Privacy Policy — d17 Gaming Platform
Your privacy matters to us. This Privacy Policy explains what personal data d17 collects from players in Bangladesh, how that data is used and stored, and the rights you hold over your information. Please read this document carefully before creating a d17 account.
d17 is committed to handling your personal data with care and transparency. We collect only what we need, store it securely, and never sell it to third parties for marketing purposes.
As a d17 player, you have the right to access, correct, and request deletion of your personal data at any time. Our support team is available around the clock to assist with all data- related requests.
All data transmitted between your device and the d17 platform is protected by industry-standard SSL encryption. Your financial and personal information is never sent over an unsecured connection.
Information We Collect
When you interact with the d17 platform — whether by registering an account, making a deposit, placing a wager, or contacting our support team — we collect certain categories of personal data. The specific data we collect depends on the nature of your interaction with the platform, as described below.
1.1 Registration & Account Data
When you create a d17 account, we collect: your full legal name; your email address; your date of birth; your mobile number; your residential address; your chosen username; and your preferred currency (BDT). This information is required to establish your account, verify your identity, and ensure compliance with our minimum age requirement of 18 years.
1.2 Identity Verification (KYC) Data
As part of our Know Your Customer (KYC) obligations, we may request copies of government-issued identity documents, including: a National Identity Card (NID); a valid passport; a driver's licence; and/or a recent utility bill or bank statement for proof of address. These documents are collected solely for identity verification and anti-money laundering compliance purposes, and are handled in accordance with the strict data security measures described in Section 7 of this Policy.
1.3 Financial & Transaction Data
When you make deposits or withdrawals on d17, we collect transaction data including: the payment method used (e.g., bKash, Nagad, Rocket, Upay, Visa, Mastercard); transaction amounts in BDT; transaction timestamps; and transaction reference numbers. We do not store full card numbers or mobile banking PINs — payment processing is handled by our certified payment partners, who maintain their own security standards.
1.4 Gaming & Betting Activity Data
We maintain records of your gaming activity on d17, including: games played and bet amounts; wins and losses; session start and end times; and bonus claims and wagering progress. This data is used for account management, responsible gaming monitoring, dispute resolution, and fraud prevention.
1.5 Technical & Device Data
When you access d17 via a web browser or mobile device, we automatically collect certain technical data, including: your IP address; device type, operating system, and browser version; referring URL; and session duration and page interaction data. This technical data is used for platform security, fraud detection, and service optimisation.
1.6 Communications Data
If you contact our support team via email or live chat, we retain records of that correspondence, including the content of messages and your contact details, for quality assurance, dispute resolution, and regulatory compliance purposes. Support communications are stored for a minimum of two (2) years from the date of the interaction.
| Data Category | Examples | Primary Purpose |
|---|---|---|
| Registration Data | Name, email, date of birth, mobile number | Account creation, age verification |
| KYC Documents | NID, passport, utility bill | Identity verification, AML compliance |
| Financial Data | Payment method, transaction amounts, timestamps | Payment processing, fraud prevention |
| Gaming Activity | Bets placed, games played, session times | Account management, responsible gaming |
| Technical Data | IP address, device type, browser | Security, fraud detection |
| Communications | Support emails, chat transcripts | Dispute resolution, quality assurance |
How We Use Your Data
d17 uses the personal data we collect for specific, clearly defined purposes. We do not use your data for any purpose that is incompatible with the reason it was originally collected. The primary purposes for which d17 processes personal data are set out below.
Account Management & Service Delivery
The most fundamental use of your personal data is to create and manage your d17 account, authenticate your login sessions, process your deposits and withdrawals, and deliver the gaming services you have requested. Without this processing, we cannot provide you with access to the d17 platform.
Identity Verification & Regulatory Compliance
d17 is legally required to verify the identity and age of all registered players. We process KYC data to confirm that account holders are at least 18 years of age, to prevent fraudulent account creation, and to meet anti-money laundering (AML) and counter-terrorism financing (CTF) obligations. This processing is a legal requirement, not optional, and cannot be waived at the player's request.
Responsible Gaming Monitoring
d17 uses gaming activity data — including deposit frequency, bet sizes, session durations, and win/loss patterns — to identify players who may be showing signs of problematic gambling behaviour. Where such indicators are detected, our responsible gaming team may proactively reach out to the player, recommend the use of deposit limits or session alerts, or impose temporary cooling-off periods where necessary to protect the player's wellbeing. For more information on our responsible gaming tools, please visit the Responsible Gaming page.
Fraud Prevention & Platform Security
Technical and transaction data is analysed to detect and prevent fraudulent activity, including account takeover attempts, bonus abuse, money laundering, and unauthorised access. d17 employs automated fraud detection systems that flag unusual patterns for manual review by our compliance team. Where fraud is confirmed, we may share relevant data with law enforcement or financial intelligence authorities as required by law.
Customer Support
When you contact d17 support, we use your account information and communications history to resolve your query efficiently and accurately. Support interactions may be reviewed by our quality assurance team to maintain service standards and to train support staff.
Marketing Communications (Opt-In Only)
If you have explicitly opted in to marketing communications during registration or through your account preferences, d17 may send you promotional emails about new games, seasonal offers (such as Eid bonuses or BPL cricket promotions), and platform updates. You may withdraw your consent to marketing communications at any time by updating your account preferences or by contacting . Withdrawal of marketing consent does not affect the processing of data for the other purposes listed in this section.
Platform Improvement
Aggregated, anonymised technical and usage data helps d17 understand how players interact with the platform, identify performance bottlenecks, and prioritise feature development. This analysis does not identify individual players and is used solely for service improvement purposes.
Lawful Basis for Processing
d17 processes personal data on the following legal bases: (a) contractual necessity — to fulfil our obligations under the player agreement; (b) legal obligation — to comply with AML, KYC, and age verification requirements; (c) legitimate interests — for fraud prevention and platform security; and (d) consent — for optional marketing communications only.
What We Do Not Do
d17 does not sell your personal data to third parties for their own marketing purposes. We do not use your data to build advertising profiles for use by external networks. We do not transfer your data to countries without adequate data protection standards without appropriate safeguards in place.
Data Sharing & Third Parties
In order to deliver a fully functioning gaming platform, d17 works with a number of carefully selected third-party service providers. Each provider is bound by contractual data processing obligations that require them to handle your data securely and only for the specific purpose for which it was shared. The categories of third parties with whom d17 may share your personal data are described below.
Payment Processing Partners
To process your deposits and withdrawals, d17 shares necessary transaction data with our payment partners, including bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, BRAC Bank, and card networks such as Visa and Mastercard. The data shared is limited to what is required to complete the transaction and verify payment authenticity. Each payment partner operates under its own published privacy policy and data security standards.
Identity Verification & KYC Providers
d17 may use third-party identity verification services to assist in validating the documents you submit during the KYC process. These providers process document images and biometric data only for the purpose of identity confirmation and do not retain your data beyond the verification period unless required by law.
Game Content Providers
The games available on d17 are supplied by licensed game studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These providers may receive anonymised session data (such as game round identifiers and stake amounts) for the purpose of game integrity verification, dispute resolution, and regulatory audit. They do not receive your name, address, or payment details.
Customer Support Technology
d17 uses third-party support platform software to manage player enquiries. Support agents who handle your queries may access your account data and communication history as necessary to resolve your issue. This data is not used by the support platform provider for any purpose other than facilitating the support interaction.
Regulatory & Law Enforcement Authorities
d17 is legally required to disclose personal data to competent authorities — including financial intelligence units, law enforcement agencies, and courts — when required to do so by applicable law, court order, or regulatory directive. d17 will, where legally permitted, notify affected players of such disclosures.
Business Transfers
In the event that d17 undergoes a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the successor entity as part of that transaction. In such circumstances, d17 will take reasonable steps to ensure that the successor entity honours the terms of this Privacy Policy in relation to your data.
Data Retention & Storage
d17 retains personal data only for as long as it is necessary for the purposes for which it was collected, or as required by applicable legal or regulatory obligations. The retention periods applicable to each category of data are summarised below.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account & Registration Data | Duration of account + 5 years after closure | Legal / regulatory obligation |
| KYC / Identity Documents | 5 years from account closure | AML / KYC regulatory requirement |
| Transaction Records | 5 years from transaction date | Financial record-keeping obligation |
| Gaming Activity Logs | 3 years from last activity | Dispute resolution / fraud prevention |
| Support Communications | 2 years from last interaction | Quality assurance / dispute resolution |
| Marketing Preferences | Until consent withdrawn + 1 year | Consent record-keeping |
Data Storage Location
d17 stores player data on secure servers. All servers used to store data belonging to Bangladeshi players are subject to appropriate technical and organisational security measures regardless of their physical location. Where data is processed outside of Bangladesh, d17 ensures that adequate data protection safeguards are in place, equivalent in standard to those that would apply under Bangladeshi data protection expectations.
Data Deletion
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be attributed to an identifiable individual. Note that legal retention obligations take precedence over any deletion request made before the minimum retention period has elapsed. Where a player submits a deletion request, d17 will confirm in writing whether the request can be actioned immediately or whether a mandatory retention period applies.
Your Privacy Rights
As a d17 player, you hold a number of rights in relation to the personal data we hold about you. These rights are described below, along with any limitations that may apply.
Right of Access
You have the right to request a copy of the personal data d17 holds about you, along with information about how that data is used, where it is stored, and with whom it has been shared. This is sometimes called a Subject Access Request (SAR). d17 will provide this information in a clear, structured format at no charge.
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected or updated. Many basic details (such as your email address and mobile number) can be updated directly through your d17 account settings. For changes to core identity data (such as your legal name or date of birth), you may be required to submit supporting documentation.
Right to Erasure
You may request the deletion of your personal data where: the data is no longer necessary for the purpose for which it was collected; you have withdrawn consent (where consent was the basis for processing); or the data has been processed unlawfully. Please note that d17 is subject to mandatory data retention obligations under financial and gaming regulations, and these take precedence over erasure requests during the applicable retention period.
Right to Restrict Processing
In certain circumstances — such as where you contest the accuracy of data we hold, or where you have objected to processing and we are assessing that objection — you may request that we temporarily restrict processing of your personal data. During a restriction, d17 will continue to store the data but will not use it for active processing purposes.
Right to Data Portability
Where processing is based on your consent or on contractual necessity, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to request that we transmit that data directly to another service provider where technically feasible.
Right to Object to Marketing
You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time. Upon receipt of a marketing opt-out request, d17 will cease all marketing communications to you within two (2) business days. This does not affect service communications related to your account (such as transaction confirmations or security alerts), which are necessary for account management and cannot be opted out of.
Email with subject "Privacy Rights Request". Include your registered email address and a description of your request. We respond within 30 days.
To protect your data, all privacy rights requests require verification of your identity before we action them. We will ask you to confirm details matching your registered d17 account.
d17 commits to responding to all privacy rights requests within 30 calendar days. For complex or multiple requests, we may extend this period by a further 30 days, and will notify you accordingly.
Data Security Measures
d17 takes the security of your personal data seriously and implements a range of technical and organisational measures designed to protect your information against unauthorised access, accidental loss, destruction, or disclosure. These measures include but are not limited to the following.
Encryption
All data transmitted between your device and the d17 platform is encrypted using Transport Layer Security (TLS) with a minimum of TLS 1.2. Sensitive data at rest — including identity documents and financial records — is encrypted using AES-256 encryption. Encryption keys are managed through a secure key management system and rotated on a regular schedule.
Access Controls
Access to personal data within d17's systems is restricted on a strict need-to-know basis. Staff members are granted access only to the data categories required for their specific role. All internal access to player data is logged and audited. Administrative access to production systems requires multi-factor authentication (MFA).
Infrastructure Security
The d17 platform is hosted on a secure cloud infrastructure with continuous intrusion detection monitoring, automated vulnerability scanning, and regular third-party penetration testing. Security patches are applied on a rapid deployment schedule. Network segmentation and firewall rules are reviewed and updated on a regular basis.
Incident Response
In the event of a confirmed personal data breach that poses a risk to affected players, d17 will notify impacted individuals without undue delay, and will provide details of the nature of the breach, the data categories affected, the likely consequences, and the measures taken or proposed to address the breach. d17 maintains a documented incident response plan that is tested and reviewed annually.
Employee Training
All d17 employees who handle personal data receive mandatory data protection and privacy training as part of their onboarding process and on an annual refresher basis. Staff are trained to recognise phishing attempts, social engineering tactics, and other common vectors for data compromise. Breaches of our internal data handling policies are subject to disciplinary action.
Updates to This Policy
d17 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or platform features. When material changes are made to this Policy, we will notify registered players via email to the address associated with their d17 account, and will update the "Last Updated" date at the top of this page.
Minor or non-material changes — such as clarifications of existing language, corrections of typographical errors, or editorial restructuring that does not affect the substance of the Policy — may be made without direct notification. We encourage all players to review this Privacy Policy periodically to stay informed about how d17 protects your data.
Your continued use of the d17 platform following the publication of an updated Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with any changes to this Policy, you should cease using the platform and may request closure of your account by contacting .
Version History
| Version | Effective Date | Summary of Changes |
|---|---|---|
| 1.0 | January 2026 | Initial publication of the d17 Privacy Policy covering data collection, use, sharing, cookies, retention, player rights, and security measures. |
Contact the Privacy Team
If you have any questions, concerns, or complaints about this Privacy Policy or about how d17 handles your personal data, please contact our privacy team directly:
- Email: (subject line: "Privacy Policy Enquiry")
- Response time: Within 3 business days for general enquiries; within 30 calendar days for formal privacy rights requests
- Operating hours: 24 hours a day, 7 days a week (Bangladesh Standard Time, UTC+6)
d17 takes all privacy-related complaints seriously. If you are not satisfied with our response to your complaint, you may have the right to escalate the matter to the relevant data protection authority in your jurisdiction.
Ready to Experience d17?
Now that you have reviewed our Privacy Policy, you are welcome to explore d17's full range of games — from live cricket betting and premium slots to a complete live casino experience. Fast deposits via bKash and Nagad. 18+ only.