vipok Privacy Policy
At vipok, protecting the personal data of our players is a core operational commitment, not an afterthought. This Privacy Policy explains exactly what information we collect, how we use it, who we share it with, and what rights you hold as a player on our Bangladesh platform.
1 Information We Collect
When you register for a vipok account, use our platform, or contact our support team, we collect certain categories of personal data. The specific data collected depends on the context of the interaction. Below is a comprehensive breakdown of the data categories vipok processes:
| Data Category | Examples | Collection Point |
|---|---|---|
| Identity Data | Full legal name, date of birth, gender, nationality | Account registration, KYC verification |
| Contact Data | Email address, phone number, residential address (Dhaka, Chittagong, Sylhet, etc.) | Account registration, support requests |
| Financial Data | bKash/Nagad/Rocket account numbers, Visa/Mastercard partial details, transaction history, deposit and withdrawal amounts in BDT | Cashier / payment processing |
| Identity Verification Documents | National ID scan, passport copy, driver's licence image | KYC verification process |
| Technical Data | IP address, device type, browser type and version, operating system, screen resolution, session timestamps | Automatic collection during platform use |
| Usage Data | Games played, bet amounts, win/loss records, session durations, pages visited, betting market selections | Automatic collection during gameplay and betting |
| Communications Data | Support chat transcripts, email correspondence, complaint records | Customer support interactions |
| Marketing Preferences | Opt-in/opt-out status for promotional emails, SMS, and platform notifications | Account settings, preference updates |
We do not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, or health information unless such data is voluntarily disclosed during a responsible gaming self-assessment. In that case, the data is used solely to process your request for protective measures and is not used for any other purpose.
2 How We Use Your Data
vipok processes your personal data for clearly defined, legitimate purposes. Every processing activity is underpinned by one of the following legal bases: performance of a contract with you, compliance with a legal obligation, protection of legitimate interests, or your explicit consent (where applicable). The table below maps each processing purpose to its legal basis:
- Account creation and management: To set up, maintain, and administer your vipok account, including authentication, account recovery, and profile management. Legal basis: contract performance.
- Identity verification (KYC): To verify your identity and age (18+) before processing withdrawals or as required by our anti-money laundering obligations. Legal basis: legal obligation.
- Payment processing: To process deposits via bKash, Nagad, Rocket, Upay, Visa, Mastercard, Dutch-Bangla Bank, and City Bank, and to process withdrawal requests to your nominated payment method. Legal basis: contract performance.
- Game and betting service delivery: To provide access to casino games, live dealer tables, sports betting markets (including BPL, IPL, T20 World Cup, Bangladesh national cricket team), and all other gaming services on the platform. Legal basis: contract performance.
- Fraud prevention and security: To detect, investigate, and prevent fraudulent transactions, account compromise, money laundering, and other prohibited activities. Legal basis: legitimate interests and legal obligation.
- Responsible gaming compliance: To monitor gameplay patterns for signs of problem gambling, to enforce self-exclusion and deposit limit requests, and to contact players where our systems identify potential harm indicators. Legal basis: legal obligation and legitimate interests.
- Customer support: To respond to your queries, complaints, and technical issues submitted through our support channels. Legal basis: contract performance.
- Marketing communications: To send you promotional offers, bonus notifications, and platform updates — but only where you have opted in to receive such communications. Legal basis: consent. You may withdraw consent at any time via account settings or by contacting [email protected].
- Platform analytics and improvement: To analyse usage patterns, game performance, and platform behaviour in aggregated, anonymised form to improve our services. Legal basis: legitimate interests. Individual player data is not reviewed for this purpose.
- Legal and regulatory compliance: To comply with applicable laws, respond to lawful requests from competent authorities, and enforce our Terms & Conditions. Legal basis: legal obligation.
vipok does not use automated decision-making that produces legal or similarly significant effects on players without human review. Where automated systems flag an account for investigation (e.g., fraud detection algorithms), a qualified member of our compliance team reviews the flag before any account-level action is taken.
3 Data Sharing & Third Parties
vipok does not sell, rent, or trade your personal data to any third party for their own marketing purposes. Data is shared with third parties only in the limited circumstances described below, and always under binding confidentiality and data protection obligations:
- Payment service providers: bKash, Nagad, Rocket, Upay, Visa, Mastercard, Dutch-Bangla Bank, and City Bank receive the minimum financial data necessary to process your deposit or withdrawal transaction. These providers operate under their own data protection frameworks and are bound by contractual obligations to vipok regarding data use limitations.
- Game technology providers: Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi, and other licensed game suppliers receive anonymised session data necessary to deliver their games and resolve technical disputes. These providers do not receive your identity data or financial data.
- Identity verification services: Third-party KYC providers receive your submitted identity documents for the purpose of age and identity verification. Documents are processed under strict data handling agreements and are not retained by the provider beyond the verification period.
- Fraud prevention and AML partners: Specialist compliance technology providers may receive transactional data to assist in anti-money laundering screening and fraud detection. All such providers are contractually restricted to processing data solely for these purposes.
- IT infrastructure and hosting providers: Our platform infrastructure is hosted on secure, industry-standard cloud infrastructure. Hosting providers have access to data solely for the purpose of providing infrastructure services and operate under data processing agreements with vipok.
- Law enforcement and regulatory authorities: vipok will disclose personal data to competent authorities where required to do so by a lawful court order, legal process, or applicable regulation. Where legally permitted, vipok will notify affected players of such disclosure.
- Business transfers: In the event of a merger, acquisition, or sale of all or part of vipok's business, player data may be transferred to the acquiring entity as part of that transaction. Affected players will be notified prior to any such transfer, and the acquiring entity will be required to honour the commitments made in this Privacy Policy.
4 Cookies & Tracking Technologies
vipok uses cookies and similar tracking technologies on its platform to enable core functionality, improve user experience, and support security operations. A cookie is a small text file placed on your device by our platform when you visit. We use the following categories of cookies:
- Strictly necessary cookies: These cookies are essential for the platform to function. They enable session management, authentication, security token validation, and payment flow continuity. These cookies cannot be disabled without breaking core platform functionality. No consent is required for these cookies.
- Functional cookies: These cookies remember your preferences, such as your preferred language, display settings, and notification preferences, so you do not need to re-enter them each session. They are set only after you have configured a preference.
- Analytics cookies: vipok uses anonymised, aggregated analytics to understand how players navigate the platform — which pages are visited most, where users exit, and how long sessions last. This data is used solely to improve the platform experience. No individual player is identified in analytics reports.
- Security cookies: These cookies assist in detecting and preventing fraudulent activity, account takeover attempts, and bot traffic. They are strictly necessary for platform security and cannot be disabled.
vipok does not use third-party advertising cookies, social media tracking pixels, or cross-site behavioural profiling technologies. You will not be targeted with personalised advertising based on your vipok browsing behaviour on any external website or platform.
You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will impair your ability to log in and use the platform. For a full list of cookies currently in use, contact [email protected] and request the cookie inventory document.
5 Data Retention & Storage
vipok retains personal data for no longer than is necessary for the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following retention periods apply as a baseline:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | AML compliance, legal obligation |
| KYC identity documents | 5 years after account closure | Regulatory requirement |
| Financial transaction records | 7 years from transaction date | Financial record-keeping obligation |
| Support communications | 3 years from last interaction | Dispute resolution, quality assurance |
| Game and betting history | 5 years from account closure | Dispute resolution, regulatory audit |
| Marketing preferences | Until withdrawal of consent or account closure | Consent management |
| Technical / log data | 12 months from collection | Security monitoring, fraud detection |
All personal data stored by vipok is held on secured, encrypted servers. Upon expiry of the applicable retention period, data is securely deleted or irreversibly anonymised so that it can no longer be associated with any individual player. Anonymised, aggregated data may be retained indefinitely for statistical and analytical purposes.
Where data is processed by third-party service providers (such as payment processors or KYC providers), those providers are contractually required to delete your data within a period consistent with the retention schedules above, or immediately upon termination of the service agreement, whichever is earlier.
6 Your Rights as a Player
As a registered vipok player, you hold a set of substantive rights with respect to your personal data. vipok is committed to facilitating the exercise of these rights promptly and without undue obstruction. Your rights are as follows:
To exercise any of the rights listed above, contact the vipok Data Protection team at [email protected] with the subject line "Data Rights Request". Please include your registered username and a clear description of the right you wish to exercise. We will verify your identity before actioning any request and will respond within 30 days of receipt. Where a request is complex or involves a large volume of data, we may extend the response period by a further 30 days and will notify you of this extension.
7 Data Security Measures
vipok employs a multi-layered approach to data security, combining technical, organisational, and procedural controls to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Our security framework includes:
- TLS/SSL encryption: All data transmitted between your device and the vipok platform is encrypted in transit using industry-standard TLS 1.2 or higher. The padlock symbol visible in your browser's address bar confirms an active encrypted connection.
- Encryption at rest: Personal data and financial records stored on vipok servers are encrypted at rest using AES-256 encryption. Encryption keys are managed under strict access control policies.
- Access controls: Access to player personal data within vipok's systems is restricted to authorised personnel on a strict need-to-know basis. All internal access is logged, and access logs are reviewed regularly for anomalous activity.
- Two-factor authentication: vipok supports two-factor authentication (2FA) for player accounts as an additional layer of account security. Players are strongly encouraged to enable 2FA via their account security settings.
- Penetration testing and security audits: vipok conducts regular security assessments, including penetration testing by qualified independent security professionals, to identify and remediate vulnerabilities before they can be exploited.
- Incident response: In the event of a data breach that is likely to result in a risk to player rights, vipok will notify affected players without undue delay and will take all necessary remediation steps to contain the breach and prevent recurrence.
- Staff training: All vipok personnel with access to player data receive mandatory data protection training and are bound by confidentiality obligations under their employment agreements.
While vipok takes all reasonable and practicable measures to protect your personal data, no digital platform can guarantee absolute security. You play an important role in keeping your account secure: use a strong, unique password, enable 2FA, never share your login credentials with any third party, and contact [email protected] immediately if you suspect your account has been compromised.
8 Changes to This Policy
vipok may update this Privacy Policy periodically to reflect changes in our data processing practices, legal obligations, or platform features. When a material change is made to this policy, we will notify registered players via the email address associated with their account and/or via an on-platform notification, with at least 14 days' advance notice before the change takes effect.
The most current version of this Privacy Policy is always available at vipok.club/privacy-policy. The effective date at the top of this page indicates when the current version was last updated. We encourage you to review this policy periodically so that you remain informed about how vipok processes and protects your personal data.
If you have any questions, concerns, or complaints about this Privacy Policy or vipok's data processing practices, please contact our Data Protection team at [email protected]. We will acknowledge your query within two (2) business days and provide a substantive response within 14 business days of receipt. All times are referenced in Bangladesh Standard Time (UTC+6).
How vipok Protects Your Privacy
Six core data protection principles that define how vipok handles player information across every part of the Bangladesh platform.
vipok has never sold player personal data to advertisers, data brokers, or any third party for commercial resale. Your information is used exclusively to operate and improve your experience on our platform.
All personal data stored on vipok servers — including your identity documents, financial records, and account information — is encrypted at rest using AES-256, the same standard used in global financial institutions.
You can request a complete copy of all personal data we hold about you at any time. vipok will respond within 30 days. You also have the right to correct inaccurate data, request deletion, and object to specific processing activities.
vipok only collects data that is strictly necessary for the purpose it is needed. If a service does not require a specific piece of information, we do not ask for it. No speculative or bulk data collection takes place on our platform.
Every category of data we hold has a defined retention period. When the retention period expires, data is securely deleted or irreversibly anonymised. We do not hold data indefinitely or without a documented legal basis for doing so.
Every third party that receives your data — from bKash and Nagad to our game providers — is named in this policy, bound by a data processing agreement, and restricted to using your data only for the specific purpose it was shared for.
Have Questions About Your Data?
Our support team is available around the clock to answer privacy questions, process data access requests, and handle self-exclusion enquiries. You can also read our full Terms & Conditions or visit the Responsible Gaming page for more information about how vipok protects its players.