277bit Privacy Policy
At 277bit, we take the privacy and security of your personal data seriously. This Privacy Policy explains what information we collect when you use the 277bit platform, how we use it, who we may share it with, and the rights you hold over your own data. Please read this document carefully before creating an account or depositing funds.
Privacy at a Glance
SSL Encryption
All data transmitted between your device and 277bit is protected by industry-standard TLS/SSL encryption. Your personal and payment details are never sent over unencrypted connections.
Minimal Data Collection
277bit collects only the personal data that is strictly necessary to operate the platform, verify your identity, process payments, and comply with applicable anti-money laundering requirements.
No Data Selling
277bit does not sell, rent, or auction your personal data to third-party marketers or data brokers under any circumstances. Your data is used exclusively to operate and improve the 277bit platform.
Cookie Controls
You can manage your cookie preferences at any time through your browser settings. Disabling non-essential cookies may affect some features of the platform but will not prevent you from accessing your account.
Your Access Rights
As a 277bit account holder, you have the right to request a copy of the personal data we hold about you, request corrections to inaccurate data, or request deletion of your data subject to legal retention obligations.
Defined Retention Periods
277bit retains personal data only for as long as it is needed for the purpose for which it was collected, or as required by applicable law. Account data is held for a minimum of five years following account closure to comply with AML obligations.
Section 1
Information We Collect
277bit collects personal data from you in several ways: directly when you register an account or interact with the platform, automatically when you use the platform, and from third-party sources as part of our identity verification and anti-fraud processes. The categories of personal data we collect are set out below.
1.1 Registration and Account Data
When you create a 277bit account, we collect the following information from you directly:
- Full Legal Name: As it appears on your government-issued identification document.
- Date of Birth: Required to verify that you meet the minimum age requirement of 18 years.
- Residential Address: Your full current home address, including city, district, and postcode where applicable.
- Mobile Number: A valid Bangladeshi mobile number used for account verification, two-factor authentication, and platform communications.
- Email Address: Used for account-related correspondence, bonus notifications, and important policy updates.
- Username and Password: Your chosen login credentials. Passwords are stored in hashed form and are never accessible in plain text by 277bit staff.
1.2 Identity Verification (KYC) Data
As part of our Know Your Customer (KYC) verification process, we may collect the following additional documents and data:
- Government-Issued Photo ID: A copy of your National Identity Card (NID), passport, or driving licence, including the photograph, ID number, and expiry date.
- Proof of Address: A recent utility bill, bank statement, or official letter dated within 90 days confirming your registered residential address.
- Proof of Payment Method: Evidence linking your registered bKash number, Nagad account, bank account, or card to your verified identity. This may include a screenshot of your mobile banking profile or a bank statement header.
- Source of Funds Declaration: In certain high-value cases, we may request a written declaration or supporting documents demonstrating the legitimate source of funds deposited into your 277bit account.
1.3 Transactional Data
We automatically record all financial activity associated with your 277bit account, including:
- Deposit amounts, dates, times, and payment method references (e.g., bKash transaction IDs, Nagad reference numbers).
- Withdrawal requests, amounts, processing timestamps, and destination payment method references.
- Bonus credits, wagering activity, and bonus expiry events.
- Account balance history.
1.4 Gaming and Betting Activity Data
We collect a complete record of your gameplay and betting activity on the 277bit platform, including:
- Game sessions played (title, start time, end time, stake, result).
- Sports bets placed (event, market, selection, odds, stake, settlement outcome).
- Plinko and virtual sports session records.
- Responsible gaming tool activations (deposit limits, session time-outs, self-exclusion requests).
1.5 Technical and Device Data
When you access the 277bit platform, our servers and analytics tools automatically collect the following technical data:
- IP Address: Used for geolocation, fraud detection, and to identify multiple accounts associated with the same network.
- Device Identifiers: Device type, operating system version, browser type and version, and unique device fingerprint identifiers.
- Session Data: Login timestamps, session duration, pages visited, and in-platform navigation paths.
- Referral Source: The URL or search term that directed you to the 277bit platform, if applicable.
1.6 Communications Data
If you contact 277bit support via live chat, email, or WhatsApp, we retain records of those communications — including the content of messages, timestamps, and support agent responses — for quality assurance, dispute resolution, and training purposes.
Section 2
How We Use Your Data
277bit uses your personal data only for the purposes described in this Privacy Policy. We do not use your data for purposes that are incompatible with those stated here without first obtaining your consent or establishing a separate legal basis. The primary purposes for which we process your personal data are as follows:
| Purpose | Data Categories Used |
|---|---|
| Account Registration and Management — Creating, maintaining, and operating your 277bit player account. | Registration data, contact details, login credentials. |
| Identity Verification (KYC) — Confirming your identity, age, and residential address in compliance with AML obligations. | KYC documents, date of birth, proof of address, payment method ownership. |
| Payment Processing — Processing deposits and withdrawals via bKash, Nagad, Rocket, Upay, bank transfer, and card. | Transactional data, payment method references, account balance data. |
| Platform Delivery and Personalisation — Delivering the games, betting markets, and features of the 277bit platform, and tailoring your experience based on your activity. | Gaming data, betting history, device data, session data. |
| Fraud Prevention and Security — Detecting and preventing fraudulent activity, unauthorised account access, bonus abuse, and money laundering. | IP address, device identifiers, transaction history, gaming activity, KYC data. |
| Responsible Gaming — Monitoring gameplay patterns that may indicate problem gambling behaviour and applying responsible gaming tools at the player's request. | Gaming and betting activity data, responsible gaming tool records, deposit history. |
| Customer Support — Responding to support queries, complaints, and dispute submissions. | Communications data, account data, transaction data, gaming data. |
| Marketing and Promotions — Sending you promotional communications about 277bit bonuses, offers, and events (where you have consented or where permitted by applicable law). | Contact details, gaming and betting preferences, bonus history. |
| Legal Compliance — Complying with applicable laws, responding to lawful requests from authorities, and defending legal claims. | All categories of personal data where legally required. |
Section 3
Legal Basis for Processing
277bit processes your personal data on one or more of the following legal bases, depending on the specific processing activity:
- Contractual Necessity: The majority of our data processing is necessary to perform the contract we have with you — namely, the Terms & Conditions governing your 277bit account. Without processing your registration data, KYC documents, transactional data, and gaming activity data, we cannot provide the services you have signed up for.
- Legal Obligation: Certain processing activities — in particular KYC verification, transaction monitoring, and the retention of financial records — are required by applicable anti-money laundering laws and international best-practice frameworks that 277bit adheres to as an offshore platform.
- Legitimate Interests: 277bit processes some categories of data — such as device identifiers, IP addresses, and session data — on the basis of its legitimate interests in operating a secure, fraud-resistant platform and providing a personalised user experience. We ensure that these legitimate interests do not override your fundamental privacy rights.
- Consent: Where we send marketing communications by email or SMS, we rely on your consent as the legal basis for that processing. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
Section 4
Data Sharing & Disclosure
277bit does not sell your personal data. We share personal data with third parties only in the limited circumstances described below, and only to the extent necessary to fulfil the relevant purpose.
4.1 Service Providers
We engage carefully selected third-party service providers who assist us in operating the 277bit platform. These providers act as data processors on our behalf and are contractually obligated to process your data only in accordance with our instructions and to maintain appropriate security measures. Categories of service providers include:
- Payment Processors: bKash, Nagad, Rocket, Upay, Dutch-Bangla Bank, BRAC Bank, City Bank, Islami Bank, Sonali Bank, Visa, and Mastercard — to facilitate the processing of deposits and withdrawals.
- KYC and Identity Verification Providers: Third-party identity verification platforms that perform automated document checks and database screening on our behalf.
- Game Content Providers: Licensed game studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi, whose platforms may process limited technical session data to deliver their game content.
- Fraud Detection and Risk Management Providers: Specialist fraud analytics providers that process IP address, device fingerprint, and behavioural data to identify and block suspicious account activity.
- Cloud Infrastructure and Hosting Providers: Secure cloud hosting providers who store platform data on servers protected by physical and digital security controls.
4.2 Law Enforcement and Regulatory Authorities
277bit may disclose personal data to law enforcement agencies, regulatory bodies, or other competent authorities where we are legally required to do so, or where we reasonably believe that disclosure is necessary to prevent or detect criminal activity — including fraud, money laundering, or terrorist financing — or to protect the safety of any individual.
4.3 Business Transfers
In the event that 277bit is subject to a merger, acquisition, sale of assets, or restructuring, your personal data may be transferred to the acquiring or successor entity as part of that transaction. We will notify affected players of any such transfer and of any material changes to data processing arrangements that result from it, in advance where reasonably practicable.
4.4 No Third-Party Marketing
277bit does not share your personal data with any third party for their own marketing purposes. We do not participate in data-sharing agreements, co-registration schemes, or affiliate data exchanges that would result in your personal details being passed to external marketing organisations.
Section 5
Cookies & Tracking Technologies
277bit uses cookies and similar tracking technologies on the platform to ensure the site functions correctly, to remember your preferences, to analyse usage patterns, and to support fraud prevention systems. By continuing to use the 277bit platform, you consent to the use of cookies as described in this section.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for the platform to function. These include session authentication cookies that keep you logged in and security tokens that protect against cross-site request forgery. These cannot be disabled without breaking core platform functionality. | Session / up to 24 hours |
| Functional | Remember your preferences, such as language settings, last visited game category, and responsible gaming limit confirmations. These improve your experience but are not essential to platform operation. | Up to 12 months |
| Analytics | Help us understand how players navigate the platform — which pages are most visited, where users drop off, and how long sessions typically last. This data is aggregated and anonymised where possible and is used to improve platform design and performance. | Up to 24 months |
| Fraud Detection | Used by our fraud prevention providers to build a device fingerprint and detect unusual access patterns. These are strictly necessary for platform security and cannot be disabled. | Up to 12 months |
You can manage or delete cookies through your browser settings at any time. Instructions for doing so vary by browser — consult your browser's help documentation for guidance. Please note that disabling functional or analytics cookies may affect certain non-essential features of the platform. Disabling strictly necessary or fraud detection cookies may prevent you from logging in or using the platform at all.
Section 6
Data Retention
277bit retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The key retention periods that apply to categories of personal data processed by 277bit are as follows:
- Account and KYC Data: Retained for a minimum of 5 years following the closure or deactivation of your 277bit account. This retention period is required to comply with international anti-money laundering record-keeping obligations.
- Transactional and Financial Records: Retained for a minimum of 5 years following the date of each transaction. This enables us to respond to any disputed transaction, regulatory inquiry, or financial audit within the applicable limitation period.
- Gaming and Betting Activity Records: Retained for 3 years following account closure. These records support dispute resolution, responsible gaming monitoring, and platform integrity investigations.
- Communications Records (Support Logs): Retained for 2 years following the date of the communication. Used for quality assurance, complaint handling, and staff training.
- Marketing Consent Records: Retained for the duration of your account plus 2 years following account closure, to evidence consent decisions and opt-out requests.
- Technical and Device Data: Retained for 12 months from collection, unless a longer retention period is required for an active fraud or security investigation.
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in a manner that prevents reconstruction. Where anonymisation is used in place of deletion, the resulting anonymised data set is no longer personal data and may be retained indefinitely for statistical and platform improvement purposes.
Section 7
Data Security
277bit applies a layered approach to data security, combining technical, organisational, and procedural controls to protect your personal data against unauthorised access, loss, destruction, or disclosure. Key security measures in place include:
- TLS/SSL Encryption: All data transmitted between your browser or mobile device and the 277bit platform is encrypted using Transport Layer Security (TLS). This means that your login credentials, personal details, and payment information are protected from interception in transit.
- Password Hashing: Account passwords are stored using a strong one-way cryptographic hashing algorithm. Plain-text passwords are never stored and are not accessible to 277bit staff at any point.
- Two-Factor Authentication (2FA): 277bit supports two-factor authentication via SMS one-time passcode (OTP) for account login. Players are strongly encouraged to enable 2FA to provide an additional layer of protection against unauthorised access.
- Access Controls: Access to personal data by 277bit staff is restricted on a strict need-to-know basis. Staff with access to sensitive player data are subject to confidentiality obligations and receive regular data protection training.
- Secure Data Centres: Platform data is hosted in secure, access-controlled data centre facilities equipped with physical security, fire suppression systems, and redundant power supplies.
- Penetration Testing and Vulnerability Management: 277bit conducts regular security assessments, including penetration testing, to identify and remediate vulnerabilities in the platform and its underlying infrastructure.
Despite these measures, no internet-based platform can guarantee absolute security. In the unlikely event of a data breach that poses a risk to your rights, 277bit will notify affected players as promptly as reasonably practicable, providing details of the nature of the breach, the categories of data affected, and the steps being taken to address it.
Section 8
Your Data Rights
As a 277bit account holder, you have the following rights in relation to the personal data we hold about you. To exercise any of these rights, please contact our support team at [email protected] or via live chat on the platform. We will acknowledge your request within 5 business days and aim to fulfil it within 30 days, subject to identity verification.
- Right of Access: You have the right to request a copy of the personal data that 277bit holds about you. We will provide this in a structured, commonly used, and machine-readable format where technically feasible. We may request evidence of your identity before fulfilling an access request.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. You may also update certain account details directly from within your 277bit account settings.
- Right to Erasure: You may request that we delete your personal data. This right is not absolute — where we are required to retain data by law (for example, under AML record-keeping obligations), we will not be able to delete it within the mandatory retention period. We will inform you of any such limitation when responding to your erasure request.
- Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances — for example, where you contest the accuracy of the data or where processing is unlawful but you prefer restriction over erasure.
- Right to Data Portability: Where processing is carried out on the basis of your consent or contractual necessity and is performed by automated means, you have the right to receive a copy of your personal data in a structured electronic format and to transmit it to another service provider.
- Right to Object to Marketing: You have the absolute right to object to the processing of your personal data for direct marketing purposes at any time. Upon receipt of such an objection, we will cease using your data for marketing immediately.
- Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Questions About Your Privacy?
Our support team is available around the clock to answer any questions about how 277bit handles your data. You can also explore our full Terms & Conditions or head to the casino.