Privacy Policy — How bdromeo Protects Your Data
At bdromeo, your privacy is not a formality — it is a core commitment. This Privacy Policy explains in plain language exactly what personal data we collect, why we collect it, how we store and protect it, and what rights you have over that data as a player on our platform.
Six Commitments We Make to Every Player
Before diving into the full policy text, here is a plain-English summary of the six core privacy commitments that guide how bdromeo handles your personal information every single day.
We collect only the personal data that is genuinely necessary for account operation, identity verification, payment processing, and legal compliance. We do not collect data for the sake of it. If information is not needed, we do not ask for it.
Your data is used only for the specific purposes stated in this Privacy Policy at the time of collection. We will never repurpose your data for unrelated commercial activities without obtaining your fresh, explicit consent first.
All personal data is stored on encrypted servers protected by 256-bit SSL/TLS protocols. Access to stored data is restricted to authorised personnel operating under strict confidentiality obligations. Regular security audits are conducted.
bdromeo does not sell, rent, or trade your personal data to any commercial third party. Data is only shared with vetted service providers who are contractually bound to process it solely on our behalf and strictly within the limits we set.
You have the right to access, correct, download, or request deletion of your personal data at any time. We provide a clear, straightforward process to exercise these rights. All requests are acknowledged within 3 business days and resolved within 30 days.
We will always inform you when this Privacy Policy changes in a way that affects your rights. Significant updates are communicated by email to your registered address. The effective date of the current version is always clearly displayed at the top of this page.
This Privacy Policy ("Policy") applies to all users of bdromeo ("the Platform", "we", "us", "our"). It explains how we collect, use, process, store, share, and protect personal information about you ("the User", "you") when you interact with our website and services. This Policy should be read alongside our Terms & Conditions and Responsible Gaming policy. By registering an account or using the Platform, you acknowledge that you have read and understood this Policy.
1 Data We Collect
bdromeo collects personal data in three primary ways: information you provide directly to us, information we collect automatically when you use the Platform, and information we receive from trusted third-party service providers. The categories of data we collect are described below.
Information You Provide Directly: When you register an account, make a deposit, request a withdrawal, contact support, or participate in a promotion, you may provide us with the following categories of personal data:
- Identity data: Full legal name, date of birth, nationality, and government-issued identification number (National ID, passport, or driving licence number).
- Contact data: Email address, mobile phone number, and residential address (city, district, division within Bangladesh).
- Financial data: bKash or Nagad mobile wallet number, Rocket or Upay account reference, Visa or Mastercard card details (card number, expiry date — we do not store full CVV codes after authorisation).
- Account credentials: Username and hashed password (passwords are never stored in plain text).
- KYC documents: Scanned copies or photographs of government-issued ID documents and proof-of-address documents submitted during verification.
- Communications: Records of your correspondence with our support team via live chat or email, including the content of your messages and the date and time of contact.
Information Collected Automatically: When you access and use bdromeo, our systems automatically record certain technical data about your interaction with the Platform:
| Data Type | What We Collect | Purpose |
|---|---|---|
| Device data | Device type, operating system, browser type and version, screen resolution | Platform optimisation and fraud detection |
| Network data | IP address, approximate geolocation (country and city level), ISP name | Jurisdiction compliance and security monitoring |
| Usage data | Pages visited, games played, bets placed, session duration, click patterns | Service improvement and responsible gaming monitoring |
| Transaction data | Deposit and withdrawal amounts, timestamps, payment method references | AML compliance, financial record-keeping, dispute resolution |
| Cookie data | Session tokens, preference cookies, analytics identifiers | Authentication, personalisation, and site analytics |
Information From Third Parties: We may receive personal data about you from payment processors (bKash, Nagad, Rocket, Upay, Visa, Mastercard) when verifying transactions, from identity verification service providers during KYC checks, and from fraud prevention and AML screening partners. We use this data solely for the purposes of verifying your identity, processing payments, and maintaining the integrity of our platform.
2 How We Use Your Data
bdromeo processes your personal data only where we have a lawful basis for doing so. The lawful bases we rely on are: (a) contractual necessity — processing required to provide the services you have contracted with us for; (b) legal obligation — processing required to comply with applicable laws and regulations; (c) legitimate interests — processing necessary for our legitimate business interests where those interests are not overridden by your rights; and (d) consent — where you have explicitly opted in to a specific processing activity, such as marketing communications.
The specific purposes for which we process your personal data are as follows:
- Account creation and management: We use your identity and contact data to create, maintain, and manage your bdromeo account, including processing password reset requests and account notifications.
- Identity verification (KYC): We use your identity documents and personal details to verify that you meet our eligibility requirements, including the 18+ age restriction and the requirement that you are not on any self-exclusion register.
- Payment processing: We use your financial data to process deposits and withdrawals via your chosen payment method, and to investigate and resolve payment disputes.
- Responsible gaming monitoring: We analyse your betting patterns, session frequency, and deposit behaviour to identify signs of problem gambling and to apply responsible gaming interventions where appropriate, in accordance with our Responsible Gaming policy.
- Anti-money laundering compliance: We are legally required to monitor transactions for suspicious activity and to file reports with relevant authorities where required. This involves automated screening of transaction data against sanctions lists and risk-scoring models.
- Customer support: We use your contact data and communication records to respond to your support enquiries, resolve disputes, and improve the quality of our support service.
- Platform security and fraud prevention: We use device data, IP addresses, and usage patterns to detect and prevent fraud, account takeover attacks, multi-accounting, and other security threats.
- Marketing communications (with consent only): If you have opted in to marketing communications, we use your email address and preferences to send you personalised promotional offers, tournament announcements, and seasonal promotions (such as BPL season offers or Eid bonuses). You may withdraw this consent at any time by using the unsubscribe link in any marketing email.
- Service improvement and analytics: We use aggregated and anonymised usage data to understand how players interact with bdromeo and to make improvements to the platform's design, performance, and game selection.
While we use automated systems for fraud detection and AML screening, any decision that significantly affects your account — such as a withdrawal hold or account restriction — is reviewed by a human member of our compliance team before being finalised. You have the right to request a human review of any automated decision.
3 Cookies & Tracking
bdromeo uses cookies and similar tracking technologies to ensure the Platform functions correctly, to remember your preferences, to keep you securely logged in, and to gather anonymised analytics about how our pages are used. A cookie is a small text file placed on your device by your web browser when you visit a website. Cookies do not contain executable code and cannot access other data on your device.
We use the following categories of cookies on bdromeo:
- Strictly necessary cookies: These are essential for the Platform to operate. They include session authentication tokens that keep you logged in as you navigate between pages, CSRF protection tokens that prevent cross-site request forgery attacks, and load balancing cookies that ensure consistent server routing. These cookies cannot be disabled without breaking core site functionality.
- Functional cookies: These remember your preferences, such as your preferred language, the last game category you visited, and whether you have dismissed certain notifications. Disabling these cookies will not prevent you from using the Platform, but may reduce the quality of your experience.
- Analytics cookies: We use anonymised analytics cookies to understand aggregate user behaviour — which pages are most visited, which game categories are most popular, and where users encounter difficulties. This data is used to improve the Platform. Analytics data is aggregated and does not identify you as an individual.
- Security and fraud-detection cookies: These cookies help us identify suspicious patterns such as multiple accounts accessing the Platform from the same device, or login attempts from unusual locations. They are part of our fraud prevention infrastructure and cannot be disabled.
Most web browsers allow you to control cookies through their settings. You can configure your browser to refuse all cookies, to accept only first-party cookies, or to alert you when a cookie is being set. Please note that disabling cookies may impair the functionality of bdromeo, including your ability to log in and access your account. For guidance on managing cookies in your specific browser, please consult your browser's help documentation.
We do not use cross-site tracking pixels, third-party advertising networks, or social media tracking scripts on bdromeo. Our analytics are conducted using first-party data only, which means your browsing activity on our Platform is not shared with external advertising platforms.
4 Data Sharing & Third Parties
bdromeo does not sell, rent, or otherwise commercialise your personal data. We share your data only in the specific circumstances described below, and only to the minimum extent necessary for the stated purpose.
Payment Processing Partners: When you make a deposit or request a withdrawal, we share the minimum necessary financial data with your chosen payment provider (bKash, Nagad, Rocket, Upay, Visa, or Mastercard) to execute the transaction. These providers operate under their own privacy policies and are regulated by the Bangladesh Bank or relevant financial regulators. bdromeo is not responsible for the data practices of payment providers once data has been transmitted to them for transaction processing.
Identity Verification Providers: To comply with our KYC obligations, we may share your identity documents and personal details with regulated third-party identity verification services. These providers are contractually prohibited from using your data for any purpose other than completing the verification on our behalf, and they operate under strict data security standards.
Game Technology Providers: The casino and sports betting games on bdromeo are powered by third-party providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Ezugi, and Spribe. These providers may receive anonymised player session data (such as a pseudonymous player ID and game event logs) for the purpose of game delivery and fairness auditing. They do not receive your name, contact details, or payment information.
Legal and Regulatory Authorities: We are legally obligated to share certain data with law enforcement, financial intelligence units, or regulatory bodies when required by applicable law, court order, or regulatory direction. We will not notify you of such disclosures where we are legally prohibited from doing so.
Business Transfers: In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred to the acquiring entity as part of that transaction. We will notify you via email and via a prominent notice on the Platform before any such transfer takes place, and you will have the opportunity to exercise your data rights at that time.
Your personal information is never sold, licensed, or traded to commercial third parties for advertising, profiling, or any other commercial purpose. Every third party that receives your data is contractually bound to use it only for the specific purpose for which it was shared.
5 Data Retention
We retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, to maintain our contractual relationship with you, and to comply with our legal obligations. The specific retention periods we apply are as follows:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account & identity data | Duration of account + 5 years after closure | Legal obligation (AML regulations) |
| Financial transaction records | 7 years from transaction date | Financial record-keeping requirements |
| KYC documents | 5 years after account closure | AML and identity verification compliance |
| Customer support communications | 3 years from last interaction | Dispute resolution and quality assurance |
| Marketing preferences & opt-in records | Duration of consent + 2 years | Consent management compliance |
| Analytics & usage data (anonymised) | Up to 36 months | Platform improvement (anonymised, no personal identifiers) |
Once the applicable retention period has expired, personal data is securely deleted or irreversibly anonymised. Anonymised data (which can no longer be linked back to you as an individual) may be retained indefinitely for statistical and business intelligence purposes.
If you request deletion of your account and personal data before the end of a retention period that is legally mandated (for example, the 5-year AML retention requirement), we will close your account and restrict access to your data, but we will retain the minimum data required to satisfy our legal obligations for the duration of those obligations before completing the deletion.
6 Your Privacy Rights
As a user of bdromeo, you have the following rights in relation to your personal data. These rights are not absolute — some are subject to legal exceptions — but we will always respond to your request promptly and explain our reasoning clearly if we are unable to fulfil it in full.
- Right of access: You have the right to request a copy of all personal data we hold about you. We will provide this in a structured, commonly used format (typically a PDF or CSV file) within 30 days of your request. The first copy is provided free of charge; subsequent copies within a 12-month period may incur a reasonable administrative fee.
- Right to rectification: If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. For example, if your legal name has changed due to marriage, you may submit updated documentation and request that we update your account records accordingly.
- Right to erasure ("right to be forgotten"): You may request that we delete your personal data. We will action this request subject to our legal retention obligations. Data that we are legally required to retain will be flagged and restricted from further processing rather than deleted, and will be permanently erased once the applicable retention period expires.
- Right to restrict processing: You may request that we restrict the processing of your personal data in certain circumstances — for example, while a dispute about the accuracy of your data is being resolved, or where you object to processing based on legitimate interests while we assess your objection.
- Right to data portability: Where your data has been processed on the basis of your consent or on a contractual basis, you have the right to receive it in a structured, machine-readable format and to transfer it to another service provider.
- Right to object: You have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis. You also have an absolute right to object to the processing of your data for direct marketing purposes at any time.
- Rights related to automated decision-making: You have the right not to be subject to a decision that has significant legal or similarly significant effects on you and that is based solely on automated processing. Where automated decisions affect your account, you may request a manual review by a member of our compliance team.
To exercise any of the above rights, please contact our Data Privacy team. You may submit your request in writing by emailing support@bdromeo (plain text — not a clickable link) with the subject line "Data Privacy Request". Please include your full registered name, the email address associated with your account, and a clear description of the right you wish to exercise. We will acknowledge your request within 3 business days and will respond in full within 30 calendar days.
To protect your data, we require identity verification before processing any access, erasure, or portability request. We will ask you to confirm your registered email address and may ask for one additional piece of verification (such as the last four digits of your registered bKash number). This is to ensure your data is not disclosed to or deleted by an unauthorised third party.
7 Data Security Measures
bdromeo implements a layered, defence-in-depth approach to data security. We recognise that the personal and financial data of our players is sensitive, and we invest significantly in maintaining robust technical and organisational security measures to protect that data from unauthorised access, loss, or misuse.
Technical Security Measures:
- Encryption in transit: All data transmitted between your device and bdromeo's servers is encrypted using TLS 1.2 or TLS 1.3 protocols. Our HTTPS certificate is maintained with a 256-bit encryption standard. You can verify this by checking for the padlock symbol in your browser's address bar.
- Encryption at rest: Sensitive data stored on our servers — including identity documents, KYC records, and financial data — is encrypted at rest using AES-256 encryption. This means that even in the event of an unauthorised server access, the data cannot be read without the decryption keys, which are stored separately and subject to strict access controls.
- Password security: User passwords are never stored in plain text. We use a one-way cryptographic hashing algorithm with per-user salting to store password credentials. This means that even our own system administrators cannot read your password.
- Access controls: Access to production databases and servers containing personal data is restricted to a small number of authorised personnel and is governed by role-based access control (RBAC) policies. All administrative access is logged and subject to audit.
- Penetration testing: We conduct regular penetration testing and vulnerability assessments of our Platform's infrastructure, carried out by qualified independent security researchers. Critical vulnerabilities are remediated within 72 hours of discovery.
Organisational Security Measures:
- All staff with access to personal data are required to undergo data protection training and sign confidentiality agreements.
- Data access is granted on a need-to-know basis only. Customer support agents can view account-level data required to resolve support queries but cannot access payment card numbers or KYC document images without an escalated approval.
- We maintain an incident response plan that specifies procedures for detecting, containing, and reporting data breaches. In the event of a breach that poses a risk to your rights, we will notify affected users as soon as practicably possible.
While we take every reasonable precaution to protect your data, no method of internet transmission or electronic storage is completely secure. We cannot guarantee absolute security, but we commit to maintaining industry-standard protections and to notifying you promptly in the event of any incident that affects your personal data.
8 Policy Updates & Contact
Updates to This Policy: We review this Privacy Policy periodically and update it when necessary to reflect changes in our data processing practices, changes in applicable law, or improvements to our platform. The "Last Updated" date at the top of this page indicates when the most recent revision was made. For changes that are material — meaning they affect your rights or how your data is used in a significant way — we will notify you by email to your registered address at least 14 days before the changes take effect. Your continued use of bdromeo after the effective date of any update constitutes your acceptance of the revised Policy.
Minor changes (such as corrections to typographical errors, clarifications that do not affect the substance of the Policy, or the addition of new payment methods that are processed in the same manner as existing ones) may be made without advance notice, though the "Last Updated" date will always be revised to reflect any change.
Contact Our Data Privacy Team: If you have any questions, concerns, or requests in relation to this Privacy Policy or the manner in which bdromeo processes your personal data, you may contact our Data Privacy team at:
- Email: support@bdromeo (plain text — not a clickable link)
- Response time: Data privacy enquiries are acknowledged within 3 business days and resolved within 30 calendar days.
- Subject line: Please use "Privacy Policy Query" or "Data Privacy Request" in your subject line to ensure your message is routed to the correct team.
We take all data privacy enquiries seriously and will work constructively to address your concerns. If, after contacting us, you remain unsatisfied with how we have handled your data privacy concern, you have the right to raise the matter with the relevant data protection authority in your jurisdiction.
Our support team is available 24 hours a day, 7 days a week. For general account or payment queries, use our live chat. For data privacy-specific requests, email us with the subject line "Data Privacy Request" and we will route your query to our dedicated Data Privacy team.
Your Privacy Is Protected — Now Enjoy the Platform
Now that you understand how bdromeo handles your data, explore our full range of cricket betting, casino games, and slots — all in a safe, secure, and fair-play certified environment.