cd45 Privacy Policy —
How We Protect Your Personal Data
At cd45, the privacy and security of your personal information is a fundamental priority. This Privacy Policy explains exactly what data we collect when you use our platform, why we collect it, how it is stored, who we share it with, and what rights you have in relation to your data as a player based in Bangladesh.
Privacy at the Core of cd45
Six core principles that guide how cd45 handles every piece of personal data it processes.
End-to-End Encryption
All data transmitted between your device and the cd45 platform is protected by industry-standard SSL/TLS encryption. Your login credentials, payment details, and personal information are never sent in plain text.
Minimal Data Collection
cd45 collects only the personal data that is strictly necessary to deliver our services, verify your identity, and comply with anti-money-laundering obligations. We do not collect data beyond what the platform requires.
No Unauthorised Sale of Data
cd45 does not sell, rent, or trade your personal information to third-party marketing companies. Your data is shared only with essential service partners and only under strict confidentiality agreements.
Your Rights Are Respected
You have the right to access, correct, or request deletion of your personal data held by cd45 at any time. We respond to all verified data access requests within a reasonable timeframe.
Secure Data Storage
Personal data is stored on secured, access-controlled servers. cd45 enforces strict internal access policies — only personnel who genuinely need access to specific data for their role are granted that access.
Regular Policy Reviews
This Privacy Policy is reviewed and updated on a regular basis to reflect changes in our platform, services, and applicable data protection best practices. You will be notified of material changes via your registered email.
1 Data We Collect
When you interact with the cd45 platform — whether during registration, account verification, gameplay, deposits and withdrawals, or contact with our support team — we collect certain categories of personal data. This section provides a transparent account of the specific types of information we gather and the circumstances in which each category is collected.
| Data Category | Examples | When Collected |
|---|---|---|
| Identity Data | Full legal name, date of birth, NID or passport number, photograph | Registration & KYC verification |
| Contact Data | Email address, mobile phone number, residential address | Account registration |
| Financial Data | bKash / Nagad / Rocket account numbers, transaction IDs, deposit & withdrawal history | Payment processing |
| Gaming Data | Bet history, game sessions, wagering activity, win/loss records | Platform use |
| Technical Data | IP address, device type, browser type, operating system, session timestamps | Automatic — on each visit |
| Communications Data | Support chat transcripts, emails sent to [email protected], dispute records | Support interactions |
| Preference Data | Responsible gaming limits set, promotional opt-in status, language preferences | Account settings & platform use |
cd45 does not knowingly collect personal data from individuals under the age of 18. If we become aware that a minor has provided personal data during registration, the account will be immediately closed and any collected data will be deleted in accordance with our data retention policy.
Where cd45 requests identity or address verification documents as part of the KYC process, those documents are handled with the highest level of care. Document images are processed solely for identity verification purposes and are not used for any other purpose, nor shared with any third party beyond our authorised KYC verification service provider.
2 How We Use Your Data
cd45 processes your personal data only for specific, documented purposes. We do not use your data in ways that are incompatible with the purpose for which it was originally collected without first obtaining your explicit consent. The following table outlines each processing purpose alongside the lawful basis on which cd45 relies for that processing.
| Processing Purpose | Description | Lawful Basis |
|---|---|---|
| Account Management | Creating and maintaining your player account, verifying your identity, and providing access to cd45 services | Contract performance |
| Payment Processing | Processing deposits via bKash, Nagad, Rocket, Upay, and bank transfer; executing withdrawal requests | Contract performance |
| Fraud Prevention & AML | Monitoring transactions and account activity for signs of fraud, money laundering, or financial crime | Legal obligation |
| Customer Support | Responding to queries, resolving disputes, and providing technical assistance | Contract performance |
| Responsible Gaming | Monitoring gaming patterns to identify problem gambling indicators; enforcing player-set limits and self-exclusions | Legal obligation & legitimate interest |
| Platform Improvement | Analysing aggregated usage data to improve game offerings, website performance, and user experience | Legitimate interest |
| Marketing Communications | Sending promotional emails about bonuses, new games, and seasonal offers (only to players who have opted in) | Consent |
| Legal Compliance | Meeting recordkeeping, reporting, and disclosure obligations under applicable laws and regulations | Legal obligation |
Players who have opted in to receiving marketing communications from cd45 may withdraw their consent at any time by updating their communication preferences in the account dashboard or by contacting [email protected]. Withdrawal of marketing consent does not affect the processing of your data for other purposes such as account management or fraud prevention.
3 Data Sharing & Third Parties
cd45 does not sell, rent, or trade your personal data to any third party for commercial marketing purposes. We share personal data with third parties only in the limited circumstances described below, and only where doing so is necessary to operate our platform effectively, to comply with legal obligations, or to protect the interests of our players and our business.
- Payment Service Providers: We share transaction-related data with our payment processing partners (including the operators of bKash, Nagad, Rocket, and Upay integrations) to enable deposits and withdrawals. These partners are contractually bound to use your data only for the specific purpose of processing the relevant transaction.
- KYC and Identity Verification Providers: When you submit identity documents as part of the account verification process, those documents are shared with our authorised KYC service provider. This provider processes your documents solely for the purpose of verifying your identity and is prohibited from retaining or using your data for any other purpose.
- Game Software Providers: The game studios and providers whose titles appear on the cd45 platform (including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi) may receive anonymised session data to enable game functionality. These providers do not receive your full identity or financial data.
- Platform Analytics and Security Partners: We use third-party analytics and security tools to monitor platform performance, detect fraud, and protect our systems. These tools process technical data such as IP addresses and device identifiers in aggregated or pseudonymised form.
- Legal and Regulatory Authorities: cd45 may be required by law to disclose personal data to financial intelligence units, law enforcement agencies, or regulatory bodies in connection with an official investigation, legal proceeding, or compliance obligation. We will always seek to minimise the scope of any such disclosure to what is strictly required.
- Corporate Transactions: In the event of a merger, acquisition, or sale of all or part of cd45's business, player data may be transferred to the acquiring entity as part of that transaction. Affected players will be notified in advance of any such transfer, and the acquiring entity will be required to honour the commitments made in this Privacy Policy.
5 Data Security & Storage
cd45 implements a comprehensive set of technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. While no system can guarantee absolute security, cd45 follows industry best practices and continuously reviews its security posture to address emerging threats.
- SSL/TLS Encryption in Transit: All data transmitted between your browser or mobile device and the cd45 servers is encrypted using SSL/TLS protocols. Look for the padlock icon and "https" in your browser's address bar when using cd45.
- Encryption at Rest: Sensitive personal data — including identity documents, financial account references, and authentication credentials — is encrypted at rest using strong encryption algorithms. Encryption keys are managed under strict access controls.
- Access Controls: Access to personal data within the cd45 organisation is strictly role-based. Only staff members who require access to specific data to perform their job function are granted that access. All internal data access is logged and audited.
- Password Security: User passwords are stored as salted cryptographic hashes. cd45 never stores plain-text passwords. Even in the event of a data breach, your password would not be recoverable from our stored data in readable form.
- Two-Factor Authentication: cd45 offers two-factor authentication (2FA) for player accounts as an additional layer of security. Players are strongly encouraged to enable 2FA in their account security settings.
- Vulnerability Management: cd45's technical team conducts regular security assessments and penetration tests to identify and remediate vulnerabilities. Security patches are applied promptly when issues are identified.
- Data Breach Response: In the event of a personal data breach that poses a risk to affected players, cd45 will notify affected users without undue delay and will take immediate remedial action to contain the breach and protect remaining data.
cd45 stores personal data on servers located in secure data centres. Data transfers to countries outside the region are subject to appropriate safeguards, including contractual protections that require the recipient to maintain data protection standards equivalent to those described in this Privacy Policy.
6 Your Privacy Rights
As a player on the cd45 platform, you have meaningful rights in relation to your personal data. cd45 is committed to honouring these rights and to making the process of exercising them as straightforward as possible. All privacy rights requests should be submitted by email to [email protected] with the subject line "Privacy Request — [Your Request Type]".
You have the right to request a copy of the personal data cd45 holds about you, along with information about how that data is being used and with whom it has been shared.
If any personal data cd45 holds about you is inaccurate or incomplete, you have the right to request that it be corrected or updated without undue delay.
In certain circumstances, you may request the deletion of your personal data. This right is subject to exceptions where retention is required by law, such as AML recordkeeping obligations.
You may request that cd45 restrict its processing of your personal data in certain circumstances — for example, while the accuracy of the data is being contested or a legal claim is being assessed.
Where cd45 processes your data by automated means on the basis of your consent or a contract, you have the right to receive a structured, machine-readable copy of the data you provided to us.
You have the right to object to processing based on legitimate interests, including profiling for marketing purposes. You may withdraw consent for marketing communications at any time.
cd45 will respond to all verified privacy rights requests within 30 days of receipt. In complex cases where additional time is required, we will notify you within the initial 30-day period and provide a revised response timeline. cd45 reserves the right to request proof of identity before processing a data access or erasure request, to ensure that personal data is not disclosed or deleted in response to a fraudulent request.
7 Data Retention
cd45 retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or for as long as is required by applicable law. The following retention periods apply to the main categories of personal data processed by cd45:
| Data Category | Retention Period | Reason for Retention |
|---|---|---|
| Account & Identity Data | Duration of account + 5 years after closure | AML compliance and legal obligations |
| Financial Transaction Data | 7 years from transaction date | Financial recordkeeping requirements |
| KYC Documents | 5 years from submission | Regulatory compliance and fraud prevention |
| Gaming Activity Records | 5 years from last activity | Dispute resolution and responsible gaming monitoring |
| Support Communications | 3 years from last contact | Quality assurance and dispute reference |
| Technical / Log Data | 12 months from collection | Security monitoring and fraud detection |
| Marketing Consent Records | Until consent is withdrawn + 2 years | Demonstrating compliance with consent obligations |
When personal data is no longer required and the applicable retention period has expired, cd45 securely deletes or anonymises the data so that it can no longer be associated with an individual player. Anonymised or aggregated data (from which all identifying information has been removed) may be retained indefinitely for statistical and analytical purposes, as it no longer constitutes personal data.
8 Policy Updates & Contact
cd45 reserves the right to update or revise this Privacy Policy at any time to reflect changes in our services, our data processing activities, applicable laws, or industry best practices. When material changes are made to this policy, we will notify registered players by email to the address associated with their cd45 account at least 14 days before the changes take effect. The updated policy will also be published on this page with a revised effective date at the top of the document.
Your continued use of the cd45 platform after the effective date of any revised Privacy Policy constitutes your acknowledgement of the updated terms. If you do not agree with the changes, you have the right to close your account and request deletion of your personal data in accordance with Section 6 and Section 7 of this policy.
Minor changes that do not materially affect how your personal data is processed — such as corrections to typographical errors, clarifications of existing language, or updates to contact details — may be made without prior notice to players. Such changes will still be reflected in the updated effective date shown at the top of this page.
Players who feel that their privacy rights have not been adequately addressed by cd45 after raising the matter directly with our support team are encouraged to seek independent advice or to escalate the matter through appropriate channels available in Bangladesh. cd45 is committed to working constructively with players to resolve any privacy concerns at the earliest possible stage.
This Privacy Policy was last reviewed and updated on 1 January 2026 and supersedes all previous versions. It applies to all personal data processed by cd45 in connection with services provided to players based in Bangladesh. By registering for and using a cd45 account, you confirm that you have read, understood, and agreed to the terms set out in this Privacy Policy. This policy must be read alongside our Terms & Conditions and our Responsible Gaming policy, which together form the complete framework governing your use of the cd45 platform.
Questions About Your cd45 Privacy?
Our support team is always ready to help. Browse our FAQ for quick answers, review our Terms & Conditions, or log in to your cd45 account to manage your privacy and data settings directly.