gf777 Privacy Policy
This Privacy Policy explains how gf777 collects, processes, stores, and protects the personal data of players and visitors across Bangladesh and globally. We are committed to handling your information with transparency, security, and respect — in compliance with internationally recognised data protection principles.
Your Data, Secured
All personal data collected by gf777 is stored on encrypted servers protected by 256-bit SSL/TLS encryption. Access is restricted to authorised personnel only, and no data is sold to third parties for marketing purposes.
No Unnecessary Collection
gf777 collects only the personal data that is strictly necessary to operate the platform, process payments, verify identity, prevent fraud, and comply with applicable legal obligations. We do not collect data speculatively.
Your Rights Are Respected
Players in Bangladesh and worldwide retain the right to access, correct, and request deletion of their personal data held by gf777, subject to applicable legal and regulatory obligations. Submit requests to our support team at any time.
Section 1
Data We Collect
gf777 collects personal data from players and visitors through several channels, including the registration process, payment transactions, platform usage, and communications with our support team. The categories of personal data we collect are described in detail below.
1.1 Registration & Identity Data
- Full Legal Name: Required to verify identity and process withdrawals in compliance with our Know Your Customer (KYC) obligations.
- Date of Birth: Collected to verify that you meet the minimum age requirement of 18 years and to comply with responsible gaming obligations.
- Residential Address: Including city, district, and postal code. Used for identity verification and to assess jurisdictional eligibility (e.g., confirming your location in Dhaka, Chittagong, Sylhet, Khulna, or elsewhere).
- Email Address: Used for account notifications, security alerts, promotional communications (where consent is given), and customer support correspondence.
- Mobile Number: Used for two-factor authentication (2FA), account security alerts, and support communications via SMS or messaging applications.
- Username: Your chosen public identifier on the gf777 platform.
1.2 Financial & Payment Data
- Payment Method Details: Including bKash mobile number, Nagad account number, Rocket wallet identifier, Upay account reference, bank account details (Dutch-Bangla Bank, City Bank, BRAC Bank, Islami Bank, Sonali Bank), and Visa/Mastercard partial card numbers (last four digits and expiry date only — full card numbers are never stored on gf777 servers).
- Transaction History: A record of all deposits, withdrawals, bonus credits, and bet settlements associated with your account, including timestamps and transaction amounts denominated in ৳.
- KYC Verification Documents: Copies of government-issued identification (e.g., National ID card, passport, driving licence), proof of address documents (e.g., utility bills, bank statements), and payment method verification screenshots where required.
1.3 Technical & Usage Data
- IP Address: Logged at login and during active sessions to detect fraud, enforce geographic restrictions, and maintain platform security.
- Device Information: Browser type and version, operating system, device model, screen resolution, and hardware identifiers (where available).
- Session Data: Login timestamps, session duration, pages visited, games played, bets placed, and in-game activity logs.
- Geolocation Data: Approximate geographic location derived from IP address. Precise GPS location is not collected unless you explicitly grant permission through your device settings.
1.4 Data Collected From Third Parties
gf777 may receive personal data about you from third-party sources in specific circumstances, including:
- Payment Processors: Transaction confirmation data, payment status updates, and fraud signals from bKash, Nagad, Rocket, Upay, Visa, and Mastercard processing networks.
- Identity Verification Providers: Verification outcomes (pass/fail/pending) from third-party KYC service providers where automated identity checks are employed.
- Fraud & AML Screening Services: Risk scores and watchlist screening results from anti-money laundering (AML) and sanctions screening databases.
- Affiliates: Referring affiliate identifiers where you arrive at gf777 through a tracked affiliate link. No personal data beyond the affiliate click reference is received from affiliates at the point of registration.
Section 2
How We Use Your Data
gf777 processes your personal data on the basis of one or more lawful grounds: contractual necessity (to perform the services you have signed up for), legal obligation (to comply with applicable AML, KYC, and responsible gaming regulations), legitimate interest (to protect the platform and our player community from fraud and abuse), and, where required, explicit consent (for marketing communications).
| Purpose of Processing | Data Used | Lawful Basis |
|---|---|---|
| Account registration & management | Name, email, date of birth, address, username | Contractual necessity |
| Payment processing & withdrawal verification | Payment method details, transaction history, KYC documents | Contractual necessity / Legal obligation |
| Identity & age verification (KYC) | Government ID, proof of address, date of birth | Legal obligation |
| Fraud detection & platform security | IP address, device data, session logs, transaction patterns | Legitimate interest |
| Responsible gaming monitoring | Betting history, session data, self-exclusion records | Legal obligation / Legitimate interest |
| Anti-money laundering (AML) compliance | Transaction history, KYC documents, source-of-funds data | Legal obligation |
| Customer support & dispute resolution | Account data, communication records, transaction logs | Contractual necessity / Legitimate interest |
| Promotional communications (opted-in players) | Email address, mobile number, game preferences | Consent |
| Platform analytics & improvement | Aggregated usage data, session statistics (anonymised) | Legitimate interest |
gf777 will not use your personal data for purposes beyond those listed above without providing prior notice and, where required, seeking your consent. You may withdraw consent for marketing communications at any time by contacting our support team or using the unsubscribe mechanism included in every promotional email.
Section 3
Data Sharing & Third Parties
gf777 does not sell, rent, or trade your personal data to any third party for their own commercial or marketing purposes. We share your data only with trusted partners and service providers who are contractually obligated to process it solely on our behalf and in accordance with this Privacy Policy, or where we are required to do so by applicable law.
- Payment Processors: We share the minimum necessary payment and identity data with bKash, Nagad, Rocket, Upay, Visa, Mastercard, and our banking partners (including Dutch-Bangla Bank, BRAC Bank, City Bank, Islami Bank, and Sonali Bank) to facilitate deposits, withdrawals, and fraud screening. These providers are subject to their own data protection obligations.
- Game Software Providers: Third-party game studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi receive session tokens and anonymised player identifiers to deliver game content. These providers do not receive your full identity data or payment details.
- Identity & KYC Verification Providers: Where automated identity verification is employed, your identity documents and biographic data may be processed by a third-party KYC provider operating under strict data processing agreements.
- AML & Fraud Screening Services: Transaction data and identity details may be submitted to sanctions screening and fraud detection databases as required by applicable AML obligations. Results are used solely for compliance purposes.
- IT Infrastructure & Hosting Providers: gf777's platform is hosted on secure cloud infrastructure. Our hosting providers operate as data processors under strict contractual terms and have no right to access or use your personal data for their own purposes.
- Legal & Regulatory Authorities: gf777 may be required to disclose personal data to law enforcement agencies, financial intelligence units, or other regulatory authorities in response to lawful requests, court orders, or mandatory reporting obligations under applicable AML and anti-fraud legislation. We will not notify affected players of such disclosures where doing so is prohibited by law or would prejudice a lawful investigation.
- Business Transfers: In the event of a merger, acquisition, restructuring, or sale of all or substantially all of gf777's assets, your personal data may be transferred to the acquiring entity as part of the transaction. Affected players will be notified via email and provided the opportunity to request account closure prior to the transfer taking effect.
Section 5
Data Security & Retention
gf777 implements a layered security architecture to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. Our technical and organisational measures include, but are not limited to, the following.
- Encryption in Transit: All data transmitted between your browser or device and gf777's servers is encrypted using TLS 1.2 or higher with 256-bit AES encryption. Our platform enforces HTTPS across all pages and API endpoints.
- Encryption at Rest: Sensitive personal data stored in gf777's databases, including KYC documents and payment method references, is encrypted at rest using industry-standard encryption algorithms. Encryption keys are managed separately from the encrypted data.
- Access Controls: Access to personal data within gf777's internal systems is governed by a strict role-based access control (RBAC) policy. Only personnel with a demonstrable need to access specific data categories are granted access, and all access is logged and auditable.
- Two-Factor Authentication: gf777 staff accessing internal systems containing personal data are required to use two-factor authentication. We strongly encourage players to enable 2FA on their own accounts as well.
- Penetration Testing & Audits: gf777 engages independent security professionals to conduct regular penetration testing and security audits of our platform infrastructure to identify and remediate vulnerabilities proactively.
- Incident Response: In the event of a data breach that poses a risk to your personal data, gf777 will notify affected players by email without undue delay, outlining the nature of the breach, the data affected, and the steps we are taking to mitigate harm.
5.1 Data Retention Periods
gf777 retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable legal, regulatory, or contractual obligations. The following general retention periods apply.
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | Legal obligation (AML regulations) |
| KYC verification documents | Duration of account + 5 years post-closure | Legal obligation (KYC/AML) |
| Transaction & financial records | Duration of account + 7 years post-closure | Legal obligation (financial record-keeping) |
| Customer support communications | 3 years from last interaction | Legitimate interest (dispute resolution) |
| Marketing consent records | Until consent is withdrawn + 2 years | Legal obligation (proof of consent) |
| Technical / server logs | Up to 12 months on a rolling basis | Legitimate interest (security monitoring) |
| Self-exclusion records | Duration of exclusion + 10 years | Legal obligation / Responsible gaming |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be linked to an identifiable individual. Where anonymisation is not technically feasible, data is securely destroyed in accordance with recognised data disposal standards.
Section 6
Your Privacy Rights
gf777 respects your right to control how your personal data is used. The following rights are available to all players and visitors. To exercise any of these rights, please contact our support team at [email protected] with the subject line "Privacy Rights Request". We will acknowledge your request within 5 business days and aim to fulfil it within 30 calendar days.
Right of Access
You have the right to request a copy of all personal data we hold about you, along with information about how it is being processed, where it was obtained, and who it has been shared with. This is sometimes called a Subject Access Request (SAR).
Right to Rectification
If any personal data we hold about you is inaccurate, incomplete, or out of date, you have the right to request that we correct it without undue delay. You may also update certain account details (such as your email address or mobile number) directly through your account settings.
Right to Erasure
You may request deletion of your personal data where it is no longer necessary for the purpose it was collected, where you have withdrawn consent (and there is no other lawful basis for processing), or where the data has been unlawfully processed. This right is subject to overriding legal retention obligations under AML and financial record-keeping regulations.
Right to Restriction of Processing
You may request that gf777 restrict the processing of your personal data in certain circumstances — for example, while the accuracy of data is being verified, or while an objection to processing is being assessed. During a restriction, we may store the data but will not actively process it.
Right to Data Portability
Where processing is based on your consent or on contractual necessity and is carried out by automated means, you have the right to receive your personal data in a structured, machine-readable format (e.g., CSV or JSON) and to request that it be transmitted directly to another service provider where technically feasible.
Right to Object
You have the right to object to the processing of your personal data where it is based on legitimate interest, including profiling for direct marketing purposes. Upon receiving a valid objection to direct marketing processing, gf777 will cease that processing immediately.
Right to Withdraw Consent
Where processing is based on your consent (e.g., receiving promotional emails or SMS notifications), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
Section 7
Minors & Age Verification
The gf777 platform is strictly intended for adults aged 18 years and above. We do not knowingly collect personal data from individuals under the age of 18. Age verification is a mandatory component of our KYC process, and any account found to belong to a person under the minimum age will be closed immediately.
- Registration Controls: During registration, all players are required to confirm that they are aged 18 or above. This declaration is a contractual representation, and providing a false declaration constitutes a material breach of our Terms & Conditions.
- Age Verification on Withdrawal: Prior to approving any withdrawal request, gf777 requires the submission of government-issued identification confirming the player's date of birth. Any player unable to demonstrate that they are aged 18 or above will have their account suspended and any balance forfeited.
- Discovery of Underage Use: If gf777 discovers or reasonably suspects that a player is under the age of 18, the account will be suspended without prior notice, all associated personal data will be securely deleted in accordance with applicable child data protection principles (subject to any mandatory legal retention obligations), and any deposited funds will be returned to the originating payment method.
- Parental Guidance: Parents and guardians in Bangladesh and elsewhere are encouraged to use third-party parental control software and website blocking tools to prevent minors from accessing gambling platforms. gf777 recommends tools such as GamBlock and Betfilter for households where minors may have access to internet-connected devices.
Section 8
Policy Updates & Contact
gf777 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable laws, or the services we offer. All updates will be published on this page with a revised effective date. Where a change is material — meaning it significantly affects how we collect, use, or share your personal data — we will notify registered players via email at least 14 days before the change takes effect.
Your continued use of the gf777 platform following the publication of an updated Privacy Policy constitutes your acceptance of the revised terms. If you do not agree to the revised Policy, you must stop using the platform and may request account closure as described in our Terms & Conditions.
Contact Us About Privacy
If you have any questions, concerns, or requests relating to this Privacy Policy or the way gf777 handles your personal data, please contact our dedicated privacy support team using the details below. All privacy-related enquiries are handled with full confidentiality and responded to within 5 business days (Bangladesh Standard Time, UTC+6).
Privacy Support Contact
Email: [email protected]
Subject Line: "Privacy Policy Enquiry" or "Privacy Rights Request"
Response Time: Within 5 business days (BST, UTC+6)
Languages Supported: English
Have Questions About Your Privacy?
Our support team is available around the clock to help with any privacy-related queries. You can also explore our FAQ for quick answers, or visit our Responsible Gaming page to learn about the tools available to protect your account.
18+ only. Gambling can be addictive. Please play responsibly. gf777 operates as an offshore platform.