cve999 Privacy Policy
Your privacy matters at cve999. This Privacy Policy explains exactly what personal data we collect from Bangladesh players, how we use it, who we may share it with, and the rights you hold over your own information. Please read this document carefully before using the platform.
How cve999 Approaches Privacy
Before reading the full policy, these six cards summarise the principles that guide how cve999 handles personal data. They are a quick-reference overview — the detailed legal text follows below.
Minimal Data Collection
cve999 collects only the personal information that is necessary to operate a secure, compliant gaming account. We do not collect data for speculative future purposes or sell player profiles to data brokers.
Encryption by Default
All data transmitted between your device and cve999 is protected by TLS 1.3 encryption. Stored personal data and financial records are encrypted at rest using industry-standard AES-256 protocols.
Your Control
Registered cve999 players have the right to access, correct, export, and request deletion of their personal data at any time by contacting our support team. We respond to all verified data requests within 30 days.
Limited Sharing
cve999 does not sell your personal data. Sharing with third parties is limited to regulated service providers (payment processors, KYC verification services) and legal obligations only. All partners are contractually bound to data protection standards.
Defined Retention
Personal data is held only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable legal and anti-money laundering obligations. Data that is no longer needed is securely deleted or anonymised.
Transparent Updates
If this Privacy Policy is materially updated, cve999 will notify registered players via their registered email address or an in-platform notification before the changes take effect. The latest version is always available at /privacy-policy.
1 Data We Collect
When you use the cve999 platform — whether browsing as a visitor, registering an account, or actively placing bets — we collect certain categories of personal data. The specific data collected depends on how you interact with cve999. We describe these categories in full below.
1.1 Account Registration Data
When you create a cve999 account, we collect the information you provide directly during the registration process. This includes:
- Full legal name as it appears on your government-issued identity document
- Date of birth (used to verify that you meet the 18+ minimum age requirement)
- Registered mobile number (used for account authentication and transactional notifications)
- Email address (used for account communications and promotional messages where consented)
- Residential address in Bangladesh (city, district, and postal code at a minimum)
- Preferred currency (Bangladeshi Taka, ৳, is the default and only supported currency)
1.2 Identity Verification (KYC) Data
In accordance with our Know Your Customer obligations, cve999 collects copies of government-issued identity documents from players who reach withdrawal thresholds or who are selected for routine verification. KYC documents accepted include Bangladesh National Identity Cards (NID), passports, and driver's licences. The data extracted from these documents includes your photograph, document number, date of birth, and name — all cross-referenced against your registration data.
1.3 Financial Transaction Data
Every deposit and withdrawal processed through your cve999 account generates a financial record. We collect and store the following transaction data:
- Payment method type (bKash, Nagad, Rocket, Upay, bank card, or bank transfer)
- Mobile banking account number or card number (last four digits only for card payments)
- Transaction amount in Bangladeshi Taka (৳)
- Transaction date, time (Bangladesh Standard Time, UTC+6), and reference number
- Transaction status (pending, completed, reversed, or flagged)
1.4 Gameplay and Betting Data
cve999 records all gameplay activity on your account. This includes every bet placed (sport, market, selection, odds, stake, and outcome), every casino game session (game title, provider, session duration, and result), and your cumulative wagering history. This data is used for account management, responsible gaming monitoring, dispute resolution, and bonus eligibility assessment.
1.5 Device and Technical Data
When you access cve999, our servers and analytics tools automatically collect technical data about your device and connection. This includes your IP address, device type and operating system, browser type and version, screen resolution, session timestamps, pages visited, and referring URL. This technical data is used for platform security, fraud detection, and service performance optimisation.
1.6 Communications Data
If you contact the cve999 support team via email or live chat, we retain records of those communications, including the content of your messages, timestamps, and the resolution outcome. This is used for quality assurance, dispute resolution, and improving our customer service operations.
2 How We Use Your Data
cve999 processes personal data only for legitimate, clearly defined purposes. We do not use your data for any purpose that is incompatible with the reason it was originally collected. The table below sets out the primary purposes for which cve999 processes personal data and the lawful basis for each.
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Account creation and management | Registration data, contact details | Contract performance |
| Age and identity verification (KYC) | KYC documents, date of birth | Legal obligation |
| Processing deposits and withdrawals | Financial transaction data | Contract performance |
| Fraud prevention and AML monitoring | Transaction data, device data, IP address | Legal obligation / Legitimate interest |
| Responsible gaming monitoring | Gameplay data, session data, communication records | Legal obligation / Legitimate interest |
| Customer support and dispute resolution | Communications data, account history | Contract performance / Legitimate interest |
| Promotional communications (opt-in) | Email address, mobile number | Consent |
| Platform analytics and improvement | Device data, gameplay data (anonymised) | Legitimate interest |
2.1 Marketing Communications
cve999 may send you promotional emails, SMS notifications, or in-platform messages about new games, betting markets, bonuses, and special offers — but only where you have opted in to receive such communications at the time of registration or subsequently via your account settings. You may withdraw consent for marketing communications at any time by updating your notification preferences or by contacting [email protected]. Withdrawal of marketing consent does not affect the lawfulness of any processing carried out before that withdrawal.
2.2 Automated Decision-Making
cve999 uses automated systems for certain account-level decisions, including fraud scoring and responsible gaming alerts. Where an automated decision may significantly affect your account (such as a temporary account lock triggered by suspicious activity), you have the right to request human review of that decision by contacting our support team. We aim to resolve all such requests within 5 business days.
3 Cookies & Tracking
cve999 uses cookies and similar tracking technologies to operate the platform, remember your preferences, and understand how players use the site. A cookie is a small text file placed on your device by a web server. Cookies do not contain executable code and cannot access other data on your device.
3.1 Types of Cookies Used
- Strictly Necessary Cookies: These are essential for the cve999 platform to function. They include session authentication tokens, security tokens, and load-balancing identifiers. These cookies cannot be disabled without rendering core platform functions inoperative.
- Functional Cookies: These remember your preferences such as language selection, preferred sports markets, and display settings. Disabling them may affect your experience on the platform but will not prevent access.
- Analytics Cookies: cve999 uses first-party analytics cookies to understand how players navigate the site, which pages are visited most frequently, and where usability issues occur. The data collected is aggregated and does not identify you personally.
- Security Cookies: Used to detect and prevent fraudulent activity, including bot traffic, credential stuffing, and session hijacking attempts.
3.2 Managing Cookies
You can manage or disable cookies through your browser settings at any time. Most modern browsers allow you to block third-party cookies, clear existing cookies, and receive alerts when new cookies are set. Please note that disabling strictly necessary cookies will prevent you from logging in to your cve999 account. cve999 does not use advertising or cross-site tracking cookies.
4 Data Sharing & Third Parties
cve999 does not sell, rent, or trade your personal data to any third party for commercial gain. Data sharing with external parties is limited to the specific, necessary circumstances described in this section.
4.1 Payment Processors
To process deposits and withdrawals, cve999 shares necessary financial data with payment service providers including bKash, Nagad, Rocket, Upay, and card processing networks (Visa and Mastercard). This sharing is limited to the data required to execute the transaction and is governed by the data protection terms of each payment provider. cve999 does not store full card numbers — only tokenised payment references are retained on our systems.
4.2 KYC and Identity Verification Services
cve999 may use regulated third-party identity verification services to validate the authenticity of KYC documents submitted by players. These providers process your identity document data solely for the purpose of verification and are contractually prohibited from using it for any other purpose. All such providers operate under equivalent data protection obligations.
4.3 Legal and Regulatory Disclosure
cve999 may be required by law, court order, or regulatory authority to disclose personal data about specific players. In such cases, cve999 will disclose only the minimum data necessary to comply with the legal obligation. Where permitted by law, cve999 will notify the affected player of such a disclosure request before complying.
4.4 Business Transfers
In the event that cve999 or any part of its business is acquired, merged, or transferred to another entity, your personal data may be transferred as part of that transaction. cve999 will notify registered players of any such transfer and ensure that the receiving entity is bound by privacy obligations at least as protective as those described in this policy before any data is transferred.
5 Data Retention
cve999 retains personal data only for as long as is necessary to fulfil the purpose for which it was collected. Once data is no longer required, it is either securely deleted, anonymised, or archived in accordance with the schedule below.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | AML and legal obligation |
| KYC documents | 5 years after account closure | Regulatory requirement |
| Financial transaction records | 7 years from transaction date | Financial record-keeping obligation |
| Gameplay and betting history | 3 years from last activity | Dispute resolution / Legitimate interest |
| Customer support communications | 3 years from last interaction | Legitimate interest |
| Device and technical logs | 12 months from collection | Security / Fraud prevention |
| Marketing consent records | Until consent is withdrawn + 2 years | Accountability obligation |
After the applicable retention period expires, personal data is permanently deleted from cve999's active systems and any backups in which it is held. Anonymised, aggregated data derived from your activity (which cannot be used to re-identify you) may be retained indefinitely for statistical and analytical purposes.
6 Security Measures
cve999 implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. Our approach to data security includes the following layers of protection:
- Transport Encryption: All data transmitted between your browser or app and the cve999 platform is encrypted using TLS 1.3. Older, insecure protocol versions (SSL, TLS 1.0, TLS 1.1) are disabled on our servers.
- Data-at-Rest Encryption: Sensitive data stored in cve999 databases — including KYC documents, financial records, and account credentials — is encrypted at rest using AES-256.
- Access Controls: Access to personal data within cve999's internal systems is restricted on a strictly need-to-know basis. Staff who handle player data are subject to background checks, confidentiality agreements, and regular data protection training.
- Intrusion Detection: cve999 operates continuous monitoring systems to detect and respond to anomalous access patterns, potential intrusions, and denial-of-service attempts.
- Password Security: Account passwords are never stored in plaintext. cve999 uses industry-standard hashing algorithms with per-account salting to protect credential data.
- Two-Factor Authentication: cve999 supports two-factor authentication (2FA) for player accounts. We strongly encourage all Bangladesh players to enable 2FA via their account security settings.
6.1 Data Breach Response
In the unlikely event of a data breach that poses a risk to your personal data, cve999 will act swiftly to contain the breach, assess the scope of affected data, and notify affected players as required. Notifications will be sent via the registered email address associated with the affected account within a reasonable timeframe after the breach is identified and contained.
7 Your Privacy Rights
As a registered cve999 player, you hold the following rights with respect to your personal data. To exercise any of these rights, contact the cve999 data team at [email protected] with the subject line "Privacy Rights Request" and verify your identity using your registered email address and account details.
Right to Access
Request a copy of all personal data cve999 holds about you, including your account profile, transaction history, and KYC records.
Right to Rectification
Request correction of any inaccurate or incomplete personal data held on your account. Some data (such as your date of birth once KYC-verified) may require supporting documentation to amend.
Right to Erasure
Request deletion of your personal data. Note that erasure requests may be declined where retention is required by law (e.g., AML record-keeping obligations).
Right to Restriction
Request that cve999 temporarily restricts the processing of your data — for example, while a rectification request is under review.
Right to Portability
Request a machine-readable export of your personal data in a structured, commonly used format (CSV or JSON) where technically feasible.
Right to Object
Object to the processing of your data for direct marketing purposes at any time. You may also object to processing based on legitimate interests on grounds relating to your specific situation.
cve999 will respond to all verified privacy rights requests within 30 calendar days of receipt. In complex cases or where a large volume of data is involved, we may extend this period by a further 60 days, in which case you will be notified of the extension and the reason for it.
7.1 Withdrawing Consent
Where cve999 processes your data on the basis of your consent (such as for marketing communications), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out before the withdrawal. To withdraw marketing consent, update your notification preferences in your account dashboard or email [email protected].
8 Policy Updates & Contact
cve999 reviews this Privacy Policy periodically and updates it as necessary to reflect changes in our data processing practices, applicable law, or platform functionality. The version number and effective date at the top of this document indicate when the most recent update was made.
8.1 Material Changes
Where a proposed change to this Privacy Policy would materially affect how we process your personal data — such as introducing a new purpose for processing, a new category of data collected, or a new category of third-party recipient — cve999 will provide advance notice to all registered players via their registered email address. We will clearly describe what is changing and why. Your continued use of the cve999 platform after the effective date of any updated Privacy Policy constitutes your acknowledgement of the changes.
8.2 Contact Details
If you have any questions about this Privacy Policy, wish to exercise a data subject right, or want to raise a concern about how cve999 handles your personal data, please contact us using the details below:
- Email: [email protected] (subject line: "Privacy Policy Enquiry")
- Response Time: All privacy-related enquiries are acknowledged within 24 hours and fully responded to within 5 business days.
- Support Hours: 24 hours a day, 7 days a week, Bangladesh Standard Time (UTC+6).
Questions About Your Privacy on cve999?
Our support team is available around the clock to assist with any privacy or data-related concerns. You can also explore our FAQ for quick answers or visit your account to manage your data preferences.