ac366 Privacy Policy
Your personal data belongs to you. This Privacy Policy explains exactly what information ac366 collects when you use our betting and casino platform, how we use it, who we share it with, and what rights you have over it — all written in plain English.
SSL Encryption
All data transmitted between your device and ac366.app is protected by 256-bit SSL encryption, the same standard used by major financial institutions.
No Data Selling
ac366 never sells, rents, or trades your personal data to third-party marketers or data brokers under any circumstances.
Your Data Rights
You have the right to access, correct, and request deletion of the personal data ac366 holds about you at any time via [email protected].
Purpose Limitation
Data collected by ac366 is used only for the specific purposes described in this policy. No secondary use occurs without a lawful basis.
1. Information We Collect
ac366 collects personal data through several channels — directly from you when you register and use the platform, automatically through your device and browsing activity, and occasionally from third-party verification partners.
1.1 Information You Provide Directly
When you register an account with ac366, you provide us with personal information that is necessary to create and manage your account, verify your identity, and process transactions. This includes:
- Full legal name as it appears on your government-issued identity document
- Date of birth (used for age verification — ac366 is an 18+ platform)
- Residential address, including city (Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, Mymensingh, or other)
- Mobile phone number (used for account authentication and support communications)
- Email address (used for account notifications and support correspondence)
- Payment method details — bKash number, Nagad number, Rocket number, Upay number, or bank account reference (BRAC Bank, Dutch-Bangla Bank, City Bank, Islami Bank, Sonali Bank, etc.)
- Username and password (password is stored in hashed form — never in plain text)
- Any information you voluntarily submit when contacting ac366 support at [email protected]
1.2 Identity Verification (KYC) Documents
As part of the Know Your Customer (KYC) process, ac366 may request copies of identity documents to verify your age, name, and address. Documents that may be requested include:
- National Identity Card (NID) issued by the Bangladesh Election Commission
- Valid Bangladeshi Passport
- Driving Licence issued by the Bangladesh Road Transport Authority
- A recent utility bill or bank statement as proof of address (issued within 90 days)
- A photograph or screenshot confirming ownership of the payment method used for deposits
KYC documents are stored securely and accessed only by authorised ac366 personnel for the purposes of identity verification and fraud prevention.
1.3 Transaction and Betting Data
ac366 records a full history of your platform activity, including all deposits, withdrawals, bet placements, game sessions, bonus claims, and account setting changes. This data is linked to your account and retained as described in Section 7 of this policy.
1.4 Information Collected Automatically
When you access ac366.app, our systems automatically collect certain technical data about your device and session. This includes your IP address, device type, operating system, browser type and version, referring URL, pages visited on ac366.app, session duration, and approximate geographic location derived from IP. This data is used to maintain platform security, prevent fraud, improve user experience, and comply with responsible gaming obligations.
Data Categories at a Glance
- Identity data — name, date of birth, NID/passport
- Contact data — mobile number, email, address
- Payment data — bKash/Nagad/Rocket account references
- Transaction data — deposits, withdrawals, bet history
- Technical data — IP address, device type, browser
- KYC documents — ID scans, proof of address
- Communication data — support chat and email records
- Cookie and tracking data — session behaviour on ac366.app
2. How We Use Your Data
ac366 uses the personal data we collect only for defined, lawful purposes directly connected to providing and improving our betting and casino platform. We do not use your data for purposes incompatible with those set out below.
2.1 Account Management and Service Delivery
The primary use of your personal data is to create and maintain your ac366 account, process your deposits and withdrawals via bKash, Nagad, Rocket, Upay, and bank transfer, settle your bets across cricket, slots, live casino, and Callbreak Quick markets, and provide you with a continuous, secure platform experience. Without this processing, ac366 cannot provide its core services to you.
2.2 Identity Verification and Fraud Prevention
ac366 uses identity data, KYC documents, IP addresses, and device fingerprinting data to verify that you are who you say you are, that you meet the 18+ age requirement, and that your account activity does not indicate fraudulent behaviour such as multiple account creation, bonus abuse, or use of automated betting software. This processing is a contractual and operational necessity for ac366 to operate a safe and fair platform.
2.3 Responsible Gaming Obligations
ac366 uses your betting history, session duration data, deposit frequency, and account activity patterns to monitor for indicators of problem gambling behaviour. Where such indicators are detected, ac366 may proactively contact you to remind you of the responsible gaming tools available, including deposit limits, cooling-off periods, and self-exclusion. This processing is carried out in the interest of player welfare and forms part of ac366's responsible gaming commitment.
2.4 Customer Support
When you contact ac366 support at [email protected], the information you provide — along with your account history — is used to investigate and resolve your query or complaint. Support communications are retained for a period consistent with Section 7 of this policy and may be reviewed for quality assurance and training purposes by authorised ac366 personnel.
2.5 Promotions and Personalised Offers
ac366 may use your account activity data — including your preferred game types (cricket betting, slots, live casino), deposit history, and promotional participation history — to present you with relevant offers and bonuses. For example, a player who frequently bets on BPL and T20 matches may be shown cricket-specific reload offers. You may opt out of personalised promotional communications at any time by contacting [email protected] — this will not affect your ability to use the ac366 platform or claim standard publicly available promotions.
2.6 Platform Improvement and Analytics
Aggregated and anonymised data derived from user sessions, game popularity, deposit method preferences, and navigation patterns is used by ac366 to improve the platform's design, game selection, payment method coverage, and overall user experience. This analytics processing does not identify individual players and is conducted on a statistical basis only.
2.7 Legal and Regulatory Compliance
ac366 may be required to process and retain certain personal data — including identity documents, transaction records, and communication logs — to comply with applicable legal obligations. This includes obligations related to anti-money laundering (AML) standards, financial record-keeping requirements, and lawful requests from relevant authorities. ac366 will not disclose personal data to government bodies except where required to do so by law.
| Purpose | Lawful Basis |
|---|---|
| Account management | Contractual necessity |
| KYC / age verification | Legal obligation + contract |
| Fraud prevention | Legitimate interests |
| Responsible gaming monitoring | Legitimate interests |
| Personalised promotions | Legitimate interests (opt-out available) |
| Legal compliance / AML | Legal obligation |
3. Data Sharing & Third Parties
ac366 does not sell your personal data. We share data only with carefully selected service providers who help us operate the platform, and only to the extent necessary for each specific function.
3.1 Payment Processors
To process your deposits and withdrawals, ac366 shares the minimum necessary payment data with our payment partners — bKash, Nagad, Rocket, and Upay for mobile financial services, and partnered Bangladeshi banks (Dutch-Bangla Bank, BRAC Bank, City Bank, Islami Bank, Sonali Bank) for bank transfers. Each payment partner operates under its own privacy and data security framework. ac366 does not store full payment credentials on its own servers.
3.2 Game Technology Providers
ac366 integrates live game feeds and RNG casino content from third-party providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. When you play a game powered by one of these providers, your player session data (session ID, stake amounts, game outcomes) may be transmitted to that provider's servers to facilitate the game. These providers are bound by data processing agreements with ac366 and are not permitted to use your data for their own independent commercial purposes.
3.3 Identity Verification Partners
ac366 may use third-party KYC and identity verification service providers to assist with document review and age verification checks. Where this occurs, your identity document images and personal details are shared with the verification partner for the sole purpose of completing the verification check. Verification partners are contractually required to delete your data once the verification process is concluded.
3.4 Analytics and Security Providers
ac366 uses technical analytics and cybersecurity tools to monitor platform performance, detect fraud, and prevent DDoS attacks and automated bot activity. These tools may process IP addresses and session data. All such providers are engaged under data processing agreements that restrict the use of data to the specific service function contracted.
3.5 Legal Disclosure
ac366 may disclose personal data to law enforcement agencies, regulatory bodies, or courts where we are legally required to do so. ac366 will not disclose data beyond what is strictly required by the applicable legal obligation and will notify affected players where legally permitted to do so.
Who We Share Data With
- Payment processors — bKash, Nagad, Rocket, Upay, banks
- Game providers — Pragmatic Play, Evolution, NetEnt, Microgaming, Spribe, Ezugi
- KYC verification partners — identity and age checks only
- Analytics and security service providers
- Law enforcement — only when legally required
4. Cookies & Tracking Technologies
ac366.app uses cookies and similar tracking technologies to keep your session active, remember your preferences, and understand how players navigate the platform so we can improve it.
4.1 What Are Cookies
Cookies are small text files that are stored on your device when you visit a website. They allow the website to recognise your device across pages within a session and, in some cases, across separate visits. ac366.app uses cookies that are stored only in your browser and do not grant ac366 access to your device beyond the ac366.app domain.
4.2 Types of Cookies ac366 Uses
ac366 uses the following categories of cookies on ac366.app:
- Strictly Necessary Cookies: Required for the platform to function. These include session authentication cookies that keep you logged in, CSRF protection tokens that prevent cross-site request forgery attacks, and load-balancing cookies that route your requests to the correct server. These cannot be disabled without impairing platform functionality.
- Functional Cookies: Remember your preferences such as language settings, preferred payment method display, and last visited game category. These improve your experience but are not essential to core platform operation.
- Analytics Cookies: Collect anonymised data about how players navigate ac366.app — which pages are visited most, how long sessions last, and which game categories attract the most engagement. This data is used in aggregate form only and does not identify individual players.
- Security Cookies: Used to detect and prevent automated bot activity, credential stuffing attacks, and suspicious login patterns. These cookies are essential to maintaining the security of every player's account.
4.3 Managing Your Cookie Preferences
You can control and delete cookies at any time through your browser settings. Most modern browsers allow you to block third-party cookies, clear existing cookies on exit, and receive alerts before a new cookie is stored. Please note that disabling strictly necessary cookies will prevent you from logging into your ac366 account and using core platform features. ac366 does not use advertising or retargeting cookies.
| Cookie Type | Purpose | Essential? |
|---|---|---|
| Session Auth | Keeps you logged in during your visit | Yes |
| CSRF Token | Prevents cross-site request attacks | Yes |
| Preference | Remembers display and language settings | No |
| Analytics | Anonymised page-navigation tracking | No |
| Security | Bot and fraud detection | Yes |
4.4 Local Storage
In addition to cookies, ac366.app may use browser local storage to cache non-sensitive preferences and session state data locally on your device to improve load performance. Local storage data is cleared when you log out of your ac366 account from that device.
4.5 No Advertising Tracking
ac366 does not deploy advertising networks, retargeting pixels, or cross-site tracking technologies on ac366.app. The tracking technologies used on ac366.app are limited to the operational and security purposes described in this section.
5. Data Security & Storage
Protecting the personal data of ac366 players is a foundational operational priority. The following technical and organisational measures are in place across all ac366 systems.
5.1 Encryption in Transit and at Rest
All data transmitted between your device and ac366.app is encrypted using TLS 1.2 or higher (256-bit SSL). Player passwords are stored using one-way cryptographic hashing and are never stored in a recoverable plain-text form. Sensitive data fields within the ac366 database — including payment method references and KYC document metadata — are encrypted at rest using industry-standard encryption protocols.
5.2 Access Controls
Access to player personal data within ac366's internal systems is restricted on a strict need-to-know basis. Only authorised ac366 personnel with a specific operational or compliance role that requires access to personal data are granted that access. All internal data access is logged and subject to periodic review. ac366 support staff are trained on data protection obligations and are prohibited from accessing player data for purposes outside their defined role.
5.3 Infrastructure Security
ac366.app is hosted on secure infrastructure with firewalls, intrusion detection systems, and DDoS mitigation controls in place. Regular vulnerability assessments are conducted to identify and remediate potential security weaknesses in the platform. ac366 employs automated monitoring to detect unusual access patterns that may indicate a security incident.
5.4 Data Breach Response
In the event of a personal data breach that poses a risk to affected players, ac366 will notify impacted players without undue delay via the email address registered to their account. The notification will describe the nature of the breach, the categories of data affected, the likely consequences, and the steps ac366 has taken to address the breach and mitigate its impact. Players are advised to keep their registered email address up to date to ensure they receive any such notifications.
5.5 Data Location
ac366 player data is stored on servers that support the delivery of ac366.app to the Bangladesh market. ac366 takes reasonable steps to ensure that data storage arrangements provide a level of protection consistent with the principles set out in this Privacy Policy, regardless of where servers are physically located.
256-Bit SSL Encryption
Every page and every transaction on ac366.app uses TLS 1.2+ encryption. The padlock in your browser confirms your session is secure.
Hashed Passwords
Your ac366 password is never stored in plain text. One-way cryptographic hashing means even ac366 staff cannot read your password.
Breach Notification
In the event of a data breach affecting your account, ac366 will notify you by email at your registered address without undue delay.
6. Your Privacy Rights
As an ac366 player, you have a set of rights regarding the personal data we hold about you. ac366 is committed to honouring these rights in a timely and transparent manner.
6.1 Right of Access
You have the right to request a copy of the personal data ac366 holds about you. To submit a data access request, contact ac366 at [email protected] with the subject line "Data Access Request" and include your registered username and the mobile number linked to your account for identity verification. ac366 will respond to verified access requests within 30 days.
6.2 Right to Rectification
If any personal data ac366 holds about you is inaccurate or incomplete, you have the right to request that it be corrected. Contact [email protected] with details of the data you believe is incorrect and the accurate information that should replace it. Where correction requires re-verification of identity, ac366 may request supporting documentation.
6.3 Right to Erasure
You may request that ac366 delete the personal data we hold about you. ac366 will fulfil erasure requests where there is no lawful basis that requires continued retention — for example, where the data is no longer needed for the purpose it was collected, or where you withdraw consent and no other lawful basis applies. Please note that certain data — particularly transaction records and KYC documents — may be retained beyond an erasure request where retention is required by applicable legal or financial compliance obligations.
6.4 Right to Restriction of Processing
You have the right to request that ac366 restrict the processing of your personal data in certain circumstances — for example, while a dispute about the accuracy of your data is being resolved, or while ac366 investigates whether it has a lawful basis to continue processing. Where processing is restricted, ac366 will still store the data but will not process it further until the restriction is lifted.
6.5 Right to Object
You have the right to object to ac366 processing your personal data for the purpose of personalised promotional offers. To exercise this right, contact [email protected]. Opting out of personalised promotions will not affect your access to publicly available bonuses listed on the ac366 Promotion page.
6.6 How to Exercise Your Rights
All privacy rights requests should be submitted to [email protected]. ac366 will acknowledge receipt within 3 business days (BST) and provide a full response within 30 days. For complex requests, ac366 may extend this period by a further 30 days, in which case you will be notified of the extension and the reason for it. ac366 does not charge a fee for processing privacy rights requests submitted in good faith.
Your Rights at a Glance
- Access — Request a copy of your data
- Rectification — Correct inaccurate data
- Erasure — Request deletion where lawful
- Restriction — Limit how your data is used
- Objection — Opt out of personalised promotions
- Portability — Receive your data in a portable format
7. Data Retention
ac366 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal and compliance obligations.
7.1 Active Account Data
While your ac366 account is active, all personal data associated with it — including identity information, contact details, transaction history, and betting records — is retained in full. This data is necessary to provide you with continuous platform access, process transactions, and comply with responsible gaming monitoring obligations.
7.2 Post-Closure Retention
Following voluntary account closure or ac366-initiated account termination, ac366 retains certain categories of personal data for a defined period beyond the closure date:
- Transaction and financial records: Retained for a minimum of 5 years from the date of the last transaction, consistent with standard financial record-keeping requirements.
- KYC and identity documents: Retained for a minimum of 5 years from the date of account closure.
- Responsible gaming records: Self-exclusion records are retained indefinitely to prevent re-registration during an active exclusion period.
- Support communications: Retained for a minimum of 2 years from the date of the last communication.
- Betting and game session records: Retained for a minimum of 3 years from the date of account closure.
7.3 Anonymisation
Where ac366 no longer has a lawful basis to retain personal data in identifiable form, but the data has analytical or operational value in aggregate, ac366 may anonymise the data (removing all identifiers that could link the data back to an individual) and retain the anonymised dataset indefinitely for platform improvement purposes. Anonymised data is not personal data and falls outside the scope of this Privacy Policy.
| Data Category | Retention Period |
|---|---|
| Transaction & financial records | 5 years post-closure |
| KYC / identity documents | 5 years post-closure |
| Self-exclusion records | Indefinite |
| Support communications | 2 years post-last-contact |
| Betting & game session records | 3 years post-closure |
| Technical / security logs | 12 months rolling |
| Cookie / analytics data | 13 months rolling |
8. Policy Updates & Contact
ac366 may update this Privacy Policy periodically to reflect changes in platform operations, legal requirements, or data processing practices. The most current version will always be available at ac366.app/privacy-policy.
8.1 How We Notify You of Changes
When ac366 makes a material change to this Privacy Policy — meaning a change that affects how your personal data is collected, used, shared, or retained in a way that is meaningfully different from the previous version — we will notify registered players via the email address linked to their ac366 account at least 14 days before the change takes effect. The notification email will summarise the key changes and provide a link to the full updated policy on ac366.app/privacy-policy.
For minor or administrative changes — such as corrections to typos, clarifications of existing language, or updates to contact details — ac366 will update the policy text and revise the effective date shown at the top of this page without sending individual email notifications. It is your responsibility to review this page periodically to remain informed of the current version.
8.2 Your Continued Use as Acceptance
Your continued use of ac366.app following the effective date of any updated Privacy Policy constitutes your acknowledgment of and agreement to the revised terms. If you do not agree with a material change to this Privacy Policy, you should discontinue use of the platform and may request account closure by contacting [email protected] before the change takes effect.
8.3 Version History
ac366 maintains an internal record of all Privacy Policy versions and their effective dates. If you require a copy of a previous version of this policy — for example, in connection with a dispute or legal matter — you may request it by emailing [email protected] with the subject line "Privacy Policy Version Request" and specifying the approximate date of the version you require.
8.4 Contact the ac366 Privacy Team
If you have any questions about this Privacy Policy, wish to exercise any of the rights described in Section 6, or have a concern about how ac366 handles your personal data, please contact the ac366 support team directly:
- Email: [email protected] (plain text only — not a clickable link)
- Subject line format: State the nature of your enquiry clearly, e.g., "Privacy Rights Request", "Data Erasure Request", "Cookie Query"
- Response time: ac366 acknowledges all privacy-related emails within 3 business days (Bangladesh Standard Time, UTC+6)
- Languages accepted: English
ac366 takes all privacy enquiries seriously and aims to resolve them fully within 30 days of receiving a verified request. For unresolved concerns, players may escalate by submitting a formal written complaint to the same email address, clearly marked "Formal Privacy Complaint".
Policy Change Notifications
- Material changes notified by email 14 days in advance
- Effective date updated on every revision
- Previous versions available on request
- Continued use after effective date = acceptance
- Opt-out: close your account before effective date
Privacy Commitments at a Glance
A quick reference to the six core privacy commitments that underpin every data decision ac366 makes about your personal information.
No Data Selling
ac366 never sells, rents, or trades your personal data to advertisers, data brokers, or any third party for commercial gain. Your data belongs to you.
Encryption by Default
Every connection to ac366.app is protected by 256-bit SSL/TLS encryption. Passwords are hashed and sensitive fields are encrypted at rest in the ac366 database.
Purpose Limitation
Data collected for account management is used only for account management. Data collected for KYC is used only for verification. No scope creep, no secondary use without a lawful basis.
Your Rights Respected
Access, rectification, erasure, restriction, and objection rights are available to every ac366 player. Submit a request to [email protected] and receive a response within 30 days.
Defined Retention Periods
ac366 retains data only for as long as legally or operationally necessary. Clear retention periods apply to every data category, and data is deleted or anonymised when those periods expire.
Transparent Updates
Material policy changes are communicated by email at least 14 days before taking effect. The current policy version and effective date are always displayed at the top of this page.
Related topics covered in this policy:
Questions About Your Privacy?
Read our FAQ for quick answers, explore our Responsible Gaming page for player protection tools, or contact the ac366 support team directly. For players aged 18 and above only.