Privacy Policy — How mvpvip Protects Your Data
At mvpvip, protecting the personal data of our players is a core responsibility, not an afterthought. This Privacy Policy explains precisely what information we collect when you use our platform, why we collect it, how we store it securely, who we share it with, and what rights you hold over your own data. We are committed to transparency in every aspect of our data practices.
Six Principles Behind Our Privacy Commitment
These six principles define how mvpvip approaches data protection. They apply to every player account, every transaction, and every interaction on the platform.
SSL Encryption by Default
Every connection to mvpvip is protected by 256-bit SSL encryption. All data in transit — including login credentials, payment details, and personal information — is encrypted end-to-end before it leaves your device.
Data Collected for Defined Purposes Only
mvpvip collects only the data that is strictly necessary to operate your account, process payments, meet compliance obligations, and improve your gaming experience. We do not collect data speculatively or sell it to advertisers.
You Control Your Own Data
Players have the right to access, correct, export, and request deletion of their personal data at any time. You can exercise these rights by contacting our support team via live chat or by emailing [email protected].
We Never Sell Your Personal Data
mvpvip does not sell, rent, or trade your personal information to third-party marketers, data brokers, or advertising networks. Your data is used solely to run the platform and fulfil legal obligations.
Regulatory Compliance & KYC
We collect identity and payment verification data to comply with applicable anti-money laundering (AML) and Know Your Customer (KYC) obligations. This protects both you and the integrity of the platform.
Clear Notification of Policy Changes
If we make significant changes to this Privacy Policy, we will notify you by email or via an in-platform notification at least 7 days before the changes take effect, giving you time to review and respond.
01 Data We Collect
mvpvip collects personal data through multiple touchpoints during your registration, account use, and payment activity. The categories of data we collect, and the specific data points within each category, are described below. We collect only what is necessary for the stated purpose.
Registration & Identity Data: When you create a mvpvip account, we collect your full legal name, date of birth, email address, mobile phone number, and the username and password you choose. This data is required to establish your account identity, enforce our one-account policy, and verify that you meet the minimum age requirement of 18 years.
Identity Verification (KYC) Data: Before processing withdrawals or in response to compliance requirements, we may request copies of government-issued identity documents. Accepted documents include Bangladesh National Identity Card (NID), passport, driver's licence, and proof of current address such as a utility bill or bank statement dated within 90 days. KYC documents are stored in an encrypted document vault with access restricted to compliance personnel only.
Payment & Transaction Data: We record details of every deposit and withdrawal transaction processed through your account, including the payment method used (bKash, Nagad, Rocket, Upay, bank name), transaction reference numbers, amounts in Bangladeshi Taka (৳), timestamps in Bangladesh Standard Time (BST, UTC+6), and transaction status. We do not store full mobile wallet PINs, bank account passwords, or complete card numbers. Payment authentication is handled by the respective payment provider's own secure systems.
Gaming Activity Data: We maintain a complete record of all bets placed, games played, wagers won and lost, bonus funds claimed and wagered, and sports markets accessed. This data is used for account statement generation, responsible gaming monitoring, bonus abuse detection, and game studio settlement reconciliation.
Device & Technical Data: When you access mvpvip via a web browser or mobile interface, we automatically collect your IP address, browser type and version, operating system, device type (mobile, tablet, desktop), screen resolution, referring URL, session duration, and pages visited. This data is used for fraud detection, geographic access control, platform optimisation, and security monitoring.
Communications Data: If you contact our support team via live chat or email, we retain a record of those communications including the content of messages, timestamps, and the support agent's responses. This data is used for quality assurance, dispute resolution, and training purposes. Live chat transcripts are retained for 24 months from the date of the conversation.
Responsible Gaming Data: Where a player activates responsible gaming tools — such as deposit limits, session time limits, or self-exclusion — we record the settings chosen and the dates they were applied or modified. This data is treated with the highest level of sensitivity and is accessible only to compliance and player protection personnel.
02 How We Use Your Data
mvpvip processes your personal data only for specific, clearly defined purposes. We do not process data for purposes that are incompatible with those stated at the time of collection. The primary purposes for which we use your data are as follows:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account Creation & Management | Registration data, device data | Contractual necessity |
| Age & Identity Verification | KYC documents, date of birth | Legal obligation |
| Payment Processing | Transaction data, payment method identifiers | Contractual necessity |
| Fraud & AML Detection | Device data, transaction data, IP address | Legal obligation / Legitimate interest |
| Responsible Gaming Monitoring | Gaming activity, responsible gaming settings | Legal obligation / Legitimate interest |
| Customer Support | Communications data, account data | Contractual necessity |
| Platform Analytics & Improvement | Device data, gaming activity, session data | Legitimate interest |
| Promotional Communications | Email address, gaming preferences | Consent (opt-in only) |
| Legal Compliance & Reporting | Identity data, transaction data | Legal obligation |
Promotional Communications: mvpvip sends promotional emails and in-platform notifications about bonuses, new games, BPL cricket promotions, and seasonal offers (Eid, Pohela Boishakh) only to players who have explicitly opted in to receive such communications. You can withdraw your consent at any time by updating your notification preferences in the account dashboard or by contacting support. Opting out of promotional communications does not affect your ability to use the platform.
Automated Decision-Making: mvpvip uses automated systems to assess certain account actions, including fraud risk scoring on deposit transactions, duplicate account detection, and responsible gaming threshold alerts. Where an automated decision significantly affects your account — for example, triggering a temporary deposit block due to a responsible gaming threshold — you have the right to request a manual review by a human member of our compliance team. Please contact support via live chat or email to initiate a review.
03 Cookies & Tracking Technologies
mvpvip uses cookies and similar tracking technologies to operate the platform, remember your preferences, maintain session security, and analyse how players interact with different features. This section explains the types of cookies we use and how you can control them.
Essential Cookies: These cookies are strictly necessary for the platform to function. They maintain your login session, store your account preferences, enable payment processing flows, and protect against cross-site request forgery (CSRF) attacks. Essential cookies cannot be disabled without breaking core platform functionality. No consent is required for essential cookies as they are a technical prerequisite for the service.
Analytics Cookies: We use first-party analytics to understand how players navigate the platform, which game categories are most visited, where users drop off during the deposit flow, and how different device types perform. Analytics data is aggregated and anonymised — it is not linked to your personal account profile. You may opt out of analytics cookies via the cookie settings available in your account dashboard.
Preference Cookies: These cookies remember your platform settings such as your preferred language display, notification settings, and last-visited game category. Disabling preference cookies means your settings will not be saved between sessions.
Security Cookies: We set short-lived security tokens that help detect unusual login patterns, multiple simultaneous sessions from different geographic locations, and suspicious payment activity. These tokens contain no personally identifiable information and expire within the current browser session.
Third-Party Game Studio Cookies: Games provided by studios such as Pragmatic Play, Evolution Gaming, PG Soft, Ezugi, and Spribe may set their own cookies or local storage values within the game frame. These are controlled by the respective studios under their own privacy policies. mvpvip does not have direct access to game-frame cookie data from third-party studios.
Cookie Retention Periods: Session cookies expire when you close your browser. Persistent preference cookies are retained for up to 12 months. Analytics cookies are retained for up to 6 months before being automatically deleted or anonymised. You can clear all cookies at any time through your browser settings; note that clearing essential cookies will log you out of your account.
Do Not Track (DNT): Some browsers allow you to send a "Do Not Track" signal to websites. mvpvip currently honours DNT signals by disabling analytics and preference cookies for sessions where a DNT signal is detected. Essential and security cookies remain active regardless of DNT status.
04 Data Sharing & Third Parties
mvpvip does not sell, rent, or trade your personal data to third parties for their own commercial purposes. We share data only where it is necessary to deliver the service, fulfil a legal obligation, or protect the platform and its users from harm. The categories of third parties with whom we may share data are set out below.
Payment Service Providers: When you make a deposit or withdrawal, we share the minimum necessary transaction data with the relevant payment provider — bKash, Nagad, Rocket, Upay, or a Bangladesh bank — to initiate and complete the payment. Payment providers process this data under their own privacy policies and are contractually prohibited from using it for any purpose other than completing the transaction.
Game Studios & Software Providers: To deliver casino games and live dealer products, we share your player account token (a pseudonymous identifier) with game studios including Pragmatic Play, Evolution Gaming, PG Soft, NetEnt, Microgaming, Ezugi, Spribe, and Habanero. Game studios receive no directly identifying information such as your full name, NID number, or payment details. They use the player token solely to record game session data, calculate returns, and report results back to mvpvip for your account balance update.
Identity Verification Partners: For KYC purposes, we may use a third-party identity verification service to authenticate the government-issued documents you submit. These partners process your document images and return a verification result to mvpvip. They do not retain your document data beyond the duration required to complete the verification check, typically 30 days.
Fraud Prevention & AML Services: mvpvip uses third-party fraud scoring and AML screening tools that may process your IP address, device fingerprint, and transaction patterns to detect suspicious activity. These services return a risk score to mvpvip; they do not receive your full personal profile. Contracts with these providers include strict data processing restrictions.
Legal and Regulatory Authorities: We may disclose your personal data to relevant authorities in Bangladesh — including law enforcement, financial intelligence units, or court orders — where we are legally required to do so. We will not disclose your data to authorities on the basis of informal requests; a formal legal instrument is required. Where permitted by law, we will notify you of any such disclosure.
Business Transfers: In the event of a merger, acquisition, or sale of all or part of mvpvip's assets, your personal data may be transferred to the acquiring entity as part of that transaction. You will be notified by email of any such transfer and of any changes to this Privacy Policy that may result. The acquiring entity will be required to honour the privacy commitments set out in this policy.
No Cross-Border Data Transfers Without Safeguards: If any of the above third parties are located outside Bangladesh, mvpvip ensures that appropriate contractual safeguards are in place before transferring your data, including standard contractual clauses or equivalent data protection agreements. We do not transfer personal data to jurisdictions with inadequate data protection standards without implementing compensating controls.
05 Data Security
mvpvip implements a layered security architecture to protect your personal data from unauthorised access, accidental loss, disclosure, or destruction. Our key technical and organisational security measures include the following:
- Transport Encryption: All data exchanged between your device and mvpvip servers is encrypted using TLS 1.2 or TLS 1.3. Older, insecure protocols (SSL 3.0, TLS 1.0, TLS 1.1) are disabled across all platform endpoints.
- Database Encryption at Rest: Personal data stored in our databases — including KYC documents, identity records, and transaction histories — is encrypted at rest using AES-256 encryption. Encryption keys are managed in a dedicated key management system separate from the data store.
- Access Controls: Access to systems containing personal data is restricted on a strict need-to-know basis using role-based access control (RBAC). All internal access events are logged and reviewed by our security team. Privileged access requires multi-factor authentication (MFA).
- Penetration Testing: mvpvip engages independent security firms to conduct penetration testing of the platform at least twice per year. Findings are triaged by severity and remediated within defined SLA windows (critical: 24 hours; high: 7 days; medium: 30 days).
- Incident Response: In the event of a confirmed data security incident that poses a risk to player data, mvpvip will notify affected players by email within 72 hours of confirming the scope of the breach, in line with responsible disclosure practices. Notifications will include a description of the data affected, the likely impact, and the remediation steps taken.
- Staff Training: All mvpvip employees and contractors who handle personal data complete mandatory data protection training upon joining and annually thereafter. Data handling procedures are reviewed and updated at least once per year.
- Third-Party Security Assessments: Before onboarding any new third-party processor that will handle player data, mvpvip conducts a data protection impact assessment and reviews the vendor's own security certifications and policies.
Despite these measures, no internet-based platform can guarantee absolute security. You are responsible for maintaining the security of your own account credentials. If you suspect your account has been compromised, please contact our support team immediately via live chat or at [email protected].
06 Data Retention
mvpvip retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following retention periods apply to the main categories of data we hold:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account Registration Data | Duration of account + 5 years after closure | Legal / AML obligation |
| KYC Identity Documents | 5 years from submission date | Regulatory compliance |
| Transaction Records | 7 years from transaction date | Financial record-keeping obligation |
| Gaming Activity Logs | 3 years from last activity | Dispute resolution / audit |
| Support Communications | 24 months from conversation date | Quality assurance / dispute resolution |
| Device & Technical Logs | 12 months from collection | Fraud detection / security |
| Responsible Gaming Records | Duration of account + 5 years | Player protection obligation |
| Marketing Preferences | Until consent withdrawn + 6 months | Consent record-keeping |
| Analytics (Anonymised) | 6 months (then permanently anonymised) | Platform improvement |
Upon expiry of the relevant retention period, personal data is securely deleted or irreversibly anonymised so that it can no longer be linked to you as an individual. Deletion is performed using NIST 800-88-compliant data sanitisation procedures for stored records and secure overwrite for backup media.
Where data must be retained beyond the standard period due to an ongoing dispute, legal claim, regulatory investigation, or court order, the data will be preserved in a restricted access environment until the matter is resolved, after which standard deletion procedures apply.
07 Your Privacy Rights
As a mvpvip player, you hold the following rights over your personal data. These rights can be exercised at any time by contacting our support team via live chat inside your account dashboard, or by sending a written request to [email protected] with the subject line "Privacy Rights Request".
- Right of Access: You have the right to request a copy of all personal data that mvpvip holds about you, along with information about how it is being used. We will provide a structured data export in a common machine-readable format (JSON or CSV) within 14 business days of a verified request.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. Name and date-of-birth corrections require submission of a supporting identity document. Other data points (email, phone number) can be updated directly in the account settings panel.
- Right to Erasure ("Right to Be Forgotten"): You may request deletion of your personal data. We will honour erasure requests where deletion does not conflict with our legal retention obligations. Where certain data must be retained for regulatory reasons (e.g., transaction records for 7 years), we will delete all data that can lawfully be removed and inform you of what must be retained and why.
- Right to Restrict Processing: In certain circumstances — for example, while the accuracy of your data is being contested, or where you have objected to processing and we are considering the objection — you may request that we restrict processing to storage-only. During a restriction period, your account may have limited functionality.
- Right to Data Portability: You have the right to receive personal data you have provided to mvpvip in a structured, commonly used, machine-readable format, and to request that it be transmitted directly to another service provider where technically feasible.
- Right to Object: You have the right to object to processing of your data where we rely on legitimate interest as the legal basis. You also have an unconditional right to object to processing for direct marketing purposes at any time, which will be honoured immediately upon receipt of the objection.
- Right to Withdraw Consent: Where processing is based on your consent (for example, promotional email communications), you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
- Right to Human Review of Automated Decisions: Where an automated decision has a significant effect on your account, you have the right to request that a human member of our compliance team reviews the decision. See the automated decision-making section above for more details.
mvpvip will respond to all verifiable privacy rights requests within 14 business days of receipt. In complex cases, or where we receive a high volume of requests simultaneously, we may extend this to 30 business days and will notify you of the extension. We will never charge a fee for standard privacy rights requests. We reserve the right to refuse requests that are manifestly unfounded, excessive, or repetitive, and will explain our reasoning in writing if we do so.
Identity Verification for Rights Requests: To protect against fraudulent access requests, we verify the identity of all individuals submitting privacy rights requests before releasing or modifying any data. Verification requires you to confirm access to the email address on your account and to provide one additional identifying piece of information (such as your registered phone number or a recent transaction reference).
08 Contact & Privacy Complaints
If you have questions about this Privacy Policy, wish to exercise a privacy right, or believe that mvpvip has not handled your personal data in accordance with this policy, please reach out to us through the channels below.
Primary Contact: Our support team is available 24 hours a day, 7 days a week via live chat inside your account dashboard. For privacy-specific enquiries, sending an email typically produces a more detailed written response.
Email for Privacy Requests: [email protected] — please use the subject line "Privacy Policy Enquiry" or "Privacy Rights Request" to ensure your message is routed directly to our data protection team.
Complaints Process: If you are dissatisfied with our response to a privacy enquiry or rights request, you may escalate your complaint by sending a written escalation email to the same address with the subject line "Privacy Complaint — Escalation". We will acknowledge escalated complaints within 2 business days and aim to provide a full resolution within 14 business days. If you remain unsatisfied after our internal complaints process is exhausted, you retain the right to seek appropriate legal remedies in accordance with applicable laws in Bangladesh.
Policy Updates: This Privacy Policy was last reviewed and updated on 1 January 2026 (Version 2.4). Material changes — defined as changes that affect the type of data collected, the purposes for which it is used, or the rights available to players — will be communicated by email and in-platform notification at least 7 days before taking effect. Minor updates (such as clarifications to existing language or corrections to typographical errors) may be made without advance notice, but the version number and review date at the top of this policy will always reflect the most recent update.
We encourage players to review this Privacy Policy periodically. Continued use of the mvpvip platform following notification of any updated version constitutes acceptance of the revised policy.
Your Data Is Safe With mvpvip
Our platform is protected by 256-bit SSL encryption, two-factor authentication options, automated fraud detection, and regular independent security audits. We invest in data security because your trust is the foundation of everything we do.
Questions About This Policy?
If any part of this Privacy Policy is unclear or you believe it has been applied incorrectly to your account, please contact our support team via live chat (available 24/7) or by emailing [email protected]. We typically respond within 2–5 minutes on live chat and within 2 hours by email during BST business hours.
How to Exercise Your Rights
- Log in to your mvpvip account and open the live chat widget.
- State that you wish to exercise a privacy right and specify which right (access, rectification, erasure, portability, objection).
- Alternatively, email [email protected] with the subject "Privacy Rights Request".
- Be prepared to verify your identity via your registered email address and one additional identifier.
- We will confirm receipt within 1 business day and respond in full within 14 business days.
Related Policies & Documents
This Privacy Policy should be read alongside the following mvpvip platform documents, each of which forms part of the full agreement between you and mvpvip:
- Terms & Conditions — full platform rules and player obligations
- Responsible Gaming Policy — tools, limits, and support resources
- FAQ — common questions about accounts, payments, and games
Explore mvpvip — Bangladesh's Premier Gaming Platform
Your data is protected. Your experience is our priority. Explore cricket betting, live casino, slots, and more — all accessible via bKash, Nagad, and Rocket. 18+ only. Play responsibly.