Privacy Policy — How coebet Handles Your Personal Data
Your privacy matters to us. This Privacy Policy explains in plain language exactly what personal information coebet collects, how it is used, who it may be shared with, and the rights you hold over your own data as a user of Bangladesh's leading cricket betting and live casino platform.
About This Policy: This Privacy Policy ("Policy") applies to all users who visit, register on, or transact with the coebet platform at coebet.app. coebet ("we", "us", "our") is committed to protecting the personal information of every user ("you", "your") in a manner consistent with internationally recognised data protection principles. By creating a coebet Account or continuing to use the platform, you confirm that you have read and understood this Policy and consent to the collection and use of your personal data as described herein.
Data We Collect
011.1 Information You Provide Directly
When you register a coebet Account, verify your identity, make deposits or withdrawals, or contact our support team, you voluntarily provide us with personal information including but not limited to:
- Identity data: Full legal name, date of birth, gender, National Identity Card (NID) number or passport number.
- Contact data: Email address, mobile phone number, residential address (city, district, division — e.g., Dhaka, Chittagong, Sylhet, Khulna).
- Financial data: Mobile wallet account numbers (bKash, Nagad, Rocket, Upay), bank account details (for Bank Transfer users at BRAC Bank, City Bank, Islami Bank, Sonali Bank, Dutch-Bangla Bank), and transaction records including deposit and withdrawal amounts in Bangladeshi Taka (৳ BDT).
- KYC documentation: Scanned copies or photographs of government-issued identity documents submitted during the Know Your Customer (KYC) verification process.
- Support communications: Content of messages, emails, or live chat transcripts exchanged with the coebet support team.
1.2 Information Collected Automatically
When you access coebet.app, our systems automatically collect certain technical and behavioural data about your interaction with the platform:
- Device data: Device type, operating system, browser type and version, screen resolution, device language settings, and unique device identifiers.
- Network data: IP address, approximate geographic location derived from IP, internet service provider (ISP) name, and connection type.
- Usage data: Pages visited, time spent on each page, game sessions initiated, sports markets viewed, bets placed, bonus campaigns interacted with, and navigation paths through the platform.
- Session data: Login timestamps, logout timestamps, session duration, and authentication event logs.
- Transaction logs: Automated records of every deposit, withdrawal, bet placement, bet settlement, bonus credit, and balance adjustment associated with your account.
1.3 Information from Third Parties
coebet may receive personal data about you from trusted third-party sources in the following contexts:
- Payment processors: Transaction confirmation data and payment status updates from bKash, Nagad, Rocket, Upay, and partner banks to verify deposit and withdrawal completion.
- Game providers: Game round results, session data, and return-to-player (RTP) statistics from third-party studios including Evolution Gaming, Pragmatic Play, NetEnt, Microgaming, Spribe, and Ezugi, solely for the purpose of accurate bet settlement and bonus eligibility assessment.
- Fraud detection services: Risk scoring and device reputation data from third-party security providers to protect the platform and its users from fraudulent activity.
- Sports data providers: Official match result and event data from recognised governing bodies including the ICC (International Cricket Council) and FIFA, used exclusively for bet settlement — no personal data is received from these sources.
1.4 Data You Choose Not to Provide
You are not obligated to provide any personal information to browse the public areas of coebet.app. However, certain information — including identity verification documents and a valid mobile number — is mandatory for registering an account and completing withdrawals. Failure to provide mandatory information will prevent coebet from delivering the relevant service, including releasing withdrawal funds.
How We Use Your Data
022.1 Lawful Bases for Processing
coebet processes your personal data only where a lawful basis exists. The primary lawful bases we rely on are: (a) contractual necessity — to fulfil the account, betting, and payment services you have requested; (b) legitimate interests — to protect the platform from fraud, maintain operational security, and improve the user experience; (c) legal obligation — to comply with anti-money laundering, KYC, and data retention requirements; and (d) consent — for optional marketing communications, which you may withdraw at any time.
2.2 Core Service Delivery
Your personal data is used to deliver the core coebet service, including:
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Account creation and maintenance | Name, email, mobile number, date of birth | Contractual necessity |
| KYC identity verification | NID/passport, date of birth, address | Legal obligation |
| Deposit and withdrawal processing | Payment account details, transaction amounts (৳ BDT) | Contractual necessity |
| Bet placement and settlement | Account ID, session data, game/event data | Contractual necessity |
| Bonus eligibility and crediting | Deposit history, wagering activity, account status | Contractual necessity |
| Customer support | Contact data, account history, support messages | Contractual necessity |
| Responsible gaming controls | Session data, deposit limits, self-exclusion flags | Legal obligation / Legitimate interests |
| Fraud prevention and security | IP address, device fingerprint, transaction patterns | Legitimate interests |
| Promotional communications (opt-in) | Email address, communication preferences | Consent |
2.3 Platform Improvement
We analyse anonymised and aggregated usage data — such as most-viewed cricket markets, peak BPL betting hours in Bangladesh Standard Time (UTC+6), most-played slot titles, and average session duration — to improve platform features, market availability, and user experience. This analysis does not identify you as an individual.
2.4 Marketing Communications
If you have opted in to receive promotional content, coebet may send you emails or platform notifications about upcoming BPL matches, seasonal promotions (Eid, Pohela Boishakh, Victory Day offers), new game releases from our provider partners, and deposit bonus campaigns. You may opt out of marketing communications at any time by updating your communication preferences in Account Settings or by contacting [email protected]. Opting out of marketing does not affect the delivery of essential transactional messages (account statements, withdrawal confirmations, security alerts).
Data Sharing & Disclosure
033.1 Our Principle: No Sale of Personal Data
coebet does not sell, rent, or trade your personal information to third-party marketers or data brokers under any circumstances. Your data is shared only in the limited categories described in this section, and only to the minimum extent necessary to fulfil the relevant purpose.
3.2 Service Providers and Data Processors
coebet engages carefully vetted third-party service providers who process personal data on our behalf under strict data processing agreements. These include:
- Payment processors: bKash, Nagad, Rocket, Upay, and partner banks — to execute deposit and withdrawal transactions. These providers receive only the minimum financial data required to complete each transaction.
- Game content providers: Evolution Gaming, Pragmatic Play, NetEnt, Microgaming, Spribe, Ezugi — to authenticate your session and deliver game content. These providers receive a pseudonymous session token and game-relevant parameters only; they do not receive your NID, address, or payment account details.
- Security and fraud prevention providers: Device fingerprinting and IP reputation services that help detect account takeover attempts, duplicate registrations, and financial fraud.
- Cloud infrastructure providers: Hosting and database services used to store and process platform data, operating under contractual obligations to maintain data confidentiality and security.
3.3 Legal and Regulatory Disclosure
coebet may disclose your personal data to law enforcement authorities, financial intelligence units, or other regulatory bodies where: (a) we are legally compelled to do so by a valid court order, statutory instrument, or regulatory directive; (b) we have a good-faith belief that disclosure is necessary to investigate or prevent money laundering, fraud, or other serious criminal activity; or (c) disclosure is necessary to protect the rights, property, or safety of coebet, its users, or the public. In all such cases, coebet will disclose only the minimum data necessary to satisfy the legal requirement.
3.4 Business Transfers
In the event that coebet undergoes a merger, acquisition, asset sale, or corporate restructuring, your personal data may be transferred to the acquiring entity as part of the business assets, subject to the same data protection obligations described in this Policy. You will be notified of any such transfer via a platform notification or email to your registered address before the transfer takes effect, and you will retain the right to close your account and request data deletion at that time.
3.5 Cross-Border Data Transfers
Some of coebet's service providers operate servers located outside Bangladesh. Where personal data is transferred internationally, coebet takes reasonable steps to ensure that equivalent data protection standards apply, including the use of contractual data protection clauses. By using coebet, you acknowledge that your data may be processed in jurisdictions outside Bangladesh where different data protection laws may apply.
Cookies & Tracking
044.1 What Are Cookies?
Cookies are small text files placed on your device by a website when you visit it. They allow the website to remember information about your visit — such as your preferred language, login status, and browsing behaviour — to make subsequent visits more efficient and personalised. coebet uses cookies and similar tracking technologies including web beacons, pixel tags, and local storage objects.
4.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential cookies | Maintain your login session, prevent CSRF attacks, ensure secure navigation across authenticated pages | Session / up to 24 hours |
| Functional cookies | Remember your display preferences, preferred sports markets, and recently viewed game categories | Up to 30 days |
| Analytical cookies | Measure page traffic, track feature usage patterns, and identify platform performance issues (data is aggregated and anonymised) | Up to 13 months |
| Security cookies | Detect bot activity, suspicious login patterns, and multiple-account creation attempts via device fingerprinting | Up to 90 days |
4.3 Managing Cookie Preferences
Essential and security cookies are required for the platform to function correctly and cannot be disabled without impairing your ability to use coebet. Functional and analytical cookies are non-essential and may be managed via your browser settings. Most modern browsers allow you to block or delete cookies through their privacy settings. Please note that disabling functional cookies may result in loss of personalisation features such as saved market preferences and game history display.
4.4 Third-Party Tracking
coebet's game content providers (Evolution Gaming, Pragmatic Play, et al.) may set their own session cookies when you launch a game via coebet.app. These cookies are governed by each provider's own privacy policy and are used exclusively to maintain the integrity of your game session. coebet does not have access to, or control over, these third-party session cookies beyond the scope of the game delivery integration.
Data Retention
055.1 Retention Periods
coebet retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable legal and regulatory obligations. The following retention periods apply:
- Active account data (identity, contact, financial): Retained for the duration of the account relationship plus 5 years following account closure, to satisfy anti-money laundering record-keeping obligations.
- KYC documentation (NID scans, passport copies): Retained for 5 years from the date of submission or account closure, whichever is later.
- Transaction records (deposits, withdrawals, bets): Retained for 7 years from the date of each transaction for financial audit and dispute resolution purposes.
- Support communications: Retained for 3 years from the date of the last support interaction, for quality assurance and dispute resolution purposes.
- Analytical and usage data (anonymised): May be retained indefinitely in aggregated form since it cannot be used to identify individual users.
- Marketing consent records: Retained for the duration of the consent plus 2 years, as evidence of the consent given.
5.2 Secure Deletion
When personal data reaches the end of its required retention period, coebet securely deletes or anonymises it using industry-standard data destruction methods. Physical documents containing personal data (where applicable) are destroyed via certified secure shredding. Data stored on cloud infrastructure is permanently deleted using provider-certified deletion procedures that prevent forensic recovery.
5.3 Retention Following Account Suspension
Where a coebet Account is suspended or terminated due to a breach of the Terms & Conditions — including cases involving fraud, money laundering suspicion, or prohibited conduct — coebet may retain the relevant account data for an extended period beyond standard retention timeframes, for the purposes of ongoing investigation, legal proceedings, or reporting to relevant authorities.
Your Rights
066.1 Rights You Hold Over Your Personal Data
As a coebet user, you hold the following rights in relation to your personal data. These rights are not absolute in all circumstances — some are subject to legal retention obligations or legitimate interest overrides — but coebet will assess each request in good faith and respond within 30 days of receipt.
- Right of access: You may request a copy of all personal data coebet holds about you, along with information about how it is processed and who it has been shared with.
- Right to rectification: You may request that inaccurate or outdated personal data be corrected. You can update most contact details directly within your Account Settings; for identity data corrections, please contact support.
- Right to erasure ("right to be forgotten"): You may request that coebet delete your personal data. This right is subject to our legal retention obligations — transaction records and KYC data must be retained for the periods described in Section 5 and cannot be erased on request during that period.
- Right to restriction of processing: You may request that coebet restrict processing of your data (for example, while a dispute is being investigated) without deleting it.
- Right to data portability: You may request a structured, machine-readable copy of personal data you have directly provided to coebet, to facilitate transfer to another service provider.
- Right to withdraw consent: Where processing is based on your consent (e.g., marketing emails), you may withdraw that consent at any time without affecting the lawfulness of prior processing.
- Right to object: You may object to processing of your data based on legitimate interests, including profiling for marketing purposes. coebet will honour such objections unless it can demonstrate compelling legitimate grounds that override your interests.
6.2 How to Exercise Your Rights
To exercise any of the rights listed above, contact the coebet Data team at [email protected] with the subject line "Data Rights Request". Please include your full name, registered email address, and a clear description of the right you wish to exercise. coebet may ask you to verify your identity before processing any data rights request to prevent unauthorised access to another user's data. Responses will be provided within 30 calendar days; complex requests may be extended by a further 30 days with written notice.
Data Security
077.1 Technical Security Measures
coebet implements a layered set of technical security controls to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:
- TLS 1.3 / SSL encryption: All data transmitted between your browser or app and coebet's servers is encrypted using industry-standard Transport Layer Security (TLS 1.3), which prevents interception by third parties on the network.
- Encryption at rest: Sensitive data stored on coebet's servers — including KYC documents, financial account details, and hashed passwords — is encrypted at rest using AES-256 symmetric encryption.
- Password security: User passwords are never stored in plain text. They are hashed using a modern, salted cryptographic hashing algorithm before storage, ensuring that even in the event of a database breach, passwords cannot be recovered.
- OTP authentication: Account login and withdrawal initiation require one-time password (OTP) verification sent to your registered mobile number, preventing unauthorised access even if login credentials are compromised.
- Rate limiting and brute-force protection: Multiple failed login attempts trigger automatic account lockout and an alert to the registered email address.
- Intrusion detection: coebet's infrastructure is monitored 24/7 by automated intrusion detection systems that flag anomalous access patterns for immediate review by the security team.
7.2 Organisational Security Measures
Access to personal data within coebet is controlled on a strict need-to-know basis. Support agents and operations staff are granted the minimum level of data access required to perform their role. All staff with access to personal data are subject to confidentiality obligations and receive regular data protection training. Access to production systems is authenticated via multi-factor authentication (MFA) and audited via access logs.
7.3 Data Breach Response
In the event of a personal data breach that is likely to result in a risk to user rights or freedoms, coebet will: (a) contain the breach as quickly as technically possible; (b) assess the scope and nature of the data affected; (c) notify affected users by email to their registered address within 72 hours of becoming aware of the breach, where notification is required; and (d) implement remediation measures to prevent recurrence. coebet maintains a documented incident response procedure reviewed annually by its security team.
7.4 Your Responsibility
While coebet takes every reasonable measure to secure your data, you are also responsible for maintaining the security of your account. You must: keep your password confidential and not share it with anyone; log out of your coebet Account when using a shared or public device; contact [email protected] immediately if you suspect unauthorised access. coebet will not be held liable for data breaches arising directly from a user's failure to protect their own login credentials.
Policy Updates & Contact
088.1 Changes to This Policy
coebet reserves the right to update or revise this Privacy Policy at any time to reflect changes in platform features, applicable laws, or data processing practices. When material changes are made — defined as changes that meaningfully affect how your personal data is used or your rights in relation to it — coebet will notify registered users by email to their registered address and/or by a prominent notification on the platform at least 14 days before the changes take effect. Continued use of coebet after the effective date of an updated Policy constitutes acceptance of the revised terms. The current effective date is always displayed at the top of this page.
8.2 Minor Updates
Non-material changes — such as corrections to typographical errors, clarifications to existing language that do not alter the substance of data processing activities, or updates to third-party provider lists — may be made without advance notice and will be reflected immediately in the published Policy with an updated version number.
8.3 Contact the Data Team
If you have any questions about this Privacy Policy, wish to exercise a data right, or want to raise a concern about how coebet handles your personal information, please contact us at:
- Email: [email protected] (subject line: "Privacy Enquiry")
- Response time: Within 48 hours for general enquiries; within 30 calendar days for formal data rights requests
- Support hours: 24/7 live chat; email response within 12 hours during Bangladesh Standard Time (UTC+6) business hours
8.4 Children and Minors
coebet is strictly an 18+ platform. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a registered account belongs to a person under 18, that account will be immediately suspended, all pending transactions will be cancelled, and the minor's personal data will be securely deleted in accordance with this Policy. If you believe a minor has registered on coebet, please notify us immediately at [email protected].
18+ Only — Your Data, Your Rights: coebet is an adults-only platform. All users must be 18 years of age or older. If you have questions about your personal data or wish to request access, correction, or deletion of your information, contact our support team at [email protected] at any time. We are committed to handling your data with the highest standards of care and transparency.
How coebet Protects Your Information
Six core principles guide how we collect, store, and use your personal data across every touchpoint on the coebet platform.
All sensitive personal data stored on coebet's servers — including KYC documents and financial details — is encrypted at rest using AES-256 encryption. In transit, all data is protected by TLS 1.3 to prevent interception between your device and our platform.
coebet does not sell, rent, or share your personal information with third-party advertisers or data brokers — ever. Your data is used exclusively to operate your account, process your transactions, and keep the platform secure.
Promotional emails about BPL season offers, Eid bonuses, and new game launches are sent only to users who have explicitly opted in. You can withdraw marketing consent at any time via Account Settings or by emailing [email protected] — no questions asked.
You have the right to access a complete copy of all personal data coebet holds about you. Submit a data access request to [email protected] and we will provide a full data report within 30 calendar days, including details of every third party your data has been shared with.
When your personal data is no longer needed for the purpose it was collected, coebet deletes it using certified secure deletion methods. You may also request early erasure of non-mandatory data at any time, subject to our legal retention obligations for transaction records and KYC documentation.
coebet's infrastructure is monitored around the clock by automated intrusion detection systems. Our security team reviews anomalous access events in real time and responds to confirmed incidents within 72 hours, including notifying affected users where required.
Ready to Experience Bangladesh's Top Betting Platform?
Now that you know how coebet protects your data, dive into the action — live cricket odds, BPL markets, Evolution live dealer tables, and hundreds of slots are all waiting for you.