pajok Privacy Policy — How We Protect Your Personal Data
At pajok, your privacy is not an afterthought. This Privacy Policy explains exactly what personal data we collect, why we collect it, how we use it, who we share it with, and what rights you hold over your own information. We are committed to handling all player data with transparency and care.
This Privacy Policy applies to all users of the pajok platform, accessible at https://pajok.net, including registered players, visitors who have not created an account, and individuals who contact the pajok support team via any channel. By using the pajok platform in any capacity, you acknowledge that you have read this Privacy Policy and consent to the collection and use of your information as described herein.
pajok is committed to processing personal data lawfully, fairly, and transparently. We collect only the data that is necessary for legitimate operational purposes, and we do not sell personal information to third-party marketers. All data handling practices described in this policy apply equally to players based in Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, Mymensingh, and all other regions of Bangladesh.
pajok operates on a principle of data minimisation. We collect only what we genuinely need to operate the platform safely and fairly. You have the right to access, correct, and in certain circumstances request deletion of your personal data at any time.
Data We Collect
pajok collects personal data through several channels: directly from you when you register an account or contact support; automatically when you interact with the platform through your browser or device; and from third-party sources such as payment processors and identity verification providers where permitted.
The categories of personal data we collect are set out in the table below. We do not collect any special categories of sensitive personal data (such as health data, political opinions, or biometric data) except where expressly required by law or where you voluntarily provide such information in the context of a responsible gaming self-exclusion request.
| Data Category | Examples | Collection Basis |
|---|---|---|
| Identity Data | Full name, date of birth, NID / passport number | Account registration & KYC |
| Contact Data | Email address, mobile number, residential address | Account registration |
| Financial Data | bKash / Nagad account reference, bank account details, transaction history | Deposit & withdrawal processing |
| Technical Data | IP address, device type, browser type, operating system, session timestamps | Automatic collection on site access |
| Usage Data | Pages visited, games played, wager amounts, session duration, click patterns | Automatic collection during platform use |
| Communications Data | Support chat transcripts, email correspondence, feedback submissions | Direct interaction with support team |
| Verification Data | Copies of identity documents submitted for KYC, selfie photos where requested | Identity & age verification |
When you register on pajok, the minimum data required to open an account includes your full name, date of birth, email address or mobile number, and a chosen username and password. Additional data — including payment method details and identity documents — is collected progressively as you use more platform features such as the cashier and higher withdrawal tiers.
We collect identity documents — including Bangladesh National ID Cards and passports — solely for the purpose of verifying your age and identity as required for responsible gaming compliance. These documents are stored securely and accessed only by authorised compliance staff.
Technical data such as your device type, IP address, and browser version is collected automatically when you access pajok. This data is used for security monitoring, fraud prevention, and ensuring the platform displays correctly on your device.
Financial data such as your bKash or Nagad account reference is used exclusively for processing your deposits and withdrawals. pajok does not store full payment credentials and does not share financial data with third parties except as required to complete a transaction.
How We Use Your Data
pajok processes personal data only for specific, legitimate purposes. We do not use your data in ways that are incompatible with the purposes for which it was originally collected. The primary purposes for which we process player data are set out below.
Account management: We use your identity and contact data to create and maintain your player account, verify your identity, process your login requests, and communicate account-related information such as password reset links, security alerts, and withdrawal confirmations.
Payment processing: Financial data is used to process your deposits via bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, and other approved payment channels, and to dispatch your withdrawal requests to your registered payment method. Transaction records are retained for accounting and compliance purposes.
Responsible gaming and compliance: Usage data — including session duration, wager frequency, and deposit patterns — is analysed to identify potential signs of problem gambling behaviour. Where such indicators are detected, pajok may reach out proactively or apply account-level responsible gaming controls, as described in the pajok Responsible Gaming Policy.
Security and fraud prevention: Technical data including IP addresses, device fingerprints, and session logs is used to detect and prevent fraudulent activity, including unauthorised account access, multiple-account abuse, and payment fraud. This monitoring is conducted continuously and is essential to maintaining a safe platform for all players.
Service improvement: Aggregated and anonymised usage data may be used to improve platform performance, test new features, and understand how players interact with different areas of the site. This analysis does not involve profiling individual players for marketing decisions without their consent.
Direct communications: With your consent, we may send you promotional emails or SMS messages about new games, bonuses, and seasonal offers relevant to players in Bangladesh. You may withdraw consent for marketing communications at any time by using the unsubscribe option in any communication or by updating your account preferences.
- Account creation and ongoing account management
- Age and identity verification (KYC)
- Deposit and withdrawal processing
- Fraud detection and account security
- Responsible gaming monitoring
- Customer support and dispute resolution
- Regulatory and legal compliance obligations
- Platform performance and UX improvement
- Marketing communications (with consent only)
- Enforcing the pajok Terms & Conditions
Data Sharing & Third Parties
pajok does not sell, rent, or trade your personal data to third-party advertisers or data brokers. We share personal data with third parties only in the limited circumstances described below, and only to the extent necessary for the stated purpose.
Payment processors: When you make a deposit or request a withdrawal, we share the minimum necessary financial and identity data with the relevant payment provider — such as bKash, Nagad, Rocket, Upay, or the applicable bank — to complete the transaction. Each payment provider operates under its own privacy policy and data protection obligations.
Identity verification providers: To satisfy KYC requirements, we may share identity document data with third-party verification service providers. These providers are contractually bound to process the data solely for verification purposes and to maintain appropriate security standards.
Technology and infrastructure providers: pajok uses third-party cloud infrastructure, database, and security service providers to operate the platform. These providers act as data processors on our behalf and are contractually prohibited from using your data for any purpose other than providing their services to pajok.
Game software providers: Game providers such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi may receive limited technical session data (such as a pseudonymous player ID and wager amounts) necessary to run game rounds and calculate outcomes. Game providers do not receive your full name, contact details, or payment information.
Legal and regulatory requirements: pajok may disclose personal data to law enforcement agencies, courts, or regulatory authorities if required to do so by applicable law, or where we believe in good faith that such disclosure is necessary to prevent fraud, protect the safety of any person, or enforce our legal rights.
Every third-party provider that processes personal data on behalf of pajok is bound by a data processing agreement. These agreements require processors to maintain appropriate security, to use data only for specified purposes, and to notify pajok promptly in the event of any data incident.
Some of our infrastructure and service providers are located outside Bangladesh. Where personal data is transferred internationally, pajok ensures that appropriate safeguards are in place — including contractual data protection clauses — to maintain the same level of protection that applies within Bangladesh.
Data Retention & Storage
pajok retains personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. The retention periods we apply to different categories of data are set out below.
Active account data: While your pajok account is active, we retain all account data — including identity, contact, financial, and usage data — as this information is necessary to operate your account and provide our services. You may request account closure at any time; however, certain data categories are subject to mandatory minimum retention periods even after closure.
Post-closure retention: Following account closure, pajok retains transaction records and identity verification data for a minimum of five years. This retention period reflects standard financial record-keeping obligations and supports our ability to respond to any regulatory inquiries, legal proceedings, or player disputes that may arise after an account is closed.
Support communications: Records of support interactions — including live chat transcripts and email correspondence — are retained for three years from the date of the interaction. This allows us to reference prior communications when handling follow-up requests or disputes involving the same account.
Marketing data: If you have consented to receive marketing communications, we retain the relevant contact details and consent records until you withdraw your consent. Upon withdrawal of consent, your details are removed from marketing lists within 10 business days.
Technical and analytics data: Anonymised analytics data may be retained indefinitely, as it cannot be linked back to any individual. Raw technical logs containing IP addresses are retained for up to 12 months and then automatically purged.
All personal data retained by pajok is stored on servers protected by industry-standard security controls. Physical access to server infrastructure is restricted to authorised personnel. Data at rest is encrypted using AES-256 encryption; data in transit is protected by TLS 1.2 or higher.
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of account |
| Transaction records | 5 years post-closure |
| KYC documents | 5 years post-closure |
| Support chat logs | 3 years |
| Marketing consent | Until consent withdrawn |
| IP / session logs | 12 months |
| Anonymised analytics | Indefinite |
Your Privacy Rights
As a pajok player, you hold a number of rights with respect to the personal data we hold about you. These rights are described below. To exercise any of these rights, please contact the pajok support team via live chat or by emailing [email protected]. We will respond to all rights requests within 30 days of receipt.
Right of access: You have the right to request a copy of the personal data that pajok holds about you, along with an explanation of how that data is being used. This is sometimes referred to as a Subject Access Request (SAR). We will provide this information free of charge in a structured, commonly used, machine-readable format where possible.
Right to rectification: If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it. For minor updates — such as a change of email address or mobile number — you may update your account details directly through the account settings panel.
Right to erasure: In certain circumstances, you have the right to request that we delete the personal data we hold about you. This right is not absolute; we may be required to retain certain data to comply with legal obligations (such as the five-year post-closure retention of transaction records described in Section 5). Where erasure is not possible in full, we will inform you of the specific data categories that must be retained and why.
Right to restriction: You may request that we restrict the processing of your personal data in certain circumstances — for example, while a dispute about data accuracy is being resolved. During a restriction period, we will continue to store the data but will not actively process it for other purposes.
Right to withdraw consent: Where we process your data on the basis of your consent — such as for marketing communications — you have the right to withdraw that consent at any time without affecting the lawfulness of processing that occurred before the withdrawal.
Request a full copy of all personal data pajok holds about you at any time. We provide this information free of charge and will deliver it within 30 days of your verified request being received by the support team.
Found an error in your account details? You can update many fields directly through the account settings panel. For corrections that require manual review — such as a legal name change — contact support with the relevant documentation.
You may request erasure of your personal data where no legal retention obligation applies. We will confirm which data can be deleted immediately and explain any categories that must be retained for compliance purposes.
Data Security Measures
pajok implements a comprehensive set of technical and organisational security measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. Our security programme is reviewed regularly and updated in response to emerging threats and changes in best practice.
Encryption: All data transmitted between your browser and the pajok platform is encrypted using Transport Layer Security (TLS 1.2 or higher). Data at rest — including personal records and transaction logs stored in our databases — is encrypted using AES-256 encryption. Encryption keys are managed using a dedicated key management system with strict access controls.
Access controls: Access to systems containing personal data is restricted to authorised pajok staff on a need-to-know basis. All staff with access to player data undergo background screening. Access rights are reviewed quarterly and revoked promptly when an employee's role changes or they leave the organisation.
Infrastructure security: The pajok platform is hosted on cloud infrastructure that maintains industry-standard physical and environmental security controls. Our infrastructure undergoes regular vulnerability assessments and penetration testing conducted by independent security professionals.
Incident response: In the event of a personal data breach that poses a risk to player rights, pajok will notify affected players as promptly as practicable and take immediate steps to contain and remediate the breach. Affected players will be informed of the nature of the incident, what data was involved, and what steps they should take to protect themselves.
While pajok takes every reasonable precaution to protect your data, no internet-based platform can guarantee absolute security. You play an important role in keeping your account secure by choosing a strong unique password, not sharing your credentials, and logging out of your account when using a shared or public device.
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for all data at rest
- Role-based access controls for staff systems
- Quarterly access rights reviews
- Regular independent penetration testing
- 24/7 infrastructure security monitoring
- Prompt breach notification to affected players
- Dedicated key management system
- Staff background screening for data access roles
- Secure session management and auto-logout
Policy Updates & Contact
pajok reserves the right to update or amend this Privacy Policy at any time. When we make material changes to this policy — changes that meaningfully affect how we collect, use, or share your personal data — we will notify registered players by email to the address on file, and we will publish the updated policy on this page with a revised effective date.
Minor clarifications or corrections that do not change the substantive scope of data processing will be made without individual notification, but the updated effective date will always be reflected at the top of this document. We encourage you to review this Privacy Policy periodically, particularly if you have not visited the platform recently.
Your continued use of the pajok platform following the publication of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should discontinue use of the platform and request account closure through the support team.
Contact for privacy matters: If you have any questions about this Privacy Policy, wish to exercise any of your data rights, or want to report a potential data protection concern, please contact the pajok privacy team. The primary contact method for privacy matters is email. Our team aims to acknowledge all privacy-related enquiries within five business days. The email address for privacy enquiries is [email protected] — please use the subject line "Privacy Enquiry" so your message is routed to the correct team. Do not send sensitive documents such as copies of your ID to this address unless specifically requested by the verification team as part of a KYC process.
Registered pajok players will be notified by email when material changes are made to this Privacy Policy. The notification will summarise the key changes and link to the updated document so you can review the full revised text before it takes effect.
The pajok support team is available around the clock via live chat to answer questions about your data, assist with privacy rights requests, or help with any account-related concern. English-language support is available at all hours for players across Bangladesh.
Have Questions About pajok Privacy?
Our support team is available 24/7 to answer any questions about how your data is handled on pajok. You can also review our FAQ for quick answers, or visit our Responsible Gaming page to learn about the tools available to help you stay in control.