1 Introduction
ek77 ("we", "us", "our") operates the online casino and sports betting platform accessible at https://ek77.lat (the "Platform"). This Privacy Policy describes how ek77 collects, uses, stores, discloses, and protects the personal data of all individuals ("Players", "Users", "you") who access or use the Platform.
We understand that privacy matters deeply to our Players. The ek77 platform is used by adults across Bangladesh who trust us with their personal and financial information. That trust is not taken lightly. Every data-handling practice described in this Policy reflects a deliberate decision to protect Player privacy while delivering a reliable, safe gambling service.
By registering an Account or continuing to use the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your personal data as described herein. This Policy should be read alongside the Terms & Conditions and the Responsible Gaming Policy, both of which are incorporated by reference.
Scope: This Policy applies to all personal data processed by ek77 in connection with your use of the Platform, regardless of the device or method used to access it.
2 Data We Collect
ek77 collects the following categories of personal data from Players:
- Identity Data: Full legal name, date of birth, nationality, and a copy of government-issued photo identification (e.g., National ID card, passport) provided during KYC verification.
- Contact Data: Email address, mobile phone number, and residential address (including city, postal code, and division — such as Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, or Mymensingh).
- Account Data: Username, hashed password, account creation date, login history, and account preference settings.
- Financial Data: Payment method type (e.g., bKash, Nagad, Rocket, Upay, Visa, Mastercard), transaction reference numbers, deposit and withdrawal history, and account balance records. Full payment credentials (e.g., bKash PINs, card numbers) are never stored on ek77 servers.
- Gaming Data: Wagering history, game session logs, bet amounts, winnings, bonus usage records, and responsible gaming tool settings (deposit limits, session limits, self-exclusion status).
- Technical Data: IP address, device type, operating system, browser type and version, screen resolution, time zone, and referral source.
- Usage Data: Pages visited, features used, time spent on the Platform, click-stream data, and session duration records.
- Communications Data: Records of any correspondence between you and ek77 support, including live chat transcripts, email exchanges, and support ticket content.
3 How We Collect Data
ek77 collects personal data through the following means:
- Direct Submission: Information you provide when registering an Account, completing KYC verification, making a deposit or withdrawal, contacting support, or updating your Account profile.
- Automated Technologies: Technical and usage data collected automatically as you browse and interact with the Platform, including through cookies, web beacons, and server-side logging. See Section 7 for full details on cookies.
- Payment Providers: Transaction confirmation data received from payment processors such as bKash, Nagad, Rocket, Upay, Visa, and Mastercard, necessary to credit deposits and process withdrawals.
- Identity Verification Partners: During KYC, we may use third-party identity verification services to cross-check the documents you submit against authoritative data sources. These partners operate under strict data processing agreements with ek77.
- Fraud Prevention Services: Technical risk signals, device fingerprinting data, and behavioural pattern information from fraud detection tools used to protect Players and the integrity of the Platform.
4 Purposes of Processing
ek77 processes your personal data for the following specific, legitimate purposes:
- Account Management: To create, maintain, and administer your Player Account, including verifying your identity at registration and during KYC.
- Service Delivery: To provide access to games, process bets, calculate and credit winnings, apply bonuses, and deliver the full range of Platform features.
- Payment Processing: To facilitate deposits and withdrawals via your chosen payment method and to maintain accurate financial records in compliance with applicable obligations.
- Fraud Prevention & Security: To detect, investigate, and prevent fraudulent activity, money laundering, Prohibited Conduct (as defined in the Terms & Conditions), and unauthorised access to Accounts.
- Responsible Gaming: To monitor gambling behaviour patterns, enforce self-imposed limits, apply self-exclusion restrictions, and identify Players who may be exhibiting signs of gambling-related harm.
- Customer Support: To respond to your enquiries, resolve disputes, process complaints, and maintain records of support interactions for quality and training purposes.
- Legal Compliance: To fulfil obligations under applicable law, including identity verification requirements, record-keeping obligations, and responding to lawful requests from competent authorities.
- Platform Improvement: To analyse usage patterns, diagnose technical issues, conduct testing, and improve the features, performance, and user experience of the Platform.
- Marketing Communications: Where you have explicitly opted in, to send you promotional offers, bonus announcements, and Platform updates by email or SMS. See Section 12 for opt-out options.
5 Legal Basis for Processing
ek77 processes your personal data on one or more of the following legal bases:
- Contract Performance: Processing necessary to register your Account and deliver the services you have requested under the Terms & Conditions — including payment processing, game delivery, and KYC completion.
- Legitimate Interests: Processing necessary for ek77's legitimate business interests, including fraud prevention, security monitoring, Platform improvement, and responsible gaming oversight, provided these interests are not overridden by your privacy rights.
- Legal Obligation: Processing required to comply with applicable legal and regulatory obligations, including identity verification, anti-money-laundering checks, and record retention requirements.
- Consent: Processing based on your explicit, freely given consent — specifically for the sending of marketing communications. Consent can be withdrawn at any time without affecting the legality of prior processing.
6 Data Sharing & Disclosure
ek77 does not sell or rent your personal data to any third party. We share your data only in the following limited circumstances, and only to the extent necessary for each purpose:
- Payment Processors: bKash, Nagad, Rocket, Upay, Visa, Mastercard, and participating Bangladeshi banks receive the minimum data required to process your transactions — typically your registered account identifier and transaction amount.
- Identity Verification Providers: Third-party KYC partners receive copies of your identity documents solely to verify your identity and age. These partners are contractually bound to use the data only for this purpose.
- Fraud Detection Services: Technical and behavioural data may be shared with fraud prevention tools to identify and block fraudulent activity. These services process data as data processors under ek77's instruction.
- Legal Authorities: We may disclose personal data to law enforcement agencies, regulatory bodies, or courts where required by applicable law, a valid court order, or where we reasonably believe disclosure is necessary to prevent crime or protect the safety of any person.
- Business Successors: In the event of a merger, acquisition, or sale of all or part of ek77's business, Player data may be transferred to the successor entity, subject to the same privacy protections described in this Policy. Affected Players will be notified in advance where practicable.
No Third-Party Marketing: Under no circumstances does ek77 share your personal data with third parties for their own marketing or advertising purposes. Any marketing communications you receive will originate from ek77 directly.
7 Cookies & Tracking Technologies
ek77 uses cookies and similar tracking technologies to operate the Platform effectively and improve the Player experience. The following categories of cookies are used:
- Strictly Necessary Cookies: Essential for the Platform to function. These cookies enable core features such as Account login sessions, security tokens, and load balancing. They cannot be disabled without rendering the Platform unusable.
- Functional Cookies: Remember your preferences — such as language settings, preferred payment method, and responsible gaming tool configurations — so you do not need to re-enter them on each visit.
- Analytics Cookies: Collect anonymised usage data (pages visited, session duration, click paths) to help ek77 understand how Players use the Platform and identify areas for improvement. No personally identifiable information is included in analytics reports.
- Security Cookies: Used to detect and prevent fraudulent activity, including bot traffic, credential-stuffing attempts, and abnormal session behaviour.
You can manage cookie preferences through your browser settings. Please note that disabling strictly necessary cookies will affect the functionality of the Platform. Clearing cookies will log you out of your current session.
ek77 does not use third-party advertising or retargeting cookies. No behavioural profile is built from your Platform activity for the purpose of serving advertisements on external websites.
8 Data Security
ek77 implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction:
- All data in transit between your device and our servers is encrypted using TLS 1.2 or higher. The Platform is accessible exclusively over HTTPS.
- Passwords are stored in hashed form using a modern cryptographic algorithm. Plain-text passwords are never stored or logged anywhere on our systems.
- Access to production systems containing personal data is restricted to a limited number of authorised personnel and requires multi-factor authentication.
- Payment data is handled exclusively by PCI-compliant payment processors. ek77 does not store full payment card numbers, bKash PINs, or Nagad credentials.
- Our infrastructure is monitored around the clock for anomalous activity. Security incidents are assessed, logged, and escalated in accordance with a documented incident response procedure.
- Internal staff receive privacy and data security training as part of their onboarding and on a periodic refresh basis.
While we take every reasonable precaution to protect your data, no digital system can guarantee absolute security. In the event of a data breach that poses a significant risk to your rights, ek77 will notify affected Players without undue delay and take immediate steps to contain and remediate the incident.
9 Data Retention
ek77 retains personal data for the minimum period necessary to fulfil the purposes for which it was collected, subject to the following guidelines:
- Active Account Data: Retained for the full duration of your Account being open and active on the Platform.
- KYC & Identity Documents: Retained for a minimum of five years following Account closure, in line with standard anti-money-laundering record-keeping practices.
- Financial Transaction Records: Retained for a minimum of five years from the date of the transaction for audit and legal compliance purposes.
- Gaming & Bet History: Retained for three years from the date of each wagering session, unless a dispute is raised, in which case the relevant records are retained until the dispute is fully resolved.
- Support Communications: Retained for two years from the date of each interaction, unless the communication relates to an ongoing dispute or legal matter.
- Marketing Consent Records: Retained for as long as you remain opted in, plus three years following any opt-out, to demonstrate compliance with consent requirements.
Upon expiry of the applicable retention period, data is securely deleted or anonymised so that it can no longer be associated with any individual Player.
10 Your Privacy Rights
As a Player on the ek77 Platform, you have the following rights in respect of your personal data. To exercise any of these rights, contact our support team at the details provided in Section 15.
- Right of Access: You may request a copy of the personal data ek77 holds about you. We will respond to verified access requests within 30 days.
- Right to Rectification: You may request correction of any inaccurate or incomplete personal data. Minor profile corrections (e.g., phone number, email address) can be made directly within your Account settings panel.
- Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to overriding legal retention obligations (e.g., KYC and financial records described in Section 9).
- Right to Restriction: You may request that we temporarily restrict processing of your data while a dispute about its accuracy or our use of it is being resolved.
- Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format where technically feasible.
- Right to Object: You may object to processing based on legitimate interests at any time. We will cease the relevant processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Right to Withdraw Consent: Where processing is based on consent (e.g., marketing emails), you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
Identity Verification: To protect Player privacy, ek77 will verify your identity before processing any data rights request. We may ask you to confirm Account details or provide identification to ensure the request is being made by the authorised Account holder.
11 Children's Privacy
The ek77 Platform is strictly intended for adults aged 18 years and above. We do not knowingly collect, process, or store personal data from any person under the age of 18.
Age verification checks are applied at the point of Account registration and during KYC. If ek77 becomes aware that personal data belonging to a person under 18 has been collected, the relevant Account will be closed immediately, all funds will be returned to the originating payment method, and the associated personal data will be deleted without undue delay.
If you are a parent or guardian and believe that a minor has created an Account on ek77, please contact our support team immediately at the address provided in Section 15. We take these reports seriously and will act promptly.
12 Marketing Communications
ek77 may send promotional emails or SMS messages about bonuses, new games, seasonal offers (such as Eid, Pohela Boishakh, or BPL season promotions), and Platform updates to Players who have explicitly opted in to receive such communications.
You can opt out of marketing communications at any time through one of the following methods:
- Clicking the "Unsubscribe" link in any marketing email sent by ek77.
- Updating your communication preferences directly within the Account settings panel.
- Contacting support and requesting removal from our marketing lists.
Please allow up to 72 hours for opt-out requests to take effect across all communication channels. Opting out of marketing does not affect transactional communications — you will continue to receive Account-related notifications such as deposit confirmations, withdrawal updates, and security alerts.
13 Third-Party Links
The Platform does not contain links to third-party websites for general browsing purposes. However, during the payment process you may be redirected to the secure portal of a payment provider such as bKash or Nagad to complete a transaction. Once you leave the ek77 Platform, this Privacy Policy no longer applies.
ek77 is not responsible for the privacy practices or content of any third-party service to which you are redirected as part of the payment process. We encourage you to review the privacy policies of your chosen payment provider before completing any transaction on their platform.
14 Policy Updates
ek77 reserves the right to update this Privacy Policy at any time to reflect changes in our data practices, operational requirements, or applicable law. When material changes are made, we will update the effective date displayed on this page and, where the change is significant, notify active Players via the email address registered on their Account.
Your continued use of the Platform following notification of any update constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated Policy, you must stop using the Platform and request Account closure by contacting support.
We recommend reviewing this page periodically to stay informed about how ek77 handles your personal data. Archived versions of prior policies are available upon request.
15 Contact & Data Enquiries
If you have any questions about this Privacy Policy, wish to exercise any of your data rights described in Section 10, or want to raise a privacy concern, please contact the ek77 support team through the following channel:
Email: [email protected]
Live Chat: Available 24 hours a day, 7 days a week via the chat interface within the Platform. For privacy-related enquiries, please clearly state that your message relates to a data or privacy matter so it can be routed to the appropriate team member.
ek77 aims to acknowledge all privacy-related enquiries within 48 hours and to resolve them within 30 days of receipt of a verified request. Complex requests that require extended investigation will be acknowledged with an interim update within the initial 30-day period.
Security Reminder: When contacting support regarding a privacy or data request, do not include sensitive personal information such as your full payment credentials, bKash or Nagad PIN, or national ID number in the body of your message. Our team will guide you through a secure verification process.