For instructions specific to your browser, refer to the browser's official help documentation.
krikkya does not use third-party advertising cookies or retargeting pixels that track your activity across other websites. Our cookie usage is limited to the functional, analytical, and security purposes described above.
5.Data Sharing and Disclosure
krikkya does not sell, rent, or trade your personal data to third-party marketers or data brokers under any circumstances. Data is shared externally only where strictly necessary for platform operations, legal compliance, or where you have provided explicit consent. The following categories of third parties may receive limited personal data from krikkya:
Payment Processing Partners
To process your deposits and withdrawals, krikkya shares the minimum necessary transaction data with our payment processing partners, including bKash, Nagad, Rocket, Upay, and card processing networks (Visa, Mastercard). This data is limited to transaction amounts, timestamps, and the payment method identifier. These partners are bound by their own data protection obligations and may not use the data for any purpose other than processing the specific transaction.
Identity Verification Services
Where a third-party identity verification (KYC) service is engaged to assist in verifying your age or identity — for example, to cross-reference your NID or passport details against government-issued records — the minimum required data fields are shared with that service provider under a strict data processing agreement. The verification provider is not permitted to retain your identity document images beyond the period required to complete the verification check.
Fraud Prevention and Security Services
Technical data (such as IP address, device fingerprint, and session behaviour patterns) may be shared with specialist fraud detection service providers who assist krikkya in identifying suspicious activity, multi-accounting, and platform abuse. This sharing is carried out on a legitimate-interest basis and is limited to the data fields necessary to perform the fraud assessment.
Legal and Regulatory Disclosure
krikkya may disclose personal data to competent authorities, law enforcement agencies, or courts if required to do so by applicable law, a valid court order, or a lawful regulatory request. In such cases, krikkya will disclose only the data that is strictly required to satisfy the legal obligation and will, where permissible, notify the affected account holder of the disclosure.
We do not sell your data. krikkya will never sell, lease, or otherwise transfer your personal data to advertising networks, data brokers, or any third party for commercial purposes. This is an absolute commitment, not subject to exception.
6.Data Retention
krikkya retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following retention periods apply to the principal data categories:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | Legal obligation (AML / KYC) |
| Identity verification documents | Duration of account + 5 years post-closure | Legal obligation |
| Financial transaction records | 7 years from date of transaction | Legal obligation (financial record-keeping) |
| Betting and gaming history | Duration of account + 3 years post-closure | Legitimate interests / dispute resolution |
| Customer support communications | 3 years from date of communication | Legitimate interests / dispute resolution |
| Technical and session logs | 12 months from date of session | Legitimate interests / fraud prevention |
| Marketing consent records | Duration of consent + 3 years | Legal obligation (consent record-keeping) |
| Cookies (analytics) | 13 months from placement | Legitimate interests |
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised so that it can no longer be attributed to any individual. Where anonymised aggregate data is retained for statistical or analytical purposes beyond the retention period, it is no longer considered personal data and is not subject to the deletion requirement.
7.Your Privacy Rights
As a registered player on krikkya, you hold the following rights in relation to the personal data we hold about you. These rights may be exercised at any time by contacting support@krikkya with a clear description of your request. We will acknowledge your request within 2 business hours and aim to fulfil it within 30 calendar days.
Request a copy of all personal data krikkya holds about you, along with information about how it is used.
Request correction of any inaccurate or incomplete personal data held in your account record.
Request deletion of your personal data where it is no longer necessary for the purpose it was collected and no legal retention obligation applies.
Request that we restrict processing of your data — for example, while a dispute about its accuracy is being resolved.
Receive your personal data in a structured, machine-readable format (e.g., JSON or CSV) where technically feasible.
Object to processing carried out on a legitimate-interest basis, including direct marketing and certain analytics activities.
Where processing is based on your consent (e.g., marketing emails), withdraw that consent at any time without affecting prior lawful processing.
Lodge a complaint with us or with a relevant supervisory authority if you believe your data has been handled unlawfully.
Please note that certain rights — particularly the right to erasure — may be limited where krikkya is required by law to retain the data in question (for example, financial transaction records subject to a 7-year legal retention period). Where a right cannot be fully exercised, we will explain the applicable limitation clearly in our response to your request.
8.Data Security
krikkya implements a layered set of technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, disclosure, alteration, or destruction. These measures are reviewed and updated regularly in line with evolving security standards.
Technical Safeguards
- TLS/SSL Encryption: All data transmitted between your browser and krikkya servers is encrypted using industry-standard TLS 1.2 or higher. The padlock icon in your browser address bar confirms this encryption is active during your session.
- Password Hashing: Account passwords are never stored in plain text. They are hashed using a strong one-way cryptographic algorithm (bcrypt) with an individual salt per account, making brute-force attacks computationally infeasible.
- Two-Factor Authentication (2FA): Players are strongly encouraged to enable 2FA via SMS OTP. When enabled, a successful login requires both the correct password and a one-time code sent to your registered Bangladesh mobile number.
- Access Controls: Internal access to player data is restricted on a strict need-to-know basis. Staff members are granted only the minimum permissions required to perform their role, and all access events are logged for audit purposes.
- Data Minimisation at Rest: Identity document images and sensitive financial identifiers are stored in encrypted form and are automatically purged once their applicable retention period expires.
Organisational Safeguards
- All staff and contractors with access to personal data are subject to confidentiality obligations under their employment or engagement agreements.
- Data processing activities are reviewed periodically through internal data protection impact assessments (DPIAs) for high-risk processing operations.
- Third-party service providers who handle personal data on krikkya's behalf are required to sign data processing agreements confirming their compliance with equivalent security standards.
Incident Response
In the event of a personal data breach that poses a risk to the rights and freedoms of affected players, krikkya will notify affected account holders without undue delay via their registered email address. The notification will describe the nature of the breach, the categories and approximate volume of data affected, the likely consequences, and the remediation steps taken by krikkya. Where you have reason to believe your account has been compromised, please notify us immediately at support@krikkya.
Despite our best efforts, no online platform can guarantee absolute security. We strongly recommend that you use a unique, strong password for your krikkya account, enable two-factor authentication, and never share your login credentials with any other person.
How krikkya Protects Your Privacy
Six core principles that guide every data handling decision we make at krikkya.
End-to-End Encryption
Every byte of data you transmit to krikkya travels over TLS-encrypted connections. Your login credentials, payment details, and personal information are never sent in plain text.
Zero Data Sales
krikkya maintains an absolute policy against selling, renting, or trading your personal data to advertisers, data brokers, or any commercial third party — without exception.
Your Rights, Always Honoured
Access, correct, delete, or export your data at any time. We respond to all data rights requests within 30 days and acknowledge receipt within 2 business hours (Bangladesh Standard Time).
Minimal Data Collection
We collect only the data that is genuinely necessary to operate your account, process your payments, and keep the platform secure. No speculative or excessive data collection takes place.
Defined Retention Periods
Every data category has a clearly defined maximum retention period. Once that period expires, your data is securely deleted or irreversibly anonymised — automatically, without you needing to request it.
Consent-Based Marketing
Promotional messages from krikkya are sent only to players who have explicitly opted in. You can withdraw marketing consent at any time through your account settings or by emailing our support team.
Ready to Play on a Platform You Can Trust?
krikkya combines world-class cricket betting, live casino, and slots with a genuine commitment to protecting every Bangladesh player's privacy and data.