Privacy Policy — How 35pd Handles Your Data
Your privacy is a priority at 35pd. This Privacy Policy explains exactly what personal information we collect from players in Bangladesh, why we collect it, how it is stored and used, and what rights you hold over your own data. We are committed to transparent, responsible data practices across every touchpoint of the 35pd platform.
SSL-Encrypted Storage
All personal data held by 35pd is stored on servers protected by industry-standard SSL/TLS encryption. Data at rest is encrypted using AES-256. No unencrypted personal data is transmitted over public networks at any point in the 35pd infrastructure.
No Unnecessary Data Collection
35pd collects only the personal data that is strictly necessary to operate the platform, comply with KYC obligations, process payments in BDT, and deliver a safe gaming experience. We do not collect sensitive data categories (race, religion, health) unless legally required.
No Sale of Personal Data
35pd does not sell, rent, or trade your personal data to any third-party marketing companies or data brokers. Where data is shared with third parties, it is limited to operational partners (payment processors, game providers) under strict contractual data protection obligations.
Player-Controlled Preferences
You control your marketing communication preferences from within your 35pd account dashboard. You can opt out of promotional emails, SMS notifications, or push notifications at any time, without affecting your ability to play or withdraw funds.
Right of Access & Erasure
You have the right to request a copy of all personal data 35pd holds about you, and the right to request deletion of that data subject to legal retention obligations. Data access and erasure requests are processed within 30 calendar days of receipt.
Transparent Cookie Policy
35pd uses first-party and select third-party cookies to maintain session integrity, analyse platform performance, and prevent fraud. Strictly necessary cookies are deployed without consent; optional analytics and marketing cookies require your explicit opt-in via the cookie preferences panel.
1. Data Controller & Contact
35pd ("the Platform", "we", "us", "our") is the data controller responsible for the personal information collected through the website https://35pd.app and all associated services. As data controller, 35pd determines the purposes and means by which personal data is processed.
If you have any questions, concerns, or requests relating to this Privacy Policy or the personal data 35pd holds about you, please contact our Data Protection team:
35pd Data Protection Team
Email:
Subject line: "Privacy Request — [Your Account Username]"
Response time: within 5 business days of receipt.
Support hours: 24/7, Bangladesh Standard Time (BST, UTC+6).
This Privacy Policy applies to all players who register on or interact with the 35pd platform, including visitors who browse the site without registering. It covers data collected via the website, live chat, email correspondence, mobile access, and payment processing flows.
2. Information We Collect
35pd collects personal data through several channels. The table below sets out the categories of data we collect, the source of collection, and the purpose for which each category is required.
| Data Category | Examples | Purpose & Source |
|---|---|---|
| Identity Data | Full legal name, date of birth, NID number, passport number | Collected at registration and KYC verification. Required to confirm player identity, verify age (18+), and comply with anti-money laundering obligations. |
| Contact Data | Email address, mobile number, residential address | Collected at registration. Used for account communications, withdrawal notifications, KYC correspondence, and (where cons ented) marketing messages. |
| Financial Data | bKash/Nagad wallet numbers, bank account details, transaction history, deposit and withdrawal amounts in BDT | Collected during payment processing. Required to process deposits and withdrawals, verify payment method ownership, and detect fraudulent transactions. |
| KYC Documents | Scanned copies of Bangladesh NID, passport, driving licence, utility bills, bank statements | Collected during KYC verification process. Required to satisfy age verification, identity verification, and source-of-funds obligations before withdrawal approval. |
| Technical Data | IP address, device type, browser type and version, operating system, screen resolution, session duration | Collected automatically via server logs and cookies. Used for platform security, fraud detection, and performance optimisation. |
| Gameplay Data | Game history, bet amounts, win/loss records, session timestamps, bonus usage records | Generated automatically during play. Used for account statements, dispute resolution, responsible gaming monitoring, and bonus abuse detection. |
| Communication Data | Live chat transcripts, email correspondence, complaint records | Collected during support interactions. Retained for dispute resolution, quality assurance, and regulatory compliance purposes. |
| Marketing Preferences | Opt-in/opt-out status for email, SMS, push notifications | Collected at registration and updated via account dashboard. Used to manage promotional communications in line with your stated preferences. |
35pd does not knowingly collect personal data from individuals under 18 years of age. If we become aware that a minor has provided personal data through the platform, we will immediately delete that data and close the associated account. See our Responsible Gaming page for our underage gambling prevention measures.
3. Legal Basis for Processing
35pd processes your personal data only where a valid legal basis exists for doing so. The primary legal bases on which we rely are set out below:
- Contractual necessity: Processing your identity data, contact data, financial data, and gameplay data is necessary for us to perform the contract we hold with you as a registered player. Without this processing, we cannot open or maintain your account, process deposits or withdrawals, or deliver the gaming services you have requested.
- Legal obligation: 35pd is subject to anti-money laundering (AML) requirements and age verification obligations. Processing your KYC documents, financial transaction records, and identity data is required to fulfil these legal duties. Records processed under this basis are retained for the minimum period required by applicable law even after account closure.
- Legitimate interests: We process technical data (IP addresses, device data, session logs) and gameplay data for fraud detection, platform security, and responsible gaming monitoring. These interests are balanced against your privacy rights and are proportionate to the risks involved in operating an online gaming platform.
- Consent: Where we send you promotional communications by email, SMS, or push notification, we do so only on the basis of your explicit consent given at registration or updated subsequently via your account dashboard. You may withdraw consent at any time; withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Where 35pd relies on legitimate interests as its legal basis, we have conducted a balancing test to confirm that our interests do not override your fundamental rights and freedoms. You may request a copy of this balancing test assessment by contacting us at .
4. How We Use Your Information
The personal data 35pd collects is used exclusively for the following purposes. We do not use your data for any purpose that is incompatible with those listed below without first seeking your consent or identifying an additional valid legal basis:
- Account management: Creating, maintaining, and securing your 35pd player account, including processing login authentication, two-factor authentication (2FA), and password resets.
- Payment processing: Facilitating deposits and withdrawals in BDT via bKash, Nagad, Rocket, Upay, and Bangladesh bank transfer channels. Verifying payment method ownership to prevent fraud and unauthorised transactions.
- KYC and compliance: Verifying your identity, age (18+), and source of funds in compliance with applicable regulations. Retaining KYC records as required by law.
- Gaming services delivery: Providing access to casino games, sports betting markets (including BPL, IPL, T20 World Cup, Bangladesh Tigers fixtures), live dealer games, and slots. Maintaining accurate game history and account statement records.
- Bonus and promotion administration: Tracking wagering requirements, eligibility conditions, and promotional claim history to administer bonus offers fairly and detect abuse.
- Responsible gaming: Monitoring account activity to identify signs of problem gambling. Applying deposit limits, time-out periods, or self-exclusion where requested or where responsible gaming concerns are identified.
- Customer support: Responding to queries, complaints, and disputes submitted via live chat or email. Maintaining communication records for quality assurance and regulatory compliance.
- Platform security and fraud prevention: Detecting and investigating suspicious activity, unauthorised access attempts, bonus abuse, collusion, and money laundering. Sharing relevant data with law enforcement authorities where legally required.
- Platform improvement: Analysing aggregated, anonymised usage data to improve the 35pd platform's performance, user experience, and game selection. Individual player data is not used in isolation for product development purposes.
- Marketing communications: Sending promotional offers, seasonal campaigns (Eid, Pohela Boishakh, BPL season), and platform news to players who have opted in to marketing communications. Marketing messages can be managed via your account dashboard at any time.
5. Sharing & Disclosure of Personal Data
35pd does not sell or rent your personal data to any third party. We may share personal data with the following categories of recipients, strictly on a need-to-know basis and subject to contractual data protection obligations:
- Payment processors: bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, BRAC Bank, City Bank, Islami Bank, and Sonali Bank receive the minimum financial data necessary to process deposit and withdrawal transactions. These providers operate under their own privacy policies and regulatory obligations.
- Game content providers: Third-party game studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi receive technical session data (player ID, stake, game result) to operate their certified RNG game engines. No additional personal data is shared with game providers beyond what is operationally required.
- Identity verification services: KYC document processing may involve a third-party identity verification provider. These providers process your identity documents solely for the purpose of verifying your identity on 35pd's behalf and are prohibited from using your data for any other purpose.
- IT infrastructure providers: Cloud hosting and server infrastructure providers who store platform data on 35pd's behalf. All infrastructure providers are subject to strict data processing agreements requiring encryption, access controls, and incident notification obligations.
- Fraud detection and analytics: Specialised fraud detection platforms that analyse technical and behavioural data to identify suspicious patterns. These providers act as data processors and do not have independent rights over your data.
- Law enforcement and regulatory authorities: 35pd will disclose personal data to competent authorities, courts, or law enforcement bodies where required to do so by applicable law, court order, or regulatory requirement. Where legally permitted, we will notify you of such a disclosure.
- Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of 35pd's assets, personal data held by 35pd may be transferred to the acquiring entity. You will be notified of any such transfer and of any material change to your data controller before it takes effect.
All third-party data processors engaged by 35pd are required to process personal data only on 35pd's documented instructions, to maintain appropriate technical and organisational security measures, and to notify 35pd without undue delay upon becoming aware of a personal data breach.
International data transfers: Where personal data is transferred to infrastructure or service providers operating outside Bangladesh, 35pd ensures that equivalent data protection safeguards are in place through contractual clauses, data processing agreements, or the application of recognised data protection standards before any transfer occurs.
6. Cookies & Tracking Technologies
35pd uses cookies and similar tracking technologies on the platform. A cookie is a small text file placed on your device by a web server when you visit a website. Cookies allow the platform to recognise your browser across sessions, maintain your login state, and remember your preferences.
Categories of cookies used by 35pd:
| Cookie Type | Examples | Consent Required? |
|---|---|---|
| Strictly Necessary | Session authentication token, CSRF protection token, load-balancer routing cookie | No — these are essential for platform operation and are deployed without consent. |
| Functional | Language preference, game lobby view preference, last-visited game section | No — these improve usability without tracking behaviour across external sites. |
| Performance / Analytics | Page load timing, error logging, session duration, feature usage heatmaps | Yes — opt-in required. Used in anonymised, aggregated form only. |
| Marketing / Retargeting | Promotional campaign attribution, affiliate tracking identifiers | Yes — opt-in required. Used to measure the effectiveness of marketing campaigns and manage affiliate partner commissions. |
You can manage your cookie preferences at any time via the cookie preferences panel accessible from the footer of the 35pd platform. You may also configure your browser to block or delete cookies; note that blocking strictly necessary cookies will impair your ability to log in and use the platform.
35pd does not use third-party advertising network cookies to build cross-site behavioural profiles of individual users for sale to advertisers.
7. Data Retention
35pd retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, including legal, regulatory, and dispute-resolution obligations. The following retention schedule applies:
- Active account data (identity, contact, financial, gameplay): Retained for the duration of the player's active account relationship with 35pd, plus a minimum of 5 years following account closure, in accordance with applicable anti-money laundering record-keeping requirements.
- KYC documents: Retained for a minimum of 5 years following the end of the business relationship, as required for AML compliance. Documents are stored in encrypted form with access restricted to authorised compliance personnel.
- Transaction records: Individual deposit and withdrawal records in BDT are retained for a minimum of 5 years for financial regulatory compliance and audit trail purposes.
- Customer support communications: Live chat transcripts and email correspondence are retained for 3 years from the date of the last interaction, to support dispute resolution and quality assurance.
- Technical and log data: Server log files (IP addresses, session data) are retained for 12 months and then automatically purged, unless a specific log entry is required for an ongoing fraud investigation or legal proceeding.
- Marketing preference records: Records of consent and opt-out actions are retained for the duration of the account plus 2 years, to demonstrate compliance with consent requirements.
- Anonymised analytics data: Aggregated, anonymised platform usage statistics from which no individual player can be identified are retained indefinitely for platform improvement purposes.
At the end of the applicable retention period, personal data is securely deleted or irreversibly anonymised. Players may request early deletion of their personal data by submitting a formal erasure request to , subject to any overriding legal retention obligations that prevent immediate erasure.
8. Your Privacy Rights
As a player on the 35pd platform, you hold the following rights in relation to your personal data. To exercise any of these rights, contact our Data Protection team at with the subject line "Privacy Request".
- Right of Access: You have the right to request a copy of all personal data 35pd holds about you, including information on the purposes for which it is processed and the categories of third parties with whom it has been shared. We will provide your data in a structured, commonly used format within 30 calendar days of your verified request.
- Right to Rectification: If any personal data held about you is inaccurate or incomplete, you have the right to request that it be corrected. Identity data corrections may require re-submission of KYC documents.
- Right to Erasure ("Right to be Forgotten"): You may request that 35pd delete your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where you object to processing based on legitimate interests. This right is subject to legal retention obligations — data required for AML compliance cannot be deleted on request alone.
- Right to Restriction of Processing: You may request that 35pd restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or where you have objected to processing pending a determination of legitimate interests.
- Right to Data Portability: Where processing is based on your consent or on contractual necessity, you have the right to receive a copy of your personal data in a machine-readable format (e.g., CSV or JSON) and to have that data transmitted directly to another controller where technically feasible.
- Right to Object: You have the right to object to the processing of your personal data where that processing is based on 35pd's legitimate interests. 35pd will cease processing unless it can demonstrate compelling legitimate grounds that override your interests, or where processing is required for legal claims.
- Right to Withdraw Consent: Where processing is based on consent (in particular, marketing communications), you may withdraw consent at any time via your account dashboard or by contacting support. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
All privacy rights requests are acknowledged within 48 hours and substantively responded to within 30 calendar days. Where a request is complex or numerous, this period may be extended by a further 30 days with notification to the requester. There is no charge for submitting a privacy rights request.
Before processing any privacy rights request, 35pd must verify the identity of the person making the request to protect against fraudulent data access attempts. You will be asked to confirm your registered email address and may be asked to submit a brief identity confirmation. This step is a security measure for your protection.
9. Data Security
35pd implements a comprehensive set of technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. Our security framework includes, but is not limited to:
- Transport layer security: All data transmitted between your browser or device and the 35pd platform is encrypted using TLS 1.2 or higher. The platform does not accept unencrypted HTTP connections for any authenticated or transactional page.
- Data encryption at rest: All personal data stored on 35pd servers — including KYC documents, payment records, and account credentials — is encrypted at rest using AES-256 encryption.
- Access controls: Access to personal data within 35pd's internal systems is restricted to employees and contractors who require it to perform their role. Access is controlled via role-based permissions, and all access is logged for audit purposes.
- Two-factor authentication: 35pd offers and strongly recommends two-factor authentication (2FA) for all player accounts. Internal administrative systems require 2FA for all personnel with access to personal data.
- Penetration testing: The 35pd platform undergoes regular third-party security assessments to identify and remediate vulnerabilities before they can be exploited.
- Incident response: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, 35pd will notify affected players without undue delay and will take all necessary steps to contain the breach, assess its scope, and remediate the underlying cause.
- Staff training: All 35pd personnel who handle personal data receive regular data protection and security training. Data handling procedures are reviewed and updated at least annually.
While 35pd applies industry-standard security practices, no online platform can guarantee absolute security. Players are strongly encouraged to use a unique, strong password for their 35pd account, to enable 2FA, and to notify support immediately at if they suspect their account has been compromised.
10. Changes to This Privacy Policy
35pd reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or platform features. When material changes are made, we will:
- Display a prominent notice on the 35pd platform for a minimum of 14 days following the update.
- Send an email notification to the registered email address of all active accounts where the change materially affects player privacy rights or data processing purposes.
- Update the "Last Updated" date at the top of this policy to reflect the effective date of the latest revision.
Continued use of the 35pd platform after the effective date of any amendment constitutes your acceptance of the revised Privacy Policy. If you do not agree with the revised policy, you must cease using the platform and may request account closure and erasure of your personal data, subject to legal retention obligations.
The current version of this Privacy Policy is always available at https://35pd.app/privacy-policy. Previous versions are available on request from .
We recommend bookmarking this page and reviewing it periodically. If you have questions about any provision in this Privacy Policy, contact our support team before using the platform. Support is available 24/7 in English, Bangladesh Standard Time (BST, UTC+6).
This Privacy Policy was last reviewed and updated on 1 January 2026. If you have any questions, please contact us at before using the platform.
Continue Exploring
Questions About Your Privacy or Ready to Play?
If you have questions about how 35pd handles your data, visit our FAQ or contact our 24/7 support team. When you are ready, log in to 35pd and explore 500+ games, live cricket betting, and instant BDT payouts. 18+ only.
18+ Gambling involves financial risk. Play responsibly.