Your Privacy Matters at cebaje
At cebaje, safeguarding the personal data of every Bangladeshi player is a fundamental commitment, not an afterthought. This Privacy Policy explains in plain English exactly what information we collect when you use our platform, why we collect it, how it is stored and protected, and what rights you hold over your own data at all times.
Privacy at a Glance
Six Core Privacy Commitments cebaje Makes to You
Every piece of data you transmit to cebaje — registration details, payment information, game activity — is encrypted in transit using industry-standard SSL (TLS 1.2+) technology. Your data is never transmitted in plaintext over any network connection.
cebaje does not sell, rent, or trade your personal information to third-party marketers or data brokers. Your data is used exclusively to operate your account, process payments, and improve our services. Sharing only occurs as described in this policy.
Registered cebaje players have the right to access their stored personal data, request corrections, ask for deletion subject to legal retention obligations, and opt out of marketing communications at any time. These rights can be exercised by contacting our support team.
cebaje uses cookies and similar tracking technologies only for essential platform functionality, security, and anonymous performance analytics. We do not use tracking cookies for cross-site behavioural advertising without your explicit knowledge, as detailed in our cookies section below.
All personal data held by cebaje is stored on access-controlled servers with role-based permissions, encrypted at rest, and subject to regular security audits. Only authorised personnel with a legitimate need can access your personal information.
cebaje retains your personal data only for as long as is necessary to operate your account, comply with financial and anti-money-laundering record-keeping obligations, and resolve any disputes. Inactive account data is subject to scheduled deletion reviews as described in this policy.
Section 1
Information We Collect
cebaje collects personal information from you in three principal ways: information you provide directly when registering or using the platform, information generated automatically through your use of our services, and information we receive from third-party payment and identity verification providers.
1.1 Information You Provide Directly
When you register for a cebaje account or interact with our services, you may provide the following categories of personal data:
- Identity Data: Full legal name, date of birth, national identity card (NID) number, passport number, or driving licence details (as submitted for KYC verification).
- Contact Data: Email address, Bangladeshi mobile number, and residential address including city (e.g., Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, Mymensingh, Cox's Bazar).
- Account Credentials: Username and encrypted password (passwords are stored using one-way cryptographic hashing; we cannot read your plaintext password).
- Financial Data: Payment method details including bKash mobile number, Nagad mobile number, Rocket mobile number, Upay account reference, or bank account details for Dutch-Bangla Bank, BRAC Bank, City Bank, Islami Bank, or Sonali Bank. Card details for Visa or Mastercard transactions are processed directly by our PCI-DSS compliant payment processor and are not stored on cebaje servers.
- Support Communications: Any messages, emails, or other communications you send to the cebaje support team, including the content of support tickets and any documents you submit for identity or payment verification purposes.
1.2 Information Collected Automatically
When you access the cebaje platform, certain technical and behavioural data is collected automatically through standard web technologies:
- Device and Technical Data: IP address, browser type and version, operating system, device type (mobile, tablet, desktop), screen resolution, and language settings.
- Usage Data: Pages visited, time spent on each page, game sessions played (including game titles, bet amounts, win/loss outcomes, and session duration), clickstream data, and navigation paths through the platform.
- Transaction Data: A complete record of all deposits, withdrawals, bonus activations, and bet settlements associated with your account, including timestamps, amounts in BDT, and payment method references.
- Location Data: Approximate geographic location derived from your IP address, used solely for fraud prevention and to verify that you are not accessing the platform from a prohibited jurisdiction. cebaje does not collect precise GPS location data from your device.
1.3 Information from Third Parties
cebaje may receive limited personal data about you from the following categories of third-party sources:
- Payment Processors: Transaction confirmation data, including payment status, reference numbers, and the registered name associated with a bKash, Nagad, Rocket, Upay, or bank account — used to verify that payment methods are registered in your name.
- Identity Verification Services: Results of automated NID or document authenticity checks where cebaje uses a third-party identity verification provider to assist with KYC compliance.
- Fraud and AML Screening Services: Risk scores, sanctions list check results, and politically exposed person (PEP) screening outcomes from third-party compliance data providers.
Bangladesh financial regulations and responsible gaming best practices require cebaje to verify the identity of every player before processing withdrawals. Your NID or passport is used solely for this KYC purpose and is not shared with any marketing partner.
cebaje never stores your Visa or Mastercard number, CVV, or expiry date on its own servers. All card transactions are handled by a PCI-DSS Level 1 certified payment processor. cebaje only receives a tokenised reference and transaction status.
Your bKash, Nagad, Rocket, and Upay mobile numbers are stored securely and used exclusively to process your deposits and withdrawals. They are never used for unsolicited marketing contact without your prior consent.
Section 2
How We Use Your Information
cebaje processes your personal data only where we have a legitimate basis for doing so. The table below sets out the primary purposes for which we use your personal data, together with the lawful basis that justifies each use. We do not use your data for any purpose that is incompatible with the purposes listed here without first notifying you and, where required, obtaining your consent.
| Purpose | Description | Lawful Basis |
|---|---|---|
| Account Registration | Creating and managing your cebaje player account, verifying your age and eligibility, and enabling login access. | Performance of contract |
| Payment Processing | Processing your deposits and withdrawals via bKash, Nagad, Rocket, Upay, bank transfer, Visa, and Mastercard; reconciling transactions; investigating payment disputes. | Performance of contract |
| KYC Verification | Verifying your identity and age using government-issued documents before processing withdrawals and on a risk-triggered basis at other times. | Legal obligation; Legitimate interest |
| Fraud and AML Prevention | Monitoring accounts and transactions for indicators of fraud, money laundering, collusion, multi-accounting, and bonus abuse. Reporting suspicious activity as required. | Legal obligation; Legitimate interest |
| Customer Support | Responding to your enquiries, resolving account issues, processing self-exclusion or responsible gaming requests, and managing formal disputes. | Performance of contract; Legitimate interest |
| Platform Improvement | Analysing aggregated, anonymised usage data to understand player behaviour, improve game offerings, optimise page performance, and enhance responsible gaming tools. | Legitimate interest |
| Promotional Communications | Sending you information about relevant bonuses, promotions, and seasonal offers (such as Eid, Pohela Boishakh, and BPL cricket season promotions) via email or SMS. | Consent (you may opt out at any time) |
| Responsible Gaming | Monitoring gameplay patterns for indicators of problem gambling; enforcing deposit limits, time-out periods, and self-exclusion arrangements; removing self-excluded players from promotional communications. | Legal obligation; Legitimate interest |
cebaje will not use your personal data for automated decision-making that produces significant legal or similarly consequential effects on you without human review. Where automated tools are used in fraud or AML screening, any decision to suspend or close an account based on automated alerts is reviewed by a member of the cebaje compliance team before being enacted.
Section 3
Data Sharing and Disclosure
cebaje does not sell, rent, or trade your personal data to any third party for their own commercial purposes. We share your personal data only in the limited circumstances described below, and only to the minimum extent necessary for the stated purpose.
Payment Service Providers
To process your deposits and withdrawals, cebaje must share relevant financial data (your name, account reference, transaction amount in ৳ BDT, and transaction timestamp) with the appropriate payment service provider — such as bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, BRAC Bank, City Bank, Islami Bank, Sonali Bank, or our card processing gateway for Visa and Mastercard transactions. These providers are contractually obligated to use your data only for the purpose of executing the requested payment and are prohibited from using it for any other purpose.
Identity Verification and Compliance Providers
cebaje uses accredited third-party identity verification and AML screening services to assist with KYC compliance. Where your identity documents are submitted through a third-party verification portal, that portal processes your data in accordance with its own privacy policy and applicable data protection law. cebaje selects only providers who maintain appropriate security certifications and contractual data processing agreements.
Game Studio Partners
cebaje's gaming content is provided by certified third-party studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These studios may receive anonymised session data (e.g., game round identifiers and bet outcomes) for game integrity and RNG certification purposes. They do not receive your name, contact details, payment information, or any other personally identifiable information.
Legal and Regulatory Disclosure
cebaje may disclose your personal data to law enforcement agencies, regulatory authorities, or courts of competent jurisdiction where we are required to do so by law, by a valid legal order, or where we reasonably believe that disclosure is necessary to prevent fraud, money laundering, or other serious criminal activity. In such cases, cebaje will disclose only the minimum information required to comply with the legal obligation.
Business Transfers
In the event that cebaje undergoes a business restructuring, merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity as part of that transaction. You will be notified of any such transfer and of any material changes to how your data is processed that result from it, with reasonable advance notice.
cebaje has never sold player data to a third-party advertiser or data broker and commits never to do so. Every third-party recipient of your data is bound by a written data processing agreement that restricts their use of your information strictly to the stated purpose. If you have concerns about how a specific third party has handled your data, contact us at support@cebaje.net.
Section 4
Cookies and Tracking Technologies
cebaje uses cookies and similar tracking technologies (such as local storage and session tokens) to operate core platform functionality, maintain session security, and gather anonymised performance analytics. This section explains the categories of cookies we use, their purpose, and how long they remain active.
Essential Cookies
These cookies are strictly necessary for the cebaje platform to function. Without them, key features such as logging in, maintaining your session across pages, and keeping your account secure would not work. Essential cookies cannot be disabled without breaking core site functionality. They include:
- Session authentication tokens (expire when you close your browser or after a defined idle timeout)
- CSRF protection tokens (prevent cross-site request forgery attacks)
- Load balancing cookies (ensure consistent server-side session routing)
- User preference cookies (store non-personal settings such as preferred language and display options)
Analytics Cookies
cebaje uses anonymised analytics tools to understand how players interact with the platform — which pages are most visited, where users encounter difficulty, and how the platform performs across different devices. Analytics data is aggregated and does not identify you as an individual. These cookies may be set by trusted analytics service providers operating under data processing agreements with cebaje.
Security Cookies
A small number of cookies are used specifically to support our fraud prevention and account security systems. These cookies help us detect unusual login patterns, identify device anomalies associated with multi-accounting or unauthorised access attempts, and enforce geographic access controls for prohibited jurisdictions.
Managing Cookies
You can control cookie behaviour through your browser settings. Most modern browsers allow you to block or delete cookies, or to receive a notification before a cookie is set. Please note that disabling essential cookies will prevent you from logging into your cebaje account and using core platform features. Disabling analytics cookies will not affect your gameplay or account functionality. For instructions on managing cookies in your specific browser, consult your browser's help documentation.
cebaje does not use third-party advertising cookies or retargeting pixels that track your behaviour across other websites for the purpose of serving you targeted advertisements on external platforms.
Required for login, session security, and CSRF protection. Cannot be disabled without breaking platform access. Retain only for the duration of your session or a short defined idle period.
Anonymised and aggregated. Used to improve platform performance and user experience. Do not identify individual players. Can be blocked via browser settings without impacting gameplay.
Support fraud detection and account security systems. Help identify unusual access patterns, multi-accounting attempts, and geographic access violations. Essential to platform integrity.
Section 5
Data Security and Storage
cebaje takes the security of your personal data seriously and maintains a range of technical and organisational security measures designed to protect your information from unauthorised access, accidental loss, destruction, or disclosure. The key elements of our security framework are described below.
Encryption in Transit
All data transmitted between your browser or mobile device and the cebaje platform is encrypted using Transport Layer Security (TLS 1.2 or higher). This ensures that your login credentials, payment details, and personal information cannot be intercepted in transit. Our SSL certificate is maintained and renewed without lapse to ensure continuous encrypted communication at all times.
Encryption at Rest
Sensitive personal data held in cebaje's databases — including identity document data, financial records, and account credentials — is encrypted at rest using AES-256 encryption. Database servers are isolated from public internet access and accessible only through authenticated, audited internal network pathways.
Access Controls
Access to personal data within cebaje's systems is governed by a strict role-based access control (RBAC) policy. Only personnel with a documented business need to access specific categories of personal data are granted that access. All internal access to sensitive data is logged and subject to periodic audit. Former employees have their access revoked immediately upon departure.
Security Monitoring
cebaje's infrastructure is subject to continuous automated monitoring for signs of intrusion, unusual access patterns, and potential data breaches. Our security team conducts periodic penetration testing and vulnerability assessments to identify and remediate weaknesses before they can be exploited.
Data Breach Response
In the event of a confirmed personal data breach that is likely to result in a risk to your rights and freedoms, cebaje will notify affected players without undue delay and will take all reasonable steps to contain the breach and mitigate its impact. We will provide clear information about the nature of the breach, the categories of data affected, the likely consequences, and the steps we have taken or are taking in response.
While cebaje maintains robust technical security, you also play a critical role. Use a strong, unique password for your cebaje account, do not share your login credentials with anyone, and contact support@cebaje.net immediately if you suspect your account has been accessed without your authorisation. Enable two-factor authentication if prompted during login.
Section 6
Data Retention Policy
cebaje retains your personal data for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory record-keeping obligations, and to resolve disputes or enforce our Terms and Conditions. The following retention periods apply to the principal categories of personal data we hold.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account Registration Data | Duration of account + 5 years | Compliance with anti-money laundering (AML) record-keeping obligations and dispute resolution. |
| KYC Identity Documents | Duration of account + 5 years | AML and KYC regulatory requirements; potential need for post-closure identity verification in dispute or fraud investigations. |
| Transaction and Financial Records | 7 years from transaction date | Financial record-keeping obligations and potential audit or regulatory enquiry requirements. |
| Support Communications | 3 years from last communication | Resolution of disputes; quality assurance; training purposes (communications are anonymised for training use). |
| Game Activity Logs | 2 years from session date | Dispute resolution, responsible gaming monitoring, and game integrity verification. |
| Marketing Preferences | Until opt-out or account closure + 1 year | Maintaining accurate consent records and suppression lists to prevent unwanted re-contact. |
| Self-Exclusion Records | Minimum 7 years from self-exclusion activation | Responsible gaming obligations; prevention of re-registration by self-excluded players. |
Once the applicable retention period expires, cebaje will securely delete or anonymise your personal data so that it can no longer be used to identify you. Where data is anonymised rather than deleted (for example, to preserve aggregate statistical records), it is no longer considered personal data and is not subject to this Privacy Policy.
If you request deletion of your personal data before the end of the applicable retention period, cebaje will assess your request promptly. Where we are legally required to retain the data (for example, financial transaction records subject to AML obligations), we will explain the basis for continued retention and, where possible, restrict processing of your data to only the legally required retention use case.
Section 7
Your Data Rights
As a cebaje player, you have a number of rights in relation to the personal data we hold about you. These rights are described below. To exercise any of these rights, please contact our support team at support@cebaje.net with a clear description of your request. We will acknowledge your request within 5 business days and provide a full response within 30 calendar days. In complex cases, we may extend this period by a further 30 days, in which case we will notify you of the extension and the reason for it.
You may request a copy of the personal data cebaje holds about you, along with information about how it is used and with whom it has been shared.
You may request that inaccurate or incomplete personal data we hold about you be corrected or updated without undue delay.
You may request deletion of your personal data where it is no longer necessary for the original purpose, subject to legal retention obligations that may override this right.
You may request that we restrict the processing of your personal data in certain circumstances, such as while the accuracy of data is being contested.
You may request a machine-readable copy of the personal data you have provided to cebaje directly, for transfer to another service provider.
You may object at any time to cebaje processing your personal data for direct marketing purposes. You may also object to processing based on legitimate interest grounds.
Where processing is based on your consent (e.g., marketing communications), you may withdraw that consent at any time without affecting the lawfulness of prior processing.
As part of our responsible gaming commitment, you may request temporary or permanent self-exclusion from the cebaje platform at any time via support@cebaje.net.
cebaje will not charge a fee for processing your data rights requests in normal circumstances. If a request is manifestly unfounded or excessive (for example, if the same request is submitted repeatedly in a short period), cebaje reserves the right to charge a reasonable administrative fee or to refuse the request, with written explanation provided in either case.
Section 8
Updates to This Privacy Policy
cebaje reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, changes in applicable law, or changes in the services we offer. When we make material changes to this policy, we will notify registered players via the email address associated with their account at least 14 calendar days before the changes take effect. Non-material updates (such as corrections of typographical errors or clarifications that do not change the substance of the policy) may be made without prior notice.
The "Effective Date" shown at the top of this policy indicates when the current version came into force. We recommend that you review this Privacy Policy periodically to stay informed about how cebaje protects your personal data. Your continued use of the cebaje platform after the effective date of any update constitutes your acknowledgement of the revised policy.
Historical versions of this Privacy Policy are available on request by contacting support@cebaje.net. If you have concerns about any changes to this policy, you are encouraged to contact our support team for clarification before the update takes effect. If you do not agree with the updated policy, you may request closure of your account at any time in accordance with the account closure provisions set out in our Terms & Conditions.
If you have any questions, concerns, or requests relating to this Privacy Policy or to the personal data cebaje holds about you, our support team is available 24/7. Contact us at support@cebaje.net and a member of our team will respond within 5 business days.
Explore cebaje
Ready to Play? Discover Everything cebaje Has to Offer
Now that you understand how cebaje protects your privacy, explore our full range of games and sports betting options — from live cricket and BPL wagering to slots, crash games, and live casino tables.