Privacy Policy — cd2222 Protects Your Data
At cd2222, your personal information is treated with the highest level of care. This Privacy Policy explains exactly what data we collect, why we collect it, how it is used, and the rights you hold as a player on our platform.
256-bit SSL Encryption
All data transmitted between your device and cd2222 servers is protected by industry-standard 256-bit SSL/TLS 1.3 encryption at all times.
No Data Selling
cd2222 does not sell, rent, or trade your personal information to third-party marketers or advertising networks under any circumstances.
Your Data, Your Rights
Every cd2222 player has the right to access, correct, or request deletion of their personal data by contacting our support team.
Secure Storage
Player data is stored in access-controlled, encrypted database environments. Regular security audits are conducted by independent professionals.
1 Data We Collect
cd2222 collects personal data from players and visitors through several channels, including account registration forms, payment processing flows, KYC verification submissions, customer support interactions, and automatic technical tracking. The categories of personal data we collect are described in detail below.
1.1 Registration & Identity Data
- Full legal name — collected during account registration and used for identity verification and account correspondence.
- Date of birth — collected to verify that you meet the 18+ age requirement. This data is treated as sensitive and stored with additional security controls.
- Email address — used as your primary account identifier and communication channel for account notifications, promotional offers (where opted in), and security alerts.
- Mobile phone number — collected for two-factor authentication (2FA), account recovery, and optional SMS notifications.
- Residential address — collected as part of KYC requirements, including city and district within Bangladesh (e.g., Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, Mymensingh).
- Government-issued identity documents — national identity card (NID), passport, or other valid documents may be requested for KYC verification and age confirmation.
1.2 Financial & Transaction Data
- Payment method details — mobile banking account numbers for bKash, Nagad, Rocket, and Upay; card details for Visa and Mastercard (processed via PCI-DSS compliant payment gateways; full card numbers are never stored by cd2222 directly).
- Transaction history — a complete record of deposits, withdrawals, bonus credits, and wager amounts associated with your account, retained for regulatory and AML compliance purposes.
- Wallet balance history — snapshots of your account balance at key intervals, retained as part of the audit trail for responsible gaming monitoring.
1.3 Technical & Usage Data
- IP address and geolocation — used to detect account access from unusual locations, prevent fraud, and ensure compliance with applicable access restrictions.
- Device and browser information — device type, operating system, browser name and version, screen resolution, and unique device identifiers collected for security and platform optimisation purposes.
- Session and behavioural data — pages visited, games played, bet amounts, session duration, and click patterns collected to personalise the platform experience and improve responsible gaming monitoring.
- Cookies and tracking data — see Section 4 of this Policy for a full description of the cookies and tracking technologies used by cd2222.
2 How We Use Your Data
cd2222 uses your personal data only for the purposes described in this Policy. We do not use your data for purposes incompatible with those stated here without first obtaining your explicit consent. The primary purposes for which your data is processed are as follows.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account registration & management | Name, email, DOB, phone number | Contractual necessity |
| Identity & age verification (KYC) | NID / passport, DOB, address | Legal obligation |
| Processing deposits & withdrawals | Payment method details, transaction records | Contractual necessity |
| Anti-money laundering (AML) monitoring | Transaction history, IP address, identity data | Legal obligation |
| Fraud detection & account security | IP address, device data, session data | Legitimate interest |
| Responsible gaming monitoring | Betting patterns, session duration, wallet data | Legal obligation + legitimate interest |
| Customer support & dispute resolution | Account data, communication history | Contractual necessity |
| Promotional communications (opted-in only) | Email address, game preferences | Consent |
| Platform analytics & improvement | Anonymised behavioural & technical data | Legitimate interest |
3 Data Sharing & Disclosure
cd2222 does not sell, rent, or trade your personal data to any third party for commercial purposes. We may, however, share your data with specific categories of trusted third parties strictly in order to operate the platform and comply with legal obligations. All third-party data processors engaged by cd2222 are bound by data processing agreements that require them to treat your data with the same level of care as described in this Policy.
3.1 Categories of Third-Party Recipients
- Payment service providers — bKash, Nagad, Rocket, Upay, SureCash, Visa, Mastercard, and partner banks (including Dutch-Bangla Bank, BRAC Bank, City Bank) receive the minimum data necessary to process your financial transactions securely.
- Game software providers — providers such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi receive anonymised session tokens to facilitate gameplay. These providers do not receive your full identity or financial data.
- KYC and identity verification services — specialist third-party identity verification partners may receive your identity documents and biometric data solely for the purpose of KYC compliance. These partners are contractually prohibited from using your data for any other purpose.
- Fraud prevention and AML screening services — transaction monitoring platforms may receive transaction records and IP data to perform automated AML and fraud risk assessments as required by anti-money laundering obligations.
- Cloud infrastructure and hosting providers — cd2222's servers and databases are hosted on enterprise-grade cloud infrastructure. Our hosting providers operate under strict data processing agreements and do not access your data for their own purposes.
- Legal and regulatory authorities — cd2222 may be required by applicable law, court order, or the request of a competent authority to disclose certain player data. We will always seek to limit the scope of such disclosure to the minimum required by law.
3.2 International Data Transfers
Some of cd2222's third-party service providers operate servers located outside Bangladesh. Where personal data is transferred internationally, cd2222 ensures that adequate safeguards are in place — such as standard contractual clauses or equivalent data protection commitments — before any transfer takes place. We do not transfer data to jurisdictions that do not offer an adequate level of data protection without appropriate safeguards.
4 Cookies & Tracking
cd2222 uses cookies and similar tracking technologies to operate the platform effectively, maintain session continuity, prevent fraud, and understand how players interact with our games and features. A cookie is a small text file placed on your device by your web browser when you visit cd2222. It does not give us access to your device or other files stored on it.
4.1 Types of Cookies Used
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Session | Maintain login sessions, store cart/game state, enable basic platform functionality | Session (deleted on browser close) |
| Authentication | Verify your identity across page loads; support "Remember Me" functionality | Up to 30 days |
| Security | Detect unusual login patterns, prevent CSRF attacks, flag suspicious sessions | Session / 1 year |
| Analytics | Measure page traffic, track feature usage, and identify performance bottlenecks (data anonymised) | Up to 2 years |
| Preferences | Store your language, game lobby layout, and notification preferences | Up to 1 year |
You may configure your browser settings to block or delete cookies at any time. Please note that blocking essential cookies will impair core platform functionality, including the ability to log in to your cd2222 account. cd2222 does not use cookies to serve third-party advertising or to track your browsing activity on other websites outside of cd2222.app.
5 Data Retention
cd2222 retains your personal data only for as long as is necessary to fulfil the purposes described in this Policy, or as required by applicable legal, regulatory, audit, or compliance obligations. The following retention periods apply to the principal categories of player data.
- Account and identity data — retained for the duration of your account's active life and for a period of five (5) years following account closure, in accordance with anti-money laundering record-keeping requirements.
- KYC documentation — retained for a minimum of five (5) years after the end of the business relationship, as required for regulatory compliance purposes.
- Transaction and financial records — retained for a minimum of five (5) years from the date of each transaction, for tax, AML, and audit purposes.
- Customer support communications — retained for three (3) years from the date of the last interaction, for dispute resolution and quality assurance purposes.
- Technical and usage logs — retained for twelve (12) months in identifiable form, after which they are anonymised or deleted.
- Marketing consent records — retained for the duration of the consent period plus three (3) years to demonstrate compliance with consent obligations.
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be linked to any identifiable individual. Where deletion is requested by a player before the end of a mandatory retention period, cd2222 will restrict processing of the data to the minimum necessary to fulfil the legal retention obligation and will delete or anonymise all remaining data as soon as the legal obligation permits.
6 Your Privacy Rights
cd2222 respects your rights in relation to your personal data. As a player on the cd2222 platform, you are entitled to exercise the following rights at any time by submitting a request to [email protected] with the subject line "Privacy Rights Request". We will respond to all valid requests within 30 days of receipt.
- Right of Access — You may request a copy of all personal data that cd2222 holds about you, along with information about how it is being used and with whom it has been shared.
- Right to Rectification — If any of the personal data we hold about you is inaccurate or incomplete, you may request that it be corrected or updated. Basic account data such as email address and phone number can also be updated directly via Account Settings.
- Right to Erasure — You may request deletion of your personal data where we no longer have a legal basis to retain it. Note that requests for erasure cannot be fulfilled where cd2222 is subject to a mandatory data retention obligation (see Section 5).
- Right to Restrict Processing — You may request that cd2222 limit its use of your personal data to storage only, pending the resolution of a dispute or pending verification of a rectification request.
- Right to Data Portability — Where data is processed on the basis of your consent or a contract, you may request that we provide your data in a structured, commonly used, and machine-readable format so that you may transfer it to another service provider.
- Right to Withdraw Consent — Where processing is based on your consent (e.g., marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.
- Right to Object — You may object to the processing of your personal data for purposes based on legitimate interest, including profiling for responsible gaming monitoring purposes, subject to our overriding legal obligations.
7 Data Security Measures
cd2222 takes the security of your personal data extremely seriously. We maintain a comprehensive information security programme that includes technical, organisational, and procedural safeguards designed to protect your data against unauthorised access, disclosure, alteration, or destruction.
7.1 Technical Safeguards
- 256-bit SSL/TLS encryption — all data transmitted between your device and cd2222 servers is encrypted using TLS 1.3 or higher, ensuring that your personal and financial data cannot be intercepted in transit.
- At-rest encryption — all personally identifiable data stored in cd2222 databases is encrypted at rest using AES-256 or equivalent standards.
- Access controls — strict role-based access controls (RBAC) are applied to all internal systems. Only authorised personnel with a legitimate business need may access player data, and all access events are logged and audited.
- Intrusion detection and monitoring — cd2222's infrastructure is continuously monitored for suspicious activity, attempted breaches, and anomalous data access patterns. Automated alerts are triggered for any unusual events.
- Penetration testing — independent security professionals conduct regular penetration tests of the cd2222 platform to identify and remediate vulnerabilities before they can be exploited.
7.2 Organisational Safeguards
- All cd2222 staff who handle personal data are required to complete data protection training as part of their onboarding and on an ongoing annual basis.
- Strict confidentiality obligations are imposed on all employees, contractors, and third-party service providers who have access to player data.
- A formal data breach response procedure is maintained. In the event of a confirmed data breach that poses a risk to players' rights and freedoms, cd2222 will notify affected players without undue delay.
8 Contact & Policy Updates
cd2222 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, legal obligations, or platform features. When material changes are made, we will notify registered players via the email address on file at least 14 days prior to the effective date of the revised Policy. The "Last Updated" date at the top of this page will be revised to reflect any changes. Your continued use of the platform after the effective date of a revised Policy constitutes your acceptance of the updated terms.
We encourage you to review this Privacy Policy periodically to stay informed about how cd2222 protects your personal information. If you have any questions, concerns, or requests relating to this Policy or to cd2222's data practices in general, please contact our support team using the details below.
- Email: [email protected] — please use the subject line "Privacy Policy Enquiry" for all data-related correspondence.
- Response time: We aim to respond to all privacy-related enquiries within 5 business days. Formal data rights requests (see Section 6) will be processed within 30 days.
- Language: All correspondence relating to this Privacy Policy must be submitted in English.
- Platform: cd2222 — accessible at https://cd2222.app — serves players located in Bangladesh and is operated in English.
Have More Questions About Privacy?
Our support team is available around the clock to answer your data privacy questions. You can also explore our FAQ, review our Responsible Gaming page, or head straight to the cd2222 Casino and start playing securely today.