Privacy Policy — vipaka
At vipaka, your privacy is a fundamental priority. This Privacy Policy explains exactly what personal data we collect from Bangladesh players, how that data is used, who it may be shared with, how long it is retained, and what rights you hold over your own information.
How vipaka Protects Your Privacy
End-to-End Encryption
All data transmitted between your device and vipaka is protected by SSL/TLS encryption. Whether you are logging in from Dhaka, Chittagong, or Sylhet, your connection to our platform is always secured.
Minimal Data Collection
vipaka collects only the personal data that is strictly necessary to operate your account, process payments, and comply with anti-money laundering obligations. We do not collect data for data collection's sake.
No Sale of Personal Data
vipaka does not sell, rent, or trade your personal information to third-party marketing firms. Your data is used solely to deliver, improve, and protect the services you use on our platform.
Defined Retention Periods
Personal data collected by vipaka is retained only for as long as required to fulfil the purpose for which it was collected or as mandated by applicable compliance obligations. Redundant data is securely deleted.
Cookie Control
vipaka uses cookies and similar tracking technologies only for session management, fraud prevention, and platform analytics. You retain control over non-essential cookies through your browser settings at any time.
Right to Access & Erasure
Registered vipaka players may request a copy of all personal data held on their account, request corrections, or ask for deletion of their data, subject to regulatory retention requirements. Contact support to exercise these rights.
Data We Collect
| Data Category | Examples | Collection Source | Primary Purpose |
|---|---|---|---|
| Identity Data | Full name, date of birth, NID / passport number | Registration form, KYC documents | Account creation, age verification, AML compliance |
| Contact Data | Email address, mobile number | Registration form | Account communication, support, security alerts |
| Financial Data | bKash/Nagad/Rocket account numbers, transaction history | Cashier interactions, payment providers | Deposit/withdrawal processing, fraud prevention |
| Technical Data | IP address, device type, browser, operating system | Automated — platform session logs | Security, fraud detection, platform optimisation |
| Usage Data | Pages visited, games played, session duration, bet history | Automated — analytics tools | Responsible gaming monitoring, product improvement |
| Communications Data | Support chat transcripts, email correspondence | Customer support interactions | Dispute resolution, service quality, audit trail |
1.1 Special Category Data
vipaka does not intentionally collect sensitive special-category data such as racial or ethnic origin, religious beliefs, health information, or biometric data as part of its standard onboarding process. In the limited circumstance where a responsible gaming self-assessment or medical certificate is voluntarily submitted by a player, that data is handled with the highest level of access restriction and retained only for the duration required to process the relevant request.
1.2 Data Collected from Minors
vipaka does not knowingly collect personal data from individuals under the age of 18. The platform is strictly for adults. If we become aware that personal data has been collected from a person under 18, that data will be permanently deleted and the relevant account closed. If you believe a minor has submitted data to vipaka, contact our support team immediately at [email protected].
1.3 Voluntarily Provided Data
In addition to data collected automatically and through the registration process, vipaka may receive personal data that you voluntarily provide — for example, when completing a responsible gaming questionnaire, submitting a support ticket, or participating in a promotional survey. Participation in any voluntary data collection is optional and will never affect your ability to use the core vipaka platform.
How We Use Your Data
2.1 Service Delivery
The primary use of personal data collected by vipaka is to deliver the services that registered players have signed up to receive. This includes creating and managing your player account, processing deposits and withdrawals via bKash, Nagad, Rocket, and Upay, providing access to casino games and sports betting markets, and delivering customer support when requested.
2.2 Identity and Age Verification
vipaka is obligated to verify the identity and age of all registered players. Personal data — including identity documents, date of birth, and contact details — is used as part of our Know Your Customer (KYC) process. This process exists to prevent underage gambling, fraud, and the use of the platform for money laundering or other financial crimes. Bangladesh players must be 18 years or older to participate in any real-money service on vipaka.
2.3 Fraud Prevention and Platform Security
Technical data such as IP addresses, device fingerprints, and session logs are analysed to detect and prevent fraudulent activity, account takeover attempts, and the use of prohibited automated tools. This analysis is conducted continuously in the background and does not require manual review of your individual account unless a specific risk flag is triggered.
2.4 Responsible Gaming Monitoring
vipaka uses usage data — including bet frequency, session duration, deposit patterns, and self-exclusion history — to monitor for signs of problem gambling behaviour. Where our systems identify patterns that may indicate a player is at risk, we may proactively reach out to offer responsible gaming resources or impose temporary account restrictions. This is done in the interest of player welfare, not as a punitive measure.
2.5 Legal and Compliance Obligations
vipaka processes certain categories of personal data because we are legally required to do so. This includes retaining transaction records for anti-money laundering (AML) compliance, maintaining identity verification records, and producing records in response to lawful requests from relevant authorities. These obligations exist independent of your consent and cannot be waived.
2.6 Marketing Communications
With your explicit consent at the time of registration, vipaka may send you personalised promotional communications about bonuses, seasonal offers (such as Eid specials or BPL season promotions), and new game launches. You may withdraw your marketing consent at any time by updating your communication preferences in your account settings or by contacting customer support. Withdrawal of marketing consent does not affect the legality of processing carried out prior to that withdrawal.
2.7 Platform Improvement
Aggregated and anonymised usage data is analysed by the vipaka product team to understand how players interact with the platform, identify friction points in the user experience, and prioritise improvements to game selection, payment processing, and customer support. This analysis uses anonymised data sets and does not involve review of individual player records.
Data Sharing
3.1 Third-Party Service Providers
vipaka engages a limited number of third-party service providers who process personal data on our behalf in order to deliver the vipaka platform. These providers include payment processors (bKash, Nagad, Rocket, Upay), identity verification services, game content providers (Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi), cloud hosting providers, and analytics platforms. All third-party processors are contractually bound to process data only on vipaka's documented instructions and to maintain appropriate technical and organisational security measures.
3.2 Legal Disclosures
vipaka may disclose personal data to law enforcement agencies, financial intelligence units, courts, or other regulatory bodies when required to do so by applicable law, court order, or other binding legal instrument. In such cases, vipaka will disclose only the minimum data necessary to satisfy the legal requirement and will inform the affected player where it is legally permissible to do so.
3.3 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or part of the vipaka business, personal data held by vipaka may be transferred to the acquiring entity as part of that transaction. Where such a transfer occurs, players will be notified and the acquiring entity will be required to honour the commitments set out in this Privacy Policy.
3.4 What We Do Not Do
vipaka does not sell, rent, barter, or otherwise commercially exploit your personal data to third parties for their own marketing or profiling purposes. We do not share your data with data brokers, advertising networks, or social media platforms for targeted advertising outside of the vipaka platform itself.
Important for Bangladesh players: When your data is processed by payment providers such as bKash or Nagad, that processing is governed by those providers' own privacy policies, in addition to the data processing agreements they hold with vipaka. We recommend reviewing your MFS provider's privacy terms separately.
Data Retention
5.1 Retention Principles
vipaka retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable legal, regulatory, or compliance obligations. When data is no longer required, it is securely deleted or irreversibly anonymised. vipaka conducts periodic data audits to identify and remove data that has exceeded its retention period.
5.2 Standard Retention Periods
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | AML / compliance obligation |
| Identity verification (KYC) documents | Duration of account + 5 years post-closure | AML / regulatory requirement |
| Financial transaction records | 7 years from transaction date | Financial record-keeping obligation |
| Customer support communications | 3 years from last interaction | Dispute resolution, audit trail |
| Marketing consent records | Until consent withdrawn + 1 year | Proof of lawful processing basis |
| Technical / session log data | 90 days rolling | Security and fraud prevention |
5.3 Post-Closure Retention
When a player account is closed — whether voluntarily by the player or by vipaka — we are not able to immediately delete all associated data. Certain categories of data, particularly identity records and financial transaction logs, must be retained for a defined period after account closure to satisfy anti-money laundering, tax reporting, and dispute resolution requirements. Players will be informed of applicable retention periods upon requesting account closure.
Your Privacy Rights
6.1 Right of Access
You have the right to request a copy of all personal data that vipaka holds about you. Upon receipt of a verified access request, vipaka will provide a structured summary of your data within 30 days. This is sometimes called a Subject Access Request (SAR). To submit a SAR, contact our support team with the subject line "Data Access Request" from the email address registered to your account.
6.2 Right to Rectification
If any personal data held by vipaka about you is inaccurate or incomplete, you have the right to request that it be corrected. For basic account data such as your email address or mobile number, corrections can often be made directly through your account settings. For identity document data, please contact support and provide updated documentation.
6.3 Right to Erasure
You may request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent, or where you object to processing and there are no overriding legitimate grounds to continue. Note that vipaka cannot fulfil erasure requests where retention is mandated by legal or regulatory obligation — for example, transaction records required under AML rules will be retained for their full retention period regardless of an erasure request.
6.4 Right to Restrict Processing
In certain circumstances — for example, while the accuracy of data is being contested, or while an objection to processing is being assessed — you may request that vipaka restricts the processing of your personal data. During a restriction period, your data will be stored but not actively processed beyond what is necessary to maintain the restriction itself.
6.5 Right to Object to Marketing
You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time. To exercise this right, update your communication preferences in your account settings or contact support at [email protected]. Marketing communications will cease within 5 business days of a confirmed opt-out request.
6.6 Exercising Your Rights
To exercise any of the privacy rights described in this section, contact vipaka customer support at [email protected] and include "Privacy Rights Request" in the subject line. vipaka will acknowledge your request within 5 business days and provide a substantive response within 30 calendar days. Where requests are complex or numerous, this period may be extended by a further 30 days, and you will be notified accordingly.
Data Security
7.1 Technical Safeguards
vipaka implements a range of technical security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include SSL/TLS encryption for all data in transit, AES-256 encryption for sensitive data at rest, role-based access controls limiting data access to authorised personnel only, and automated intrusion detection systems monitoring the platform infrastructure continuously.
7.2 Organisational Safeguards
Access to personal data within the vipaka organisation is restricted on a strict need-to-know basis. Staff who handle personal data are trained in data protection obligations and are bound by confidentiality agreements. vipaka conducts regular internal security reviews and works with third-party security specialists to assess and improve the resilience of our data handling practices.
7.3 Payment Security
vipaka does not store full payment credentials for bKash, Nagad, Rocket, or Upay accounts on its own servers. Payment transactions are processed through the respective MFS provider APIs using tokenised references. This means that even in the unlikely event of a data breach affecting vipaka systems, full payment account details would not be exposed.
7.4 Data Breach Response
In the event of a personal data breach that poses a risk to the rights and freedoms of affected players, vipaka will notify affected individuals without undue delay and will take immediate steps to contain and remediate the breach. vipaka maintains an internal data breach response procedure that is reviewed annually and updated in line with evolving security standards.
7.5 Your Responsibility
While vipaka takes every reasonable precaution to protect your data, the security of your account also depends on you maintaining the confidentiality of your login credentials. Use a strong, unique password for your vipaka account and do not share it with anyone. If you suspect that your account has been compromised, change your password immediately and contact vipaka support.
Contact & Complaints
8.1 Privacy Enquiries
If you have any questions about this Privacy Policy, the personal data vipaka holds about you, or how to exercise your privacy rights, you are welcome to contact our support team. All privacy-related enquiries are handled by dedicated staff who are trained in data protection requirements.
Email Support
For privacy rights requests and data protection enquiries, email us at with the subject line "Privacy Rights Request". We respond within 5 business days.
Live Chat
For general privacy questions, our live chat support team is available around the clock via the vipaka platform. Live chat is not suitable for formal Subject Access Requests, which must be submitted in writing.
8.2 Complaints
If you are not satisfied with vipaka's response to a privacy enquiry or rights request, you have the right to escalate your complaint. vipaka takes all privacy complaints seriously and will acknowledge formal complaints within 5 business days, providing a full written response within 30 calendar days. Where a complaint cannot be resolved internally, you may seek independent redress through the relevant dispute resolution body applicable in your jurisdiction.
8.3 Changes to This Privacy Policy
vipaka may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or platform features. When material changes are made, the revised policy will be published at vipaka.bet/privacy-policy with an updated effective date. Where changes are significant, we will notify registered players via their registered email address. Continued use of the vipaka platform after the publication of a revised Privacy Policy constitutes acceptance of those changes.
vipaka is intended for players aged 18 and above only. Gambling involves real financial risk and can become addictive. Play responsibly. If you feel your gambling is becoming a problem, visit the Responsible Gaming page for self-exclusion tools and support resources.