Privacy Policy — How 666g Collects, Uses, and Protects Your Personal Data
At 666g, your privacy is treated as a fundamental right, not an afterthought. This Privacy Policy explains in plain English exactly what personal data we collect, why we collect it, how it is stored, and the controls you have over it at all times.
Summary: 666g collects only the personal data necessary to operate a safe, compliant, and enjoyable gambling platform for Bangladeshi players. We do not sell your personal data to third parties. We do not share your data with advertisers. We protect your data with 256-bit SSL encryption and strict internal access controls. This Privacy Policy explains everything in full — please read it before creating your account.
1 Information We Collect
666g collects personal data through multiple channels during the course of your relationship with the platform. The categories of data we collect, and the circumstances under which each category is gathered, are described in detail below.
1.1 Registration Data
When you create a 666g account, we collect the following information that you provide directly:
- Full legal name as it appears on your government-issued identity document.
- Date of birth (used to verify that you meet the 18+ age requirement).
- Residential address in Bangladesh (division, district, thana, street, and postal code).
- Mobile phone number registered in your name (used for account verification and transaction alerts).
- Email address (used for account communications, promotional messages where consented, and support correspondence).
- Username and hashed password (your raw password is never stored in readable form).
- Age declaration confirmation (timestamp-logged at registration).
1.2 Identity Verification (KYC) Data
To comply with anti-money-laundering (AML) obligations and to verify that all players are 18 years of age or older, 666g may request the following documentary evidence:
- Scanned or photographed copy of your Bangladesh National Identity Card (NID), passport, or driving licence.
- Proof of residential address (utility bill, bank statement, or government correspondence dated within 90 days).
- Selfie photograph for facial comparison against your identity document, where required by our compliance team.
KYC documents are processed by our internal compliance team and, where applicable, by an authorised third-party identity verification provider. Documents are stored in an encrypted document vault and are accessible only to authorised compliance personnel.
1.3 Financial Transaction Data
When you make a deposit or withdrawal on 666g, we collect the transactional details necessary to process and record the payment:
- Payment method type (e.g., bKash, Nagad, Rocket, Upay, Visa, Mastercard).
- Mobile wallet number or masked card number (last 4 digits only for cards).
- Transaction amount in BDT and transaction timestamp (Bangladesh Standard Time, UTC+6).
- Transaction reference number issued by the payment provider.
- Account balance before and after each transaction (stored in our ledger system).
666g does not store full card numbers, CVV codes, or mobile banking PINs. Raw payment credentials are handled exclusively by our PCI-compliant payment processing partners.
1.4 Gameplay and Betting Data
Every game session, wager, spin, and live bet placed on 666g is recorded. This gameplay data includes:
- Game title, game provider (e.g., Pragmatic Play, Evolution Gaming, Spribe), game type, and game round ID.
- Stake amount, outcome, and resulting win or loss in BDT.
- Session start and end timestamps.
- RNG seed references and server-side game logs (used for dispute resolution and fair-play auditing).
- Sports betting selections, odds, market type, and settlement result for cricket, football, and other markets.
1.5 Technical and Device Data
When you access 666g through a web browser or mobile browser, our servers automatically collect certain technical data:
- IP address (used for fraud detection, geolocation, and security monitoring).
- Device type, operating system version, and browser type and version.
- Screen resolution and time zone setting.
- Referring URL (the web page from which you navigated to 666g, if applicable).
- Pages visited within the 666g platform, session duration, and click-path data.
1.6 Communications Data
When you contact the 666g support team by email or live chat, we retain a full record of the communication. This includes the content of your messages, your contact details, the date and time of each message, and the resolution outcome. These records are retained to ensure service continuity, quality assurance, and to support any subsequent dispute or regulatory inquiry.
1.7 Responsible Gaming Self-Declaration Data
If you voluntarily activate responsible gaming tools — including deposit limits, session time limits, cooling-off periods, or self-exclusion — we record the settings you choose, the timestamps of when they were set or modified, and the reason you provide (if any) when requesting self-exclusion. This category of data is treated with the highest level of sensitivity and is never used for marketing purposes.
2 How We Use Your Data
666g uses the personal data it collects for specific, legitimate purposes directly connected to the operation of a responsible online gambling platform. We do not use your data for any purpose beyond those described below without first obtaining your explicit consent.
| Purpose | Data Categories Used |
|---|---|
| Account creation and authentication | Registration data, device data |
| Age and identity verification (KYC) | Registration data, KYC documents |
| Payment processing (deposits and withdrawals) | Financial transaction data, KYC data |
| Anti-money-laundering (AML) compliance | Financial transaction data, KYC data, gameplay data |
| Game delivery, dispute resolution, and fair-play auditing | Gameplay and betting data, technical data |
| Fraud detection and account security | Technical data, financial data, communications data |
| Customer support and complaint resolution | Communications data, registration data, account data |
| Responsible gaming monitoring and intervention | Gameplay data, responsible gaming data, financial data |
| Personalised bonus and promotional offers (where consented) | Registration data, gameplay data |
| Platform analytics and product improvement | Technical data, gameplay data (aggregated and anonymised) |
2.1 Marketing Communications
666g will only send you promotional emails, SMS messages, or in-platform notifications regarding bonuses, new games, seasonal promotions, and special events if you have actively opted in to marketing communications during registration or via your account settings. You may withdraw your marketing consent at any time by updating your notification preferences in the account settings panel or by emailing [email protected]. Withdrawal of marketing consent will not affect your ability to use any core platform feature.
2.2 Automated Decision-Making
666g uses automated systems to flag accounts for fraud review, AML review, and responsible gaming intervention. Where an automated system flags your account, a human member of the 666g compliance team will review the flag before any account action (such as suspension or restriction) is taken. You have the right to request human review of any automated decision that has materially affected your account. To exercise this right, contact [email protected].
3 Legal Basis for Processing
Every instance of personal data processing carried out by 666g rests on one of the following legal bases. Understanding our legal basis for each processing activity helps you understand your rights in relation to that data.
3.1 Contract Performance
The majority of data processing on 666g is necessary to perform the contract between 666g and you as a registered player. Without processing your registration data, financial transaction data, and gameplay data, we could not create your account, process your deposits and withdrawals, deliver the games you play, or provide customer support. You cannot opt out of processing that is strictly necessary for contract performance while remaining an active 666g player.
3.2 Legal Obligation
Certain data processing activities are required by applicable law or regulatory obligation, including KYC identity verification, AML transaction monitoring, and the retention of financial records. 666g is legally obligated to conduct these activities regardless of your preferences. You cannot opt out of processing mandated by law.
3.3 Legitimate Interests
666g processes technical and device data for fraud detection, platform security, and product analytics on the basis of legitimate interests — meaning that these processing activities serve a genuine operational need that does not override your rights and freedoms. Where we rely on legitimate interests, you have the right to object to processing (see Section 7).
3.4 Consent
Marketing communications and optional personalisation features are processed on the basis of your explicit consent. You may withdraw consent at any time without affecting any other aspect of your account. Where consent is the legal basis, withdrawal of that consent will immediately suspend the relevant processing activity.
4 Data Sharing & Third Parties
666g does not sell, rent, or trade your personal data to any third party for commercial purposes. We share data with carefully selected third parties only to the extent necessary to deliver our services, meet legal obligations, or protect the integrity of the platform.
4.1 Categories of Third-Party Recipients
- Payment Processors: bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, Visa, and Mastercard receive only the transactional data necessary to process your deposit or withdrawal. Each payment provider operates under its own privacy policy and data protection framework.
- Game Providers: Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi, and other licensed game studios may receive your anonymised session and game-round data for fair-play auditing, RTP verification, and game log dispute resolution. Your name, contact details, and financial data are not shared with game providers.
- Identity Verification Providers: Where 666g uses a third-party KYC platform to assist with document verification, your identity documents and facial comparison data are transmitted to that provider over an encrypted channel. The provider is contractually obligated to process your documents solely for identity verification purposes and to delete them once verification is complete.
- Fraud and AML Analytics Providers: Anonymised or pseudonymised transactional and behavioural data may be shared with specialist fraud detection and AML monitoring services. These providers do not receive your name or direct contact details.
- Legal and Regulatory Authorities: In cases where 666g is legally required to disclose player data — for example, in response to a valid court order, a request from a financial intelligence authority, or a regulatory investigation — we will comply with the applicable legal process. Where legally permitted, we will notify the affected player of any such disclosure.
- Successor Entities: In the event of a business acquisition, merger, or restructuring, player data may be transferred to the successor entity as part of the business assets. Players will be notified of any such transfer and given the opportunity to close their accounts before the transfer takes effect.
4.2 International Data Transfers
Some of 666g's third-party service providers (particularly game studios and fraud detection platforms) operate servers outside Bangladesh. Where your data is transferred internationally, 666g requires all receiving parties to maintain data protection standards that are at least equivalent to those described in this Privacy Policy. Data transfer agreements are in place with all relevant providers prior to any cross-border data movement.
5 Cookies & Tracking
666g uses cookies and similar browser-based tracking technologies to ensure that the platform functions correctly, to maintain your login session, and to collect anonymised analytics data that helps us improve the user experience for Bangladeshi players.
5.1 Types of Cookies Used
| Cookie Type | Purpose | Duration | Can Be Disabled? |
|---|---|---|---|
| Strictly Necessary | Session management, login state, CSRF protection, load balancing | Session / up to 24 hours | No — platform will not function without these |
| Functional | Remembering your language preference, game lobby layout, and responsible gaming settings | Up to 12 months | Yes — but some features may behave differently |
| Analytics | Aggregated page-view tracking, funnel analysis, feature usage statistics (data anonymised) | Up to 13 months | Yes — opt out via account settings |
| Marketing / Personalisation | Tracking bonus offer interactions, personalising in-platform promotional content | Up to 30 days | Yes — opt out via marketing preferences in account settings |
5.2 Managing Cookies
You can manage cookies through your browser settings at any time. Most modern browsers allow you to view, block, or delete cookies stored by specific websites. Note that disabling strictly necessary cookies will prevent the 666g platform from functioning correctly and will log you out of your session. To opt out of analytics or marketing cookies specifically, use the notification preferences panel within your 666g account settings rather than blocking all cookies at the browser level.
5.3 Third-Party Tracking
666g does not embed third-party advertising trackers, social media pixels, or behavioural profiling scripts on its platform. The only third-party scripts present on the 666g platform are those directly connected to game delivery (game provider iframes), payment processing (secure payment widgets), and identity verification (KYC provider SDKs). These third-party components operate in isolated contexts and cannot access your 666g session data.
6 Data Retention
666g retains your personal data for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following retention schedules apply:
| Data Category | Retention Period | Reason for Retention |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | AML obligation, fraud prevention, regulatory audit |
| KYC identity documents | Duration of account + 5 years post-closure | AML regulatory requirement |
| Financial transaction records | Duration of account + 7 years post-closure | Financial record-keeping and AML compliance |
| Gameplay and betting logs | Duration of account + 3 years post-closure | Dispute resolution, fair-play auditing |
| Support communications | 3 years from date of last communication | Service quality, dispute resolution |
| Marketing consent records | Duration of consent + 3 years post-withdrawal | Demonstrating lawful basis for past marketing |
| Responsible gaming self-declarations | Duration of account + 5 years post-closure | Regulatory compliance, preventing re-registration during exclusion |
| Analytics data (anonymised) | Up to 26 months | Platform improvement, traffic analysis |
When the applicable retention period expires, 666g will securely delete or permanently anonymise the relevant data. Secure deletion means overwriting stored data so that it cannot be reconstructed. Anonymisation means stripping all direct and indirect identifiers so that the remaining data cannot be linked back to any individual.
7 Your Rights
As a 666g player, you have the following rights in relation to your personal data. These rights can be exercised at any time by contacting the 666g Data Protection team at [email protected]. We will acknowledge your request within 3 business days and provide a full response within 30 calendar days.
7.1 Right of Access
You have the right to request a copy of all personal data that 666g holds about you. This is sometimes called a Subject Access Request (SAR). The data export will be provided in a structured, machine-readable format (CSV or JSON) where technically feasible. There is no charge for a standard SAR.
7.2 Right to Rectification
If any personal data held by 666g is inaccurate or incomplete, you have the right to request that it be corrected. For registration data such as your name or date of birth, rectification requests require supporting documentary evidence to prevent fraudulent data changes.
7.3 Right to Erasure
You may request that 666g delete your personal data in certain circumstances — for example, if the data is no longer necessary for the purpose for which it was collected, or if you withdraw consent and no other legal basis applies. Note that erasure requests cannot be fulfilled for data that 666g is legally required to retain (such as financial records and AML documentation). We will explain clearly which data can be erased and which must be retained.
7.4 Right to Restriction of Processing
You may request that 666g restricts its processing of your data in certain circumstances — for example, while a rectification request is being reviewed, or where you have objected to processing and we are assessing the grounds for that objection. During a restriction, your data will be stored but not actively processed for the disputed purpose.
7.5 Right to Data Portability
Where processing is based on your consent or on the performance of a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another data controller.
7.6 Right to Object
You have the right to object to processing carried out on the basis of legitimate interests, including profiling for fraud detection purposes. Where you object, 666g will cease that processing unless we can demonstrate compelling legitimate grounds that override your rights, or unless the processing is necessary for the establishment, exercise, or defence of legal claims.
7.7 Rights Related to Automated Decision-Making
Where 666g makes automated decisions that have a significant effect on you (such as account suspension or withdrawal restriction triggered by an automated compliance flag), you have the right to request human review of that decision. Contact [email protected] to invoke this right. All automated flags are reviewed by a human compliance officer before any account action is finalised.
8 Data Security
666g implements industry-standard technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure.
8.1 Technical Measures
- 256-bit SSL/TLS Encryption: All data transmitted between your browser and the 666g platform is encrypted using 256-bit SSL/TLS, the same standard used by major international banks. The padlock icon in your browser's address bar confirms that your connection is encrypted at all times.
- Encrypted Data Storage: Personal data and financial records are stored in encrypted databases. Encryption keys are managed using a hardware security module (HSM) and rotated on a scheduled basis.
- Password Hashing: Your account password is never stored in plain text. Passwords are hashed using a modern, salted cryptographic algorithm before storage. Even 666g's own engineering team cannot view your raw password.
- Two-Factor Authentication: 666g supports optional two-factor authentication (2FA) for account login, providing an additional layer of security beyond your password.
- Intrusion Detection: The 666g infrastructure is monitored 24/7 by automated intrusion detection systems that flag and block suspicious access patterns in real time.
- Regular Security Audits: The 666g platform undergoes periodic security audits conducted by independent third-party cybersecurity specialists. Critical vulnerabilities identified during audits are remediated within defined SLA timeframes.
8.2 Organisational Measures
- Access to personal data is restricted on a strict need-to-know basis. Only staff members whose role requires access to a specific category of data are granted that access.
- All staff members who handle personal data are trained in data protection principles and confidentiality obligations prior to being granted data access.
- Third-party service providers who process personal data on behalf of 666g are required to sign data processing agreements containing binding data protection obligations before receiving any data access.
8.3 Data Breach Response
In the event of a personal data breach that poses a risk to your rights and freedoms, 666g will notify affected players without undue delay once the breach has been confirmed and its scope assessed. Notification will be sent to the email address registered on your account and will include a description of the nature of the breach, the categories of data affected, the likely consequences, and the steps 666g has taken or proposes to take to address the breach. If you suspect that your 666g account has been accessed without your authorisation, contact [email protected] immediately.
9 Contact & Data Officer
If you have any questions about this Privacy Policy, wish to exercise any of your data rights, or wish to make a complaint about the way 666g has handled your personal data, please contact the 666g Data Protection team using the details below.
Data Protection Team — 666g
Email: [email protected] (plain text — not a clickable link)
Response time: Within 3 business days for acknowledgement; full response within 30 calendar days.
Support hours: 24/7 — Bangladesh Standard Time (UTC+6)
Language: English and Bengali support available.
When contacting the Data Protection team, please include your registered username or account email address, a description of your request or concern, and any relevant reference numbers (e.g., transaction IDs or support ticket numbers). This will help us locate your account records and respond to your request as efficiently as possible.
9.1 Updates to This Privacy Policy
666g may update this Privacy Policy from time to time to reflect changes in our data practices, technology, legal obligations, or business operations. When we make material changes to this Policy, we will notify all registered players via their registered email address at least 14 days before the changes take effect. The updated Policy will be published at 666g.bio/privacy-policy with a revised "Last Updated" date. Your continued use of the platform after the effective date of a revised Policy constitutes your acceptance of the updated terms. If you do not agree with a material change, you may close your account before the effective date by contacting [email protected].
Your Data, Our Responsibility
How 666g Keeps Your Privacy Protected
Six core principles guide every data decision we make at 666g — from the moment you register to the day you close your account.
256-Bit SSL Encryption
Every byte of data exchanged between your device and the 666g platform travels through a 256-bit SSL/TLS encrypted channel — the same standard trusted by international banks and global financial institutions.
Zero Data Selling
666g does not sell, rent, or trade your personal data to advertisers, data brokers, or any third party for commercial gain. Your data is used exclusively to operate your account and deliver the platform services you signed up for.
You Control Your Data
Access, rectify, erase, or export your personal data at any time by contacting [email protected]. Your rights of access, portability, and erasure are honoured within 30 calendar days of a verified request.
Hashed Password Storage
Your account password is never stored in a readable format. 666g uses a modern salted cryptographic hash algorithm, meaning your raw password is mathematically irretrievable — even by our own engineering team.
Clear Retention Schedules
666g retains each category of personal data only for as long as legally required or operationally necessary. Retention periods are published transparently in Section 6 of this Policy, with secure deletion applied once a period expires.
Regular Independent Audits
Third-party cybersecurity specialists conduct periodic audits of the 666g platform infrastructure. Critical findings are remediated under strict SLA timeframes, and results inform ongoing improvements to our data protection practices.
Ready to Play?
Your Privacy Is Safe — Now Enjoy the Platform
You have read how 666g collects and protects your data. Now explore Bangladesh's premier online casino experience — live baccarat, cricket betting, premium slots, and more — all in BDT with bKash and Nagad deposits available from ৳200.