999bg Privacy Policy
At 999bg, protecting the personal data of every player in Bangladesh is a core commitment — not an afterthought. This Privacy Policy explains in clear English exactly what information we collect when you use the 999bg platform, how that information is used, who it may be shared with, how long it is retained, and what rights you have over your own data. We encourage you to read it in full before registering an account.
Information We Collect
When you interact with 999bg — whether by browsing the platform, creating an account, making a deposit, placing a wager, or contacting support — certain personal and technical information is collected. This section describes each category of data and the context in which it arises.
Registration Data: When you open a 999bg account, you provide your full name, date of birth, email address, phone number (typically a Bangladeshi mobile number on Grameenphone, Robi, Banglalink, Teletalk, or Airtel BD), and a chosen username and password. This information is required to create and administer your account.
Identity Verification (KYC) Data: To comply with our Know Your Customer obligations and to process your first withdrawal, we collect copies of government-issued identity documents — such as your National ID card, passport, or driving licence — as well as proof of ownership of the payment method used for deposits. KYC documents are processed securely and are not used for any purpose other than identity verification and fraud prevention.
Financial Data: We collect records of all transactions processed through your 999bg account, including deposit amounts, withdrawal requests, bonus credits, and wagering history. Payment method identifiers (such as the mobile number associated with a bKash, Nagad, Rocket, or Upay account) are recorded for transaction processing and withdrawal routing. We do not store full card numbers for Visa or Mastercard transactions — these are handled exclusively by our PCI-compliant payment processor.
Gameplay Data: We record all bets placed, games played, sports markets wagered on, session durations, and game outcomes within your account. This data is used to operate the platform, enforce responsible gaming limits you have set, detect fraud, and resolve disputes.
Technical and Device Data: When you access 999bg, our servers automatically collect your IP address, browser type and version, operating system, device type, screen resolution, preferred language, time zone (Bangladesh Standard Time, UTC+6), and session timestamps. This information is used for security monitoring, platform optimisation, and fraud detection.
Communications Data: If you contact 999bg support via email ([email protected]) or through any in-platform messaging tool, the content of those communications — including the email addresses, subject lines, and message bodies — is retained as part of our support records.
Name, date of birth, email, phone number, and government-issued ID documents collected during registration and KYC verification. Used exclusively for account management and identity checks.
Deposit and withdrawal records, bKash/Nagad/Rocket identifiers, and transaction timestamps. Full card numbers for Visa/Mastercard are never stored — processed only by our PCI-compliant payment partner.
All bets placed, games played, cricket and sports markets wagered on, session durations, and outcomes are recorded. Used to operate responsible gaming tools, detect fraud, and resolve any disputes.
How We Use Your Information
999bg uses the personal data it collects for clearly defined, lawful purposes. We do not use your data for purposes that would be incompatible with the reason it was originally collected. The following describes each use case and its justification.
Account Administration: Registration data is used to create and maintain your 999bg account, authenticate your identity when you log in, enable password recovery, and communicate account-related notices (such as KYC status updates, withdrawal confirmations, and security alerts). This processing is necessary to perform the contractual relationship between you and 999bg.
Transaction Processing: Financial data is used to credit deposits to your wallet, process withdrawal requests to your designated bKash, Nagad, Rocket, Upay, or bank account, apply bonus credits in accordance with promotion terms, and maintain an accurate transaction ledger accessible in your account history. This processing is necessary to fulfil our contractual obligations.
Responsible Gaming Compliance: Gameplay data and session records are used to enforce any deposit limits, session time limits, or self-exclusion periods you have set through your responsible gaming settings. Where our monitoring systems identify patterns consistent with problem gambling behaviour, we may proactively reach out to the account holder via email. This processing is carried out in the legitimate interest of player welfare.
Fraud Prevention and Security: Technical, device, and financial data are analysed to detect suspicious activity, including account takeover attempts, use of stolen payment credentials, multi-accounting, and bonus abuse. IP address data and device fingerprints are used to enforce geolocation controls and flag anomalous login behaviour. This processing is in 999bg's legitimate interest in maintaining platform integrity.
Customer Support: Communications data — including support emails and any documentation you share during a support interaction — is used to investigate and resolve your query, maintain an audit trail of complaint handling, and improve support quality. Retention of support records also protects both 999bg and the player in the event of a subsequent dispute.
Legal and Regulatory Compliance: Identity, financial, and gameplay records may be retained and disclosed as required by applicable law, including anti-money laundering obligations. 999bg may be required to report certain transaction patterns or account activities to relevant authorities. Such disclosures are made only where legally required and are not made to commercial third parties.
Platform Improvement: Aggregated, anonymised technical and gameplay data is used to analyse platform performance, identify bugs, optimise game loading times, and inform product decisions. Aggregated data cannot be traced back to any individual player.
Promotional Communications: If you have not opted out of marketing communications, 999bg may send you promotional emails about active bonuses, seasonal campaigns (such as Eid promotions, BPL cricket special offers, or Pohela Boishakh events), and new game launches. You may withdraw your consent to marketing communications at any time by contacting [email protected]. Self-excluded players are never sent promotional materials.
Sharing and Disclosure of Data
999bg does not disclose your personal data to third parties except in the specific circumstances described below. Where data is shared, it is limited to the minimum necessary for the stated purpose and is governed by appropriate data processing agreements.
Payment Service Providers: To process deposits and withdrawals, your payment method identifier (e.g., the mobile number registered to your bKash or Nagad account, or tokenised card data for Visa/Mastercard transactions) is transmitted to the relevant payment processor. These providers operate under contractual obligations to use your data solely for transaction processing and to maintain appropriate security standards. 999bg works with bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, Sonali Bank, Visa, and Mastercard.
Game Technology Providers: 999bg's casino games are powered by third-party game studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. Your account identifier and session data are transmitted to the relevant provider when you launch a game, in order to operate the game, record the outcome, and calculate the wager result. Game providers do not receive your full identity information, financial details, or KYC documents.
Identity Verification Services: KYC documents submitted by players may be processed by a third-party identity verification service provider engaged by 999bg to authenticate document authenticity and screen against sanctions lists. These providers are contractually bound to process your documents solely for the purposes specified and to delete documents after verification is complete.
Legal and Regulatory Authorities: 999bg may be required by applicable law or a binding legal order to disclose certain account or transaction data to relevant government or regulatory authorities. Such disclosures are made only when legally compelled and are not made voluntarily to commercial parties.
Business Transfers: In the event that 999bg undergoes a merger, acquisition, or sale of substantially all of its assets, player data may be transferred to the acquiring entity as part of that transaction. Players would be notified of any such transfer and the privacy terms applicable to their data following the transaction.
bKash, Nagad, Rocket, Upay, and card networks receive only the payment identifiers needed to route your specific transaction. No identity documents or gameplay records are shared with payment providers.
Pragmatic Play, Evolution, NetEnt, Microgaming, Spribe, and Ezugi receive an anonymous session token and wager parameters. Your full name, ID documents, and financial records are never passed to game studios.
999bg does not sell, rent, or trade your personal data to advertisers, data brokers, or any other commercial third party. Your information exists solely to operate your account and keep the platform secure.
Cookies and Tracking Technologies
999bg uses cookies and similar client-side storage technologies to operate the platform, maintain your logged-in session, remember your preferences, and analyse platform performance. This section explains the categories of cookies used and how to control them.
Strictly Necessary Cookies: These cookies are essential for the platform to function. They maintain your authenticated session after login, store your language preference, and preserve your account state as you navigate between pages. Without these cookies, core platform features — including logging in, accessing your wallet, and placing bets — would not work. These cookies cannot be disabled while you are using the platform.
Functional Cookies: Functional cookies remember choices you have made to personalise your experience, such as your preferred sports category, last-visited game lobby section, or responsible gaming notification preferences. These cookies do not track you across other websites and are used solely within the 999bg platform.
Analytics Cookies: 999bg uses aggregated analytics data to understand how players navigate the platform, which game categories are most visited, and where technical errors are occurring. This data is anonymised before analysis and is not linked to individual player accounts. Analytics cookies help 999bg improve the platform experience over time.
Security Cookies: Certain short-lived cookies are used as part of 999bg's fraud detection and account security systems — for example, to identify whether a login attempt is coming from a device that has previously accessed the account, and to generate and verify CSRF tokens that protect against cross-site request forgery attacks.
Cookie Lifespan: Session cookies expire when you close your browser. Persistent cookies remain on your device for a set period — typically between 7 and 90 days depending on their function — after which they expire automatically. You can clear cookies at any time through your browser settings.
Managing Cookies: You may configure your browser to refuse all cookies or to prompt you before accepting each one. Note that disabling strictly necessary cookies will prevent you from logging in and using the platform. Instructions for managing cookies in major browsers (Google Chrome on Android, Mozilla Firefox, Samsung Internet, Opera Mini) are available in those browsers' respective help centres.
Data Retention
999bg retains personal data only for as long as it is necessary for the purpose for which it was collected, or as required by applicable legal or regulatory obligations. The following retention periods apply to each category of data.
Account and Registration Data: Retained for the lifetime of your active account. If you request account closure, your registration data is retained for a minimum period of five years following account closure in order to meet anti-money laundering record-keeping requirements. After the five-year retention period, account data is securely deleted or anonymised.
KYC and Identity Documents: KYC documents are retained for a minimum of five years from the date of account closure or from the date of the last transaction, whichever is later. This retention is mandated by financial crime prevention standards. Documents are stored in encrypted form with access restricted to authorised compliance personnel only.
Financial Transaction Records: All deposit, withdrawal, bonus, and wagering records are retained for a minimum of seven years from the date of each transaction, consistent with standard financial record-keeping requirements. These records are necessary to resolve disputes, respond to regulatory enquiries, and support audit processes.
Support Communications: Emails and support tickets are retained for three years from the date of the last interaction in a given thread, or for five years if the communication relates to a formal complaint, dispute, or account suspension.
Technical and Device Data: Server logs containing IP address and device data are retained for 90 days for security monitoring purposes, after which they are deleted. Anonymised aggregated technical data derived from server logs may be retained indefinitely for platform performance analysis.
Kept for the duration of account activity, then for 5 years post-closure to meet anti-money laundering record-keeping obligations before secure deletion.
Deposit, withdrawal, and wagering records retained for 7 years from the date of each transaction, in line with standard financial record-keeping requirements.
IP address and device logs used for security monitoring are purged after 90 days. Anonymised aggregated metrics derived from these logs have no fixed retention limit.
Security of Your Personal Data
999bg implements a range of technical and organisational measures designed to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. While no platform can guarantee absolute security, the measures described below represent 999bg's commitment to maintaining a robust security posture.
Transport Layer Security (TLS/SSL): All data transmitted between your device and 999bg's servers is encrypted using industry-standard TLS encryption. The padlock indicator in your browser's address bar confirms that your connection is encrypted. 999bg does not serve any pages over unencrypted HTTP.
Data Encryption at Rest: Sensitive data stored in 999bg's databases — including KYC documents, payment method identifiers, and account credentials — is encrypted at rest using AES-256 encryption. Encryption keys are managed separately from the encrypted data and are rotated on a regular schedule.
Access Controls: Access to systems that hold personal data is restricted to 999bg personnel whose roles require it, using the principle of least privilege. Access to KYC documents is limited to compliance team members with a documented operational need. All staff with access to personal data are subject to confidentiality obligations.
Password Security: Player passwords are stored as salted cryptographic hashes — never in plain text. 999bg cannot retrieve your password; it can only be reset. We strongly recommend using a unique, strong password for your 999bg account and enabling any additional account security features available in your account settings.
Fraud Monitoring: 999bg's security systems continuously monitor for anomalous account behaviour, including logins from unusual IP addresses, rapid sequential login failures, and atypical transaction patterns. When anomalous behaviour is detected, 999bg may temporarily lock the affected account and notify the account holder by email to the registered address.
Your Role in Account Security: You are responsible for keeping your 999bg login credentials confidential. Do not share your username or password with any third party. If you believe your account credentials have been compromised, contact [email protected] immediately so that 999bg can assist you in securing your account.
Every page on 999bg is served exclusively over HTTPS with TLS encryption, protecting all data in transit between your device and our servers from interception.
KYC documents, payment identifiers, and account credentials are stored encrypted using AES-256. Plain-text storage of sensitive data is never used anywhere in our systems.
Only staff whose roles require access to specific categories of personal data can view them. Access logs are maintained and reviewed regularly to detect unauthorised access attempts.
Real-time monitoring of login activity, transaction patterns, and device fingerprints helps 999bg detect and respond to account security threats before they cause harm.
Your Rights Over Your Data
As a 999bg player, you have a number of rights with respect to the personal data we hold about you. These rights are described below along with the process for exercising them. All requests should be directed to [email protected] in English and will be responded to within 10 business days.
Right of Access: You may request a copy of the personal data 999bg holds about you. Upon receiving a verified access request, 999bg will provide a summary of your registration data, transaction history, KYC status, and communications records. This is provided free of charge for reasonable requests.
Right to Rectification: If you believe that any personal data 999bg holds about you is inaccurate or incomplete, you may request that it be corrected. Updates to name, contact number, or email address are processed by the support team following identity re-verification. Note that transaction records, once settled, cannot be altered as they form part of a financial audit trail.
Right to Erasure: You may request deletion of your personal data. However, this right is subject to 999bg's legal retention obligations — where applicable law requires us to retain certain records (such as KYC documents and transaction records) for a specified period, we are not able to delete those records before the retention period has elapsed, even upon request. Data that is not subject to a retention obligation will be deleted promptly upon a valid erasure request.
Right to Restrict Processing: In certain circumstances — such as while you contest the accuracy of data we hold — you may request that 999bg restrict processing of your personal data. During a restriction period, data will be stored but not actively used except with your consent or for legal claims.
Right to Object to Marketing: You may withdraw consent to receive promotional communications from 999bg at any time by emailing [email protected] with the subject line "Unsubscribe from Marketing". Withdrawal of marketing consent does not affect service-related communications such as withdrawal confirmations and account security alerts.
Right to Account Closure: You may request closure of your 999bg account at any time. Upon request, any remaining wallet balance will be processed for withdrawal to your registered payment method before the account is closed. Account closure requests are completed within 5 business days. Note that post-closure data retention obligations described in Section 5 will still apply.
Request a summary of all personal data 999bg holds about you — including registration details, transaction history, and KYC status — free of charge for reasonable requests.
Request correction of inaccurate or incomplete personal data. Contact and registration details can be updated following identity re-verification by the support team.
Request deletion of your data where no legal retention obligation applies. KYC and financial records are subject to mandatory retention periods before deletion can be actioned.
Updates to This Privacy Policy
999bg reserves the right to update this Privacy Policy at any time. Changes may be made to reflect updates in applicable law, new data processing activities introduced by product changes, or improved clarity in how existing practices are described. The effective date at the top of this page will be updated whenever a material change is made.
Notification of Changes: Where a change to this Privacy Policy materially affects how 999bg processes your personal data, registered players will be notified by email to the address associated with their account at least 7 days before the change takes effect. Continuing to use the 999bg platform after the effective date of a revised Privacy Policy constitutes acceptance of the updated terms.
Minor Updates: Non-material updates — such as corrections of typographical errors, clarifications that do not alter the substance of any data processing practice, or restructuring of section headings for readability — may be made without advance notice. The effective date will still be updated to reflect any such revision.
Archived Versions: Players who wish to review a previous version of the Privacy Policy may request it by contacting [email protected]. 999bg maintains archived copies of all prior versions for reference purposes.
Contact for Privacy Queries: Any questions, concerns, or formal complaints relating to this Privacy Policy or to 999bg's data processing practices should be submitted in writing to [email protected]. 999bg will acknowledge all privacy-related enquiries within 48 hours and provide a substantive response within 10 business days. Support is available daily from 9:00 AM to 2:00 AM Bangladesh Standard Time (UTC+6).
Explore 999bg — Bangladesh's Trusted Casino Platform
Now that you understand how 999bg protects your personal data, feel free to explore our games, sports betting markets, and exclusive promotions — all in Bangladeshi Taka with bKash, Nagad, and Rocket support.