Privacy Policy for 356ac
At 356ac, your privacy is a foundational commitment, not a footnote. This Privacy Policy explains precisely what personal data we collect from Bangladeshi players, how we use and store it, who we share it with, and what rights you hold over your own information at every stage of your relationship with us.
How 356ac Protects Your Privacy
Our approach to data privacy is built around transparency, minimal collection, and robust technical safeguards. Below are the six core principles that guide how 356ac handles member data.
SSL Encryption in Transit
All data exchanged between your device and the 356ac platform travels over TLS 1.3 encrypted connections. This applies to account login, deposits via bKash and Nagad, game sessions, and support communications — nothing is transmitted in plain text.
Encrypted Data at Rest
Member records stored in the 356ac database — including your NID reference, payment identifiers, and session logs — are encrypted at rest using industry-standard AES-256 encryption. Encryption keys are managed separately and rotated on a scheduled basis.
Strict Access Controls
Access to personal member data within 356ac is granted on a strict need-to-know basis. Operational staff can access only the data required for their specific role. All internal data access is logged and subject to periodic audit review.
No Sale of Personal Data
356ac does not sell, rent, or trade your personal information to any third party for their own marketing or commercial purposes. Data shared with our service partners is limited strictly to what is necessary to deliver the 356ac platform services to you.
Right to Erasure
You may request deletion of your personal data at any time, subject to our legal retention obligations. Once a valid erasure request is confirmed, your identifiable data is removed from active systems within 30 days and purged from backup archives within 90 days.
Marketing Opt-Out
All promotional communications from 356ac are strictly opt-in. You may withdraw consent for marketing messages at any time by contacting our support team. Opt-out requests are actioned within 48 hours, after which you will receive no further promotional content.
1. Information We Collect
356ac collects personal data only to the extent necessary to provide a safe, compliant, and high-quality gaming experience to members based in Bangladesh. The categories of data we collect fall into three groups: information you provide directly, information generated through your use of the platform, and information received from third-party service providers.
Information You Provide Directly:
- Registration data: Your full legal name, date of birth, mobile phone number, and preferred mobile financial service account number (bKash, Nagad, Rocket, or Upay).
- Identity verification documents: A copy of your National Identity Card (NID), passport, or driving licence, submitted as part of the KYC verification process.
- Account credentials: Your chosen username and a hashed (non-recoverable) representation of your password. 356ac never stores passwords in plain text.
- Support communications: Any messages, attachments, or information you voluntarily share when contacting the 356ac support team via live chat or email.
- Responsible gaming declarations: Self-assessment responses, deposit limit preferences, and self-exclusion requests submitted through the platform's responsible gaming tools.
Information Generated Through Platform Use:
- Transaction records: Deposit amounts, withdrawal requests, transaction timestamps, payment reference numbers, and associated mobile wallet identifiers.
- Gaming activity logs: Game session timestamps, bet amounts, game outcomes, and accumulated wagering history used for account management and dispute resolution.
- Device and access data: IP address, browser type and version, operating system, device model, screen resolution, and time-zone setting collected automatically when you access the platform.
- Behavioural analytics: Aggregated, anonymised patterns of platform interaction (pages visited, session duration, navigation paths) used to improve the user experience.
Information Received from Third Parties:
- Payment provider confirmations: Transaction status signals received from bKash, Nagad, Rocket, Upay, and bank partners confirming successful deposits or withdrawals.
- Identity verification results: Pass/fail results from third-party identity verification services used to confirm NID authenticity during KYC checks.
- Fraud and risk signals: Anonymised risk scores from fraud-detection partners used to identify and prevent account takeover attempts and money-laundering activity.
356ac does not knowingly collect personal data from individuals under 18 years of age. If we become aware that a member account belongs to an underage individual, the account will be suspended immediately and all collected data will be handled in accordance with Section 5 of this policy.
2. How We Use Your Data
356ac uses the personal data described in Section 1 for the following specific purposes. We process your data only where we have a lawful basis to do so, which in most cases is contractual necessity (to deliver the services you have signed up for), legal obligation (to comply with applicable anti-money laundering and age-verification requirements), or legitimate interest (to protect the platform and its members from fraud).
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation and management | Registration data, credentials | Contractual necessity |
| Age and identity verification (KYC) | NID / passport copy, date of birth | Legal obligation |
| Processing deposits and withdrawals | Transaction records, payment identifiers | Contractual necessity |
| Customer support and dispute resolution | Support communications, gaming logs | Contractual necessity |
| Fraud prevention and security monitoring | Device data, IP address, risk signals | Legitimate interest |
| Anti-money laundering compliance | Transaction records, identity documents | Legal obligation |
| Responsible gaming management | Gaming activity logs, self-assessment data | Contractual necessity / Legal obligation |
| Platform improvement and analytics | Anonymised behavioural analytics | Legitimate interest |
| Promotional communications (opt-in only) | Mobile number, email (where provided) | Consent |
We do not use automated decision-making processes that produce legally significant effects about you without human review. Where automated tools are used for fraud scoring or responsible gaming flagging, a member of the compliance team reviews the output before any account action is taken.
3. Data Sharing & Third Parties
356ac does not sell your personal data. We share personal data with third parties only in the limited circumstances described below, and only to the extent strictly necessary for the stated purpose.
Payment Service Providers: To process deposits and withdrawals, we share your registered payment account identifier and the transaction amount with the relevant mobile financial service provider (bKash, Nagad, Rocket, or Upay) or banking partner. These providers act as independent data controllers for transactions processed through their own systems and are governed by their own privacy policies.
Identity Verification Partners: During KYC verification, identity document images may be transmitted to a third-party verification service operating under a strict data processing agreement with 356ac. Verification partners are prohibited from using your data for any purpose other than confirming the authenticity of your submitted document.
Game Software Providers: Casino game providers (including Evolution Gaming, Pragmatic Play, Ezugi, NetEnt, Microgaming, and Spribe) receive a pseudonymous player identifier and game session data to enable game functionality and calculate outcomes. These providers do not receive your name, NID, or contact details.
Fraud Prevention and Security Services: Anonymised risk-signal data (including IP address and device fingerprint) may be shared with fraud-detection service partners to identify and prevent account takeover attempts, bonus abuse, and money-laundering activity across the platform.
Legal and Regulatory Disclosure: 356ac may disclose personal data to law enforcement agencies, financial intelligence units, or other regulatory authorities where required to do so by law, court order, or in response to a lawful government request. We will notify affected members of such disclosures where legally permitted to do so.
Business Transfers: In the event of a merger, acquisition, or transfer of substantially all of 356ac's assets, member data may be transferred to the acquiring entity. Members will be notified of any such transfer and provided with an opportunity to request deletion of their data before the transfer is completed.
All third-party service providers engaged by 356ac are required to process member data in accordance with applicable data protection standards and are prohibited from using member data for their own independent commercial purposes.
4. Cookies & Tracking
The 356ac platform uses cookies and similar tracking technologies to support platform functionality, maintain session security, and gather anonymised analytics data. Below is a description of the cookie categories in use.
Strictly Necessary Cookies: These cookies are essential for the platform to function and cannot be disabled without preventing core features from working. They include session authentication tokens (which keep you logged in during a gaming session), CSRF protection tokens (which prevent cross-site request forgery attacks), and load-balancing cookies (which route your requests to the appropriate server). No consent is required for strictly necessary cookies as they are indispensable for service delivery.
Functional Cookies: These cookies remember your preferences — such as your preferred language setting, your last-visited game category, and your responsible gaming notification preferences — so that you do not need to re-enter them each time you visit the platform. Functional cookies are set only with your consent.
Analytics Cookies: Anonymised analytics cookies help the 356ac product team understand how members navigate the platform, which game categories are most visited, and where members encounter difficulty. This data is aggregated and cannot be used to identify any individual. Analytics cookies are set only with your consent and may be withdrawn at any time.
Managing Cookies: You can control cookie settings through your browser's privacy controls. Please note that disabling cookies beyond the strictly necessary category may affect your experience of the platform. Instructions for managing cookies in the most common browsers are available through the browser provider's official support documentation.
356ac does not use third-party advertising or retargeting cookies. We do not place cookies on behalf of ad networks or social media platforms.
5. Data Retention
356ac retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable legal and regulatory obligations. The following retention periods apply:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | Anti-money laundering legal obligation |
| Identity verification documents | 5 years after account closure | KYC regulatory requirement |
| Transaction records | 7 years from transaction date | Financial record-keeping obligation |
| Gaming activity logs | 3 years from session date | Dispute resolution and responsible gaming |
| Support communications | 2 years from last interaction | Service quality and dispute evidence |
| Marketing consent records | Until consent is withdrawn + 1 year | Proof of consent for compliance |
| Anonymised analytics data | Indefinitely (no personal identifiers) | Product improvement — non-personal |
When the applicable retention period expires, personal data is securely deleted from active systems and scheduled for purge from encrypted backup archives within 90 days. Data subject to an ongoing legal hold (e.g., pending litigation or a regulatory investigation) will be retained until the hold is lifted, after which standard retention periods apply.
6. Security Measures
356ac implements a layered security architecture designed to protect member data against unauthorised access, disclosure, alteration, and destruction. Our key technical and organisational security measures include:
- Transport Layer Security (TLS 1.3): All data in transit between member devices and 356ac servers is encrypted using TLS 1.3, the current industry-leading standard for web encryption.
- AES-256 Encryption at Rest: Sensitive member data stored in the 356ac database — including identity document references, payment identifiers, and session tokens — is encrypted using AES-256 symmetric encryption with separately managed key storage.
- Role-Based Access Control (RBAC): Internal system access is governed by a strict role-based model. Staff members can only access the data and functions required for their designated role. Privileged access is reviewed quarterly.
- Multi-Factor Authentication for Staff: All 356ac staff accounts with access to member data require multi-factor authentication. Privileged administrative access requires hardware security key authentication in addition to standard MFA.
- Intrusion Detection and Monitoring: The 356ac infrastructure is monitored around the clock by automated intrusion detection systems that flag anomalous access patterns for immediate review by the security team.
- Penetration Testing: The platform undergoes regular third-party penetration testing to identify and remediate vulnerabilities before they can be exploited.
- Incident Response Plan: In the event of a data breach affecting member personal data, 356ac will notify affected members without undue delay and will take immediate steps to contain the breach and prevent further exposure.
While 356ac employs robust technical safeguards, no security system is entirely infallible. We strongly encourage all members to use a strong, unique password for their 356ac account, enable mobile OTP authentication, and report any suspicious account activity to [email protected] immediately.
7. Your Privacy Rights
As a 356ac member, you have the following rights with respect to your personal data. To exercise any of these rights, submit a request to [email protected] with the subject line "Privacy Rights Request" and your registered mobile number for identity verification. We will respond to all valid requests within 30 days.
- Right of Access: You have the right to request a copy of all personal data that 356ac holds about you, including the categories of data, the purposes for which it is processed, and the third parties with whom it has been shared.
- Right to Rectification: If any of your personal data held by 356ac is inaccurate or incomplete, you have the right to request that it be corrected. Rectification requests relating to identity data will require supporting documentation.
- Right to Erasure: You may request deletion of your personal data, subject to our legal retention obligations set out in Section 5. We will confirm which data can be deleted immediately and which must be retained for compliance purposes.
- Right to Restrict Processing: In certain circumstances — for example, where you contest the accuracy of your data or have objected to processing — you may request that 356ac restrict processing of your data while the matter is resolved.
- Right to Data Portability: You may request a copy of the personal data you have provided to 356ac in a structured, machine-readable format (CSV or JSON), suitable for transfer to another service provider.
- Right to Withdraw Consent: Where data processing is based on your consent (e.g., marketing communications, functional cookies), you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
- Right to Object: You may object to the processing of your personal data where it is based on legitimate interest, including profiling for responsible gaming purposes. 356ac will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
356ac will not charge a fee for handling privacy rights requests in ordinary circumstances. If a request is manifestly unfounded or excessive, we reserve the right to charge a reasonable administrative fee or refuse to act on the request, with written reasons provided.
8. Contact & Data Officer
If you have any questions, concerns, or requests relating to this Privacy Policy or the way in which 356ac handles your personal data, please contact our Data Privacy team using the details below.
Email: [email protected] (subject line: "Privacy Policy Enquiry")
Response Time: We aim to respond to all privacy-related enquiries within 4 hours during business hours, and within 24 hours at all other times (Bangladesh Standard Time, UTC+6).
Postal Address: Privacy enquiries may also be submitted in writing to our registered correspondence address. Please contact the support team by email in the first instance to obtain current correspondence details.
Where your enquiry relates to a formal data subject rights request (access, erasure, portability, etc.), please use the subject line "Privacy Rights Request" and include your registered mobile number so that we can verify your identity before processing the request. We will not action privacy rights requests from unverified senders.
Policy Updates: We review this Privacy Policy at least annually and whenever there is a material change to how we collect or process personal data. When updates are made, the revised policy will be published on this page with an updated effective date. Where changes are significant, we will notify active members via their registered mobile number. We encourage you to review this page periodically to stay informed of how 356ac protects your information.
Ready to Play at 356ac?
Now that you understand how 356ac protects your privacy, explore our full range of casino games and cricket betting markets. Deposits via bKash and Nagad are credited instantly. 18+ only — please gamble responsibly.
18+ Only Gambling involves risk. Play responsibly.