Privacy Policy — How cv677 Protects Your Data
At cv677, your privacy is a core commitment — not an afterthought. This Privacy Policy explains precisely what personal data we collect, how we use it, who we share it with, and the rights you hold as a player on Bangladesh's premier online casino platform. We process your data only in ways you would reasonably expect, and always with the security of your information at the centre of every decision.
Every byte of data exchanged between your device and cv677 servers is protected by TLS 1.3 encryption. Your personal and financial data travels securely, making interception by third parties practically impossible.
cv677 does not sell, rent, or trade your personal information to any third party for their own marketing purposes. Your data is used solely to operate and improve the cv677 platform and to comply with legal obligations.
You hold meaningful rights over your personal data — including the right to access, correct, delete, and port your information. cv677 responds to all verified privacy requests within 30 days, in full compliance with applicable data protection standards.
We use cookies only for purposes that are either strictly necessary for the platform to function or that you have explicitly consented to. Our Cookie Policy is clearly documented within this Privacy Policy so you always know what is running on your browser.
Identity documents submitted for KYC verification — such as your National Identity Card or passport — are stored in an encrypted document vault and are accessible only to authorised compliance personnel. Documents are deleted once the applicable legal retention period expires.
cv677 processes personal data in a manner consistent with Bangladeshi data protection expectations and international best practices, including data minimisation, purpose limitation, and storage limitation principles that protect every player on our platform.
Data We Collect
cv677 collects personal data only where it is necessary to provide you with our services, to fulfil our legal obligations, or to protect the legitimate interests of our platform and players. We do not collect data beyond what is reasonably required for these purposes. The categories of personal data we collect are set out below.
1.1 — Registration Data
When you create a cv677 account, we collect the information you provide directly, which includes your full legal name, date of birth, gender, residential address (including city — Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, or Mymensingh), email address, and mobile phone number registered in Bangladesh. This information is mandatory for account creation and cannot be omitted.
1.2 — Identity Verification (KYC) Data
To comply with anti-money laundering (AML) obligations and responsible gaming requirements, cv677 collects documentary evidence of identity. This includes scanned copies or photographs of government-issued identity documents such as your National Identity Card (NID), passport, or driving licence, as well as proof-of-address documents such as utility bills or bank statements. We also collect proof of the payment method used for deposits (for example, a screenshot showing your bKash or Nagad account number).
1.3 — Financial Transaction Data
cv677 records all financial transactions conducted through your account, including deposit amounts, withdrawal requests, payment method identifiers (such as your bKash or Nagad mobile number), transaction reference numbers, timestamps, and the outcomes of those transactions. We do not store full card numbers, mobile banking PINs, or any security credentials associated with your payment methods.
1.4 — Gaming Activity Data
We collect records of your gameplay on cv677, including the games you play, bet amounts, win/loss records, session durations, bonus usage, and wagering history. This data is used for responsible gaming monitoring, fraud detection, and improving the overall player experience.
1.5 — Technical and Device Data
When you access cv677 — whether via browser or mobile device — we automatically collect certain technical information, including your IP address, browser type and version, operating system, device type, screen resolution, referring URL, pages visited, time spent on each page, and clickstream data. This data is collected through cookies and similar tracking technologies, which are described further in Section 4 of this Policy.
1.6 — Communications Data
When you contact our customer support team by email, live chat, or any other channel, cv677 retains records of those communications, including the content of your messages, timestamps, and the resolution reached. This data is retained to ensure service quality and to provide context in the event of future disputes or complaints.
Data Categories at a Glance
- Registration & identity data
- KYC verification documents
- Financial transaction records
- Gaming activity & bet history
- Device & technical log data
- Support communications
How We Use Your Data
cv677 processes your personal data only for clearly defined, legitimate purposes. We do not process your data in ways that are incompatible with the purpose for which it was originally collected. The table below summarises our primary processing activities, the legal basis for each, and the category of data involved.
| Processing Purpose | Legal Basis | Data Category |
|---|---|---|
| Account creation and management | Contractual necessity | Registration data |
| Identity verification (KYC) | Legal obligation & contractual necessity | KYC documents, registration data |
| Processing deposits and withdrawals | Contractual necessity | Financial transaction data |
| Fraud detection and AML monitoring | Legal obligation & legitimate interest | Transaction data, gaming activity, device data |
| Responsible gaming monitoring | Legal obligation & legitimate interest | Gaming activity, session data |
| Customer support and dispute resolution | Contractual necessity & legitimate interest | Communications data, account data |
| Sending service notifications and updates | Contractual necessity | Email address, mobile number |
| Sending promotional communications | Consent | Email address, mobile number |
| Platform performance and analytics | Legitimate interest | Device data, clickstream data |
| Legal compliance and regulatory reporting | Legal obligation | All applicable categories |
2.1 — Marketing Communications
cv677 may send you promotional emails or SMS notifications about bonuses, seasonal offers (such as Eid promotions, Pohela Boishakh campaigns, BPL cricket specials, and IPL bonus events), new game launches, and loyalty rewards — but only where you have given explicit consent to receive such communications. You may withdraw your consent to marketing communications at any time by clicking the unsubscribe link in any promotional email or by contacting our support team. Withdrawing consent to marketing does not affect your ability to use the cv677 platform or receive essential service communications.
2.2 — Automated Decision-Making
cv677 uses automated systems to assess risk, detect unusual transaction patterns, and enforce responsible gaming limits. These automated processes may result in temporary account restrictions or flagging for manual review. Where an automated decision has a significant effect on your account, you have the right to request that a human member of our compliance team reviews that decision. To request a manual review, contact us at [email protected] with the subject line "Automated Decision Review Request".
Data Sharing & Third Parties
cv677 does not sell, rent, or otherwise transfer your personal data to unaffiliated third parties for commercial purposes. However, to operate the cv677 platform and to fulfil our legal obligations, we share personal data with a limited set of trusted third parties in the circumstances described below.
3.1 — Game Providers
To deliver the games available on cv677, we share necessary technical session data with our licensed game providers, which include Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi, among others. The data shared is limited to what is required to authenticate your session and record the outcome of game rounds. Game providers are contractually prohibited from using this data for any purpose other than delivering the game service to cv677.
3.2 — Payment Processors
To process deposits and withdrawals, cv677 shares relevant transaction data with our payment processing partners, which currently include bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, BRAC Bank, City Bank, Islami Bank, and Sonali Bank. The data shared is limited to the information required to execute and verify the specific transaction in question. Payment processors operate under their own privacy policies, and cv677 selects only partners who maintain data security standards consistent with our own.
3.3 — Identity Verification Partners
cv677 may use third-party identity verification service providers to assist with the KYC process. These providers receive identity document data solely for the purpose of verification and are prohibited from retaining or using that data for any secondary purpose.
3.4 — Legal and Regulatory Authorities
cv677 will disclose personal data to law enforcement agencies, regulatory bodies, or courts of competent jurisdiction when required to do so by applicable law, court order, or regulatory direction. In such circumstances, we will disclose only the minimum data required to comply with the legal obligation and will, where legally permissible, notify the affected player of the disclosure.
3.5 — Business Transfers
In the event that cv677 undergoes a merger, acquisition, corporate restructuring, or sale of all or a substantial portion of its assets, your personal data may be transferred to the acquiring entity as part of that transaction. In such circumstances, the acquiring entity will be required to honour the commitments made in this Privacy Policy or obtain fresh consent from affected players before processing their data in any materially different way.
Data Retention Policy
cv677 retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable legal and regulatory obligations. The table below outlines our standard retention periods by data category.
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | Legal obligation, AML requirements |
| KYC identity documents | Duration of account + 5 years after closure | Legal obligation, AML requirements |
| Financial transaction records | 7 years from transaction date | Legal obligation, tax & AML requirements |
| Gaming activity records | Duration of account + 3 years after closure | Responsible gaming, dispute resolution |
| Customer support communications | 3 years from last interaction | Legitimate interest, dispute resolution |
| Marketing consent records | Duration of consent + 3 years | Legal obligation (proof of consent) |
| Technical and device log data | 13 months from collection | Legitimate interest, security monitoring |
| Self-exclusion records | Minimum 7 years from exclusion date | Responsible gaming legal obligations |
Upon expiry of the applicable retention period, personal data is either securely deleted or anonymised in such a way that it can no longer be linked back to an individual. Where data must be retained beyond the standard period due to an ongoing legal dispute, regulatory investigation, or court order, cv677 will retain the relevant data until that matter is fully resolved and then apply the standard deletion process.
Data Security Measures
cv677 implements a layered security architecture to protect your personal data against unauthorised access, disclosure, alteration, and destruction. Our security programme is reviewed and updated on a regular basis to address evolving threats and to incorporate industry best practices.
6.1 — Technical Security Controls
- Transport Encryption: All data transmitted between your device and cv677 servers is encrypted using TLS 1.3, the current industry-leading standard for transport layer security.
- Data-at-Rest Encryption: Personal data stored in our databases — including KYC documents and financial records — is encrypted at rest using AES-256 encryption.
- Access Controls: Access to systems containing personal data is restricted to authorised personnel on a strict need-to-know basis. All system access is authenticated using multi-factor authentication (MFA) and logged for audit purposes.
- Intrusion Detection: cv677 operates continuous intrusion detection and prevention systems that monitor for suspicious network activity and automatically trigger incident response protocols where a threat is identified.
- Vulnerability Management: Our technical team conducts regular vulnerability assessments and penetration testing of the cv677 platform. Critical vulnerabilities are patched within 24 hours of discovery; medium-severity issues are addressed within 7 days.
- Database Security: Production databases are isolated behind private network boundaries with no direct public internet access. All database queries are parameterised to prevent SQL injection attacks.
6.2 — Organisational Security Controls
- All cv677 staff and contractors who handle personal data are bound by confidentiality obligations and receive mandatory data protection training upon onboarding and annually thereafter.
- cv677 operates a formal Data Breach Response Plan that defines escalation procedures, notification timelines, and remediation steps in the event of a confirmed or suspected data breach.
- Physical access to cv677 server infrastructure is controlled and logged, with unauthorised access triggering immediate security alerts.
6.3 — Data Breach Notification
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, cv677 will notify affected players without undue delay and, where feasible, within 72 hours of becoming aware of the breach. The notification will describe the nature of the breach, the categories of data affected, the likely consequences, and the steps cv677 has taken or intends to take to address the breach and mitigate its effects.
Your Privacy Rights
As a cv677 player, you hold meaningful rights over your personal data. cv677 is committed to honouring these rights in a timely and transparent manner. All verified privacy requests will receive an initial response within 5 business days and a full resolution within 30 calendar days. Where a request is complex or involves a large volume of data, we may extend this period by a further 30 days, in which case we will notify you of the extension and the reason for it.
Right of Access
You have the right to request a copy of the personal data cv677 holds about you, along with information about how and why it is being processed.
Right to Rectification
If any personal data cv677 holds about you is inaccurate or incomplete, you have the right to request that it be corrected or updated without undue delay.
Right to Erasure
You may request that cv677 delete your personal data where it is no longer necessary for the purposes for which it was collected, subject to applicable legal retention obligations.
Right to Restrict Processing
In certain circumstances — such as where you contest the accuracy of your data or object to its processing — you may request that cv677 temporarily restrict how your data is used.
Right to Data Portability
Where processing is based on your consent or a contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format for transfer to another service.
Right to Object
You have the right to object to cv677 processing your personal data for direct marketing purposes at any time. You may also object to processing based on legitimate interests, subject to cv677's assessment of competing interests.
7.1 — How to Exercise Your Rights
To exercise any of the rights described in this section, please send a written request to [email protected] with the subject line "Privacy Rights Request". Your request must include your full name, the email address registered to your cv677 account, and a clear description of the right you wish to exercise. To protect your account security, cv677 may ask you to verify your identity before processing a privacy rights request. We will not charge any fee for exercising your rights unless a request is manifestly unfounded or excessive, in which case we reserve the right to charge a reasonable administrative fee or decline to act on the request.
7.2 — Withdrawing Consent
Where cv677 processes your personal data on the basis of your consent, you may withdraw that consent at any time without affecting the lawfulness of processing that occurred before the withdrawal. To withdraw consent, contact us at [email protected] specifying the type of processing you wish to withdraw consent for.
Contact Our Privacy Team
If you have any questions, concerns, or complaints about how cv677 handles your personal data, or if you wish to exercise any of your privacy rights, please contact our dedicated privacy team using the details below. We take every privacy enquiry seriously and aim to respond to all communications within 5 business days (Bangladesh Standard Time, UTC+6).
Privacy & Data Protection Enquiries
For all privacy-related matters, including data access requests, deletion requests, consent withdrawal, and general privacy questions, please contact us at:
[email protected]
Subject line: "Privacy Rights Request"
Responsible Gaming & Self-Exclusion
For matters specifically related to responsible gaming data, self-exclusion records, or deposit limit settings, please contact our dedicated responsible gaming team at:
[email protected]
Policy Updates
cv677 reserves the right to update this Privacy Policy at any time to reflect changes in our data practices, applicable law, or the services we offer. When we make a material change to this Policy, we will notify registered players by email and post a prominent notice on the cv677 platform at least 14 days before the change takes effect. Your continued use of the cv677 platform after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the updated Policy, you have the right to close your account before the effective date of the change.
This Privacy Policy was last reviewed and updated on 1 January 2026. The current version of this Policy supersedes all previous versions.
Privacy Request Timeline
- Day 1 Request received; acknowledgement sent to your registered email
- Day 1–5 Identity verification check completed by our compliance team
- Day 5–30 Full response provided; requested action completed or reasoned refusal issued
- Day 30–60 Extended period (complex requests only); player notified of extension at Day 30
Our Privacy Commitments
- We never sell your personal data to third parties
- We collect only the minimum data necessary
- All data is encrypted in transit and at rest
- Your rights are honoured within 30 days
- Material policy changes notified 14 days in advance
- 24/7 bilingual support in English & Bengali
Ready to Play at cv677?
Now that you understand how cv677 protects your privacy, explore everything our platform has to offer — from live cricket betting and thousands of slots to instant bKash and Nagad payments. 18+ only. Please play responsibly.