fbajia Privacy
Policy & Data Protection
Your privacy is fundamental to how fbajia operates. This Privacy Policy explains exactly what personal data we collect from players in Bangladesh, how we use and store it, who we share it with, and what rights you hold over your own information. We are committed to handling your data with full transparency and in accordance with internationally recognised data protection standards.
Your Privacy Matters to fbajia
This Privacy Policy (the "Policy") describes the data protection practices of fbajia (the "Platform", "we", "us", or "our") in connection with the operation of the fbajia online casino and sports betting platform available at fbajia.net. This Policy applies to all registered players, visitors who browse the Platform without registering, and any individual who communicates with the fbajia support team via email or live chat.
fbajia is committed to collecting only the personal data that is necessary for the lawful and efficient operation of the Platform, using that data only for the purposes described in this Policy, and retaining it only for as long as is necessary or required by applicable legal obligations. We do not sell your personal data to any third party for marketing or advertising purposes under any circumstances.
By creating a fbajia account, making a deposit, or otherwise using the Platform, you acknowledge that you have read and understood this Policy and consent to the collection and use of your personal data as described herein. If you do not agree with the terms of this Policy, you must stop using the Platform and contact [email protected] to request closure of your account and deletion of your data where permitted by law.
This Policy is reviewed and updated periodically. The current version and effective date are displayed at the top of this page. Material changes will be communicated to registered players via the contact details held on their account before the revised Policy takes effect. Continued use of the Platform after such notification constitutes your acceptance of the updated Policy.
Data We Collect
fbajia collects personal data from you in three ways: information you provide to us directly during registration and platform use, information we collect automatically through your use of the Platform, and information we receive from trusted third-party partners such as payment processors and identity verification services.
Information you provide directly:
- Full legal name (as it appears on your National Identity Card or passport)
- Date of birth (used to verify you are 18 years of age or older)
- Residential address in Bangladesh (city, district, postal code)
- Mobile phone number (used for SMS verification and account security)
- Email address (used for account communications and security alerts)
- Username and encrypted password (account access credentials)
- KYC documents: copy of National Identity Card (NID), passport, or driving licence; proof of address; and, where required, source-of-funds documentation
- Payment method details: mobile wallet identifiers (bKash, Nagad, Rocket, Upay account numbers) and bank account details where applicable — note that full payment card numbers are never stored by fbajia directly
- Any information you voluntarily provide when contacting our support team, including the content of your messages and any attachments
Information collected automatically:
- IP address and approximate geolocation derived from IP
- Device type, operating system, browser type and version
- Session timestamps, session duration, and pages visited within the Platform
- Game session data: games played, wager amounts, win/loss outcomes, and session duration per game title
- Deposit and withdrawal transaction records including amounts, timestamps, and payment method used
- Cookie identifiers and similar tracking technologies (see Section 3)
- Referral source (how you arrived at fbajia.net — organic search, direct, or internal navigation)
Information received from third parties:
- Identity and age verification results from KYC processing partners
- Transaction confirmation and fraud screening data from payment processors (bKash, Nagad, Rocket, Upay, and banking partners)
- Risk and sanctions screening results where required by applicable anti-money laundering obligations
| Data Category | Source | Legal Basis |
|---|---|---|
| Identity & Contact | Player-provided at registration | Contract performance; legal obligation (KYC) |
| Financial Transaction | Player actions + payment processor | Contract performance; legal obligation (AML) |
| Game & Betting Activity | Platform automated collection | Contract performance; legitimate interests |
| Technical & Device | Platform automated collection | Legitimate interests (security, fraud prevention) |
| KYC Documents | Player-provided; KYC partner | Legal obligation (age & identity verification) |
| Support Communications | Player-provided via email/chat | Contract performance; legitimate interests |
How We Use Your Data
fbajia processes your personal data only for specific, documented, and lawful purposes. We do not use your data for purposes incompatible with those described below. The primary purposes for which we process your personal data are:
- Account creation and management: To set up your fbajia account, verify your identity and age, maintain your account profile, and facilitate your secure login.
- Platform operation and service delivery: To process deposits and withdrawals in BDT via bKash, Nagad, Rocket, Upay, and partner banks; to make casino games and sports betting markets available to you; and to record your wagering activity accurately.
- Legal and regulatory compliance: To fulfil our Know Your Customer (KYC) and anti-money laundering (AML) obligations, including age verification, identity screening, and transaction monitoring. These obligations require us to retain certain data for defined periods regardless of account status.
- Fraud prevention and platform security: To detect and investigate suspicious account activity, multi-account abuse, bonus fraud, payment chargebacks, and any other activity that may constitute a breach of our Terms & Conditions or applicable law.
- Customer support: To respond to your enquiries, process complaints, assist with account recovery, and provide guidance on responsible gaming resources.
- Responsible gaming: To monitor your gaming behaviour for indicators of problem gambling (such as rapidly increasing bet sizes, extended uninterrupted sessions, or large deposit volumes relative to account history) and to facilitate self-exclusion requests, deposit limits, and cooling-off periods.
- Platform improvement: To analyse aggregate, anonymised usage patterns in order to improve the fbajia user experience, optimise page performance, and refine game selection — without identifying individual players in this analysis.
- Communications: To send you security alerts, account notifications, and — where you have opted in — promotional messages about fbajia bonuses and offers. You may withdraw your consent to promotional communications at any time by contacting [email protected].
fbajia does not use automated decision-making processes (including profiling) that produce legal or similarly significant effects on players without human review. Where automated tools flag an account for investigation (for example, for suspected bonus abuse or AML review), a member of the fbajia compliance team will conduct a manual assessment before any consequential action is taken.
Cookies & Tracking Technologies
fbajia uses cookies and similar client-side tracking technologies to operate the Platform securely and efficiently. A cookie is a small text file stored on your device by your web browser when you visit a website. Cookies allow the Platform to recognise your device across pages and sessions, maintain your login state, and collect anonymised analytics data.
Types of cookies used by fbajia:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Maintain your authenticated session, prevent CSRF attacks, remember language preference | Session / up to 24 hours |
| Functional | Remember your game lobby preferences, last visited category, and display settings | Up to 30 days |
| Analytics | Collect anonymised page-view counts, session durations, and navigation paths to improve the Platform | Up to 12 months |
| Security & Fraud | Detect bot traffic, identify suspicious login patterns, and enforce rate limiting | Up to 90 days |
fbajia does not use third-party advertising cookies or behavioural tracking cookies for the purpose of serving targeted advertisements on external websites. Analytics data collected via cookies is processed in aggregate and anonymised form only — it is not linked back to your individual account or personal identity.
You can control cookie behaviour through your browser settings. Blocking strictly necessary cookies will impair the functionality of the Platform and may prevent you from logging in or completing transactions. Blocking functional or analytics cookies will not affect your ability to use core Platform features. Instructions for managing cookies are available in your browser's help documentation.
Data Sharing & Third Parties
fbajia does not sell, rent, or trade your personal data to any third party for commercial purposes. We share your data only in the limited circumstances described below, and only to the extent necessary for the stated purpose:
- Payment processors: When you make a deposit or request a withdrawal, the transaction data necessary to execute the payment is shared with the relevant payment provider (bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, or Sonali Bank). These providers process your data under their own privacy policies and are independently regulated financial institutions.
- KYC and identity verification partners: To fulfil our age-verification and anti-money-laundering obligations, we share identity document data with specialist KYC processing partners. These partners are contractually bound to process your data only for the purposes of identity verification and to maintain it with equivalent security standards to those described in this Policy.
- Game software providers: When you play a casino game or live dealer title, the game provider (such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, or Ezugi) receives the technical session data required to run the game, including your Player ID and bet/win amounts for that session. Game providers do not receive your full name, address, or payment method details.
- Legal and regulatory authorities: fbajia will disclose personal data to law enforcement agencies, financial intelligence units, or other competent authorities where required to do so by law, court order, or in response to a lawful regulatory request. We will notify you of any such disclosure where permitted by law.
- Corporate transactions: In the event of a merger, acquisition, or sale of all or substantially all of fbajia's assets, your personal data may be transferred to the acquiring entity. You will be notified of any such transfer and the privacy terms applicable to your data under the new entity.
All third parties with whom fbajia shares personal data are required to maintain appropriate technical and organisational security measures and to process your data only for the purposes for which it was shared. fbajia conducts periodic due diligence reviews of its key data-processing partners to ensure continued compliance with these standards.
fbajia has never sold player personal data to third-party advertisers, data brokers, or marketing agencies, and we have no intention of doing so. Your personal information is used solely for the operational, legal, and security purposes described in this Policy.
Data Retention
fbajia retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or for as long as required by our legal and regulatory obligations — whichever period is longer. The following retention periods apply:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account & identity data | 5 years after account closure | AML / KYC regulatory obligation |
| Financial transaction records | 7 years from transaction date | Financial record-keeping obligation |
| Game session history | 3 years from session date | Dispute resolution; responsible gaming monitoring |
| KYC documents | 5 years after account closure | Regulatory requirement |
| Support communications | 3 years from last interaction | Dispute resolution; service improvement |
| Cookie / analytics data | Up to 12 months | Platform performance optimisation |
Upon expiry of the applicable retention period, fbajia will securely delete or irreversibly anonymise your personal data. Where data must be retained for legal reasons after your account has been closed, access to that data is restricted to compliance and legal personnel on a strict need-to-know basis.
Your Privacy Rights
As a player on the fbajia Platform, you have a number of rights in relation to the personal data we hold about you. fbajia respects and upholds these rights in accordance with internationally recognised data protection principles. The rights available to you are:
-
Right of Access You may request a copy of all personal data fbajia holds about you. We will provide this in a structured, commonly used format within 30 days of receiving a verified request. Contact [email protected] to submit an access request.
-
Right to Rectification If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. You can update basic contact details (mobile number, email address) directly from your account settings, or contact support for corrections to identity data.
-
Right to Erasure You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected. Note that certain data must be retained for the legal periods specified in Section 5 regardless of an erasure request. We will inform you clearly of any data that cannot be deleted and the reason why.
-
Right to Restriction of Processing You may request that fbajia restrict the processing of your personal data in certain circumstances — for example, while the accuracy of data is being verified, or while an objection is being considered. During a restriction period, we will store your data but not actively process it beyond what is legally required.
-
Right to Data Portability Where processing is based on your consent or on the performance of a contract, and processing is carried out by automated means, you may request that we provide your personal data in a machine-readable format (JSON or CSV) for transfer to another service provider.
-
Right to Object You may object at any time to our processing of your personal data for direct marketing purposes. You may also object to processing carried out on the basis of fbajia's legitimate interests, in which case we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
-
Right to Withdraw Consent Where fbajia processes your personal data on the basis of your consent (for example, for promotional communications), you may withdraw that consent at any time by contacting [email protected]. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of the rights listed above, please contact the fbajia data protection team at [email protected] with a clear description of your request. We may need to verify your identity before processing the request. We will respond within 30 calendar days. Where a request is complex or we have received a high volume of requests, we may extend this period by a further 30 days, in which case we will notify you promptly.
Data Security Measures
fbajia applies a layered set of technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. Security is treated as an ongoing operational priority, not a one-time implementation.
Technical measures include:
- 256-bit SSL/TLS encryption applied to all data in transit between your device and fbajia's servers
- AES-256 encryption for sensitive data fields stored in our database (passwords are stored as salted cryptographic hashes — they are never stored in plain text)
- Two-factor authentication (2FA) available for all player accounts and mandatory for all fbajia administrative accounts
- Regular automated vulnerability scanning and periodic independent penetration testing of the Platform infrastructure
- Web Application Firewall (WAF) and DDoS mitigation applied at the network perimeter
- Strict rate limiting and anomaly detection on login and payment endpoints to prevent credential stuffing and brute-force attacks
- Immutable audit logs for all administrative access to player data, with automated alerts on anomalous access patterns
Organisational measures include:
- Role-based access controls ensuring that employees can only access the player data necessary for their specific job function
- Mandatory data protection training for all fbajia staff upon onboarding and annually thereafter
- Documented data breach response procedures with clearly assigned responsibilities and defined notification timelines
- Supplier due diligence programme reviewing the security posture of all third-party data processors before engagement and annually thereafter
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, fbajia will notify affected players without undue delay and, in any case, within 72 hours of becoming aware of the breach where feasible. Notification will be sent to the email address registered to your account and will describe the nature of the breach, the categories of data affected, the likely consequences, and the steps fbajia has taken or proposes to take to address the breach.
While fbajia takes all reasonable precautions to protect your data, no internet transmission or electronic storage system is 100% secure. You also have a responsibility to protect your account: use a strong, unique password for your fbajia account, do not share your login credentials with any other person, and contact [email protected] immediately if you suspect unauthorised access to your account.
If you believe your fbajia account has been accessed without your authorisation, contact [email protected] immediately. Our security team is available 24/7 BST and will lock your account and initiate an investigation within minutes of receiving your report.
Contact & Complaints
If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have a concern about how fbajia handles your personal data, please contact our data protection team using the details below. All privacy enquiries are handled confidentially and with priority by a dedicated member of the fbajia compliance team.
Email: [email protected]
Response time: Within 30 calendar days for formal data subject requests; within 48 hours for general privacy enquiries.
Support hours: 24 hours a day, 7 days a week, Bangladesh Standard Time (BST, UTC+6).
Complaints procedure: If you are not satisfied with fbajia's response to a privacy concern, you may escalate your complaint in writing to [email protected] with the subject line "Formal Privacy Complaint". We will acknowledge formal complaints within 48 hours and provide a substantive written response within 15 business days. fbajia treats all formal privacy complaints with the utmost seriousness and maintains a complete audit trail of all complaint handling activities.
Children's data: The fbajia Platform is strictly for adults aged 18 and above. We do not knowingly collect personal data from individuals under the age of 18. If you believe that a person under 18 has registered on the Platform or that fbajia holds personal data belonging to a minor, please notify us immediately at [email protected]. Upon verification, we will delete the data and close the account without delay.
Changes to this Policy: fbajia reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or Platform features. The current version number and effective date are displayed at the top of this page. We will notify registered players of material changes via email at least 7 days before the updated Policy takes effect. We recommend checking this page periodically to remain informed of how fbajia protects your privacy.
Contact the fbajia data protection team at [email protected]. Available 24/7 BST. We respond to all formal data subject requests within 30 calendar days.
How fbajia Protects Your Personal Data
Every connection between your device and fbajia's servers is protected by industry-standard 256-bit SSL/TLS encryption. Your account credentials, BDT transaction data, and personal details are fully secured in transit.
fbajia has a strict no-sale policy on player data. Your personal information is never sold, rented, or traded to third-party advertisers, data brokers, or marketing networks — under any circumstances.
fbajia respects and upholds your rights to access, rectify, erase, port, and restrict your personal data. Submit any data rights request to [email protected] and we will respond within 30 calendar days.
Your password is never stored in plain text. fbajia uses salted cryptographic hashing for all passwords and offers two-factor authentication (2FA) to add a second layer of security to your account.
fbajia retains your data only for as long as necessary or legally required. Once the applicable retention period expires, your data is securely deleted or irreversibly anonymised according to our documented data lifecycle policy.
In the unlikely event of a data breach affecting your personal information, fbajia will notify you within 72 hours of detection — describing what happened, what data was involved, and what steps we are taking to protect you.
Your Data Is Safe on fbajia
Now that you understand how fbajia protects your privacy, explore everything the Platform has to offer — from cricket betting and live casino games to 500+ slots. All with secure BDT payments via bKash, Nagad, and Rocket. 18+ only.