c8gpt Privacy Policy —
How We Protect Your Data
At c8gpt, your privacy is fundamental to how we operate. This Privacy Policy explains exactly what personal information we collect, why we collect it, how we use it, who we may share it with, and the rights you hold over your own data as a player on c8gpt.net.
Your Privacy at a Glance
Before reading the full policy, these six cards summarise c8gpt's core privacy commitments. We believe privacy should be transparent, not buried in jargon.
Encrypted Data Storage
All personal data stored on c8gpt servers is protected by AES-256 encryption at rest. Data in transit is secured via TLS 1.3. Your financial details, identity documents, and account credentials are never stored in plain text.
We Never Sell Your Data
c8gpt does not sell, rent, or trade your personal information to any third-party marketers. Your data is shared only with service providers strictly necessary to operate the platform — and only under binding confidentiality agreements.
Transparent Cookie Use
c8gpt uses cookies solely for session management, security, and platform performance analytics. We do not deploy third-party advertising trackers. You can review or adjust cookie preferences at any time via your browser settings.
Clear Retention Limits
Your data is retained only for as long as your account is active and for a defined period thereafter as required by our licensing obligations. Once the retention window expires, your personal data is securely deleted or anonymised.
You Control Your Data
You have the right to access, correct, export, and request deletion of your personal data at any time. Submit a data request by emailing [email protected] from your registered email address and we will respond within 30 days.
KYC Data Handled Securely
Identity documents submitted for KYC verification are processed by our compliance team only, stored in an isolated encrypted vault, and never used for purposes beyond account verification and regulatory reporting.
1. Data We Collect
c8gpt collects personal data in several ways: directly from you when you register an account or interact with our services, automatically through your use of the platform, and in some cases from third-party verification partners as part of our legal compliance obligations.
Information You Provide Directly
When you register a c8gpt account or update your profile, we collect the following categories of personal information:
- Identity data: Full legal name, date of birth, gender, and nationality as it appears on your government-issued identification.
- Contact data: Residential address (including city — Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, or other), email address, and mobile phone number.
- Identity documents: Scanned or photographed copies of your Bangladesh National Identity Card (NID), passport, driving licence, or other accepted KYC documents.
- Financial data: Payment method details used for deposits and withdrawals, including your bKash, Nagad, Rocket, or Upay mobile wallet number, and bank account details where bank transfers are used.
- Account credentials: Your chosen username and encrypted password hash. c8gpt never stores your password in plain text.
- Communications data: Records of your conversations with c8gpt customer support via live chat or email, including support tickets and complaint records.
Information Collected Automatically
When you access and use c8gpt.net, our systems automatically record certain technical and behavioural data. This includes:
- Device and technical data: IP address, device type, operating system, browser type and version, screen resolution, and time zone setting.
- Usage data: Pages visited, games played, bets placed, session duration, click-paths, and feature interactions within the platform.
- Transaction data: Complete records of all deposits, withdrawals, bets, wins, losses, and bonus transactions associated with your account.
- Location data: Approximate geographic location derived from your IP address, used solely for fraud prevention and access-restriction compliance purposes.
- Cookie and session data: Session tokens, authentication cookies, and analytics identifiers as described in our Cookies section below.
Information From Third Parties
In order to meet our obligations under applicable gaming regulations and anti-money-laundering rules, c8gpt may receive supplementary information about you from authorised third-party service providers. This may include identity verification results from KYC/AML compliance partners, fraud screening scores from payment processors, and age verification outcomes. Such data is used solely for compliance purposes and is handled with the same level of care as data you provide directly.
2. How We Use Your Data
c8gpt processes your personal data only for specific, legitimate purposes. We do not use your data for any purpose that is incompatible with the reason it was originally collected. The primary purposes for which we use your data are set out below, together with the legal basis for each.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account registration and management | Identity, contact, credentials | Contract performance |
| Processing deposits and withdrawals | Financial, identity data | Contract performance |
| KYC identity and age verification | Identity documents, DOB | Legal obligation |
| Anti-money laundering (AML) monitoring | Transaction, financial data | Legal obligation |
| Fraud detection and prevention | Device, IP, usage, financial data | Legitimate interest |
| Customer support and complaints handling | Communications, account data | Contract performance |
| Responsible gaming monitoring | Usage, transaction, behavioural data | Legal obligation / Legitimate interest |
| Platform analytics and improvement | Usage, device, cookie data | Legitimate interest |
| Promotional communications (with consent) | Contact data, preferences | Consent |
Where c8gpt relies on your consent as the legal basis for processing — for example, to send you promotional emails about new bonuses, seasonal offers, or BPL cricket betting promotions — you may withdraw that consent at any time by contacting our support team or updating your communication preferences within your account settings. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to withdrawal.
c8gpt does not use your personal data for automated decision-making that produces legal or similarly significant effects on you, except where such processing is required by law or expressly consented to by you.
4. Data Sharing & Third Parties
c8gpt does not sell, rent, or otherwise transfer your personal data to third parties for their own marketing or commercial purposes. We share your data only in the limited circumstances described below, and only with parties who are contractually bound to handle it securely and in accordance with applicable data protection standards.
Payment Service Providers
To process deposits and withdrawals, c8gpt shares necessary financial and identity data with authorised payment partners, including bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, and other approved processors. These providers receive only the minimum data necessary to authenticate and complete each transaction. They are prohibited from using your data for any other purpose.
KYC and AML Compliance Partners
c8gpt works with specialist third-party identity verification and anti-money-laundering screening providers to fulfil its regulatory obligations. These partners may process your identity documents, date of birth, and address data to confirm your identity and screen against sanctions and watchlists. All such partners are subject to strict data processing agreements.
Game Software Providers
The casino games and sports betting services available on c8gpt are powered by third-party game studios such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These providers may receive your anonymised player ID and session token to facilitate gameplay and calculate outcomes via their certified Random Number Generator (RNG) systems. They do not receive your name, contact details, or payment information.
Regulatory and Law Enforcement Authorities
c8gpt may disclose your personal data to regulatory bodies, law enforcement agencies, or other government authorities where required to do so by applicable law, court order, or regulatory direction. In such cases, c8gpt will disclose only the minimum information required and, where legally permissible, will notify you of the disclosure.
Business Transfers
In the event that c8gpt undergoes a merger, acquisition, or sale of all or part of its assets, your personal data may be transferred to the acquiring entity as part of that transaction. You will be notified of any such transfer and the privacy terms applicable to your data following the transaction.
5. Data Security
The security of your personal data is a top priority at c8gpt. We implement a layered approach to data security, combining technical safeguards, operational controls, and staff training to minimise risk.
Our key technical security measures include:
- TLS 1.3 encryption in transit: All data exchanged between your browser and c8gpt.net is encrypted using Transport Layer Security (TLS) 1.3, the current industry standard. Connections using older, weaker protocols are rejected.
- AES-256 encryption at rest: Sensitive personal data stored on c8gpt's servers — including identity documents, payment details, and account credentials — is encrypted using AES-256, the same standard used by financial institutions worldwide.
- Password hashing: User passwords are never stored in plain text. They are processed through a one-way cryptographic hashing function with a unique salt per account, making them computationally infeasible to reverse.
- Access controls: Access to production systems and personal data is restricted on a strict need-to-know basis. All internal access is logged, monitored, and subject to periodic audit.
- Two-factor authentication (2FA): c8gpt offers 2FA for player accounts as an additional layer of login security. Players are strongly encouraged to enable this feature.
- Fraud monitoring: Automated systems monitor account activity in real time for patterns consistent with fraud, account takeover, or money laundering, triggering alerts for manual review where necessary.
- Penetration testing: c8gpt's platform undergoes regular independent security assessments, including penetration testing, to identify and remediate vulnerabilities proactively.
Despite these measures, no internet transmission or electronic storage system is 100% secure. In the unlikely event of a data breach that is likely to result in a risk to your rights and freedoms, c8gpt will notify affected players without undue delay and take all reasonable steps to contain and remediate the breach.
You also have a responsibility to keep your account secure. Do not share your password with anyone, do not use the same password across multiple sites, and notify c8gpt support immediately if you suspect your account has been accessed without your authorisation.
6. Data Retention
c8gpt retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements imposed by our gaming licence conditions.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account and identity data | Duration of account + 5 years post-closure | AML/KYC regulatory obligation |
| Transaction records | Duration of account + 7 years post-closure | Financial record-keeping requirements |
| Identity documents (KYC) | Duration of account + 5 years post-closure | Regulatory compliance and audit |
| Customer support communications | 3 years from last contact | Complaint resolution and dispute evidence |
| Marketing consent records | 3 years from consent or withdrawal | Proof of consent compliance |
| Cookie and analytics data | 13 months from collection | Platform analytics rolling window |
| Inactive account data | 5 years from last login | Regulatory obligation; dormancy management |
At the end of the applicable retention period, your personal data is either securely deleted from c8gpt's systems or anonymised in a way that it can no longer be linked back to you. Anonymised, aggregated data may be retained indefinitely for statistical and research purposes, as it no longer constitutes personal data.
If you request account closure, your data will be retained for the minimum post-closure period required by our regulatory obligations before deletion. You will be informed of the applicable retention period at the time of your closure request.
7. Your Privacy Rights
As a c8gpt player, you have a number of rights in relation to your personal data. c8gpt is committed to honouring these rights promptly and transparently. To exercise any of the rights listed below, please contact our support team at [email protected] from your registered email address, clearly stating the nature of your request.
c8gpt will respond to all verified data rights requests within 30 calendar days of receipt. Where a request is particularly complex or we have received multiple requests from the same individual, we may extend this period by a further 60 days, in which case we will notify you of the extension and the reason for it within the initial 30-day window.
We may need to verify your identity before processing a data rights request to ensure we do not disclose personal data to an unauthorised party. This verification step is for your protection.
8. Contact & Data Enquiries
If you have any questions, concerns, or complaints about this Privacy Policy or c8gpt's handling of your personal data, please contact our data enquiries team using the details below. We take all privacy concerns seriously and aim to resolve them fairly and promptly.
Email: [email protected] — please include "Privacy Request" in the subject line so your message reaches the appropriate team member.
Live Chat: Available 24/7 on c8gpt.net. Our support agents can assist with general privacy queries and help you initiate a formal data request.
Response Time: We acknowledge all privacy-related emails within 2 business days and provide a substantive response within 30 calendar days. For complex requests, we may require up to 90 days in total, as described in the Your Privacy Rights section above.
Policy Updates: c8gpt may update this Privacy Policy from time to time to reflect changes in our services, technology, or legal obligations. The "Last Updated" date at the top of this policy reflects when the most recent revision was made. Where a material change is made, we will notify active account holders by email prior to the change taking effect. Continued use of c8gpt.net after the effective date of a revised policy constitutes your acceptance of the updated terms.
This Privacy Policy should be read alongside our Terms & Conditions and Responsible Gaming Policy, which together govern your relationship with c8gpt.
Your Privacy Is in Good Hands at c8gpt
We are committed to keeping your personal data safe and your experience on c8gpt transparent. Ready to play? Visit the casino, explore cricket betting, or check our FAQ if you have further questions. 18+ only — please gamble responsibly.