cm44 Privacy Policy
Your privacy matters to us. This Privacy Policy explains exactly what personal data cm44 collects, why we collect it, how it is stored and protected, and the rights you hold over your own information. We are committed to handling your data transparently and responsibly in accordance with applicable data protection principles.
Our Privacy Commitments
Six principles that define how cm44 treats your personal information every day.
SSL Encryption
All data transmitted between your device and cm44 is protected by industry-standard TLS/SSL encryption. Your personal details, payment data, and account activity are never exposed in transit.
No Sale of Personal Data
cm44 does not sell, rent, or trade your personal information to third-party advertisers or data brokers. Your data is used solely to operate and improve the cm44 platform.
Minimal Data Collection
We collect only the data that is strictly necessary for account operation, KYC verification, payment processing, and regulatory compliance. We do not collect data speculatively.
Your Data, Your Rights
You have the right to access, correct, or request deletion of your personal data at any time. Submit a request to [email protected] and we will respond within 10 business days.
Clear Retention Limits
We do not hold your personal data indefinitely. Retention periods are defined by regulatory requirements and operational necessity. Data that is no longer needed is securely deleted or anonymised.
Opt-Out of Marketing
Promotional communications are entirely optional. You may withdraw consent for marketing messages at any time by updating your notification preferences in-app or by contacting our support team.
Section 1
Information We Collect
cm44 collects personal data through several channels: information you provide directly during registration and ongoing use of the Platform, information generated automatically as you interact with our services, and information received from trusted third-party partners such as payment processors and KYC verification providers. The categories of data we collect are described below.
1.1 Information you provide directly:
- Registration data: Full legal name, date of birth, residential address (including city — Dhaka, Chittagong, Sylhet, Khulna, or elsewhere in Bangladesh), mobile phone number, and email address.
- Identity verification (KYC) data: Government-issued identification documents such as your National ID card (NID), passport, or birth certificate. We may also request a selfie or a document photograph for liveness verification.
- Payment data: Mobile wallet numbers (bKash, Nagad, Rocket, Upay), bank account or card details (Visa, Mastercard) used for deposits and withdrawals. Full card numbers are not stored by cm44 — these are handled directly by our PCI-DSS compliant payment partners.
- Account preferences: Communication preferences, notification settings, responsible gaming limits you set voluntarily (deposit caps, session timers, self-exclusion requests).
- Support communications: Any messages, complaints, or queries you send to cm44 via live chat or email, which we retain as a record of our interactions.
1.2 Information collected automatically:
- Device and technical data: IP address, device type and model, operating system, browser type and version, screen resolution, and device identifiers.
- Usage and behavioural data: Pages visited, games played, betting history, session duration, click-path data, search queries entered within the Platform, and time-zone information (Bangladesh Standard Time, UTC+6).
- Geolocation data: Approximate location derived from your IP address, used to verify that you are accessing the Platform from a supported region and to comply with any applicable geographic restrictions.
- Cookies and tracking technologies: Session cookies, persistent cookies, and similar technologies as described in Section 4 of this Policy.
1.3 Information from third parties:
- Identity and age verification results from our KYC service partners.
- Transaction confirmation data from payment processors (bKash, Nagad, Rocket, Upay, Visa/Mastercard acquiring banks).
- Fraud risk signals from third-party fraud detection providers, which do not identify you personally but help us assess the integrity of transactions.
Section 2
How We Use Your Data
cm44 uses the personal data we collect for specific, defined purposes. We do not process your data in ways that are incompatible with those purposes. The table below summarises the primary purposes for which we use your data and the legal basis that applies in each case.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account registration and management | Registration data, contact details | Contract performance |
| Identity verification (KYC) | NID/passport, selfie, address | Legal obligation |
| Processing deposits and withdrawals | Payment data, account balance | Contract performance |
| Fraud detection and prevention | Device data, IP, behavioural data | Legitimate interest |
| Responsible gaming monitoring | Betting history, session data, limits | Legal obligation / legitimate interest |
| Customer support | Support communications, account data | Contract performance |
| Marketing and promotions | Contact details, preferences | Consent (opt-in only) |
| Platform analytics and improvement | Usage data, device data (anonymised) | Legitimate interest |
| Legal and regulatory compliance | All categories as required | Legal obligation |
Where we rely on consent as our legal basis (for example, for marketing communications), you have the right to withdraw that consent at any time without affecting the lawfulness of processing that took place before the withdrawal. To withdraw consent for marketing, update your preferences in-app or contact [email protected].
Where we rely on legitimate interest, we have assessed that our interest does not override your fundamental rights and freedoms, particularly given the measures we have in place to minimise data use and protect your information.
Section 3
Sharing of Personal Data
cm44 does not sell, rent, or trade your personal data to any third party for commercial purposes. We share your information only with the categories of recipients described below, and only to the extent necessary for the purposes stated.
3.1 Service providers and processors:
We engage trusted third-party service providers who act as data processors on our behalf. These include:
- Payment processors: bKash, Nagad, Rocket, Upay, and card-acquiring banks (Visa/Mastercard network members) receive the minimum payment data required to execute your transactions.
- KYC and identity verification providers: Receive your identity documents and verification data solely to conduct age and identity checks as required by our compliance obligations.
- Fraud prevention providers: Receive device fingerprint data and behavioural signals (no directly identifying data) to assess transaction risk.
- Game content providers: Studios such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi may receive your anonymised player identifier and game round data to power the games you play and to resolve disputes. They do not receive your name, contact details, or payment information.
- Cloud hosting and infrastructure providers: Store encrypted platform data in secure data centre environments.
All third-party processors are bound by contractual data processing agreements that prohibit them from using your data for any purpose other than delivering the service for which they were engaged.
3.2 Legal and regulatory disclosures:
cm44 may disclose personal data to law enforcement agencies, regulatory bodies, or courts where we are required to do so by a valid legal order, court judgment, or statutory obligation. We will notify you of such a disclosure where we are legally permitted to do so.
3.3 Business transfers:
In the event of a merger, acquisition, asset sale, or restructuring involving cm44, your personal data may be transferred to the acquiring or successor entity. We will provide reasonable advance notice of any such transfer and ensure that the receiving entity commits to data protection standards no less protective than those in this Policy.
Section 5
Data Security Measures
Protecting the security of your personal data is a core operational priority for cm44. We implement a layered set of technical and organisational security measures designed to prevent unauthorised access, accidental loss, disclosure, alteration, or destruction of your data.
Technical measures include:
- Transport Layer Security (TLS/SSL): All communications between your device and cm44 are encrypted using TLS 1.2 or higher. You can confirm this via the padlock icon in your browser's address bar.
- Encryption at rest: Sensitive fields in our databases — including identity document data and payment identifiers — are encrypted at rest using AES-256 encryption.
- Access controls: Access to personal data within cm44 is restricted on a strict need-to-know basis. Staff members are granted the minimum level of access required for their role, and all access events are logged.
- Two-factor authentication: cm44 strongly recommends enabling two-factor authentication (2FA) on your account. Internal staff systems require 2FA by default.
- Penetration testing and vulnerability management: Our infrastructure undergoes regular security assessments. Identified vulnerabilities are remediated according to their severity within defined timeframes.
- Incident response: We maintain a documented data breach response plan. In the event of a breach that is likely to result in a risk to your rights, we will notify affected players without undue delay.
While we apply rigorous security measures, no system can guarantee absolute security. You are responsible for keeping your own account credentials confidential and for logging out of the Platform on shared devices. If you suspect your account has been compromised, contact [email protected] or in-app live chat immediately.
Section 6
Data Retention
cm44 retains personal data only for as long as it is necessary for the purposes described in this Policy, or as required by applicable law and regulatory guidance. The following retention periods apply as a general guide:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | Legal / regulatory obligation |
| KYC / identity documents | Duration of account + 5 years after closure | Anti-money laundering compliance |
| Transaction records | Duration of account + 7 years after closure | Financial record-keeping obligation |
| Betting / gaming history | Duration of account + 3 years after closure | Dispute resolution, responsible gaming |
| Support communications | 3 years from last interaction | Dispute resolution |
| Analytics data (anonymised) | Up to 26 months (rolling) | Product improvement |
| Marketing preferences / consent records | Until consent is withdrawn + 1 year | Proof of consent |
At the end of the applicable retention period, personal data is either securely deleted or irreversibly anonymised so that it can no longer be associated with any individual. Anonymised data may be retained indefinitely for statistical and analytical purposes.
Where you request deletion of your data before the end of a statutory retention period, we will honour that request to the fullest extent permitted by law and will inform you of any categories of data that we are legally required to retain despite your request.
Section 7
Your Privacy Rights
As a cm44 player, you have a number of rights in relation to the personal data we hold about you. These rights are summarised below. To exercise any of these rights, please contact our privacy team at [email protected] with the subject line "Privacy Rights Request". We will respond within 10 business days of receiving a valid request.
- Right of access: You may request a copy of the personal data cm44 holds about you, together with information about how it is being used. We will provide this in a clear, readable format at no charge.
- Right to rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. For basic account details such as your address or phone number, you may update these directly within your account settings.
- Right to erasure ("right to be forgotten"): You may request that we delete your personal data. We will comply where there is no overriding legal basis to retain it. Note that statutory retention obligations (for example, anti-money laundering rules) may require us to retain certain categories of data even after your account is closed.
- Right to restriction of processing: In certain circumstances — for example, while a dispute regarding the accuracy of your data is being resolved — you may request that we pause processing of your data.
- Right to data portability: Where processing is based on your consent or a contract with you, you may request that we provide your personal data in a structured, machine-readable format so that you can transfer it to another service provider.
- Right to object: You may object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent: Where processing is based on consent (for example, marketing communications), you may withdraw that consent at any time without affecting the lawfulness of prior processing.
We may need to verify your identity before processing a privacy rights request to ensure we are responding to the correct person. We will not charge a fee for reasonable requests; however, for requests that are manifestly unfounded or excessive, we reserve the right to charge a proportionate administrative fee.
Section 8
Changes to This Policy
cm44 reserves the right to update or revise this Privacy Policy at any time in response to changes in applicable law, regulatory guidance, business practices, or the features and services offered on the Platform. The "Last Reviewed" date at the top of this document will be updated whenever a change is made.
For material changes — that is, changes that significantly affect how we collect, use, or share your personal data — we will provide at least 14 days' advance notice via an in-app notification sent to all registered players. For minor or clarificatory changes that do not materially alter the substance of this Policy, we may update the document without advance notice, though the revised date will always be reflected.
Your continued use of the cm44 Platform following the effective date of any update constitutes your acceptance of the revised Privacy Policy. If you do not agree with any change, you should stop using the Platform and may request closure of your account in accordance with the process described in our Terms & Conditions.
If you have any questions about this Privacy Policy — whether about its current content or about a recent change — please do not hesitate to reach out. Our privacy team is available at [email protected], and our general support team operates 24/7 via in-app live chat.
Questions About Your Privacy?
Our support team is available around the clock to answer any data protection questions. You can also explore the cm44 Casino, check our FAQ, or return to the homepage.