nogood88 Privacy Policy — How We Protect & Handle Your Personal Data
Your privacy is a fundamental commitment at nogood88. This Privacy Policy sets out in plain, formal English exactly what personal data we collect from players in Bangladesh and elsewhere, how we use it, who we share it with, how long we keep it, and what rights you hold over your own information.
Our Six Privacy Commitments
Before reading the full policy, here is a plain-English summary of the six core data protection principles that guide every decision we make about your personal information at nogood88.
Data We Collect
nogood88 collects personal data in three principal ways: information you provide directly when creating or managing your account, information generated automatically through your use of the platform, and information we receive from regulated third-party service providers involved in payment processing or identity verification.
1.1 Information You Provide Directly
- Registration data: Full legal name, date of birth, email address, mobile telephone number, and preferred payment method.
- Identity verification (KYC) documents: Copies of your Bangladesh National Identity Card (NID), passport, driving licence, proof of residential address (e.g., utility bill or bank statement not older than three months), and — where required — source-of-funds documentation.
- Financial data: Deposit and withdrawal transaction records, payment method identifiers (e.g., bKash wallet number, Nagad account reference, Rocket number, bank account details), and transaction amounts in BDT.
- Communication data: The content of messages you send to our support team via live chat, email (support@nogood88), or any other support channel, including timestamps and chat transcripts.
- Responsible gaming preferences: Self-exclusion elections, deposit limit settings, session time-limit configurations, and cooling-off period requests.
1.2 Information Collected Automatically
- Device and browser data: IP address, device type (mobile, tablet, desktop), operating system, browser type and version, screen resolution, and language settings.
- Usage data: Pages visited, games played, bet amounts, session duration, click-path data, referral URLs, and in-platform search queries.
- Location data: Country and city-level geolocation inferred from your IP address. We do not collect precise GPS coordinates.
- Cookie and tracking data: Session cookies, authentication tokens, and aggregated analytics events (see Section 4 — Cookies for full detail).
1.3 Information Received from Third Parties
- Payment processors: Transaction confirmation and status data from bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, BRAC Bank, City Bank, Visa, and Mastercard.
- Identity verification providers: Verification outcome data (pass/fail) from third-party KYC and AML screening services. We do not receive raw document scans from these providers; they hold the documents directly under their own privacy frameworks.
- Fraud prevention services: Risk scores and flag data from third-party fraud detection tools used to protect the platform and its users.
How We Use Your Data
nogood88 processes personal data only where there is a lawful basis for doing so. The primary lawful bases we rely on are: performance of the contract between you and nogood88, compliance with legal obligations, our legitimate interests in operating a safe and secure platform, and — where required — your explicit consent.
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Account creation and management | Registration data, email, mobile number | Contract performance |
| Identity verification (KYC/AML) | KYC documents, financial data | Legal obligation |
| Processing deposits and withdrawals | Financial data, payment method identifiers | Contract performance |
| Fraud prevention and platform security | IP address, device data, usage data, risk scores | Legitimate interests |
| Responsible gaming monitoring | Gameplay data, deposit limits, self-exclusion flags | Legal obligation / legitimate interests |
| Customer support | Communication data, account data | Contract performance |
| Marketing communications (opt-in only) | Email address, game preference data | Consent |
| Platform analytics and improvement | Aggregated, anonymised usage data | Legitimate interests |
| Legal compliance and dispute resolution | All relevant account and transaction data | Legal obligation |
Marketing Communications
nogood88 will send you promotional emails, SMS notifications, and in-platform messages about bonuses, seasonal offers (including Eid, Pohela Boishakh, and BPL cricket season promotions), and new game releases only if you have given your explicit consent during registration or via your account settings. You may withdraw this consent at any time by updating your communication preferences in your account dashboard or by contacting support@nogood88. Withdrawal of marketing consent does not affect the lawfulness of any processing carried out before the withdrawal.
We do not use your personal data for any automated individual decision-making or profiling that produces legal or similarly significant effects on you, except where required by our responsible gaming obligations (for example, automatic flagging of accounts showing problem-gambling indicators for review by our responsible gaming team).
Data Sharing & Third Parties
nogood88 does not sell, rent, or trade your personal data to any third party for their independent commercial use. We share personal data with external parties only in the following strictly defined circumstances:
Service Providers Acting as Data Processors
We engage regulated third-party companies to perform specific operational functions on our behalf. These companies act as data processors — they may only process your data according to our documented instructions and are prohibited from using it for their own purposes. Current categories of processor include:
- Payment processors: bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, Sonali Bank, Visa, and Mastercard. These processors receive only the minimum payment data necessary to execute and confirm transactions.
- KYC and AML screening providers: Third-party identity verification services that receive document reference data to perform regulatory compliance checks.
- Game software providers: Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi, and other studio partners receive anonymised session data necessary to deliver game outcomes and resolve disputes. They do not receive your name, NID number, or financial details.
- Customer support platform: The live chat and ticketing system provider that hosts our support communications receives message content and your account reference number, but not your full KYC documentation.
- Platform analytics: Aggregated, anonymised usage data processed by our internal analytics infrastructure. No identifiable personal data is shared with external analytics vendors.
Legal and Regulatory Disclosures
nogood88 may disclose personal data to governmental authorities, law enforcement agencies, financial intelligence units, or regulatory bodies when we are legally obliged to do so — for example, in response to a valid court order, a lawful request under anti-money laundering legislation, or an investigation into suspected fraud or criminal activity. In all such cases, we disclose only the minimum data required and, where legally permissible, will notify you of any such disclosure.
Business Transfers
In the event that nogood88 undergoes a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred to the acquiring entity as part of that transaction. You will be notified in advance of any such transfer, and the acquiring entity will be required to honour the privacy commitments set out in this policy or provide you with a materially equivalent alternative.
No International Data Transfers Without Safeguards
Where any of our service providers process data outside Bangladesh, we ensure that appropriate contractual safeguards are in place — such as standard contractual clauses or equivalent data transfer mechanisms — to ensure that your data receives a level of protection consistent with this Privacy Policy.
Data Retention Periods
nogood88 retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable legal, regulatory, or contractual obligations. The following retention periods apply to the principal data categories we hold:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | AML compliance and dispute resolution |
| KYC identity documents | Duration of account + 5 years after closure | Regulatory KYC record-keeping obligations |
| Financial transaction records | Duration of account + 7 years after closure | Financial record-keeping and AML obligations |
| Customer support communications | 3 years from last interaction | Dispute resolution and quality assurance |
| Marketing consent records | Until consent is withdrawn + 1 year | Proof of consent for regulatory purposes |
| Responsible gaming records | Duration of account + 5 years after closure | Duty of care and regulatory compliance |
| Aggregated analytics data | Up to 36 months (anonymised — no personal data) | Platform improvement and trend analysis |
| Security and fraud logs | 12 months from event date | Security incident investigation |
After the applicable retention period expires, personal data is securely deleted or irreversibly anonymised. Where deletion of certain records is technically complex due to backup systems, data is isolated from active processing and scheduled for deletion at the next regular backup purge cycle, which occurs no less than every 90 days.
Data Security Measures
nogood88 implements a layered set of technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. Key security controls in place include:
- 256-bit SSL/TLS encryption on all data transmitted between your device and our servers, verified by a trusted certificate authority.
- AES-256 encryption at rest for all sensitive fields stored in our databases, including passwords (stored as salted cryptographic hashes), payment method identifiers, and KYC document metadata.
- Access controls: Employee access to personal data is granted on a strict need-to-know basis. All staff with data access undergo background screening and receive regular data protection training.
- Network security: Firewalls, intrusion detection systems (IDS), and web application firewalls (WAF) are deployed at the network perimeter and application layer.
- Two-factor authentication (2FA): Available to all account holders and mandatory for all internal staff accounts with access to personal data systems.
- Penetration testing: Our platform undergoes regular independent security assessments and penetration tests conducted by qualified third-party security professionals.
- Incident response: We maintain a formal data breach response procedure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, where feasible.
While nogood88 takes all reasonable and industry-standard steps to protect your personal data, no transmission over the internet and no data storage system can be guaranteed to be 100% secure. You also bear responsibility for maintaining the security of your own account credentials and for ensuring that you access nogood88 from secure, private devices.
Your Privacy Rights
As a user of nogood88, you hold the following rights in relation to your personal data. These rights are aligned with internationally recognised data protection standards. To exercise any of these rights, contact us at support@nogood88 with the subject line "Privacy Rights Request" and include your registered email address and account username for identity verification purposes.
We will respond to all verified privacy rights requests within 30 calendar days. Where a request is complex or we receive a high volume of requests, we may extend this period by a further 60 days, in which case we will notify you of the extension and the reason for it within the initial 30-day window.
We will not charge a fee for processing privacy rights requests unless the request is manifestly unfounded or excessive, in which case we reserve the right to charge a reasonable administrative fee or refuse to act on the request — with written justification provided.
Policy Updates & Contact
nogood88 reserves the right to update or amend this Privacy Policy at any time. When we make material changes — meaning changes that affect how we collect, use, or share your personal data in ways that are meaningfully different from what is described in the current version — we will notify you via the email address registered to your account and/or by displaying a prominent notice on the platform for a minimum of 30 days before the changes take effect.
For minor, non-material updates (such as clarifications of existing practices, correction of typographical errors, or restructuring for readability without substantive change), we will update the "Last Updated" date at the top of this policy without sending a direct notification. We therefore encourage you to review this page periodically.
The version of the Privacy Policy in force at the time you use the platform governs the processing of your personal data at that time. If you do not agree to the updated policy, you must discontinue use of the platform and contact support to request account closure.
How to Contact Us About Privacy
For any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data by nogood88, please contact our Data Protection team using the following details. Note that all contact details are provided as plain text only and cannot be used as clickable links:
Privacy & Data Protection Contact
Email: support@nogood88 (subject: "Privacy Rights Request")
Live Chat: Available 24/7 inside your account dashboard
Response Time: Within 30 days for formal privacy requests; within 4 hours for general queries via email; under 2 minutes via live chat
Support Hours: 24/7 — Bangladesh Standard Time (UTC+6)
Your Data is Safe at nogood88
Now that you have reviewed our Privacy Policy, explore the platform with confidence. SSL-encrypted, fair play certified, and fully committed to protecting your personal data every step of the way. 18+ only. Please gamble responsibly.
Explore nogood88 Casino nogood88 Login Responsible Gaming