qoki Privacy Policy
How We Handle Your Data
Your privacy matters to qoki. This Privacy Policy explains exactly what personal data we collect when you use our platform, why we collect it, how it is stored and protected, and what rights you have over your information. We are committed to transparency and to handling your data responsibly.
Every piece of data transmitted between your browser or app and qoki's servers is protected by industry-standard 256-bit SSL encryption. Your personal details, payment information, and account credentials are never transmitted in plain text.
qoki does not sell, rent, or trade your personal information to third-party marketing companies or data brokers under any circumstances. Your data is used only to operate the qoki platform, process transactions, and comply with legal obligations.
You have the right to request a copy of all personal data qoki holds about you, to correct inaccurate records, and to request deletion of your data subject to legal retention obligations. Submit a data request at any time via our support team.
Payment data processed through bKash, Nagad, Rocket, Upay, Visa, and Mastercard is handled directly by certified payment providers. qoki does not store full card numbers or mobile banking PINs on its own servers at any point.
qoki uses cookies and similar technologies to keep you logged in, remember your preferences, and understand how the platform is used. Our cookie practices are fully explained in Section 4 of this policy so you know exactly what is being collected and why.
qoki retains personal data only for as long as necessary for the purposes outlined in this policy or as required by applicable law. Account data is retained for a minimum of five years following account closure to comply with anti-money-laundering regulations.
Data We Collect
qoki collects personal data from you in two primary ways: information you provide directly during registration and account use, and information collected automatically when you interact with the platform. We collect only the data that is necessary for the specific purposes described in this Privacy Policy.
Data You Provide Directly
When you register an account, use platform features, or contact our support team, you may provide the following categories of personal data:
| Data Category | Examples | When Collected |
|---|---|---|
| Identity Data | Full name, date of birth, National ID (NID) number, passport number | Registration & KYC verification |
| Contact Data | Email address, mobile phone number (for bKash/Nagad), city/district (e.g., Dhaka, Chittagong, Sylhet) | Registration & profile updates |
| Financial Data | bKash/Nagad account number, Rocket/Upay number, Visa/Mastercard last 4 digits, transaction history | Deposits, withdrawals & KYC |
| Verification Documents | Scanned NID, passport photo page, utility bill, bank statement | KYC compliance review |
| Communication Data | Live chat transcripts, support email content, feedback submissions | Customer support interactions |
| Responsible Gaming Data | Deposit limits set, self-exclusion requests, cooling-off elections | Responsible gaming tool usage |
Data Collected Automatically
When you access qoki via a browser or mobile device, certain technical data is collected automatically by our systems. This data does not on its own identify you by name but may be combined with other information we hold to do so:
- Device & Technical Data: IP address, browser type and version, operating system, device model, screen resolution, and language settings.
- Usage Data: Pages visited, games played, bets placed, session duration, click paths, and features used within the platform.
- Location Data: Approximate geographic location derived from your IP address (country and city level). qoki does not access your device's GPS location.
- Log Data: Server access logs including timestamps, request types, and error reports used for security monitoring and platform stability.
How We Use Your Data
qoki processes your personal data only where we have a lawful basis for doing so. The primary legal bases we rely on are: performance of a contract (providing you with the service you signed up for), compliance with legal obligations (anti-money laundering, age verification), legitimate interests (platform security, fraud prevention), and, where applicable, your explicit consent (marketing communications).
The specific purposes for which qoki processes personal data are as follows:
- Account Creation & Management: To register your account, verify your identity, and maintain your account in a functional state, including managing your preferences, responsible gaming elections, and communication settings.
- Transaction Processing: To process deposits and withdrawals via bKash, Nagad, Rocket, Upay, Visa, and Mastercard, to reconcile your account balance, and to investigate and resolve any payment disputes.
- KYC & Compliance: To fulfil our legal obligations under applicable anti-money laundering (AML) and know-your-customer (KYC) requirements. This includes verifying your identity, age, and the source of funds where required.
- Platform Security & Fraud Prevention: To detect, investigate, and prevent unauthorised access, fraudulent transactions, bonus abuse, match-fixing, and other prohibited activities outlined in the qoki Terms & Conditions.
- Customer Support: To respond to your enquiries, resolve complaints, process account modification requests, and provide 24/7 live chat and email support.
- Platform Improvement: To analyse aggregated usage data in order to improve the qoki platform, fix technical issues, and develop new features and game categories that better serve our Bangladeshi player base.
- Responsible Gaming: To monitor for signs of problem gambling behaviour, to action self-exclusion and deposit limit requests, and to comply with responsible gaming obligations.
- Marketing Communications: Where you have opted in, to send you information about qoki promotions, daily bonuses, BPL season offers, and platform news. You may unsubscribe from marketing communications at any time.
qoki does not use automated decision-making or profiling processes that produce significant legal effects on individual users without human review. Risk-flagging systems that may result in account restrictions are always subject to manual review by the qoki compliance team before any action is taken.
Data Sharing & Disclosure
qoki does not sell, rent, or otherwise commercially transfer your personal data to third parties. We share personal data only in the limited circumstances described below, and only to the minimum extent necessary for the stated purpose.
Service Providers & Technology Partners
qoki works with carefully selected third-party service providers who process data on our behalf under strict data processing agreements. These include:
- Payment Processors: bKash, Nagad, Rocket, Upay, and card processing networks (Visa, Mastercard) receive the transaction data necessary to complete deposits and withdrawals. These providers operate under their own privacy policies and regulatory frameworks.
- Game Providers: Certified game studios including Evolution Gaming, Pragmatic Play, NetEnt, Microgaming, Spribe, and Ezugi receive session data necessary to deliver their games on the qoki platform. Game providers do not receive your full identity or financial records.
- Identity Verification Services: Where automated KYC tools are used to verify identity documents, the relevant data is shared with certified verification service providers who operate under binding confidentiality and data protection obligations.
- Cloud Infrastructure: qoki's platform is hosted on secure cloud infrastructure. Our hosting provider processes data on our behalf under a data processing agreement and has no independent right to use your personal data.
- Analytics Providers: Aggregated, anonymised usage data may be processed by analytics platforms to help us understand platform performance. No identifiable personal data is shared for analytics purposes.
Legal & Regulatory Disclosures
qoki may disclose personal data to competent authorities, law enforcement agencies, or regulatory bodies when we are legally required to do so, or when such disclosure is necessary to protect the rights, property, or safety of qoki, its users, or the public. We will notify affected users of such disclosures where permitted by law.
Cookies & Tracking Technologies
qoki uses cookies and similar tracking technologies (including local storage and session storage) to operate the platform effectively, remember your preferences, and analyse how the service is used. A cookie is a small text file placed on your device by a website. Cookies themselves do not contain executable code and cannot carry viruses.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Keep you logged in, maintain your session, enable core platform functions. Cannot be disabled without breaking the service. | Session / up to 30 days |
| Functional | Remember your language preference, game lobby layout, preferred deposit method, and responsible gaming settings. | Up to 12 months |
| Performance & Analytics | Collect anonymised data on page load times, error rates, and navigation paths to help us improve platform performance. | Up to 24 months |
| Security | Detect and mitigate suspicious login activity, CSRF protection tokens, and fraud prevention signals. | Session / up to 7 days |
You can manage or disable non-essential cookies through your browser settings. Most modern browsers allow you to block or delete cookies via the privacy or settings menu. Note that disabling strictly necessary cookies will prevent you from logging in to your qoki account and using core platform features. Disabling functional cookies will mean your preferences are not saved between sessions.
qoki does not use third-party advertising cookies or cross-site tracking pixels. The analytics cookies we use collect only anonymised, aggregated data that cannot be used to identify you individually.
Data Retention & Storage
qoki retains your personal data for as long as your account is active and for a defined period thereafter, based on the legal and operational requirements applicable to each category of data. We do not keep data for longer than necessary.
- Account & Identity Data: Retained for a minimum of five (5) years following account closure. This period is mandated by anti-money laundering (AML) regulations and financial record-keeping obligations.
- Transaction Records: Retained for a minimum of seven (7) years in accordance with standard financial audit requirements. This applies to all deposit and withdrawal records, including bKash, Nagad, Rocket, and card transaction logs.
- KYC Documents: Retained for a minimum of five (5) years post-account closure. Physical or digital copies of identity and address verification documents are stored in encrypted form.
- Support Communications: Live chat transcripts and email correspondence are retained for two (2) years from the date of the conversation, for quality assurance and dispute resolution purposes.
- Responsible Gaming Records: Self-exclusion and deposit limit records are retained for the full duration of the restriction plus five (5) years to prevent circumvention by re-registration.
- Marketing Preferences: Records of consent and opt-out for marketing communications are retained indefinitely to demonstrate compliance with your stated preferences.
All data stored by qoki is held on encrypted servers. Access to personal data is restricted on a need-to-know basis; only qoki team members with a legitimate operational reason are authorised to access specific data categories. All staff with access to personal data are subject to confidentiality obligations.
Upon the expiry of the applicable retention period, data is securely deleted or anonymised in a manner that makes re-identification impossible. Anonymised data may be retained indefinitely for aggregated statistical analysis without restriction, as it no longer constitutes personal data.
Your Privacy Rights
qoki respects your right to control your personal data. As a user of the qoki platform, you have the following rights with respect to the personal data we hold about you. To exercise any of these rights, contact our data team at [email protected] with the subject line "Data Rights Request" and your registered account details.
- Right of Access: You may request a copy of all personal data qoki holds about you. We will provide this in a structured, commonly used format within 30 days of your verified request.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. Name and date of birth corrections require supporting documentation.
- Right to Erasure ("Right to Be Forgotten"): You may request the deletion of your personal data. This right is subject to exceptions where qoki is legally required to retain data — for example, AML retention obligations mean that transaction and identity records must be kept for the mandatory period regardless of an erasure request.
- Right to Restriction of Processing: In certain circumstances you may request that qoki restricts the processing of your data while a dispute or verification is in progress.
- Right to Data Portability: You may request that your personal data be provided to you in a machine-readable format (e.g., JSON or CSV) so that it can be transferred to another service provider.
- Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes at any time. You may also object to processing based on legitimate interests, though qoki may be able to demonstrate compelling grounds to continue processing in certain cases.
- Right to Withdraw Consent: Where processing is based on your consent (e.g., marketing emails), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
qoki will respond to all verified data rights requests within 30 calendar days. In cases of complex or high-volume requests, this period may be extended by a further 60 days, in which case we will notify you of the extension and the reason within the initial 30-day window. There is no charge for exercising your data rights under standard circumstances.
Data Security Measures
Protecting your personal data is a core operational priority at qoki. We implement a layered security architecture designed to protect against unauthorised access, data breaches, accidental loss, and malicious attack. The key security measures we maintain include:
- Transport Encryption: All data in transit between your device and qoki's servers is encrypted using TLS 1.2 or higher, providing 256-bit encryption for all communications.
- Data at Rest Encryption: Personal data stored in qoki's databases is encrypted at rest using AES-256 encryption. Encryption keys are managed separately from the encrypted data and are rotated on a scheduled basis.
- Access Controls: Access to production systems and personal data is restricted to authorised personnel only, enforced through role-based access control (RBAC), multi-factor authentication (MFA), and audit logging of all data access events.
- Network Security: qoki's infrastructure is protected by enterprise-grade firewalls, intrusion detection systems (IDS), and distributed denial-of-service (DDoS) mitigation. Regular vulnerability scans and penetration tests are conducted by independent security specialists.
- Incident Response: qoki maintains a documented data breach response plan. In the event of a confirmed personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach.
- Staff Training: All qoki employees and contractors with access to personal data receive mandatory data protection training at onboarding and on an annual basis thereafter.
While qoki implements robust technical and organisational security measures, no internet-connected system can be guaranteed to be 100% secure. You also play an important role in keeping your account safe. Use a strong, unique password for your qoki account, do not share your login credentials with anyone, and contact [email protected] immediately if you suspect your account has been compromised.
Policy Updates & Contact
qoki reviews and updates this Privacy Policy periodically to reflect changes in our data practices, legal obligations, or platform features. The "Effective" date at the top of this document will be updated whenever a material change is made. We will notify registered users of significant changes via a notice displayed on the qoki platform and/or via the email address registered to their account, no fewer than 14 days before the updated policy takes effect.
Continued use of the qoki platform after the effective date of an updated Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with any material changes to this policy, you should cease using the platform and may request account closure by contacting support.
How to Contact Us About Privacy
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact the qoki data protection team using the details below. We aim to acknowledge all privacy-related enquiries within 2 business days and to provide a substantive response within 30 calendar days.
- Email: [email protected] (subject line: "Privacy Enquiry")
- Live Chat: Available 24/7 from your qoki account dashboard. Response target: under 90 seconds.
- Postal Address: qoki Data Protection Team — contact via email for current mailing address details.
This Privacy Policy was last reviewed and updated on 1 January 2026. The current version supersedes all previous versions of the qoki Privacy Policy.
Your Privacy Is Protected at qoki
Now that you understand how we handle your data, explore everything qoki has to offer — from daily bonuses and live cricket betting to 2,800+ casino games. Questions? Our support team is available 24/7.