Privacy Policy — zoya 7
At zoya 7, the privacy of every player matters. This Privacy Policy explains exactly what personal data we collect, why we collect it, how we use it, and the rights you hold over your information as a player on our Bangladesh-based online casino and sportsbook platform.
End-to-End Encryption
All data transmitted between your device and zoya 7 servers is protected by 256-bit SSL/TLS encryption, ensuring that your personal and financial information cannot be intercepted in transit.
No Data Selling
zoya 7 does not sell, rent, or trade your personal data to any third-party marketing organisation. Your information is used solely to deliver, secure, and improve our Services.
Transparent Data Use
Every category of personal data we collect has a specific, documented purpose outlined in this policy. We do not collect data beyond what is necessary to provide the Services.
Your Rights Protected
Players hold clear rights over their data, including the right to access, correct, restrict, and request deletion of their personal information held by zoya 7 at any time.
Cookie Control
zoya 7 uses only functional, analytics, and security cookies. No third-party advertising cookies are placed on your device without your awareness.
Secure Payment Data
Payment details — including bKash, Nagad, and Rocket account information — are stored in tokenised form. Full payment credentials are never stored in plain text on zoya 7 servers.
This Privacy Policy ("Policy") is issued by zoya 7 ("zoya 7", "we", "us", "our") and governs the collection, processing, storage, and disclosure of personal data relating to all individuals ("you", "your", "the Player") who access or use the zoya 7 website, mobile platform, gaming services, sportsbook, or any associated Services. This Policy is effective as of 1 January 2026 and supersedes all previous privacy notices published by zoya 7.
By registering an account with zoya 7 or continuing to use our Services, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data in the manner described herein. If you do not agree with any part of this Policy, you should not use the Services and should contact our support team at [email protected] to arrange closure of any existing account.
This Policy should be read alongside our Terms & Conditions, which together form the complete agreement governing your relationship with zoya 7. Where this Policy addresses a data-related matter also covered by the Terms & Conditions, this Policy shall take precedence.
1. Data We Collect
zoya 7 collects personal data through several channels: directly from you during the account registration and verification process; automatically through your use of the platform; and, in limited circumstances, from trusted third-party service providers engaged to support our operations. The following table summarises the main categories of personal data we collect and the primary source of each.
| Data Category | Specific Data Points | Primary Source |
|---|---|---|
| Identity Data | Full legal name, date of birth, NID/passport number, photograph | Registration & KYC submission |
| Contact Data | Email address, Bangladesh mobile number, residential address | Registration form |
| Financial Data | bKash / Nagad / Rocket account number (tokenised), transaction history, deposit and withdrawal amounts in ৳ | Payment processing |
| Technical Data | IP address, device fingerprint, browser type and version, operating system, session timestamps | Automatic collection via platform |
| Usage Data | Games played, wagers placed, sports markets accessed, session duration, page navigation paths | Automatic collection via platform |
| Communications Data | Support chat transcripts, email correspondence, feedback submissions | Direct communication with support |
| Responsible Gaming Data | Self-exclusion status, deposit limit settings, cooling-off period records | Account settings & support requests |
Data We Do Not Collect
zoya 7 does not collect sensitive personal data beyond what is strictly required for identity verification and fraud prevention. We do not collect racial or ethnic origin, religious beliefs, health data, biometric data, or political opinions. We do not collect data from individuals who are not registered users of the platform, and we do not collect data from children under the age of 18. If we become aware that personal data has been inadvertently collected from a minor, that data will be deleted immediately and the associated account closed.
2. How We Use Your Data
zoya 7 processes personal data only where a lawful basis exists for doing so. The principal purposes for which we use your personal data are set out below, together with the lawful basis applicable to each purpose.
- Account creation and management: To register your account, verify your identity through our KYC process, and maintain your player profile in a secure and accurate state. Lawful basis: performance of a contract.
- Processing deposits and withdrawals: To facilitate the transfer of Bangladeshi Taka (৳) between your nominated payment method (bKash, Nagad, Rocket, or bank account) and your zoya 7 wallet. Lawful basis: performance of a contract.
- Providing gaming and sportsbook services: To allow you to access casino games, live dealer tables, cricket betting, slots, and all other Services offered on the zoya 7 platform. Lawful basis: performance of a contract.
- Fraud prevention and security monitoring: To detect and prevent fraudulent activity, money laundering, multiple-account creation, bonus abuse, and unauthorised access. Lawful basis: legitimate interest and legal obligation.
- Regulatory compliance and KYC: To comply with applicable legal obligations, including age verification, identity verification, and transaction monitoring requirements. Lawful basis: legal obligation.
- Customer support: To respond to your queries, resolve disputes, process complaints, and provide technical assistance. Lawful basis: performance of a contract and legitimate interest.
- Responsible gaming: To monitor gambling patterns that may indicate problem gambling behaviour and to administer self-exclusion, deposit limit, and cooling-off requests. Lawful basis: legal obligation and legitimate interest.
- Platform improvement: To analyse aggregate usage data in order to improve the performance, design, and content of the zoya 7 platform. Lawful basis: legitimate interest. Data used for this purpose is anonymised or pseudonymised wherever possible.
- Marketing communications: To send you promotional emails, SMS notifications, and in-platform messages about bonuses, new game releases, cricket season promotions, and seasonal offers (such as Eid or Pohela Boishakh specials) — but only where you have opted in to receive such communications. Lawful basis: consent. You may withdraw consent at any time by updating your communication preferences in your account settings or by contacting support.
📌 Note on Automated Decision-Making: zoya 7 uses automated systems to flag accounts for fraud review and to enforce responsible gaming limits. Where an automated decision has a significant impact on your account (such as triggering a suspension), you have the right to request a manual review by a member of our compliance team. Contact us at [email protected] to initiate a review.
3. Data Sharing & Disclosure
zoya 7 does not sell, rent, or trade your personal data to any third party. We may, however, share your personal data with carefully selected categories of recipients where necessary to deliver the Services or to comply with our legal obligations. All third-party recipients are required to process your data securely and only for the purpose for which it was shared.
Categories of Recipients
- Payment service providers: bKash, Nagad, Rocket, Upay, SureCash, Dutch-Bangla Bank, City Bank, and BRAC Bank receive the minimum financial data necessary to process your deposit and withdrawal transactions. These providers operate under their own privacy and security frameworks.
- Game studio providers: Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, Ezugi, and other integrated game providers may receive pseudonymised player session data (such as player ID, session token, and stake amount) in order to deliver and audit game outcomes. No directly identifying information is shared with game studios.
- Identity verification services: Third-party KYC and document verification partners receive copies of identity documents submitted by players during the verification process. These partners operate under strict data processing agreements with zoya 7.
- Fraud detection and risk management providers: Specialist fraud analytics services may receive technical data (IP address, device fingerprint, behavioural signals) to assist in detecting suspicious activity. Data shared is pseudonymised where feasible.
- IT infrastructure and cloud service providers: zoya 7 uses reputable cloud hosting and infrastructure providers to store and process platform data. These providers act as data processors and are contractually bound to process data only on our instructions.
- Legal and regulatory authorities: Where required by applicable law, court order, or a lawful request from a competent authority, zoya 7 may disclose personal data without prior notice to you. We will notify you of any such disclosure where legally permitted to do so.
⚠️ No Cross-Border Transfers Without Safeguards: If any personal data is transferred outside Bangladesh to a third-party processor operating in another country, zoya 7 will ensure that appropriate contractual safeguards are in place to protect that data to a standard equivalent to the protections applicable in Bangladesh.
4. Cookies & Tracking Technologies
The zoya 7 platform uses cookies and similar tracking technologies to ensure the correct functioning of the website, to enhance your user experience, and to collect analytics data that helps us improve the platform. A cookie is a small text file placed on your device by the zoya 7 web server when you visit the platform. Cookies do not contain executable code and cannot access other files stored on your device.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Maintain your login session, prevent cross-site request forgery (CSRF), enforce security policies | Session / up to 24 hours |
| Functional | Remember your language preference, game lobby view settings, and notification preferences | Up to 30 days |
| Analytics | Collect anonymised data on page visits, session duration, and navigation paths to improve the platform | Up to 12 months |
| Security / Fraud Detection | Support device fingerprinting and behavioural analytics used to detect suspicious login patterns | Up to 6 months |
zoya 7 does not use third-party advertising or retargeting cookies. We do not place tracking pixels for external ad networks on any page of the platform. You may configure your browser to block or delete cookies at any time; however, disabling strictly necessary cookies will prevent you from logging in and using the Services.
5. Data Retention
zoya 7 retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following retention periods apply to the main categories of personal data we hold:
- Account and identity data: Retained for the duration of your account plus a minimum of five (5) years following account closure, in order to satisfy anti-money laundering (AML) record-keeping obligations.
- Transaction and financial data: Retained for a minimum of five (5) years from the date of the transaction, consistent with applicable financial record-keeping requirements.
- KYC documents: Retained for a minimum of five (5) years from the date of submission or account closure, whichever is later.
- Gaming and betting history: Retained for the duration of your account plus three (3) years following closure, for dispute resolution and audit purposes.
- Customer support communications: Retained for three (3) years from the date of the communication.
- Marketing consent records: Retained for the duration of the consent plus two (2) years, as evidence of opt-in. Data used solely for marketing is deleted upon withdrawal of consent.
- Technical and usage data (logs): Typically retained for twelve (12) months before being anonymised or deleted, unless a specific investigation requires longer retention.
When personal data is no longer required and the applicable retention period has expired, it will be securely deleted or irreversibly anonymised. Anonymised data may be retained indefinitely for statistical and platform improvement purposes, as it can no longer be linked to any individual.
6. Data Security Measures
zoya 7 implements a layered approach to data security, combining technical controls, organisational policies, and personnel training to protect personal data against unauthorised access, accidental loss, destruction, or disclosure.
Technical Controls
- 256-bit SSL/TLS encryption across all data transmitted between your browser or device and zoya 7 servers, ensuring in-transit protection for all personal and financial information.
- Data encryption at rest for all sensitive personal data stored on zoya 7 servers, including identity documents and payment tokens.
- Tokenisation of payment credentials — bKash, Nagad, Rocket, and bank account details are stored only as encrypted tokens; full account numbers are never held in readable form.
- Firewalls and intrusion detection systems actively monitoring network traffic for anomalous patterns indicative of attempted breaches.
- Access controls and role-based permissions ensuring that only authorised personnel can access personal data, and only to the extent required by their specific role.
- Regular penetration testing and security audits conducted by independent third-party security specialists to identify and remediate vulnerabilities.
Organisational Measures
All zoya 7 employees and contractors who handle personal data are subject to confidentiality obligations and receive regular data protection training. Access to production data systems is restricted to a limited number of authorised personnel, and all access events are logged and audited. In the event of a data breach that poses a risk to player data, zoya 7 will notify affected players and take all necessary remediation steps as promptly as possible.
🔑 Your Responsibility: While zoya 7 maintains robust security measures, you are also responsible for protecting your account. Use a strong, unique password for your zoya 7 account, enable two-factor authentication (2FA) via your registered Bangladesh mobile number, and never share your login credentials with anyone. If you believe your account has been compromised, contact us immediately at [email protected].
7. Your Privacy Rights
As a player on the zoya 7 platform, you hold the following rights in relation to your personal data. Requests to exercise any of these rights should be submitted in writing to [email protected]. zoya 7 will acknowledge your request within five (5) business days and aim to fulfil it within thirty (30) calendar days. In cases of complexity or high volume, we may extend this period by up to a further thirty (30) days, in which case we will notify you.
- Right of Access: You have the right to request a copy of all personal data that zoya 7 holds about you, along with information about how that data is used, where it is stored, and with whom it has been shared.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected or updated. Minor corrections (such as updating a mobile number or email address) can typically be made directly from your account settings.
- Right to Erasure ("Right to be Forgotten"): You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected and where no legal obligation requires its continued retention. Note that zoya 7's AML and KYC record-keeping obligations (see Section 5) may limit or delay deletion of certain data categories even after account closure.
- Right to Restriction of Processing: You may request that zoya 7 restrict the processing of your personal data in specific circumstances — for example, while a dispute about data accuracy is being resolved, or where you have objected to processing based on legitimate interest and a determination is pending.
- Right to Data Portability: Where processing is based on your consent or on the performance of a contract and is carried out by automated means, you may request that your personal data be provided to you in a structured, commonly used, machine-readable format.
- Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes at any time. You also have the right to object to processing based on legitimate interest, though zoya 7 may continue processing where compelling legitimate grounds exist that override your interests.
- Right to Withdraw Consent: Where processing is based on your consent (for example, marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. Withdrawal of consent can be done through your account settings or by contacting support.
⚠️ Identity Verification for Rights Requests: To protect player data, zoya 7 will verify your identity before processing any data rights request. You may be asked to confirm details associated with your registered account. zoya 7 will not fulfil a data rights request submitted by a third party on your behalf without your explicit written authorisation.
8. Updates to This Policy
zoya 7 reserves the right to update or revise this Privacy Policy at any time to reflect changes in our data processing practices, changes to the Services, or changes in applicable legal requirements. The effective date at the top of this document will be updated each time a material change is made.
Where changes are material — meaning they significantly affect how we use your personal data or the rights available to you — zoya 7 will provide advance notice via the email address registered to your account and/or via a prominent notice displayed on the platform. Your continued use of the Services following the notification of a material change constitutes acceptance of the revised Policy.
For minor or administrative updates that do not materially affect your rights (such as correcting typographical errors or clarifying existing language), zoya 7 may update the Policy without specific prior notification, though the effective date will always be updated to reflect any revision.
We encourage you to review this Privacy Policy periodically to stay informed about how zoya 7 protects your personal data. Previous versions of this Policy are available upon request by contacting our support team at [email protected].
📬 Privacy Contact: For all privacy-related enquiries, data rights requests, or concerns about how zoya 7 handles your personal data, please contact our support team at [email protected]. We are available 24 hours a day, 7 days a week, and aim to respond to all privacy enquiries within four (4) business hours.
Ready to Play Safely at zoya 7?
Your data is protected every step of the way. Explore the zoya 7 Casino, browse our cricket and slots offerings, or check the FAQ for answers to common questions about your account and privacy. 18+ only — please play responsibly.