Privacy Policy — cv365
Your privacy matters at cv365. This Privacy Policy explains exactly what personal data we collect when you use Bangladesh's leading English-language casino and betting platform, why we collect it, how we store and protect it, and what rights you hold over your own information.
How cv365 Approaches Your Privacy
Before diving into the full policy, here is a plain-English summary of the six core principles that guide how cv365 handles your personal data.
Data Minimisation
cv365 collects only the personal data that is strictly necessary to operate your account, process payments, verify your identity, and comply with responsible gaming obligations. We do not collect data "just in case".
No Data Selling
cv365 never sells, rents, or auctions your personal data to any third party for marketing, advertising, or commercial profiling purposes. Your information is used solely to operate and improve the cv365 platform.
End-to-End Encryption
All data transmitted between your device and the cv365 platform is protected by industry-standard 256-bit SSL/TLS encryption. Sensitive fields such as passwords are stored using one-way cryptographic hashing and are never readable by cv365 staff.
Your Rights Are Respected
You have the right to access, correct, export, or request deletion of the personal data cv365 holds about you. Requests are processed within 30 days and at no cost to you. Contact the support team at [email protected] to exercise these rights.
Defined Retention Periods
cv365 retains personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable regulatory and financial record-keeping obligations. Account data is deleted within 60 days of confirmed account closure where no legal hold applies.
Breach Notification
In the event of a personal data breach that poses a risk to your rights, cv365 will notify affected players within 24 hours of the breach being identified. Notifications will be sent to the email address registered on your account.
Data We Collect
cv365 collects personal data in several ways — directly from you during registration and gameplay, automatically through your use of the platform, and from trusted third-party verification services.
When you register a cv365 account, you provide us with your full legal name, date of birth, country and city of residence (within Bangladesh), a valid email address, and a registered Bangladesh mobile number. This information is required to create and maintain your account, verify your identity, and comply with our responsible gaming obligations.
When you complete the Know Your Customer (KYC) verification process, you provide documentary evidence including copies of your national identification card, passport or driver's licence, and proof of your registered address such as a utility bill or bank statement. Where you use a mobile wallet such as bKash or Nagad as a payment method, you also provide the mobile number associated with that wallet. These documents are processed for identity and age verification purposes only.
When you contact the cv365 support team via live chat or email, we retain a record of that correspondence, including the content of your messages, timestamps, and any attachments you provide. This record is kept to maintain a full service history and to resolve any disputes that may arise.
When you access the cv365 platform, our servers automatically log certain technical data including your IP address, browser type and version, operating system, device type, screen resolution, referring URL, pages visited, time spent on each page, and timestamps of all platform interactions. This data is collected via server logs and analytics tools and is used to maintain platform security, detect fraudulent access patterns, and improve the user experience for Bangladeshi players.
cv365 also collects gameplay data including game titles played, bet amounts, session durations, win/loss outcomes, and bonus activity. This data is used to personalise your platform experience, populate your account history dashboard, and fulfil our responsible gaming monitoring obligations. Unusual betting patterns may trigger a responsible gaming review.
cv365 may receive personal data about you from trusted third-party service providers in limited circumstances. These include identity verification agencies that assist with KYC processing, payment processing partners (bKash, Nagad, Rocket, Upay, Visa, Mastercard) that confirm transaction details, and fraud prevention services that flag high-risk account activity. Data received from third parties is subject to the same protections as data you provide directly and is not used for any purpose beyond those stated in this Privacy Policy.
Data Categories Collected
- Full name and date of birth
- Email address
- Bangladesh mobile number
- City and country of residence
- KYC identity documents
- Payment method details
- IP address and device data
- Gameplay and session data
- Support correspondence
- Cookie and tracking data
How We Use Your Data
cv365 uses the personal data it collects for specific, documented purposes. We do not use your data in ways that go beyond what is described in this section.
The primary purpose for which cv365 uses your personal data is to operate and maintain your account. This includes creating your account, authenticating your login sessions, processing deposits and withdrawals through your nominated payment methods (bKash, Nagad, Rocket, Upay, Visa, Mastercard), maintaining your transaction history, awarding bonuses and applying wagering requirement tracking, and providing customer support. Without this data, cv365 cannot deliver its core service to you.
cv365 uses the identity and address documents you provide during KYC verification to confirm that you are who you say you are, that you are at least 18 years of age, and that the payment methods you use belong to you. This data is also used to detect and prevent fraudulent activity including multi-account abuse, chargeback fraud, and the use of stolen payment credentials. Where fraud is detected, cv365 may share relevant data with payment network fraud teams and, where required by law, with relevant authorities.
cv365 is committed to responsible gaming. We use your gameplay data — including session length, bet frequency, deposit patterns, and loss history — to monitor for signs that gambling may be causing you harm. Where our systems identify a pattern consistent with problem gambling, the cv365 responsible gaming team may contact you by email or in-platform notification to offer support tools including deposit limits, session time reminders, cool-off periods, and self-exclusion. This monitoring activity is carried out in your interest and forms a core part of our responsible gaming obligations.
cv365 uses aggregated and anonymised platform usage data to understand how players interact with the site, which game categories are most popular among Bangladeshi players, which features are underused, and where technical issues are most likely to occur. This analytics activity uses data in an aggregated form that cannot be used to identify individual players. Where personalised analytics are used — for example, to recommend game categories you may enjoy — they are based solely on your own gameplay history and are not shared with any third party.
With your explicit consent, cv365 may send you promotional emails, SMS messages, or in-platform notifications about new games, upcoming BPL and T20 World Cup betting markets, seasonal promotions (such as Eid or Pohela Boishakh special offers), and deposit bonus offers. You may withdraw your consent to marketing communications at any time by updating your notification preferences in the account dashboard or by contacting the support team at [email protected]. Withdrawing marketing consent does not affect the legal processing of data for account management or regulatory compliance purposes.
Purposes — Summary
- Account creation and management
- Deposit and withdrawal processing
- KYC identity verification
- Fraud detection and prevention
- Responsible gaming monitoring
- Platform analytics (aggregated)
- Marketing (with your consent)
- Sale of data to third parties
- Profiling for external advertisers
Legal Basis for Processing
Every data processing activity at cv365 is carried out on one of the following recognised legal bases. We process your data only where we have a valid legal ground to do so.
Contractual Necessity: The majority of cv365's data processing activity is necessary to perform the contract between you and cv365 — that is, to operate your account and provide the gaming and betting services you have signed up for. This includes processing your registration details, handling deposits and withdrawals, maintaining your game history, and applying bonuses. Without processing this data, cv365 cannot fulfil its contractual obligations to you.
Legitimate Interests: cv365 processes certain data on the basis of its legitimate business interests where those interests are not overridden by your own privacy rights. This includes fraud detection, platform security, abuse prevention, and aggregated analytics used to improve the platform. In each case, cv365 has assessed that its legitimate interest is proportionate and does not disproportionately affect your privacy rights.
Legal Obligation: cv365 processes and retains certain data because it is required to do so under applicable law. This includes financial transaction records retained for anti-money laundering compliance, KYC documentation retained for identity verification regulatory requirements, and responsible gaming records. These retention obligations override any request for early deletion.
Consent: Where cv365 processes your data for marketing communications or optional personalisation features, it does so on the basis of your freely given, informed, and specific consent. You may withdraw consent at any time without affecting the lawfulness of processing that took place before the withdrawal, or processing carried out on another legal basis.
| Processing Activity | Legal Basis |
|---|---|
| Account registration and operation | Contract |
| Payment processing (bKash, Nagad, etc.) | Contract |
| KYC identity verification | Legal Obligation |
| Fraud detection and prevention | Legitimate Interest |
| Responsible gaming monitoring | Legal Obligation |
| Platform analytics (aggregated) | Legitimate Interest |
| Marketing communications | Consent |
| Financial record retention | Legal Obligation |
Four Legal Bases Used
- Contract — core account services
- Legitimate Interest — security & analytics
- Legal Obligation — KYC & compliance
- Consent — marketing & optional features
Cookies and Tracking
cv365 uses cookies and similar tracking technologies to keep your session active, remember your preferences, and understand how the platform is used. Here is a full breakdown of the cookies we use.
Cookies are small text files that a website places on your device when you visit it. They allow the site to recognise your device on subsequent visits and to remember information about your session. cv365 uses first-party cookies (set directly by cv365) and, in limited circumstances, third-party cookies set by our service provider partners for fraud detection and analytics purposes.
Strictly Necessary Cookies: These cookies are essential for the cv365 platform to function. They maintain your login session, preserve your account state between pages, protect against cross-site request forgery (CSRF) attacks, and enable the payment flow between your device and our payment partners. You cannot opt out of strictly necessary cookies while using the platform, as they are required for its basic operation.
Functional Cookies: These cookies remember your platform preferences such as your selected game category, display settings, and notification preferences. They improve your experience by ensuring you do not have to re-enter preferences on each visit. Functional cookies can be disabled in your browser settings, though doing so may affect some platform features.
Analytics Cookies: cv365 uses anonymised analytics cookies to understand aggregate usage patterns — for example, which game categories are most visited by players in Dhaka compared to Chittagong. This data is used in aggregate form only and cannot be used to identify individual players. You may opt out of analytics cookies by contacting our support team.
Fraud Prevention Cookies: Our payment and fraud prevention service partners set cookies that help identify unusual or high-risk device behaviour patterns consistent with automated attacks or stolen credential use. These cookies are strictly necessary for platform security and cannot be disabled.
| Cookie Type | Required |
|---|---|
| Strictly Necessary | Always On |
| Functional | Optional |
| Analytics | Optional |
| Fraud Prevention | Always On |
| Marketing / Ad | Not Used |
Data Sharing and Disclosure
cv365 does not sell your personal data. However, we do share limited data with trusted third-party service providers who help us operate the platform. Here is a transparent account of who receives your data and why.
cv365 works with a small number of carefully selected third-party service providers who process personal data on our behalf in order to deliver platform functionality. These include payment processors (bKash, Nagad, Rocket, Upay, Visa, Mastercard) who handle the technical routing of deposits and withdrawals; KYC verification partners who validate identity documents submitted during account opening; cloud infrastructure providers who host the cv365 platform and its databases; and customer support technology providers who power the live chat function. All service providers are bound by data processing agreements that prohibit them from using your data for any purpose other than delivering the specific service for which they have been engaged.
When you play a game provided by one of our studio partners — including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, or Ezugi — limited session data (such as a pseudonymous session token and bet amounts) is transmitted to the game provider's servers to render the game and settle the round. This data transfer is technically necessary for game delivery. Game providers do not receive your name, email, mobile number, or payment details. The pseudonymous session token cannot be used by the game provider to identify you outside of the cv365 platform context.
cv365 may disclose your personal data to law enforcement agencies, regulatory bodies, or other authorised third parties where it is legally required to do so, or where disclosure is necessary to protect the rights, property, or safety of cv365, its players, or third parties. This includes disclosures made in connection with fraud investigations, anti-money laundering compliance enquiries, and sporting integrity investigations. cv365 will not make such disclosures beyond what is required or permitted by applicable law, and will not notify you of such a disclosure where doing so would prejudice a lawful investigation.
Who Receives Your Data
- bKash / Nagad / Rocket — payment routing
- Visa / Mastercard — card processing
- KYC partners — identity verification
- Cloud host — platform infrastructure
- Support tech — live chat delivery
- Game providers — session tokens only
- Authorities — legal obligation only
- Ad networks — never
- Data brokers — never
- Social media platforms — never
Data Retention
cv365 retains your personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable regulatory obligations. The table below summarises the retention periods that apply to each category of data.
Where an account is closed by the player and no legal hold applies, cv365 will delete or anonymise account data within 60 days of the confirmed closure date. Where a legal hold does apply — for example, because a transaction is under fraud investigation or because financial records must be retained for regulatory compliance — the relevant data will be retained for the duration of the hold and deleted promptly once the hold is lifted.
Data that has been anonymised — that is, processed in such a way that it can no longer be linked to any identifiable individual — is not subject to the retention periods below and may be retained indefinitely for aggregated analytics purposes.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 60 days post-closure | Contract |
| KYC identity documents | 5 years from account closure | Legal Obligation |
| Financial transaction records | 5 years from transaction date | Legal Obligation |
| Gameplay and session history | Duration of account + 60 days post-closure | Contract |
| Support correspondence | 3 years from last interaction | Legitimate Interest |
| Marketing consent records | Until consent is withdrawn + 1 year | Consent |
| Server and access logs | 90 days rolling | Legitimate Interest |
| Self-exclusion records | Permanent (cannot be deleted) | Legal Obligation |
Key Retention Facts
- Account data deleted 60 days after closure
- KYC docs kept 5 years (regulatory)
- Transaction records kept 5 years
- Self-exclusion records kept permanently
- Anonymised data kept indefinitely
Your Privacy Rights
As a cv365 player, you hold the following rights in relation to the personal data we hold about you. All requests are processed free of charge within 30 days of receipt.
Right of Access
You have the right to request a copy of all personal data that cv365 holds about you. Requests can be made by emailing [email protected] with the subject line "Data Access Request". We will provide a structured, machine-readable export of your data within 30 days.
Right to Rectification
If any personal data cv365 holds about you is inaccurate or incomplete, you have the right to request that it be corrected. For most account details, you can update your information directly in the account settings dashboard. For KYC documents, contact the support team.
Right to Erasure
You have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, or where you have withdrawn consent and no other legal basis applies. Data subject to a legal retention obligation will be retained for the required period before deletion.
Right to Restrict Processing
You may request that cv365 restrict the processing of your personal data in certain circumstances — for example, while the accuracy of data is being contested, or while you await the outcome of an objection to processing based on legitimate interests. During a restriction, cv365 will store but not actively process the relevant data.
Right to Data Portability
For data that you provided to cv365 and that is processed on the basis of contract or consent, you have the right to receive a structured, commonly used, machine-readable copy of that data. This right allows you to transfer your data to another service provider of your choice.
Right to Object
You have the right to object to cv365 processing your personal data on the basis of legitimate interests, including profiling. You also have the absolute right to object to your data being used for direct marketing at any time, and cv365 must stop using your data for that purpose immediately upon receiving your objection.
Data Security
cv365 applies technical and organisational measures proportionate to the risk posed by each category of data it processes. The following security controls are in place to protect your personal information.
All data in transit between your device and the cv365 platform is encrypted using TLS 1.2 or higher with 256-bit key strength. The cv365 platform enforces HTTPS on all endpoints; unencrypted HTTP connections are automatically redirected. Database connections between platform application servers and data stores use encrypted channels. Database backups are encrypted at rest using AES-256 and stored in geographically separate locations to ensure resilience.
Passwords are never stored in plaintext. cv365 uses a strong, salted one-way hashing algorithm to store password credentials, meaning that even internal cv365 staff cannot read your password. If you forget your password, it cannot be retrieved — only reset via the verified email address on your account.
Access to systems holding personal data is restricted to cv365 staff and service provider personnel who have a documented need to access that data in order to perform their role. All internal access is logged and subject to periodic access rights review. Multi-factor authentication is required for all staff accessing production systems.
cv365 maintains internal data protection policies and provides data protection training to all staff who handle personal data. Staff are subject to confidentiality obligations that survive their employment with cv365. Third-party service providers who process personal data on cv365's behalf are assessed for security compliance before engagement and are bound by contractual data processing agreements.
cv365 conducts periodic internal security assessments to identify and address vulnerabilities in the platform. Where a vulnerability is identified that could expose player data, it is treated as a critical priority and remediated before the affected system is returned to full operation.
While cv365 applies robust technical security controls, account security also depends on the choices you make. You are responsible for keeping your cv365 login credentials confidential. Do not share your username or password with anyone, including persons claiming to be cv365 staff — cv365 staff will never ask for your password. Use a strong, unique password for your cv365 account that is not used on any other service. If you believe your account credentials have been compromised, contact the cv365 support team immediately at [email protected] so that your account can be secured promptly.
Security Controls in Place
- TLS 1.2+ / 256-bit encryption in transit
- AES-256 encryption at rest
- Salted one-way password hashing
- Role-based access controls
- Multi-factor auth for staff systems
- Full internal access logging
- Encrypted off-site backups
- Periodic security assessments
- 24-hour breach notification policy
Your Privacy Is Protected — Play With Confidence at cv365
Now that you understand how cv365 handles your personal data, you can enjoy Bangladesh's leading English-language casino and sports betting platform knowing your information is safe, your rights are respected, and your data is never sold.
18+ only. Gambling involves risk. Please play responsibly. Self-exclusion tools available to all registered players.