Privacy Policy — How aci67 Collects, Uses, and Protects Your Data
Your privacy matters to us. This Privacy Policy explains in clear, transparent terms exactly what personal information aci67 collects from players in Bangladesh, how we use and store it, who we share it with, and how you can exercise your data rights at any time.
Privacy Principles at a Glance
These six principles define how aci67 approaches data privacy. They inform every data handling decision we make, from the moment you register to the moment your account is closed.
Information We Collect
aci67 collects personal information from you in order to provide, maintain, and improve the platform, process financial transactions, comply with legal obligations, and ensure the safety and integrity of our services. The categories of information we collect, and the circumstances in which we collect them, are described below.
Information You Provide Directly. The majority of personal data we hold is information you voluntarily provide when registering an account, completing KYC verification, making a deposit or withdrawal, contacting our support team, or participating in a promotion. Providing accurate and current information is a condition of your account agreement with aci67.
Information Collected Automatically. When you browse aci67.net, our servers and third-party analytics tools automatically record technical and usage data. This includes your IP address (which may be used to infer your approximate location within Bangladesh), your browser fingerprint, and a log of your in-session activity. This information is used for fraud detection, platform performance optimisation, and responsible gaming monitoring.
Information from Third Parties. aci67 may receive supplementary identity or financial information from regulated third-party KYC verification providers, payment processors, and fraud prevention databases. Such information is used solely for the purpose of verifying your identity and protecting the integrity of the platform.
How We Use Your Information
aci67 uses your personal information only for specific, legitimate purposes. We do not process your data in ways that are incompatible with the purpose for which it was originally collected. The table below summarises our key processing activities and the lawful basis for each.
- Account creation and management: To register your account, verify your identity through KYC, maintain your account profile, and manage your login credentials and security settings.
- Payment processing: To process deposits and withdrawals via bKash, Nagad, Rocket, Upay, and supported Bangladeshi banks; to record transaction histories; and to detect and prevent fraudulent payment activity.
- Game delivery and platform operation: To provide access to casino games, sports betting markets, virtual sports, and live dealer content; to record wagers and results; and to calculate and credit winnings to your account balance.
- Responsible gaming compliance: To monitor your gambling behaviour for signs of problem gambling; to enforce deposit limits, self-exclusion orders, and cooling-off periods; and to flag accounts that may require welfare intervention.
- Legal and regulatory compliance: To satisfy anti-money laundering (AML) obligations; to respond to lawful requests from Bangladeshi authorities; to maintain records as required by applicable law; and to enforce our Terms & Conditions.
- Customer support: To respond to your queries and complaints; to maintain records of support interactions for quality assurance and training purposes; and to investigate and resolve disputes.
- Marketing and promotions: To send you promotional offers, bonus notifications, and seasonal campaigns (e.g., Eid, BPL, Pohela Boishakh) — but only if you have opted in to marketing communications. You may unsubscribe at any time.
- Security and fraud prevention: To detect, investigate, and prevent unauthorised account access, bonus abuse, collusion, and other prohibited conduct as defined in our Terms & Conditions.
- Platform improvement: To analyse aggregated, anonymised usage data to improve game selection, navigation, payment flows, and overall user experience on aci67.net.
Sharing & Disclosure of Data
aci67 does not sell, rent, or trade your personal information to third parties for their own commercial purposes. We share personal data only in the limited circumstances described below, and only to the minimum extent necessary for each purpose.
- Payment service providers: We share financial data (account references, transaction amounts) with bKash, Nagad, Rocket, Upay, and our partner Bangladeshi banks strictly to process your deposits and withdrawals. These providers are contractually bound to handle your data securely and only for payment processing purposes.
- KYC and identity verification providers: We may share identity documents and personal details with regulated third-party KYC service providers to complete your identity verification. These providers operate under data processing agreements that restrict their use of your data.
- Game software providers: To deliver casino games and live dealer content, anonymised session data (game ID, wager amount, outcome) is shared with our game technology partners such as Pragmatic Play, Evolution Gaming, Spribe, Ezugi, NetEnt, and Microgaming. These providers do not receive your name, NID, or contact details.
- Fraud prevention and AML services: We may share account and transaction data with third-party fraud detection and anti-money laundering screening services to protect the integrity of the platform and comply with applicable obligations.
- Law enforcement and regulatory authorities: aci67 will disclose personal data to relevant Bangladeshi authorities, courts, or law enforcement agencies when required to do so by a valid legal order, warrant, or regulatory direction. We will, where legally permitted, notify you of such disclosure.
- Business transfers: In the event that aci67 undergoes a merger, acquisition, or sale of its business assets, your personal data may be transferred to the successor entity as part of that transaction, subject to equivalent privacy protections.
Data Security & Retention
aci67 implements a layered security framework to protect your personal data against unauthorised access, disclosure, alteration, and destruction. Our security measures include, but are not limited to:
- Transport Layer Security (TLS): All data transmitted between your browser and aci67.net is encrypted using TLS 1.2 or higher. The padlock icon in your browser address bar confirms that your connection is encrypted at all times.
- Data encryption at rest: Sensitive personal data — including identity documents, payment references, and account credentials — is encrypted at rest using AES-256 encryption within our secured database infrastructure.
- Access controls: Access to personal data within aci67's internal systems is restricted to authorised personnel on a strict need-to-know basis. All staff with access to personal data are subject to confidentiality obligations and regular privacy training.
- Two-factor authentication (2FA): aci67 supports 2FA for player accounts to provide an additional layer of protection against unauthorised login. We strongly encourage all players to enable 2FA in their account security settings.
- Fraud monitoring: Automated systems monitor account activity in real time for anomalous patterns that may indicate a security breach, unauthorised access, or fraudulent activity. Suspected incidents trigger immediate investigation and, where necessary, account suspension to protect your funds.
- Regular security reviews: aci67 conducts periodic internal and third-party security assessments of its platform infrastructure to identify and remediate vulnerabilities before they can be exploited.
Data Retention. We retain your personal data for as long as your account remains active and for a period thereafter as required by applicable legal, regulatory, and accounting obligations. Specific retention periods are as follows:
- Account and identity data: retained for the duration of your account plus a minimum of 5 years following account closure, to satisfy AML record-keeping obligations.
- Transaction records: retained for 7 years following each transaction, in accordance with financial record-keeping requirements.
- Support communications: retained for 2 years following the resolution of the relevant query or complaint.
- Marketing preferences and communication logs: retained for 1 year following your opt-out or account closure, whichever is earlier.
- KYC documents: retained for 5 years following account closure or the most recent KYC review, whichever is later.
At the end of the applicable retention period, personal data is securely deleted or irreversibly anonymised. Anonymised data (from which you cannot be identified) may be retained indefinitely for aggregated analytical purposes.
Your Privacy Rights
As a registered player on aci67, you hold the following rights with respect to the personal data we hold about you. These rights can be exercised at any time by contacting our support team at [email protected] with the subject line "Privacy Rights Request". We will respond to all valid requests within 30 days of receipt.
Right of Access
You have the right to request a copy of the personal data aci67 holds about you, together with information about how it is being used and who it has been shared with.
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it without undue delay.
Right to Erasure
Subject to legal retention obligations, you may request the deletion of your personal data — for example, where it is no longer necessary for the purpose for which it was collected, or where you withdraw your consent.
Right to Restriction
You may ask us to restrict the processing of your personal data in certain circumstances — for example, while a dispute about its accuracy is being resolved, or where processing is unlawful but you prefer restriction over deletion.
Right to Data Portability
Where processing is based on your consent or a contract with you, and is carried out by automated means, you may request that we provide your personal data in a structured, machine-readable format.
Right to Object
You have the right to object to aci67 processing your personal data for direct marketing purposes at any time. You may also object to processing carried out on the basis of our legitimate interests.
Right to Withdraw Consent
Where processing is based on your consent (e.g., marketing communications), you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before withdrawal.
Right to Lodge a Complaint
If you are dissatisfied with how aci67 has handled your personal data, you have the right to lodge a complaint with the relevant data protection authority, or to seek legal redress through the appropriate courts.
Third-Party Services
The aci67 platform integrates with a number of third-party service providers to deliver its full range of features. While aci67 takes care in selecting reputable, security-conscious partners, please be aware that third-party services operate under their own privacy policies, which are independent of this document.
The categories of third-party services integrated with aci67 include:
- Game providers: Pragmatic Play, Evolution Gaming, Spribe, Ezugi, NetEnt, and Microgaming supply the game software, random number generation (RNG) infrastructure, and live studio streaming that powers aci67's casino and sports products. These providers receive anonymised game session data only.
- Payment gateways: bKash, Nagad, Rocket, and Upay process mobile financial service transactions. Dutch-Bangla Bank, City Bank, BRAC Bank, and Islami Bank facilitate bank transfer deposits and withdrawals. These providers receive only the financial data necessary to complete your transaction.
- KYC verification services: Regulated identity verification providers assist aci67 in confirming the identity and age of new registrants. Document data is transmitted to these providers over encrypted channels and is not retained by them beyond the verification window.
- Cloud infrastructure providers: aci67's platform is hosted on secure cloud infrastructure. Server-side data (including personal data) is stored in encrypted form and is accessible only to authorised aci67 systems and personnel.
aci67 does not control and is not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party service — particularly your mobile financial service provider — before using their services in connection with aci67.
Links to external websites do not appear on aci67.net. All navigation on the platform remains within aci67.net, and no outbound links to external commercial or third-party sites are embedded in our content. This limits the risk of your data being inadvertently shared with unrelated third parties through link tracking or referral headers.
Updates to This Policy
aci67 reviews and updates this Privacy Policy periodically to reflect changes in our data practices, the services we offer, and the legal and regulatory environment in Bangladesh and internationally. The effective date at the top of this document indicates when the most recent version was published.
Where an update constitutes a material change — for example, a new category of data collection, a new third-party sharing arrangement, or a change to your rights — aci67 will notify registered account holders by email to their registered address, or through a prominent notification within the aci67 platform, at least 14 days before the updated policy takes effect.
For minor, non-material updates (such as clarifications of existing language, corrections to typographical errors, or restructuring for readability), we will update the effective date and publish the revised policy without individual notification. Continued use of the aci67 platform after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms.
The current version of this Privacy Policy is always available at aci67.net/privacy-policy. If you wish to review a prior version, or have questions about what has changed, contact our support team at [email protected].
This Privacy Policy is governed by its plain English meaning. If you have any questions, concerns, or complaints relating to privacy or data protection at aci67, please contact us at [email protected] — we aim to respond to all privacy-related enquiries within 5 business days (Bangladesh Standard Time, UTC+6).
Have Questions About Your Privacy?
Our support team is available 24/7 to address any privacy or data concerns. You can also explore our FAQ for quick answers, review our Responsible Gaming tools, or log in to manage your account settings directly.
Read the FAQ Responsible Gaming aci67 Login