366bit Privacy Policy
At 366bit, protecting your personal data is a responsibility we take seriously. This Privacy Policy explains exactly what information we collect, how we use it, who we share it with, and how we keep it secure across every interaction you have with our platform.
SSL Encryption
All data transmitted between your device and 366bit is protected by industry-standard 256-bit SSL encryption. This ensures that your personal and financial information cannot be intercepted during transmission.
No Data Selling
366bit does not sell, rent, or trade your personal information to third parties for commercial marketing purposes. Your data is used solely to operate, maintain, and improve our platform and your experience on it.
Your Data, Your Rights
You have the right to request access to your personal data, correct inaccurate records, request deletion of your data where applicable, and withdraw consent for specific uses at any time by contacting our support team.
Secure Storage
Personal data is stored on secure, access-controlled servers. Access to stored user data within 366bit is restricted to authorised personnel only, on a strict need-to-know basis, with full audit logging in place.
Cookie Transparency
366bit uses cookies and similar tracking technologies to improve platform performance and personalise your experience. Our cookie policy is fully disclosed in this document, and you can manage cookie preferences at any time.
Privacy by Design
Data protection is built into every part of the 366bit platform from the ground up. We collect only the minimum personal data required to deliver our services and fulfil our legal obligations — no more, no less.
Information We Collect
When you register with 366bit, use our platform, or contact our support team, we collect various categories of personal data. The type and volume of data we collect depends on the nature of your interaction with the platform. Below is a comprehensive breakdown of the categories of information we may collect and the circumstances under which each category is gathered.
Registration and Account Data
When you create a 366bit account, we collect the personal details you provide during the registration process, including your full legal name, date of birth, residential address, email address, mobile phone number, and your chosen username. This information is required to establish and maintain your account and to verify your identity and age in accordance with our responsible gaming obligations.
Identity Verification (KYC) Data
As part of our Know Your Customer (KYC) process — which may be required before your first withdrawal or at any time we deem appropriate — we may collect copies of government-issued identity documents (such as your National Identity Card or passport), proof of residential address, and evidence of payment method ownership. This data is processed for the purpose of fraud prevention, age verification, and compliance with applicable anti-money laundering regulations.
Financial Transaction Data
When you make a deposit or withdrawal on 366bit, we collect and process information relating to the transaction, including the payment method used (e.g., bKash, Nagad, Rocket, Upay, Visa, Mastercard), the transaction amount in Bangladeshi Taka (৳), transaction timestamps, and payment reference numbers. We do not store full card numbers or mobile banking PINs — payment processing is handled by our third-party payment partners who maintain their own security standards.
Usage and Behavioural Data
We automatically collect data about how you interact with the 366bit platform. This includes your IP address, device type, operating system, browser type and version, pages visited, games played, bets placed, session duration, and navigation patterns. This data is used to maintain platform performance, detect security incidents , improve user experience, and fulfil our responsible gaming monitoring obligations.
Communications Data
If you contact 366bit through any channel — including email, live chat, or our support ticket system — we retain records of those communications, including the content of your messages, timestamps, and any attachments you provide. This enables us to resolve your query effectively and maintain a record of our interactions for quality assurance and dispute resolution purposes.
| Data Category | Examples | Collection Method |
|---|---|---|
| Identity Data | Full name, date of birth, NID/passport number | Registration form, KYC submission |
| Contact Data | Email address, phone number, home address | Registration form, account updates |
| Financial Data | Payment method type, transaction amounts in ৳, reference IDs | Deposit/withdrawal processing |
| Technical Data | IP address, device type, browser, session data | Automatic collection via platform |
| Behavioural Data | Games played, bets placed, pages visited | Automatic collection via platform |
| Communications Data | Support chat logs, email correspondence | Direct communication with support |
How We Use Your Data
366bit processes your personal data only for specific, clearly defined purposes. We do not use your data in ways that are incompatible with the purposes for which it was originally collected. The following is a comprehensive description of how and why we use each category of personal data we hold about you.
Account Management and Service Delivery
The primary use of your personal data is to create and maintain your 366bit account, process your deposits and withdrawals in Bangladeshi Taka (৳), verify your identity and age, and deliver the betting and casino services you have requested. Without this processing, we cannot provide you with access to the platform.
Security and Fraud Prevention
We use technical and behavioural data to monitor platform activity for signs of unauthorised access, account takeover, fraudulent transactions, bonus abuse, and other security threats. Automated systems flag unusual activity patterns for review by our security team. This processing is essential to protect both 366bit and the wider user community from financial harm.
Responsible Gaming Compliance
366bit is committed to responsible gaming. We analyse your betting and gaming activity — including bet frequency, session duration, and deposit patterns — to identify potential signs of problem gambling behaviour. Where such patterns are detected, we may contact you to offer responsible gaming tools such as deposit limits, cooling-off periods, or self-exclusion, as detailed in our Responsible Gaming policy.
Legal and Regulatory Compliance
Certain processing activities are carried out to fulfil our obligations under applicable anti-money laundering (AML), counter-terrorist financing (CTF), and know-your-customer (KYC) frameworks. This includes retaining transaction records and identity verification documents for the minimum statutory periods required by applicable law.
Platform Improvement and Analytics
Anonymised and aggregated usage data is used to understand how players navigate the 366bit platform, which games are most popular, and where technical or user experience improvements can be made. This analysis does not involve identifying individual users and is used purely to develop a better product for all players.
Customer Communications
We use your contact data to send you transactional communications — such as deposit confirmations, withdrawal notifications, and account verification requests — that are necessary for the operation of your account. Where you have provided explicit consent, we may also send you promotional communications about 366bit offers, bonuses, and seasonal promotions. You may withdraw consent for marketing communications at any time by contacting [email protected].
Marketing Communications: 366bit will only send you promotional messages if you have explicitly opted in to receiving them. We do not send unsolicited marketing communications. You can opt out of marketing emails at any time by contacting our support team at [email protected].
Sharing and Disclosure of Data
366bit does not sell, rent, or trade your personal data to third parties for their own commercial purposes. However, in order to deliver our services effectively and meet our legal obligations, we do share certain categories of personal data with trusted third-party service providers and, where legally required, with regulatory authorities. All third parties with whom we share data are contractually required to process that data only for the specified purpose and to maintain appropriate security standards.
Payment Processing Partners
To process your deposits and withdrawals, we share necessary transaction data with our payment processing partners, including the operators of bKash, Nagad, Rocket, Upay, and international card networks (Visa, Mastercard). These partners process your payment data under their own privacy policies and security frameworks. 366bit does not receive or store your full mobile banking credentials or card details.
Identity Verification Providers
Where we use third-party KYC and identity verification services to validate the documents you submit, your identity data is shared with those providers solely for verification purposes. Such providers are bound by strict data processing agreements and are not permitted to use your identity data for any other purpose.
Game Technology Providers
The casino games available on 366bit are powered by third-party gaming studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These providers may receive certain technical data (such as session identifiers and game outcome data) in order to deliver and audit their games. They do not receive your full personal profile.
Law Enforcement and Regulatory Disclosure
366bit will disclose personal data to law enforcement agencies, regulatory bodies, or other competent authorities where we are legally obliged to do so — for example, in response to a valid legal order, court order, or regulatory investigation. In cases involving suspected money laundering or other serious financial crime, we may be legally prohibited from notifying the affected user that such a disclosure has been made.
Business Transfers
In the event that 366bit undergoes a merger, acquisition, or sale of all or substantially all of its assets, your personal data may be transferred to the acquiring entity as part of that transaction. In such circumstances, 366bit will take reasonable steps to ensure that the acquiring entity commits to processing your data in a manner consistent with this Privacy Policy. You will be notified of any such transfer via your registered email address.
Our Commitment: We will never sell your personal data to advertising networks, data brokers, or any third party seeking to use it for their own commercial gain. Data sharing at 366bit is strictly limited to what is necessary to deliver our services and meet our legal obligations.
Cookies and Tracking Technologies
366bit uses cookies and similar tracking technologies (including web beacons, pixel tags, and local storage) to operate the platform, maintain your session state, remember your preferences, and gather analytics data that helps us understand how our platform is used. By continuing to use the 366bit platform, you acknowledge that cookies may be placed on your device in accordance with this policy.
Types of Cookies We Use
- Strictly Necessary Cookies: These cookies are essential for the platform to function correctly. They manage your login session, maintain your account state between pages, and enable security features such as CSRF protection. These cookies cannot be disabled without breaking core platform functionality.
- Performance and Analytics Cookies: We use analytics cookies to collect aggregated, anonymised data about how users navigate the 366bit platform, which pages and games are most visited, and where technical errors occur. This data helps us continuously improve platform performance and user experience.
- Functional Cookies: Functional cookies remember your preferences — such as your preferred language setting or recently viewed game categories — so that we can present a more personalised experience on your next visit.
- Marketing and Retargeting Cookies: Where you have provided consent, marketing cookies may be used to track your activity across sessions and, in conjunction with our advertising partners, deliver relevant promotional content related to 366bit offers. You may withdraw consent at any time.
Managing Your Cookie Preferences
You can control and manage cookies through your browser settings. Most modern browsers allow you to block all cookies, block third-party cookies only, or clear existing cookies at any time. Please note that disabling strictly necessary cookies will impair your ability to use the 366bit platform. For instructions on managing cookies in your specific browser, consult your browser's help documentation.
Third-Party Cookies
Some cookies on the 366bit platform are set by third-party service providers — including game studios and analytics platforms — rather than by 366bit directly. 366bit does not control the placement or operation of third-party cookies. We encourage you to review the privacy policies of these third parties for further information on their cookie practices.
Data Retention and Storage
366bit retains your personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following retention periods apply to the main categories of personal data we hold.
| Data Category | Retention Period | Legal Basis for Retention |
|---|---|---|
| Account and identity data | Duration of account plus 5 years after closure | Legal obligation (AML/KYC compliance) |
| Financial transaction records | Minimum 5 years from transaction date | Legal obligation (financial record-keeping) |
| Betting and gaming history | Duration of account plus 3 years after closure | Legitimate interest (dispute resolution) |
| Support communications | 3 years from date of last communication | Legitimate interest (quality assurance) |
| Marketing consent records | Until consent is withdrawn plus 1 year | Legal obligation (consent record-keeping) |
| Technical and session data | Up to 13 months | Legitimate interest (security monitoring) |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in a manner that prevents reconstruction of the original information. Where data is anonymised rather than deleted, the anonymised dataset may be retained indefinitely for statistical and analytical purposes, as it can no longer be linked to any identifiable individual.
Data Storage Location
Your personal data is stored on secure servers. Access to these servers is protected by multiple layers of physical and logical security controls, including role-based access restrictions, multi-factor authentication for system administrators, and full activity audit logging. 366bit applies industry-standard security measures to protect stored data from unauthorised access, accidental loss, and destruction.
Your Rights and Data Choices
As a user of the 366bit platform, you have a number of rights in relation to the personal data we hold about you. 366bit is committed to honouring these rights promptly and transparently. To exercise any of the rights described below, please contact our support team at [email protected] with a clear description of your request and sufficient information for us to verify your identity.
Right of Access
You have the right to request a copy of the personal data that 366bit holds about you. This is commonly referred to as a Subject Access Request (SAR). We will provide a response within a reasonable timeframe — typically within 30 calendar days of receiving your verified request. The response will include a description of the categories of data held, the purposes for which it is processed, and any third parties to whom it has been disclosed.
Right to Rectification
If any of the personal data we hold about you is inaccurate, incomplete, or out of date, you have the right to request that we correct it. Where possible, you may also update certain account details directly through your 366bit account profile. For more significant corrections — such as changes to your name or date of birth — we may require supporting documentation before making the amendment.
Right to Erasure
In certain circumstances, you have the right to request the deletion of your personal data — sometimes called the "right to be forgotten". This right applies where the data is no longer necessary for the purpose for which it was collected, where you have withdrawn consent and there is no other legal basis for processing, or where the data has been processed unlawfully. Please note that this right is subject to limitations where 366bit is legally obliged to retain the data (for example, for AML compliance purposes).
Right to Withdraw Marketing Consent
Where you have previously given consent to receive marketing communications from 366bit, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal. To opt out of marketing communications, please contact [email protected].
Right to Lodge a Complaint
If you believe that 366bit has handled your personal data in a manner that violates applicable data protection principles, you have the right to raise a complaint directly with us at [email protected]. We will acknowledge your complaint promptly and provide a substantive response within 30 calendar days.
Exercise Your Rights: To submit a data access request, correction request, or erasure request, please contact our dedicated privacy team at [email protected]. Please include your registered email address and account username to help us locate your records and verify your identity efficiently.
Security Measures
Protecting the integrity and confidentiality of your personal data is a core operational priority for 366bit. We employ a comprehensive set of technical, organisational, and procedural security measures designed to guard against unauthorised access, accidental loss, destruction, or disclosure of personal data.
Technical Security Controls
- 256-bit SSL/TLS encryption on all data in transit between your device and 366bit servers.
- Encryption at rest for sensitive personal and financial data stored in our databases.
- Multi-factor authentication (MFA) required for all administrative access to production systems.
- Automated intrusion detection systems that continuously monitor for anomalous access patterns and potential security breaches.
- Regular penetration testing conducted by independent security professionals to identify and remediate vulnerabilities before they can be exploited.
- Comprehensive audit logging of all access to systems containing personal data, with logs retained for a minimum of 12 months.
Organisational Security Measures
Access to personal data within 366bit is governed by a strict need-to-know principle. Only staff members whose roles require access to specific categories of personal data are granted the minimum level of access necessary to perform their duties. All staff with access to personal data receive regular data protection training and are bound by confidentiality obligations.
Your Responsibility
While 366bit takes all reasonable steps to protect your data on our side, the security of your account also depends on you. You are responsible for choosing a strong, unique password for your 366bit account, keeping your login credentials confidential, logging out of your account when using a shared or public device, and notifying us immediately at [email protected] if you suspect that your account has been accessed without your authorisation.
Data Breach Response
In the event of a personal data breach that is likely to result in a risk to your rights or interests, 366bit will take immediate steps to contain the breach, assess its scope and impact, and notify affected users without undue delay. Notification will be made via the email address registered to your 366bit account and will include a description of the nature of the breach, the categories of data affected, and the steps we are taking in response.
Updates to This Policy
366bit reserves the right to update, amend, or modify this Privacy Policy at any time to reflect changes in our data processing practices, changes in applicable law, or improvements to our platform. When material changes are made, we will provide notice to registered users via the email address associated with your account and by posting a prominent notice on the 366bit platform.
The date of the most recent revision is always displayed at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data. Your continued use of the 366bit platform following the publication of any update constitutes your acceptance of the revised policy.
Contact Us About Privacy
If you have any questions, concerns, or requests relating to this Privacy Policy or the way in which 366bit processes your personal data, please do not hesitate to contact our support team. We are available 24 hours a day, 7 days a week, and aim to respond to all privacy-related enquiries within 2 business days.
Privacy enquiries should be directed to: [email protected]
Please include your registered username and a clear description of your enquiry so that we can locate your records and respond as efficiently as possible. For formal Subject Access Requests, please include a copy of a valid government-issued photo ID to enable identity verification.
Additional Policies: This Privacy Policy should be read alongside our Terms & Conditions and our Responsible Gaming policy, which together form the complete legal framework governing your use of the 366bit platform.
Questions About Your Privacy?
Our support team is available around the clock to answer any questions about how 366bit handles your personal data. You can also explore our FAQ page for quick answers, review our full Terms & Conditions, or visit our Responsible Gaming section.