gc777 Privacy Policy
At gc777, protecting your personal information is a core responsibility, not an afterthought. This Privacy Policy explains exactly what data we collect, why we collect it, how it is stored and used, and what rights you have over your own information as a player on our platform.
Privacy at a Glance
Identity Data
We collect your full legal name, date of birth, and National Identity Card details solely for account registration and KYC verification — required by anti-money laundering obligations.
SSL-Secured Transactions
Every data exchange between your browser and gc777 servers is protected by TLS 1.3 encryption. Payment details flow through certified processors and are never stored on gc777 infrastructure.
Cookie Transparency
gc777 uses strictly necessary and functional cookies only. We do not deploy third-party advertising trackers or cross-site behavioural profiling cookies on our platform.
Secure Data Storage
All personal data is stored in encrypted databases with strict role-based access controls. Only authorised gc777 personnel with a legitimate business need can access player records.
Your Control
You retain the right to access, correct, export, or request deletion of your personal data at any time. Submit a data request to [email protected] and receive a response within 30 days.
No Data Sales
gc777 does not sell, rent, lease, or otherwise commercially exploit your personal information to any third-party advertiser, data broker, or marketing network, under any circumstances.
Section 01
Information We Collect
gc777 collects personal information from you in the course of account registration, ongoing platform use, identity verification, and customer support interactions. We apply the principle of data minimisation — collecting only information that is genuinely necessary for the purpose stated at the time of collection. The categories of personal data we collect are described in detail below.
| Data Category | Specific Data Points | Collection Trigger |
|---|---|---|
| Identity Data | Full legal name, date of birth, National Identity Card (NID) number, NID scan or photograph | Account registration & KYC verification |
| Contact Data | Email address, mobile phone number, residential address (street, city, district, postal code) | Account registration |
| Financial Data | bKash / Nagad / Rocket / Upay account numbers (last 4 digits only), bank account name and branch, transaction amounts and timestamps | Deposit & withdrawal requests |
| Technical Data | IP address, device type, browser type and version, operating system, screen resolution, session duration | Every platform session (automatic) |
| Usage Data | Pages visited, games played, bet amounts, game outcomes, bonus activity, login timestamps | Every platform session (automatic) |
| Communications Data | Support ticket content, live chat transcripts, email correspondence with gc777 staff | Customer support interactions |
| Verification Data | Proof of address document (utility bill or bank statement), selfie photograph where required for enhanced KYC | First withdrawal request or enhanced verification trigger |
gc777 does not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, or health information. If you contact our support team and voluntarily disclose sensitive information — for example, disclosing a health condition in the context of a responsible gaming request — we will treat that information with the highest level of confidentiality and use it solely to assist with your specific request.
When you use the gc777 mobile-optimised website, we may also collect device-level identifiers such as your device's advertising ID and, where permission is explicitly granted by you, approximate geolocation data. Geolocation data is used solely for fraud prevention and jurisdictional compliance checks — it is never used for marketing profiling or sold to third parties.
Section 02
How We Use Your Data
gc777 processes your personal data only when there is a legitimate and clearly defined purpose for doing so. We operate on the basis of the following lawful processing grounds: contractual necessity (to perform the services you have registered for), legal obligation (to comply with anti-money laundering, KYC, and responsible gaming requirements), legitimate interests (to detect fraud, prevent abuse, and improve our platform), and — where applicable — your explicit consent (for optional marketing communications).
- Account Management: We use your identity and contact data to create and maintain your gc777 account, verify your identity, communicate important account notices, and process account closure requests.
- Payment Processing: Financial data is used exclusively to process your deposit and withdrawal requests via your chosen payment method (bKash, Nagad, Rocket, Upay, bank transfer, or card). We apply the data strictly within the payment transaction lifecycle.
- KYC and Legal Compliance: Identity and verification data is used to satisfy our Know Your Customer obligations, verify age eligibility (18+), screen against watchlists as required by applicable AML regulations, and fulfil any lawful data requests from competent authorities.
- Fraud Prevention and Security: Technical and usage data is analysed by our security systems to detect account takeover attempts, bonus abuse, collusion, money laundering patterns, and other prohibited activities described in our Terms & Conditions.
- Platform Improvement: Aggregated and anonymised usage data helps our product and engineering teams identify performance issues, optimise game loading times, improve navigation, and develop new features for Bangladesh market players.
- Responsible Gaming Monitoring: Usage data — including session length, deposit frequency, bet size escalation, and self-exclusion status — is used by our responsible gaming systems to identify players who may be at risk and trigger appropriate interventions such as support outreach or automatic limit suggestions.
- Customer Support: Communications data from your support tickets and chat transcripts is used by our support team to resolve your enquiry and, in aggregate, to identify recurring issues and improve support quality.
- Marketing Communications (Opt-In Only): If you have explicitly opted in to marketing communications, we may use your email address and usage preferences to send you information about relevant promotions, seasonal bonuses, BPL betting features, and platform updates. You may withdraw this consent at any time by contacting [email protected].
Section 03
Data Sharing & Third Parties
gc777 does not sell, rent, or commercially transfer your personal data to any third party. However, we do share specific categories of data with carefully selected service providers who assist us in delivering the gc777 platform. All third-party service providers are bound by data processing agreements that restrict their use of your data to the specific purpose for which it was shared.
- Payment Processors: Your financial data is shared with licensed payment service providers (including the operators of bKash, Nagad, Rocket, and Upay integrations) strictly to process your transaction. Payment processors are independently regulated and maintain their own data security standards.
- Game Software Providers: Game providers such as Pragmatic Play, Evolution Gaming, Spribe, Ezugi, NetEnt, and Microgaming may receive your player session data (account ID, bet amounts, game outcomes) for the purpose of delivering game software, calculating RTP, and resolving game disputes. These providers do not receive your identity data or payment details.
- KYC and Identity Verification Services: Your identity documents may be shared with third-party KYC verification platforms that use automated document scanning and liveness detection technology to validate your NID and proof of address. These providers operate under strict data processing agreements with gc777.
- Fraud Detection and Security Services: Technical data (IP address, device fingerprint, session patterns) may be shared with fraud detection software providers to identify suspicious account activity. This sharing is based on gc777's legitimate interest in preventing financial crime.
- Legal and Regulatory Authorities: gc777 may disclose personal data to competent legal or regulatory authorities — including law enforcement agencies and financial intelligence units — when required to do so by applicable law, court order, or legitimate regulatory request. Such disclosures are made only to the extent strictly required and are logged internally.
- IT Infrastructure and Cloud Providers: gc777's platform is hosted on secure cloud infrastructure. The hosting provider has access to encrypted data stored on its servers as part of infrastructure management, but is contractually prohibited from accessing, analysing, or processing that data for any purpose other than providing hosting services.
Section 04
Cookies & Tracking Technologies
gc777 uses cookies and similar tracking technologies (such as local storage tokens and session identifiers) to enable core platform functionality, maintain your login session, detect fraudulent access, and measure platform performance. We do not use third-party advertising cookies, cross-site tracking pixels, or social media tracking scripts on any page of the gc777 website.
| Cookie Type | Purpose | Duration | Deletable? |
|---|---|---|---|
| Strictly Necessary | Session management, login authentication, CSRF protection, load balancing | Session (cleared on logout) | No — required for platform operation |
| Functional | Remembering your preferred language, storing your last visited game category, maintaining wallet display currency | Up to 90 days | Yes — clearing cookies resets preferences |
| Analytics | Measuring page load performance, identifying navigation drop-off points, aggregated game popularity metrics (no individual profiling) | Up to 12 months | Yes — opt out via support request |
| Security | Device fingerprinting for fraud detection, identifying login anomalies, detecting automated bot activity | Up to 30 days | Partial — security cookies cannot be fully disabled without affecting account protection |
You can manage or delete cookies through your browser settings at any time. Deleting strictly necessary cookies will log you out of your gc777 account and may temporarily disrupt platform functionality until a new session is established. Deleting functional cookies will reset your stored preferences, such as your display language and game category. gc777 does not gate platform access on your acceptance of non-essential cookies.
Section 05
Data Security & Storage
gc777 takes the security of your personal data seriously and employs a layered set of technical and organisational measures to protect it from unauthorised access, accidental loss, alteration, or disclosure. The following security controls are in place across the gc777 infrastructure at all times.
- Encryption in Transit: All data transmitted between your device and gc777 servers is encrypted using TLS 1.3. Connections using older, insecure protocol versions (TLS 1.0, TLS 1.1, SSL 3.0) are rejected at the server level.
- Encryption at Rest: Player personal data and financial records stored in gc777 databases are encrypted at rest using AES-256 encryption. Database encryption keys are managed separately from the databases themselves and are rotated on a scheduled basis.
- Access Controls: Access to player data within gc777 systems is governed by a strict role-based access control policy. Support staff can access only the data fields necessary to resolve a player's specific enquiry. Senior data access (such as full KYC documents) requires multi-factor authentication and is logged in an immutable audit trail.
- Password Security: Player passwords are stored using bcrypt hashing with a per-account salt. gc777 staff cannot view or recover your password — only a password reset flow can restore access. We strongly recommend using a unique, complex password for your gc777 account.
- Two-Factor Authentication: gc777 offers optional two-factor authentication (2FA) for all registered accounts. Players who enable 2FA significantly reduce the risk of unauthorised account access even in the event of password compromise. Enabling 2FA also qualifies accounts for priority withdrawal processing.
- Infrastructure Security: gc777's cloud infrastructure is protected by web application firewalls (WAF), DDoS mitigation services, intrusion detection systems, and regular automated vulnerability scans. Critical infrastructure undergoes periodic penetration testing by independent security professionals.
- Data Breach Response: In the event of a confirmed personal data breach that is likely to result in a risk to affected players, gc777 will notify impacted account holders via their registered email address within a reasonable timeframe after the breach is confirmed and contained. The notification will describe the nature of the breach, the categories of data affected, and the steps gc777 has taken in response.
Section 06
Data Retention Policy
gc777 retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable legal, regulatory, accounting, or reporting obligations. The table below outlines our standard retention periods by data category.
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Account & Identity Data | Duration of account + 5 years after closure | AML legal obligation, dispute resolution |
| KYC Documents | Duration of account + 5 years after closure | AML / KYC regulatory obligation |
| Financial Transaction Records | Duration of account + 7 years after closure | Financial record-keeping obligation |
| Gameplay & Betting Logs | Duration of account + 3 years after closure | Dispute resolution, responsible gaming audit |
| Support Communications | 3 years from date of last communication | Dispute resolution, quality improvement |
| Technical / Session Logs | 90 days from session date | Fraud detection, security monitoring |
| Marketing Consent Records | Until consent is withdrawn + 1 year | Consent record-keeping |
When the applicable retention period expires, gc777 will securely delete or irreversibly anonymise the relevant personal data. Anonymised data — from which it is not reasonably possible to identify an individual — may be retained indefinitely for statistical and analytical purposes, such as understanding long-term platform usage trends or identifying responsible gaming risk patterns at an aggregate level.
Section 07
Your Privacy Rights
As a gc777 player, you have a number of rights in relation to your personal data. gc777 is committed to honouring these rights promptly and transparently. To exercise any of the rights described below, please send a written request to [email protected] with the subject line "Data Privacy Request" along with your registered account email address and a brief description of your request.
- Right of Access: You have the right to request a copy of the personal data gc777 holds about you. We will provide this in a structured, readable format within 30 days of receiving your verified request. The first data access request in any 12-month period is provided free of charge.
- Right to Rectification: If any personal data gc777 holds about you is inaccurate or incomplete, you have the right to request that it be corrected. Identity data corrections (e.g., correcting a misspelled name) may require supporting documentation to verify the change.
- Right to Erasure: You may request that gc777 delete your personal data. This right applies in full to data that was collected on the basis of your consent and is no longer needed for its original purpose. It applies in part to operational data — we are required to retain certain categories for the post-closure periods outlined in Section 06, and erasure requests that conflict with those legal obligations will be partially fulfilled with an explanation provided.
- Right to Restriction of Processing: You may request that gc777 restrict the processing of your personal data while a correction or erasure request is being evaluated. During a processing restriction, gc777 will store your data but will not use it for any active processing purpose other than the resolution of your request.
- Right to Data Portability: You have the right to receive your personal data in a portable, machine-readable format (such as CSV or JSON) so that it can be transferred to another service provider of your choice. Portability applies to data you actively provided to gc777 (such as account registration data) and to data generated by your use of the platform (such as transaction history).
- Right to Withdraw Marketing Consent: If you have opted in to marketing communications, you may withdraw that consent at any time by contacting [email protected]. Withdrawal of marketing consent does not affect the lawfulness of any marketing communication sent before the withdrawal was received.
- Right to Object to Automated Processing: gc777 uses automated systems for fraud detection and responsible gaming monitoring. If you believe an automated decision has been applied to your account incorrectly — for example, an automated withdrawal hold — you have the right to request human review of that decision by contacting support.
Section 08
Policy Updates & Contact
gc777 reviews and updates this Privacy Policy periodically to reflect changes in our data processing practices, changes in applicable law, or improvements in our platform's privacy-by-design architecture. When we make material changes to this Privacy Policy, we will notify registered players by sending a notice to their registered email address before the updated policy takes effect.
The effective date of the current version of this Privacy Policy is displayed at the top of this page. We encourage you to review this policy periodically so that you remain informed about how gc777 collects and uses your personal data. Your continued use of the gc777 platform after a revised Privacy Policy has been published and notified constitutes your acknowledgement of the updated terms.
If you have any questions, concerns, or complaints about this Privacy Policy or about gc777's handling of your personal data, please contact our data privacy team using the details below. We are committed to resolving data privacy concerns fairly and promptly, and we take every enquiry seriously.
gc777 does not have a physical office address that accepts walk-in data privacy requests. All privacy enquiries must be submitted via email to the address above. Requests submitted through other channels (such as live chat or social media) will be directed to the privacy team via email and may take longer to process as a result.
Questions About Your Privacy?
Our support team is available around the clock to answer any questions about this Privacy Policy, help you exercise your data rights, or clarify how gc777 handles your personal information. You can also review our full Terms & Conditions, explore our Responsible Gaming tools, or visit the gc777 Casino lobby. 18+ only — please play responsibly.