ssh8 Privacy Policy — Your Data, Protected
At ssh8, your privacy is not an afterthought — it is a core principle. This Privacy Policy explains exactly what personal data we collect, why we collect it, how we store and protect it, and the rights you hold over your information as a player in Bangladesh.
SSL Encryption
All data transmitted between your device and the ssh8 platform is protected by industry-standard SSL/TLS encryption. Your personal and financial information is never sent in plain text.
No Data Selling
ssh8 does not sell, rent, or trade your personal data to any third party for their marketing purposes. Your information is used solely for platform operation and legal compliance.
Minimal Collection
We collect only the data that is genuinely necessary to operate the platform, verify your identity, process payments, and comply with anti-money-laundering obligations.
Your Rights Matter
You retain the right to access, correct, and request deletion of your personal data at any time. Contact the ssh8 support team to exercise any of your privacy rights.
1. Data We Collect
ssh8 collects personal data in several ways: directly from you when you register or use the platform, automatically through your use of the site, and from third-party payment and verification providers. The categories of data we collect are set out below:
1.1 Registration Data
When you create an ssh8 account, we collect the following information:
- Full legal name — as it appears on your government-issued identity document
- Date of birth — to verify that you meet the 18+ age requirement
- Email address — used for account communications and security alerts
- Mobile number — used for two-factor authentication and account recovery
- Residential address — required for identity verification and KYC compliance
- Username and password — your chosen login credentials, stored in hashed form
1.2 Identity Verification (KYC) Data
To comply with our Know Your Customer obligations and to protect the integrity of the platform, ssh8 may request copies of the following documents:
- National Identity Card (NID) or passport
- Proof of residential address (utility bill or bank statement dated within 90 days)
- Mobile financial service transaction records (bKash, Nagad, Rocket, or Upay) where required to verify source of funds
- Selfie photograph or video — for liveness verification purposes only
1.3 Financial Transaction Data
When you make a deposit or request a withdrawal, ssh8 records transaction details including the payment method used, transaction reference number, amount in BDT (৳), timestamp, and transaction status. We do not store full payment card numbers on our servers; card data is handled by our PCI-compliant payment processing partners.
1.4 Usage and Behavioural Data
ssh8 automatically collects certain technical and behavioural data when you interact with the platform:
- IP address and approximate geographic location
- Device type, operating system, and browser version
- Pages visited, session duration, and click-path data
- Game sessions played, bet amounts, and game outcomes
- Bonus claims and wagering activity
This data is used for platform analytics, fraud detection, responsible gaming monitoring, and improving the overall user experience. It is not used to profile you for third-party advertising purposes.
1.5 Communications Data
If you contact the ssh8 support team via live chat or email, we retain records of those communications to maintain service quality, resolve disputes, and train our support staff. Communications data is stored securely and accessed only by authorised personnel.
2. How We Use Your Data
ssh8 processes your personal data only where there is a lawful basis for doing so. The primary purposes for which we use your data are described below:
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Account creation and management | Registration data, contact details | Contract performance |
| Age and identity verification (KYC) | NID, date of birth, KYC documents | Legal obligation |
| Processing deposits and withdrawals | Financial transaction data, payment method details | Contract performance |
| Fraud prevention and AML monitoring | Transaction data, usage data, IP address | Legal obligation / Legitimate interest |
| Responsible gaming monitoring | Betting behaviour, session data, deposit history | Legal obligation / Player safety |
| Platform analytics and improvement | Usage and behavioural data (anonymised where possible) | Legitimate interest |
| Customer support and dispute resolution | Communications data, account data | Contract performance / Legitimate interest |
| Promotional communications (with consent) | Email address, mobile number, preferences | Consent (opt-in only) |
2.1 Marketing Communications
ssh8 will send you promotional emails or SMS notifications only where you have explicitly opted in to receiving such communications during registration or via your account settings. You may withdraw your consent and opt out of marketing communications at any time by updating your notification preferences in your account settings or by contacting the support team.
2.2 Automated Decision-Making
ssh8 uses automated systems to assist with fraud detection and responsible gaming monitoring. These systems may flag accounts for manual review based on unusual activity patterns. Where an automated process results in a material decision affecting your account — such as a temporary deposit restriction — you have the right to request human review of that decision by contacting the support team.
3. Data Sharing & Third Parties
ssh8 does not sell your personal data to third parties. We share your data only in the limited circumstances described below, and only to the extent necessary for each purpose.
3.1 Payment Processing Partners
To facilitate deposits and withdrawals, ssh8 shares necessary transaction data with our payment processing partners, including bKash, Nagad, Rocket, Upay, and card processing services supporting Visa and Mastercard transactions. These partners receive only the data required to process each transaction and are contractually bound to handle your data securely.
3.2 Identity Verification Providers
ssh8 uses third-party KYC service providers to assist with identity and age verification. These providers process your identity documents in accordance with their own privacy policies and applicable law. ssh8 selects KYC partners that maintain high data security standards and are contractually prohibited from using your data for any purpose other than identity verification on ssh8's behalf.
3.3 Game Software Providers
The casino and betting games available on the ssh8 platform are supplied by certified third-party providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. These providers may receive anonymised session data (e.g., game round identifiers and bet amounts) for the purpose of game auditing and dispute resolution. They do not receive your full personal profile.
3.4 Legal and Regulatory Authorities
ssh8 may be required to disclose personal data to law enforcement agencies, financial intelligence units, or other regulatory bodies where required by applicable law, court order, or where there is a credible risk of financial crime, money laundering, or harm to persons. Such disclosures are made only to the extent required by the relevant legal obligation.
3.5 No Cross-Border Transfers Without Safeguards
Where personal data is transferred to a third party located outside Bangladesh, ssh8 takes reasonable steps to ensure that the receiving party provides an equivalent level of data protection. We do not transfer your data to jurisdictions that do not offer adequate privacy protections without implementing appropriate contractual safeguards.
4. Cookies & Tracking
ssh8 uses cookies and similar tracking technologies to operate the platform, maintain session continuity, and gather anonymised analytics data. The types of cookies we use are described below:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Functional | Maintain your login session, remember language preferences, and ensure the platform functions correctly. These cannot be disabled. | Session / Up to 30 days |
| Analytics | Collect anonymised data on page visits, navigation paths, and feature usage to help us improve the platform experience. | Up to 12 months |
| Fraud Detection | Identify suspicious access patterns, detect bot activity, and protect your account from unauthorised access attempts. | Up to 90 days |
| Responsible Gaming | Track session duration and activity levels to support responsible gaming monitoring and self-exclusion enforcement. | Session / Persistent per settings |
4.1 Managing Cookies
You can manage or disable non-essential cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the ssh8 platform — in particular, disabling session cookies will prevent you from remaining logged in between page loads. Detailed guidance on managing cookies is available through your specific browser's help documentation.
4.2 No Third-Party Advertising Cookies
ssh8 does not use third-party advertising networks or tracking pixels that would enable external advertisers to build a profile of your browsing behaviour across the web. Our analytics tools are configured to anonymise IP addresses and to avoid cross-site tracking.
5. Data Retention
ssh8 retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal obligations, or to resolve disputes. The following retention guidelines apply:
- Active account data: Retained for the lifetime of your ssh8 account and for a period of five years following account closure, in accordance with anti-money-laundering record-keeping requirements.
- KYC and identity documents: Retained for a minimum of five years following the end of the customer relationship, as required by applicable financial crime prevention laws.
- Transaction records: Retained for a minimum of five years from the date of each transaction to support audit, dispute resolution, and regulatory compliance purposes.
- Support communications: Retained for two years from the date of the interaction, unless the communication relates to an open dispute or investigation, in which case it is retained until the matter is resolved.
- Analytics data: Aggregated and anonymised after 12 months. Individual-level usage data is not retained beyond this period unless it forms part of a fraud investigation record.
- Marketing preferences: Retained until you withdraw consent or close your account, whichever occurs first.
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in a manner that prevents re-identification. Where technical constraints mean that immediate deletion is not possible, the data is restricted from further processing pending its scheduled deletion.
6. Data Security
Protecting your personal data from unauthorised access, disclosure, alteration, and destruction is a priority for ssh8. We implement a layered security approach that includes both technical and organisational measures:
6.1 Technical Safeguards
- TLS/SSL encryption on all data transmissions between your browser and the ssh8 servers
- Password hashing using industry-standard cryptographic algorithms — your plaintext password is never stored
- Two-factor authentication (2FA) available to all players to add an additional layer of login security
- Firewall and intrusion detection systems to monitor and block suspicious network activity
- Regular penetration testing and security audits conducted by independent third-party specialists
- Database encryption at rest for all personally identifiable information fields
6.2 Organisational Safeguards
- Access to personal data is restricted to ssh8 staff who require it to perform their specific role
- All staff with access to personal data undergo data protection training during onboarding and annually thereafter
- Third-party vendors with access to personal data are subject to contractual data processing agreements
- A documented incident response procedure is in place to address data breaches promptly and effectively
6.3 Data Breach Response
In the event of a personal data breach that poses a risk to your rights and interests, ssh8 will notify affected players without undue delay. We will describe the nature of the breach, the categories of data affected, the steps we are taking to address it, and the measures you can take to protect yourself. Players are encouraged to enable 2FA on their accounts and to use a strong, unique password to minimise their exposure in the event of any security incident.
7. Your Privacy Rights
As an ssh8 player, you hold the following rights in relation to your personal data. To exercise any of these rights, contact the ssh8 support team via live chat or email at [email protected] (plain text — not a clickable link).
7.1 Right of Access
You have the right to request a copy of the personal data that ssh8 holds about you. We will provide this information within a reasonable timeframe and at no cost for standard requests. Requests that are manifestly unfounded or repetitive may be subject to a reasonable administrative fee.
7.2 Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. You can update many details (such as your email address or mobile number) directly through your account settings. For changes to core identity data (such as your legal name), you may need to provide supporting documentation.
7.3 Right to Erasure
You may request the deletion of your personal data in certain circumstances — for example, where the data is no longer necessary for the purpose for which it was collected. Please note that ssh8 is required by law to retain certain categories of data (such as KYC and transaction records) for a minimum period, and erasure requests that conflict with these legal retention obligations cannot be fulfilled in full during the applicable retention period.
7.4 Right to Restriction of Processing
You have the right to request that ssh8 restrict the processing of your personal data in specific circumstances, such as where you contest the accuracy of the data or where you have objected to processing based on legitimate interest and verification is pending.
7.5 Right to Object
Where ssh8 processes your personal data on the basis of legitimate interest (for example, for platform analytics or fraud prevention), you have the right to object to that processing. ssh8 will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
7.6 Right to Withdraw Consent
Where processing is based on your consent (for example, marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing that occurred before withdrawal. You can manage your consent preferences through your account settings or by contacting support.
8. Contact & Policy Updates
8.1 How to Contact Us About Privacy
If you have any questions, concerns, or requests relating to this Privacy Policy or the way ssh8 handles your personal data, please contact us via:
- Live chat: Available 24/7 through the ssh8 platform
- Email: [email protected] (plain text — not a clickable link)
We aim to respond to all privacy-related enquiries within five business days. For complex requests — such as subject access requests or erasure requests — we may require up to 30 days to respond fully. Where a request requires additional time, we will acknowledge receipt and provide an estimated response date.
8.2 Policy Updates
ssh8 reviews and updates this Privacy Policy periodically to reflect changes in platform operations, applicable law, or industry best practice. When we make material changes to the Policy, we will notify registered players by email or via a prominent notice on the platform prior to the changes taking effect. The "Last Updated" date at the top of this page indicates when the most recent revision was made. Your continued use of the ssh8 platform following the publication of an updated Privacy Policy constitutes your acceptance of the revised terms.
8.3 Children's Privacy
The ssh8 platform is strictly for adults aged 18 and above. ssh8 does not knowingly collect personal data from persons under the age of 18. If we become aware that personal data has been collected from a person under 18, that data will be deleted immediately and the associated account will be closed. Parents and guardians who believe their child may have accessed the platform are encouraged to contact the support team immediately.
Anonymised Analytics
Where platform analytics data is processed, it is aggregated and anonymised before analysis. ssh8 does not build individual marketing profiles from your browsing behaviour on the platform.
PCI-Compliant Payments
Full card numbers are never stored on ssh8 servers. All payment card data is handled exclusively by our PCI-DSS-compliant processing partners, including services supporting Visa and Mastercard transactions.
24/7 Privacy Support
Have a privacy question or want to exercise a data right? The ssh8 support team is available around the clock via live chat to assist with any personal data requests or concerns.
Ready to Play? Your Data Is Safe with ssh8
We've built ssh8 with player privacy at its core. Explore our games, review our policies, or get in touch with our support team — we're here 24/7 for every player in Bangladesh.
18+ only. Please gamble responsibly. For full details see our Terms & Conditions.