vasa8 Privacy Policy
This Privacy Policy explains what personal data vasa8 collects from registered players and visitors in Bangladesh, how that data is used, who it may be shared with, and what rights you hold with respect to your information. Your privacy is taken seriously at every stage of your vasa8 experience.
Our Privacy Commitments
Before reading the full policy below, here is a plain-English summary of how vasa8 treats your personal data. These commitments apply to every registered player and website visitor.
Encrypted at All Times
All data transmitted between your device and vasa8 servers is protected by 256-bit SSL encryption. This applies to login sessions, deposit transactions via bKash and Nagad, account settings changes, and KYC document uploads. No personal data travels over an unencrypted connection.
Never Sold to Third Parties
vasa8 does not sell, rent, or trade your personal data to advertisers, data brokers, or any third party for commercial gain. Your data is used solely to operate and improve the vasa8 platform and to comply with legal and anti-money laundering obligations.
Passwords Are Never Visible
Account passwords are stored using one-way cryptographic hashing. No vasa8 employee or system administrator can read your password. If you lose access to your account, your password must be reset — it cannot be retrieved or sent to you in plain text under any circumstances.
You Control Your Data
Registered players may request access to the personal data held on their account, request corrections to inaccurate information, and request deletion of their account and associated data subject to legal retention obligations. Contact [email protected] to exercise any of these rights.
Bangladesh-Relevant Data Practices
vasa8 collects the payment information most relevant to Bangladesh players — bKash wallet numbers, Nagad account numbers, and Bangladesh bank account details — solely to process deposits and withdrawals. These details are never shared with advertising partners and are stored securely in encrypted form.
Marketing Opt-Out Available
If you have consented to receive promotional communications from vasa8 — including BPL season offers, IPL betting promotions, and bonus notifications — you may withdraw that consent at any time. Use the unsubscribe link in any marketing email or contact [email protected] to update your communication preferences.
1. Data We Collect
vasa8 collects personal data from you in three principal ways: information you provide directly when registering or using the platform, information generated automatically through your use of the platform, and information received from third-party payment and verification partners. The categories of data collected are described in detail below.
Information You Provide Directly
When you register a vasa8 account or subsequently update your profile, we collect the following:
- Identity data: Full legal name, date of birth, gender, and nationality as provided at registration and confirmed during KYC verification.
- Contact data: Email address, mobile phone number, and residential address in Bangladesh (city, district, and postal code).
- Identity verification documents: Copies of government-issued documents submitted during KYC, which may include your Bangladesh National Identity Card (NID), passport, or driving licence.
- Payment data: bKash wallet number, Nagad account number, Rocket mobile banking number, Upay account details, or Bangladesh bank account details (account number and bank branch) as registered in your account wallet for deposit and withdrawal processing.
- Account credentials: Your chosen username and a cryptographic hash of your password. We do not store your password in readable form.
- Communications: Records of messages you send to vasa8 support via email or live chat, including the content of those messages and any attachments.
Information Collected Automatically
When you visit or use the vasa8 platform, certain technical and behavioural data is collected automatically by our systems:
- Device and browser data: IP address, device type, operating system, browser type and version, screen resolution, and device language settings.
- Usage data: Pages visited, features accessed, betting and gaming activity (markets viewed, bets placed, games launched, session duration), click patterns, and navigation paths.
- Transaction logs: Records of all deposit and withdrawal transactions, including amount, method, timestamp, and transaction reference number.
- Geolocation data: Approximate location derived from your IP address, used to ensure compliance with platform access rules and to detect potentially fraudulent access from unusual locations.
- Session data: Login timestamps, session duration, logout events, and failed login attempts.
Information Received from Third Parties
vasa8 may receive limited personal data about you from third-party partners in the following circumstances:
- Payment providers: bKash, Nagad, Rocket, Upay, and partner banks may transmit transaction confirmation data — including your registered mobile number and transaction status — to vasa8 when you initiate a deposit or withdrawal.
- Identity verification services: Where vasa8 uses a third-party KYC verification provider to validate identity documents, that provider may return a verification result and associated data fields to vasa8.
- Fraud detection services: Third-party fraud and anti-money laundering screening services may provide risk scores or flags associated with an account or transaction. vasa8 uses this information solely to protect the integrity of the platform.
2. How We Use Your Data
vasa8 uses the personal data it collects for the following specific and lawful purposes. We do not use your data for any purpose that is incompatible with the purpose for which it was collected without first obtaining your consent or establishing a separate lawful basis.
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Account registration and authentication | Identity data, contact data, account credentials | Contract performance |
| Processing deposits and withdrawals | Payment data, transaction logs | Contract performance |
| KYC identity verification | Identity data, verification documents | Legal obligation / contract performance |
| Fraud prevention and AML compliance | Identity data, transaction logs, device data, geolocation | Legal obligation / legitimate interests |
| Customer support communications | Contact data, communications records | Contract performance |
| Platform security and abuse prevention | Session data, device data, usage data | Legitimate interests |
| Personalised betting and gaming experience | Usage data, betting and gaming activity | Legitimate interests |
| Promotional communications (where consented) | Contact data, usage data | Consent |
| Responsible gaming monitoring | Betting activity, session data, deposit history | Legal obligation / legitimate interests |
Where vasa8 relies on your consent as the lawful basis for processing — in particular for sending promotional emails about BPL betting offers, IPL special promotions, or casino bonus notifications — you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. To withdraw consent, use the unsubscribe link in any marketing communication or contact [email protected].
3. Data Sharing & Third Parties
vasa8 does not sell, rent, or trade your personal data to any third party for marketing or commercial purposes. We share personal data only in the limited circumstances described below, and only to the minimum extent necessary for the specific purpose.
Payment Processing Partners
To process your deposits and withdrawals, vasa8 must share relevant payment identifiers with the applicable mobile money or banking partner — including bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank (DBBL), BRAC Bank, City Bank, Islami Bank, and Sonali Bank. The data shared is limited to what is strictly necessary to complete the transaction (for example, your registered mobile wallet number and the transaction amount in BDT). These partners are bound by their own data protection obligations and are not authorised to use your data for any purpose other than completing the transaction.
Game and Technology Providers
The casino games and live dealer tables available on vasa8 are powered by third-party software providers including Evolution Gaming, Pragmatic Play, Microgaming, NetEnt, Ezugi, and Spribe. When you launch and play a game from one of these providers, certain session and account data (such as a session token and bet history) is transmitted to and from that provider's servers in order to run the game. These providers are contracted to handle this data securely and to use it only for the purpose of delivering game functionality.
Identity Verification and Fraud Prevention
vasa8 may share identity data with third-party KYC verification and fraud screening services in order to comply with its anti-money laundering ("AML") obligations and to protect the platform from fraudulent activity. These services are engaged under strict data processing agreements and are prohibited from using your data for their own commercial purposes.
Legal and Regulatory Disclosure
vasa8 may disclose personal data to law enforcement authorities, regulatory bodies, or other government agencies where required to do so by applicable law, court order, or other lawful process. In such cases, vasa8 will disclose only the minimum data required to satisfy the legal obligation and will, where legally permitted, notify the affected account holder of the disclosure.
5. Data Security
vasa8 takes the security of your personal data seriously. We implement a range of technical and organisational measures designed to protect your data against unauthorised access, accidental loss, destruction, or disclosure. These measures include, but are not limited to, the following:
- Transport Layer Security (TLS): All data in transit between your device and vasa8 servers is encrypted using TLS 1.2 or higher, providing a 256-bit encrypted connection commonly referred to as SSL. The padlock icon in your browser's address bar confirms that your connection to vasa8 is encrypted.
- Password hashing: Account passwords are processed through a one-way cryptographic hashing algorithm before storage. Even in the unlikely event of a database breach, stored password hashes cannot be reversed to reveal the original password.
- Access controls: Access to systems that hold personal data is restricted to authorised vasa8 personnel who require that access to perform their job functions. Access is controlled through role-based permissions and is subject to regular review.
- Two-factor authentication (2FA): Registered players are strongly encouraged to enable OTP-based two-factor authentication on their accounts. When 2FA is active, logging in requires both your password and a one-time code sent to your registered mobile number, significantly reducing the risk of unauthorised account access.
- Data pseudonymisation: Where feasible, personal data used for internal analytics and reporting purposes is pseudonymised so that it cannot directly identify an individual without the use of a separate key held securely.
- Incident response: vasa8 maintains a security incident response procedure. In the event of a data breach that is likely to result in a risk to the rights and freedoms of affected players, vasa8 will notify affected account holders without undue delay via their registered email address.
While vasa8 takes every reasonable precaution to protect your personal data, no internet-based platform can guarantee absolute security against all threats. You play an important role in keeping your account secure by choosing a strong, unique password, not sharing your credentials with anyone, and enabling two-factor authentication.
6. Data Retention
vasa8 retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable legal, regulatory, or contractual obligations. The following retention periods apply as a general guide:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account registration data (name, email, mobile number) | Duration of account + 5 years after closure | AML / KYC regulatory obligation |
| KYC identity documents | Duration of account + 5 years after closure | AML regulatory obligation |
| Transaction records (deposits and withdrawals) | 7 years from date of transaction | Financial records / AML obligation |
| Betting and gaming activity logs | 3 years from date of activity | Responsible gaming monitoring / dispute resolution |
| Customer support communications | 3 years from date of communication | Dispute resolution / quality assurance |
| Session and device logs | 12 months from date of session | Security monitoring / fraud detection |
| Marketing consent records | Until consent is withdrawn + 1 year | Proof of consent |
When the applicable retention period expires, personal data is securely deleted or anonymised so that it can no longer be associated with an identifiable individual. Data that has been anonymised may be retained indefinitely for statistical or analytical purposes without further restriction, as it no longer constitutes personal data.
7. Your Privacy Rights
As a vasa8 account holder or platform visitor, you hold the following rights with respect to your personal data. To exercise any of these rights, please contact us at [email protected] with the subject line "Privacy Request" and a description of your request. vasa8 will respond within a reasonable timeframe and in any event within 30 days of receiving your request.
Right of Access
You have the right to request a copy of the personal data that vasa8 holds about you, together with information about the purposes for which it is processed, the categories of data held, and the third parties with whom it has been shared. This is sometimes called a Subject Access Request (SAR). vasa8 will provide the requested information in a structured, commonly used, and machine-readable format where possible.
Right to Rectification
If any of the personal data held on your vasa8 account is inaccurate or incomplete, you have the right to request that it be corrected. For most account data fields, you can update your information directly through the account settings panel. Where correction requires verification — for example, updating your registered name following a legal name change — please contact [email protected] with supporting documentation.
Right to Erasure
You may request that vasa8 delete your personal data where: (a) the data is no longer necessary for the purpose for which it was collected; (b) you withdraw consent and there is no other lawful basis for processing; or (c) the data has been processed unlawfully. vasa8 will action erasure requests subject to any overriding legal retention obligations, such as the AML obligation to retain KYC and transaction records.
Right to Restrict Processing
In certain circumstances — for example, while a rectification request is being verified, or where you contest whether vasa8 has a legitimate interest in processing your data — you may request that processing of your data be restricted. During a restriction period, vasa8 may store your data but may not actively process it for purposes beyond storage.
Right to Object to Marketing
You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time. Upon receipt of a valid objection, vasa8 will cease sending marketing communications to you within 5 business days. Use the unsubscribe link in any marketing email or contact [email protected] to object.
8. Policy Updates & Contact
vasa8 reserves the right to update this Privacy Policy at any time to reflect changes in our data practices, changes in applicable law, or improvements to the platform. When material changes are made to this policy, we will notify registered account holders via email to their registered address and will display a prominent notice on the vasa8 platform for a period of at least 14 days following the update.
The version date at the top of the Data Collection section indicates when this policy was last substantively revised. We encourage you to review this policy periodically. Your continued use of the vasa8 platform following the effective date of an updated Privacy Policy constitutes your acceptance of the revised terms.
Contact for Privacy Matters: All privacy-related enquiries, data rights requests, and concerns about how your personal data is being handled should be directed to the vasa8 support team. You can reach us by email at [email protected]. Please include "Privacy Request" in the subject line so that your message is directed to the appropriate team promptly. vasa8 is committed to addressing all privacy concerns fairly and within a reasonable timeframe.
If you are not satisfied with vasa8's response to a privacy concern, you retain the right to seek independent legal advice or to raise a complaint with a relevant data protection authority in your jurisdiction. vasa8 will cooperate fully with any lawful investigation by such an authority.
Your Data Is Safe with vasa8
Now that you understand how vasa8 protects your privacy, explore the platform with confidence. Check our FAQ for common questions, review our Terms & Conditions, or head to the cricket sportsbook. 18+ only.