pokk Privacy Policy
At pokk, your privacy matters. This Privacy Policy explains exactly what personal data we collect from Bangladeshi players, how we use it, who we share it with, and what rights you hold over your own information. We are committed to handling your data with transparency, care, and respect.
Information We Collect
pokk collects personal data through several channels: directly from you during registration and account use, automatically through your device and browsing activity, and occasionally from third-party verification services.
When you create and use a pokk account, we collect and process the following categories of personal data:
| Data Category | Specific Data Points | Collection Method |
|---|---|---|
| Identity Data | Full legal name, date of birth, gender, National ID or passport number | Provided during registration and KYC verification |
| Contact Data | Email address, mobile phone number, residential address (city, district, division) | Provided during registration or account update |
| Financial Data | bKash / Nagad / Rocket / Upay account identifiers, Visa/Mastercard last four digits, transaction history, deposit and withdrawal amounts in BDT | Provided during payment processing |
| Account Activity Data | Game history, bet records, session durations, bonus claims, wagering activity, win/loss records | Automatically recorded by pokk platform systems |
| Technical Data | IP address, device type, browser version, operating system, screen resolution, referring URL | Automatically collected via server logs and analytics |
| Communication Data | Contents of support emails and chat messages sent to [email protected], response records | Collected when you contact pokk support |
| Verification Documents | Scanned or photographed copies of government-issued photo ID, proof of address documents, payment method ownership evidence | Submitted voluntarily during KYC review process |
pokk does not collect any special category personal data (also known as sensitive data) as defined under international data protection frameworks. This means we do not collect or process data relating to racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data for identification purposes, health data, or data concerning sexual orientation. If any such data is incidentally disclosed to us through a support communication, it will not be recorded in your account profile and will not be used for any purpose.
We do not knowingly collect personal data from individuals under the age of 18. Our registration process includes an age confirmation step, and we conduct age verification checks as part of our KYC process. If we discover that we have inadvertently collected data from a minor, we will delete that data immediately and close the associated account.
Every data point pokk collects has a defined lawful basis — either your explicit consent, the performance of your account contract, a legal obligation, or our legitimate business interests in operating a secure platform.
Data collected for one purpose (e.g., processing your bKash withdrawal) will not be repurposed for unrelated activities (e.g., profiling for third-party advertising) without your separate, informed consent.
pokk collects only the minimum data needed for each specific purpose. We do not collect data speculatively or build profiles beyond what is necessary to operate your account and keep the platform secure.
How We Use Your Data
pokk uses the personal data we collect for clearly defined purposes. Below is a comprehensive explanation of each use case and its corresponding lawful basis.
pokk processes your personal data for the following purposes:
- Account creation and management: We use your identity and contact data to create and maintain your pokk account, authenticate your logins, and manage your account preferences. The lawful basis is the performance of the contract between you and pokk.
- Payment processing: We use your financial data to process deposits and withdrawals via bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, Visa, and Mastercard. All payment data is transmitted over encrypted connections. The lawful basis is contract performance.
- Identity verification (KYC): We use your identity data and verification documents to comply with our anti-money laundering (AML) obligations and to confirm that all users meet our minimum age requirement of 18 years. The lawful basis is legal obligation.
- Fraud prevention and platform security: We use your technical data, account activity data, and financial data to detect and prevent fraudulent activity, account takeovers, bonus abuse, and money laundering. The lawful basis is legitimate interest in protecting the platform and its users.
- Customer support: We use your identity, contact, and communication data to respond to your enquiries, resolve disputes, and assist you with account-related issues. The lawful basis is contract performance and legitimate interest.
- Responsible gaming compliance: We use your account activity data to monitor for signs of problem gambling behaviour, enforce self-exclusion requests, apply deposit limits, and comply with our responsible gaming commitments. The lawful basis is legal obligation and legitimate interest in user welfare.
- Service communications: We use your contact data to send you transactional communications relevant to your account — such as deposit confirmations, withdrawal notifications, security alerts, and material changes to these policies. The lawful basis is contract performance. These communications are not optional as they are integral to account operation.
- Promotional communications: With your separate, explicit consent at registration (or at any time thereafter), we may send you information about pokk bonuses, promotions, and new product features. You may withdraw this consent at any time by contacting [email protected]. The lawful basis for promotional communications is consent.
- Platform improvement and analytics: We use aggregated, anonymised technical and activity data to understand how players navigate the pokk platform, identify usability issues, and improve game offerings. This analytics data is not linked to identifiable individuals. The lawful basis is legitimate interest.
pokk will not use your personal data for automated decision-making processes that produce legal or similarly significant effects on you without providing you with the opportunity to request a human review of that decision.
Data Sharing & Third Parties
pokk does not sell your personal data. We share it only in the limited circumstances described here, and only with parties who are contractually bound to protect it.
In the course of operating the pokk platform, we may share your personal data with the following categories of third-party recipients:
- Payment service providers: When you make a deposit or withdrawal, your financial data is shared with the relevant payment provider (e.g., bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, Visa, Mastercard) solely for the purpose of processing that transaction. These providers operate under their own privacy policies and are regulated by the Bangladesh Bank and relevant financial authorities.
- Identity verification partners: To fulfil our KYC obligations, we may share your identity documents with third-party verification service providers. These providers are contractually prohibited from using your data for any purpose other than completing the verification check on pokk's behalf.
- Game content providers: Our casino and gaming products are supplied by third-party game studios including Pragmatic Play, Evolution Gaming, Microgaming, NetEnt, Spribe, and Ezugi. These providers may receive your anonymised player session data (e.g., a session token or player ID) to render game content and record round results. They do not receive your full identity or financial data.
- IT and infrastructure providers: pokk uses cloud hosting, content delivery, and database services. Your data may be stored or processed on servers operated by these infrastructure providers. All such providers are bound by strict data processing agreements.
- Legal and regulatory authorities: pokk may be required to disclose your personal data to law enforcement agencies, regulatory bodies, or courts if compelled to do so by law, court order, or regulatory requirement. We will inform you of any such disclosure to the extent permitted by law.
- Business transfers: In the event that pokk undergoes a merger, acquisition, or sale of all or part of its business assets, your personal data may be transferred to the acquiring entity as part of that transaction. You will be notified of any such transfer and of any resulting change to this Privacy Policy.
pokk does not share your personal data with advertisers, data brokers, marketing networks, or any third party for their own independent commercial purposes. Any data sharing arrangement that falls outside the categories listed above will be disclosed to you, and your consent obtained, before the sharing takes place.
Cookies & Tracking Technologies
pokk uses cookies and similar technologies to keep your session active, remember your preferences, and understand how players use the platform so we can improve it.
A cookie is a small text file that is stored on your device when you visit the pokk platform. Cookies allow pokk to recognise your browser on subsequent visits, maintain your login session, and provide a consistent, personalised experience. pokk uses the following categories of cookies:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Required for the platform to function. Maintains your login session, stores your session token, and prevents cross-site request forgery attacks. Cannot be disabled without breaking platform functionality. | Session / up to 24 hours |
| Functional | Remembers your language and display preferences, your last-visited game category, and any accessibility settings you have applied. | Up to 90 days |
| Analytics | Collects anonymised data about pages visited, time spent on site, and navigation paths. Used to identify usability improvements. Data is aggregated and not linked to individual identities. | Up to 12 months |
| Security | Supports our fraud detection systems by recording device fingerprint signals (browser type, screen resolution, timezone) to identify suspicious login patterns and bot activity. | Up to 30 days |
pokk does not use third-party advertising cookies or tracking pixels that would allow external advertisers to follow your activity across other websites. The analytics cookies we use collect data in an aggregated, anonymised form only.
You may manage or disable non-essential cookies through your browser settings. Please note that disabling strictly necessary cookies will prevent you from logging in to your pokk account and will impair platform functionality. Instructions for managing cookies in the most common browsers are available in each browser's help documentation.
pokk also uses local storage (a browser-based storage mechanism similar to cookies) to store lightweight session state data on your device. This data does not leave your device except as part of standard HTTPS requests to the pokk platform.
Data Security & Storage
pokk implements multiple layers of technical and organisational security measures to protect your personal data against unauthorised access, loss, or misuse.
The security of your personal data is a core operational priority for pokk. We employ the following measures to protect the data we hold:
- Transport encryption: All data transmitted between your device and the pokk platform is encrypted using TLS 1.2 or higher (commonly referred to as 256-bit SSL encryption). This applies to all account pages, payment flows, and API communications.
- At-rest encryption: Personal data stored in pokk's databases is encrypted at rest using industry-standard encryption algorithms. This means that even in the unlikely event of a database breach, your data would not be readable without the decryption keys.
- Access controls: Access to personal data within pokk's internal systems is restricted on a strict need-to-know basis. Only personnel with a legitimate operational need (e.g., the KYC team, the finance team, authorised support staff) are permitted to access identifiable user data, and all such access is logged and audited.
- Password security: Account passwords are stored as salted cryptographic hashes. pokk staff cannot read your password. If you forget your password, it must be reset — it cannot be retrieved.
- Two-factor authentication: pokk offers optional two-factor authentication (2FA) for all registered accounts. We strongly recommend enabling 2FA to add an additional layer of protection against unauthorised account access.
- Incident response: pokk maintains a formal data breach response procedure. In the event of a data security incident that poses a risk to your rights and freedoms, we will notify affected users without undue delay, and no later than 72 hours after becoming aware of the breach, where technically feasible.
Your personal data is stored on servers located in secure data centres. pokk takes reasonable steps to ensure that any data processors we engage apply equivalent security standards to the personal data they process on our behalf.
While pokk takes all reasonable precautions, no online platform can guarantee absolute security. You are responsible for keeping your account credentials confidential and for notifying us immediately at [email protected] if you suspect any unauthorised access to your account.
Every connection to pokk is protected by TLS encryption. Your login credentials, payment details, and personal information travel over a fully encrypted channel at all times.
All internal access to user personal data is logged. Regular audits are conducted to ensure that data access remains strictly limited to authorised personnel with a documented operational need.
Enable 2FA from your account security settings to protect your pokk account with a second verification step. Strongly recommended for all players, especially those with significant account balances.
Your Privacy Rights
As a pokk user, you have meaningful rights over the personal data we hold about you. We are committed to honouring these rights promptly and without unnecessary friction.
pokk recognises and respects the following privacy rights for all registered users. To exercise any of these rights, please contact us at [email protected] with the subject line "Privacy Rights Request — [Your Username]". We will respond within 30 days of receiving a valid request.
Right of Access
Request a copy of all personal data pokk holds about you, along with details of how it is processed and who it has been shared with.
Right to Rectification
Request correction of any inaccurate or incomplete personal data held in your pokk account. Some corrections may require documentary evidence.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
Right to Restrict Processing
Request that pokk restricts processing of your data in certain circumstances, for example while a dispute regarding data accuracy is being resolved.
Right to Data Portability
Request that pokk provides your personal data in a structured, commonly used, machine-readable format so you can transfer it to another service provider.
Right to Object
Object to pokk processing your data on the basis of legitimate interests, or for direct marketing purposes. Objections to direct marketing will always be honoured.
Right to Withdraw Consent
Where processing is based on your consent (e.g., promotional emails), you may withdraw that consent at any time by contacting [email protected]. Withdrawal does not affect prior processing.
Right Against Automated Decisions
Request human review of any automated decision that has produced a significant effect on your pokk account, such as an automated fraud flag or account restriction.
Data Retention Policy
pokk retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.
The following retention periods apply to the main categories of personal data held by pokk:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account identity data | Duration of account plus 5 years after closure | AML compliance and legal dispute resolution |
| Financial transaction records | 7 years from transaction date | Financial record-keeping obligations |
| KYC verification documents | 5 years from submission date | AML and regulatory compliance |
| Game and betting history | 3 years from activity date | Dispute resolution and responsible gaming monitoring |
| Support communications | 3 years from last communication | Dispute resolution and service improvement |
| Analytics and technical data | 13 months (anonymised after 30 days) | Platform performance analysis |
| Self-exclusion records | Permanent (never deleted) | Responsible gaming — prevent re-registration during exclusion |
When personal data reaches the end of its applicable retention period, pokk will securely delete or irreversibly anonymise it. Secure deletion means that the data cannot be recovered or reconstructed. Anonymised data (where individual identity is removed) may be retained for statistical and analytical purposes indefinitely.
If you exercise your right to erasure before the end of the standard retention period, pokk will assess your request against our legal obligations. Where a retention obligation applies (e.g., a financial record must be kept for regulatory compliance), we will restrict active processing of your data rather than delete it, and will delete it as soon as the retention obligation expires.
Policy Updates & Contact
pokk may update this Privacy Policy from time to time. We will always notify you of material changes in advance and keep the current version available at pokk.org/privacy-policy.
pokk reserves the right to modify this Privacy Policy at any time to reflect changes in our data processing practices, changes in applicable law, or changes to the services we provide. When we make material changes — that is, changes that significantly affect how we use your personal data or that reduce your rights — we will notify you by email to the address registered on your pokk account at least 7 days before the changes take effect.
For minor or non-material changes (such as formatting corrections, clarifications of existing practices, or updates to contact details), we will update the "Last updated" date at the top of this policy without sending a separate notification. We encourage you to review this Privacy Policy periodically to stay informed of any changes.
Your continued use of the pokk platform after the effective date of any updated Privacy Policy constitutes your acknowledgement of the changes. If you do not agree with the updated policy, you should cease using pokk and may request account closure by contacting [email protected].
Questions, requests, and complaints: If you have any questions about this Privacy Policy, wish to exercise any of your privacy rights, or wish to raise a complaint about how pokk has handled your personal data, please contact our support team:
- Email: [email protected] (plain text — not a clickable link)
- Subject line for privacy matters: "Privacy Request — [Your Username]"
- Response time: Within 24 hours for general enquiries; within 30 days for formal privacy rights requests (Bangladesh Standard Time, UTC+6)
pokk is committed to resolving all privacy-related concerns fairly and promptly. We treat every privacy enquiry seriously and will provide a clear, substantive response to every request we receive.
Have Questions About Your Data?
Our English-speaking support team is available 24/7 to answer any privacy-related questions. You can also explore our FAQ for quick answers, or head to the pokk Casino to start playing.