The following constitutes the complete and legally operative Privacy Policy of hibaje. By using the hibaje platform you agree to the data practices described herein.
Section 1
Introduction
This Privacy Policy ("Policy") describes how hibaje ("hibaje", "we", "us", "our") collects, uses, stores, discloses, and protects personal data relating to individuals ("you", "Player", "User") who visit the hibaje website at hibaje.biz or who register and use the hibaje online casino and sports betting platform (the "Service").
hibaje is committed to handling personal data responsibly and in accordance with applicable data protection principles. We collect only the data that is genuinely necessary for the purposes described in this Policy, we store it securely, and we do not sell it to third parties.
This Policy should be read alongside hibaje's Terms and Conditions and Responsible Gaming Policy, which together form the complete framework governing your relationship with hibaje. By creating a hibaje account or using the Service in any way, you acknowledge that you have read and understood this Privacy Policy and that you consent to the data practices described herein.
Note for Bangladeshi Players: hibaje is operated as an international online entertainment platform. When you use hibaje from Bangladesh, your personal data is processed in accordance with the data protection principles described in this Policy. hibaje applies internationally recognised data protection standards to all player data regardless of the player's country of residence.
Section 2
Personal Data We Collect
hibaje collects the following categories of personal data from players:
Identity & Contact Data:
- Full legal name as it appears on your national identity card or passport.
- Date of birth (used to verify that you are 18 years of age or older).
- Mobile telephone number registered in your name.
- Email address.
- Physical address (required for certain verification procedures).
-
Copies of identity documents submitted for verification (national ID card, passport, driver's licence).
Financial & Payment Data:
- Mobile wallet numbers associated with bKash, Nagad, Rocket, or Upay accounts used for deposits and withdrawals.
- Bank account details where bank transfer is used as a payment method.
- Partial payment card details (last four digits and card type) where Visa or Mastercard is used.
- Transaction history including deposit amounts, withdrawal amounts, dates, and reference numbers.
Account & Activity Data:
- Your hibaje username and encrypted password.
- Betting history, game history, and wagering records.
- Bonus and promotion usage records.
- Responsible gaming tool settings, including any deposit limits, loss limits, or self-exclusion periods you have applied to your account.
- Customer support correspondence, including the content of emails and live chat transcripts.
Technical & Device Data:
- IP address at the time of registration and at each subsequent login.
- Device type, operating system, and browser type and version.
- Session duration, pages visited, and features used during each visit to the hibaje platform.
- Cookie identifiers and similar tracking data as described in Section 9 of this Policy.
Sensitive Data: hibaje does not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, biometric data, or health information. If you voluntarily disclose such information — for example, in a customer support enquiry — hibaje will handle it with heightened care and will not use it for any purpose other than responding to your enquiry.
Section 3
How We Collect Your Data
hibaje collects personal data through the following channels:
- Direct collection: Data you provide when you register an account, complete identity verification, make a deposit or withdrawal, contact customer support, or participate in a promotion.
- Automated collection: Data collected automatically when you visit and interact with the hibaje website, including IP addresses, session data, and cookie data. This collection occurs regardless of whether you are logged in to your account.
- Third-party sources: Data received from identity verification partners when we carry out Know Your Customer (KYC) checks, and data received from payment processors (such as bKash, Nagad, and Rocket) in connection with transaction processing and fraud prevention.
- Publicly available sources: In limited circumstances, hibaje may consult publicly available sources — such as sanctions lists, politically exposed persons (PEP) registers, and adverse media databases — as part of our anti-money-laundering compliance obligations.
Section 4
Legal Basis for Processing Your Data
hibaje processes your personal data on the following legal grounds:
- Contractual necessity: Processing that is necessary to provide the Service to you under the hibaje Terms and Conditions, including account management, transaction processing, and customer support.
- Legal obligation: Processing required to comply with applicable legal requirements, including anti-money-laundering (AML) obligations, Know Your Customer (KYC) verification requirements, and fraud prevention obligations.
- Legitimate interests: Processing carried out for hibaje's legitimate business interests, such as improving platform security, detecting and preventing fraud and cheating, conducting internal analytics to improve the Service, and enforcing our Terms and Conditions — provided that those interests are not overridden by your privacy rights.
- Consent: Processing based on your freely given, specific, and informed consent, such as sending you promotional communications about hibaje offers. You may withdraw this consent at any time by contacting [email protected].
Section 5
How We Use Your Personal Data
hibaje uses the personal data we collect for the following specific purposes:
- To register and manage your hibaje account, including verifying your identity and age as required before account activation.
- To process your deposits and withdrawals via bKash, Nagad, Rocket, Upay, Visa, Mastercard, and bank transfer, and to maintain accurate records of all financial transactions on your account.
- To detect, investigate, and prevent fraud, money laundering, cheating, bonus abuse, and other forms of misconduct on the hibaje platform.
- To provide you with customer support, including responding to your enquiries, complaints, and requests via email and live chat.
- To administer responsible gaming tools on your account, including deposit limits, loss limits, cooling-off periods, and self-exclusion, and to enforce those tools in accordance with your instructions.
- To send you account-related communications, including transaction confirmations, security alerts, and updates to hibaje's Terms, Privacy Policy, and other policies.
- To send you promotional communications about hibaje bonuses, offers, and new features — only where you have consented to receive such communications. You may opt out at any time.
- To conduct internal analysis and research for the purpose of improving the hibaje platform, understanding player behaviour in aggregate, and developing new features and services.
- To comply with hibaje's legal and regulatory obligations, including maintaining records as required by applicable anti-money-laundering and financial crime prevention frameworks.
No Data Selling: hibaje does not sell, rent, lease, or otherwise transfer your personal data to third parties for their own marketing or commercial purposes. Your data is used solely in connection with your hibaje account and the operation of the hibaje Service.
Section 6
Data Sharing & Third-Party Processors
hibaje shares personal data with third parties only to the extent necessary to operate the platform and comply with legal obligations. All third-party service providers who receive personal data from hibaje are contractually required to process it only on hibaje's instructions and in accordance with applicable data protection standards. hibaje does not permit third-party processors to use your data for their own independent purposes.
Categories of third parties with whom hibaje shares personal data include:
- Payment processors: bKash, Nagad, Rocket, Upay, Visa, Mastercard, and participating banks (Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, Sonali Bank, and others) — for the purpose of processing your deposits and withdrawals.
- Identity verification services: Third-party KYC and AML compliance providers who assist in verifying your identity and screening against sanctions and PEP lists.
- Game studios: Licensed third-party game providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi, and Play'n GO — who may receive limited technical data (such as session tokens) to deliver their games within the hibaje platform.
- Customer support platforms: Third-party helpdesk and live chat software providers who assist hibaje in delivering customer support services.
- Law enforcement and regulatory authorities: Where hibaje is legally required to disclose personal data in response to a lawful court order, regulatory request, or law enforcement investigation, we will comply with such requirements. Where permitted by law, hibaje will notify you of such a disclosure.
hibaje does not transfer your personal data to any third party located outside of the countries necessary for the operation of the platform without ensuring that appropriate data protection safeguards are in place.
Section 7
Data Retention
hibaje retains personal data for as long as is necessary to fulfil the purposes for which it was collected, subject to the following minimum retention periods:
- Account data and transaction records: Retained for a minimum of five (5) years following the closure or last active use of your hibaje account, in accordance with anti-money-laundering record-keeping requirements.
- Identity verification documents: Retained for a minimum of five (5) years following the completion of the KYC process or account closure, whichever is later.
- Customer support correspondence: Retained for three (3) years from the date of the last communication, or for the duration of any ongoing dispute, whichever is longer.
- Marketing consent records: Retained for as long as your consent remains active. If you withdraw consent, hibaje will retain a record of the withdrawal for three (3) years for compliance purposes but will cease sending marketing communications immediately.
- Technical and device data (logs): Retained for twelve (12) months from the date of collection, except where a longer retention period is required for fraud investigation or legal proceedings.
When the applicable retention period expires and there is no legal basis for continued retention, hibaje will securely delete or anonymise the personal data in question.
Section 8
Data Security
hibaje implements a comprehensive set of technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include:
- Encryption in transit: All data transmitted between your device and hibaje's servers is encrypted using 256-bit Transport Layer Security (TLS). hibaje's website is accessible exclusively over HTTPS.
- Encryption at rest: Sensitive data stored in hibaje's databases — including payment details and identity documents — is encrypted at rest using industry-standard encryption algorithms.
- Password security: Player passwords are never stored in plain text. They are hashed using a strong, salted cryptographic algorithm. hibaje staff cannot retrieve your plain-text password under any circumstances.
- Access controls: Access to personal data within hibaje is restricted to personnel who have a legitimate need to access it for the performance of their duties. All internal access is logged and subject to periodic audit.
- Two-factor authentication: hibaje offers two-factor authentication (2FA) to all registered players. hibaje strongly recommends that all players enable 2FA to provide an additional layer of protection for their accounts.
- Security monitoring: hibaje's platform is monitored continuously for suspicious activity, including unauthorised login attempts, unusual transaction patterns, and potential data breaches.
Despite these measures, no online platform can guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, hibaje will notify affected players without undue delay and will take all reasonable steps to contain and mitigate the impact of the breach.
Your Responsibility: You are responsible for maintaining the confidentiality of your hibaje login credentials. Choose a strong, unique password for your hibaje account and do not share it with anyone. hibaje will never ask you to disclose your password via email, chat, or telephone.
Section 9
Cookies & Tracking Technologies
hibaje uses cookies and similar tracking technologies on its website. A cookie is a small text file placed on your device by the hibaje website when you visit it. Cookies help the platform function correctly, remember your preferences, and understand how players use the Service. hibaje uses the following categories of cookies:
- Strictly necessary cookies: These cookies are essential for the hibaje website to function. They include session cookies that keep you logged in during your visit and security cookies that protect against cross-site request forgery. These cookies cannot be disabled without impairing core platform functionality.
- Performance cookies: These cookies collect anonymised information about how visitors use the hibaje website — such as which pages are visited most frequently and whether error messages are encountered. This data is used solely to improve the platform and is not linked to any individual player's identity.
- Functional cookies: These cookies remember your preferences — such as your preferred language, display settings, and responsible gaming reminders — so that you do not have to re-enter them on each visit.
hibaje does not use third-party advertising cookies, social media tracking pixels, or behavioural profiling cookies. You can manage cookie settings through your browser's privacy preferences. Please note that disabling strictly necessary cookies may prevent some parts of the hibaje platform from functioning correctly.
Section 10
Your Data Rights
Subject to applicable law and certain legal exceptions, you have the following rights with respect to the personal data hibaje holds about you:
- Right of Access: You have the right to request a copy of the personal data hibaje holds about you, together with information about how that data is being processed.
- Right to Rectification: You have the right to request that hibaje correct any inaccurate or incomplete personal data it holds about you. You may also update certain account details directly through your hibaje account settings.
- Right to Erasure: You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where the processing was unlawful. This right is subject to hibaje's legal obligations to retain certain records.
- Right to Restriction of Processing: You have the right to request that hibaje restrict the processing of your personal data in certain circumstances — for example, while a dispute about the accuracy of your data is being resolved.
- Right to Data Portability: Where processing is based on your consent or on a contract with you, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
- Right to Object: You have the right to object to processing based on hibaje's legitimate interests, including profiling for the purpose of improving the Service. You also have an absolute right to object to the processing of your data for direct marketing purposes.
- Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of the above rights, please contact the hibaje data team at [email protected] with the subject line "Data Rights Request". hibaje will acknowledge your request within 48 hours and will respond substantively within 30 calendar days. Where a request is complex or numerous, hibaje may extend this period by a further 30 days, in which case you will be notified of the extension.
hibaje may ask you to verify your identity before processing a data rights request, in order to ensure that personal data is not disclosed to or acted upon at the direction of an unauthorised party.
Section 11
Children's Privacy
The hibaje platform is strictly intended for adults aged 18 years and above. hibaje does not knowingly collect personal data from individuals under the age of 18. The registration process requires players to confirm that they are at least 18 years old, and hibaje conducts age verification checks as part of its KYC procedures.
If hibaje becomes aware that personal data has been collected from a person under the age of 18, that data will be deleted immediately, the associated account will be closed, and any remaining balance will be returned to the originating payment method. If you believe that a minor has registered an account on the hibaje platform, please contact [email protected] immediately so that the matter can be investigated and resolved without delay.
Parents and guardians who are concerned about underage access to online gambling platforms are encouraged to make use of internet filtering and parental control tools. hibaje supports responsible gaming for all eligible players and takes the protection of minors extremely seriously.
Section 12
Changes to This Privacy Policy
hibaje reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, changes in applicable law, or changes to the hibaje Service. When material changes are made to this Policy, hibaje will notify registered players by sending a notification to the email address associated with their account at least seven (7) days before the amended Policy takes effect.
The effective date at the top of this Policy will be updated each time a new version is published. The version of this Policy currently published at hibaje.biz/privacy-policy constitutes the operative version. Previous versions are available on request by contacting [email protected].
Your continued use of the hibaje platform after the effective date of any amendment constitutes your acceptance of the updated Privacy Policy. If you do not agree with any change to this Policy, you should cease using the hibaje platform and close your account before the amended Policy takes effect.
Section 13
Contact & Data Requests
If you have any questions, concerns, or complaints about this Privacy Policy or about how hibaje handles your personal data, please contact the hibaje data protection team using the details below:
- Email: [email protected] — subject line: "Privacy Enquiry" or "Data Rights Request"
- Response Time: Acknowledgement within 48 hours; substantive response within 30 calendar days
- Support Hours: 24 hours a day, 7 days a week (Bangladesh Standard Time, UTC+6)
For questions about account security or to report suspected unauthorised access to your account, please contact [email protected] immediately with the subject line "Account Security". For questions specifically about responsible gaming tools or self-exclusion, please visit the Responsible Gaming page.
Effective Date: This Privacy Policy is effective as of 1 January 2026 and supersedes all previous versions of the hibaje Privacy Policy. All data collected prior to this date remains subject to the privacy protections described herein.