Privacy Policy — How 666m Protects Your Data
At 666m, your privacy is treated as a core platform obligation, not an afterthought. This Privacy Policy explains precisely what personal data we collect, why we collect it, how it is used and stored, and the rights you hold as a player on Bangladesh's trusted online casino and sports betting platform.
This Privacy Policy ("Policy") is published by 666m ("666m", "we", "us", "our"), the operator of the online casino and sports betting platform accessible at 666m.im. It describes how 666m collects, processes, stores, shares, and protects the personal data of registered players, website visitors, and prospective players who interact with any 666m service, including our website, mobile-optimised interface, customer support channels, and promotional communications.
This Policy applies to all personal data collected and processed by 666m in connection with the operation of the 666m platform. It should be read alongside the 666m Terms & Conditions, which govern your use of the platform as a whole. By registering an account on or using any part of the 666m platform, you acknowledge that you have read and understood this Policy and consent to the data practices described herein.
666m is committed to maintaining the confidentiality, integrity, and security of all personal data in its possession. We apply SSL encryption across all data transmissions, restrict internal access to personal data on a need-to-know basis, and do not sell, rent, or trade player personal data to any third party for that party's own marketing purposes. The sections below describe our data practices in full.
Your Data, Your Rights: As a 666m player, you have the right to access, correct, and request deletion of your personal data at any time. Submit requests to [email protected]. We will respond within 30 days of receiving a complete request.
No Data Selling: 666m does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Data sharing is limited to service providers who support the operation of the 666m platform under strict confidentiality agreements.
End-to-End SSL Encryption
All data transmitted between your device and the 666m platform is protected by 256-bit SSL encryption. Payment transactions via bKash, Nagad, Rocket, and card networks are additionally secured by the payment provider's own encryption layer.
Minimal Data Collection
666m collects only the personal data that is strictly necessary for account creation, identity verification, payment processing, and regulatory compliance. We do not collect data beyond what is needed to provide a safe, legal, and functional platform.
Player Rights Respected
You can access, correct, export, or request deletion of your 666m personal data at any time. Data subject requests are processed within 30 days. Deletion requests are honoured subject to legal retention obligations under applicable financial regulations.
1. Data We Collect
The categories of personal data 666m collects from players and platform visitors, and the circumstances in which each category is collected.
666m collects personal data across several categories depending on how you interact with the platform. The following table summarises the primary data categories, the specific data points within each, and the context in which they are collected.
| Category | Data Points | When Collected |
|---|---|---|
| Identity Data | Full legal name, date of birth, gender, nationality, national ID number (NID) | At registration and during KYC verification |
| Contact Data | Email address, mobile phone number, city/division of residence (e.g., Dhaka, Chittagong, Sylhet) | At registration and account updates |
| Financial Data | bKash/Nagad/Rocket/Upay account numbers (partial), Visa/Mastercard BIN and last 4 digits, transaction history | At deposit, withdrawal, and payment verification |
| Verification Documents | Scanned/photographed NID, passport, driving licence, proof of address, proof of payment method ownership | During KYC review on request |
| Technical Data | IP address, device type, browser type and version, operating system, time zone (Bangladesh Standard Time), session duration | Automatically on every platform visit |
| Usage Data | Pages visited, games played, bet history, bonus activity, deposit and withdrawal frequency, login timestamps | Continuously during active account use |
| Communications Data | Live chat transcripts, email correspondence, WhatsApp message records with 666m support | When you contact customer support |
| Marketing Preferences | Opted-in promotional email/SMS preferences, bonus offer acceptance history | At registration and via account settings updates |
Sensitive Data: 666m does not intentionally collect sensitive personal data categories such as racial or ethnic origin, religious beliefs, political opinions, or health data unless specifically required by a responsible gaming programme intervention (for example, a self-exclusion request that references a gambling-related health concern). Where sensitive data is provided voluntarily in this context, it is processed solely for the purpose of delivering the responsible gaming service requested and is not used for any commercial purpose.
Data from Minors: The 666m platform is strictly for individuals aged 18 and above. 666m does not knowingly collect personal data from persons under the age of 18. If we become aware that personal data from a minor has been collected, we will delete it immediately and close the associated account. If you believe a minor has provided data to 666m, please contact us at [email protected] without delay.
Secure Document Storage
KYC documents — including NID scans and passport copies — are stored in encrypted, access-controlled environments. Document access is restricted to authorised compliance personnel only and is logged for audit purposes.
Mobile-First Data Handling
Because most 666m players in Bangladesh access the platform via mobile device, our data collection infrastructure is optimised for mobile sessions. Device identifiers are collected solely for fraud prevention and are not used for cross-site advertising.
2. How We Use Your Data
The specific purposes for which 666m processes the personal data it collects, and the legal basis for each processing activity.
666m processes personal data only for legitimate, clearly defined purposes. We do not use personal data for any purpose that is incompatible with the reason it was originally collected. The following list describes our processing purposes and, where relevant, the legal basis that justifies each:
- Account Creation and Management: We process identity and contact data to create and maintain your 666m player account, authenticate your login sessions, and administer account settings changes. Legal basis: contractual necessity (performance of the agreement between you and 666m).
- Identity Verification and KYC Compliance: We process identity documents and financial data to verify your age (18+ only), confirm your identity, and satisfy our know-your-customer obligations. Legal basis: legal obligation and contractual necessity.
- Payment Processing: We process financial data to facilitate deposits and withdrawals via bKash, Nagad, Rocket, Upay, Visa, and Mastercard. Transaction records are retained in compliance with applicable financial record-keeping requirements. Legal basis: contractual necessity and legal obligation.
- Fraud Prevention and Platform Security: We process technical data, usage data, and financial data through automated systems designed to detect and prevent fraudulent activity, money laundering, account takeover, and bonus abuse. Legal basis: legitimate interests (protecting the integrity of the platform and the financial interests of all players).
- Responsible Gaming Monitoring: We analyse usage and betting pattern data to identify players who may be exhibiting signs of problem gambling behaviour, in order to trigger responsible gaming interventions in line with our Responsible Gaming obligations. Legal basis: legitimate interests and, where applicable, legal obligation.
- Customer Support: We process communications data and account data to respond to your support requests, investigate complaints, and resolve disputes. Legal basis: contractual necessity and legitimate interests.
- Promotional Communications: Where you have opted in to marketing communications, we use your contact data and marketing preference data to send you information about 666m promotions, bonuses, and platform updates. You may opt out of marketing communications at any time via account settings or by contacting [email protected]. Legal basis: consent.
- Platform Improvement and Analytics: We process aggregated, anonymised usage data to understand how players navigate the 666m platform, which game categories are most popular among players from different regions of Bangladesh (Dhaka, Chittagong, Sylhet, Rajshahi, etc.), and how platform performance can be improved. This analytics processing uses anonymised data that cannot be used to identify individual players. Legal basis: legitimate interests.
- Legal Compliance and Regulatory Reporting: We may process and disclose personal data where required to do so by applicable law, regulatory authority, court order, or law enforcement request. Legal basis: legal obligation.
No Automated Decision-Making with Legal Effect: 666m uses automated systems for fraud detection and responsible gaming monitoring, but no purely automated decision that produces a significant legal or similarly significant effect on you — such as permanent account closure — is made without human review. Automated flags are reviewed by a compliance team member before any consequential account action is taken.
3. Data Sharing & Disclosure
The limited circumstances under which 666m may share your personal data with third parties, and the safeguards applied in each case.
666m does not sell, rent, or trade your personal data. We share personal data only in the following limited, controlled circumstances:
- Payment Service Providers: When you make a deposit or withdrawal, the minimum data necessary to process the transaction (such as your registered bKash or Nagad mobile number, or your Visa/Mastercard details) is shared with the relevant payment provider. These providers process your payment data under their own privacy policies and are contractually required to handle your data securely and only for the purpose of processing the transaction.
- Game Studio Providers: When you play a live casino game hosted by a third-party studio (such as Evolution Gaming, Pragmatic Play Live, or Ezugi), a session token and minimal technical data is shared with that provider to authenticate your game session. Game studio providers do not receive your full personal profile; they receive only the data required to deliver the game session you have initiated.
- KYC and Identity Verification Partners: 666m may engage specialist third-party identity verification services to assist with document authentication during the KYC process. These providers are bound by strict data processing agreements and are authorised to use your data only for verification purposes on 666m's behalf.
- Fraud Prevention and Anti-Money-Laundering Services: 666m may share transaction and identity data with third-party fraud prevention platforms and financial intelligence databases to detect and prevent financial crime. These providers process data as data processors under 666m's instruction, not as independent data controllers.
- Legal and Regulatory Authorities: 666m may disclose personal data to competent law enforcement authorities, financial intelligence units, regulatory bodies, or courts when required to do so by applicable law or when 666m has a good-faith belief that disclosure is necessary to comply with a legal obligation, protect the rights or safety of 666m or its players, or prevent financial crime.
- Business Transfers: In the event of a merger, acquisition, restructuring, or sale of all or part of 666m's business, player personal data may be transferred to the acquiring entity as part of that transaction. Players will be notified in advance of any such transfer and of any change to this Privacy Policy that results from it, with a minimum of 30 days' notice before the new policy takes effect.
All third parties with whom 666m shares personal data are subject to data processing agreements or equivalent contractual safeguards that require them to maintain the confidentiality and security of the data shared, use it only for the specified purpose, and comply with applicable data protection standards.
Contractual Safeguards
Every third party that receives 666m player data is bound by a formal data processing agreement. Unauthorised sub-processing or onward sharing of 666m player data by any third party is prohibited under these agreements.
Data Localisation Preference
Where technically and operationally feasible, 666m prefers to store and process player data within data centre infrastructure that serves the Bangladesh and South Asia region, minimising unnecessary cross-border data transfers.
5. Data Retention
How long 666m retains your personal data and the criteria used to determine retention periods.
666m retains personal data for as long as is necessary to fulfil the purposes for which it was collected, to comply with applicable legal and regulatory requirements, and to resolve disputes or enforce agreements. The following retention periods apply as a general guide:
- Account and Identity Data: Retained for the duration of your active account and for a minimum of 5 years following permanent account closure. This retention period supports anti-money-laundering obligations and allows 666m to respond to regulatory enquiries relating to historical account activity.
- Financial Transaction Records: Retained for a minimum of 7 years following the date of each transaction. This period reflects standard financial record-keeping requirements applicable to payment service operators.
- KYC Verification Documents: Retained for the duration of the account and for 5 years following closure. Where an account was closed due to a compliance breach or confirmed fraud, documents may be retained for longer in support of ongoing investigations or legal proceedings.
- Customer Support Communications: Live chat transcripts, email correspondence, and WhatsApp message records are retained for 3 years following the date of the communication. This period supports dispute resolution and quality assurance.
- Technical and Usage Data: Aggregated, anonymised platform analytics data is retained indefinitely for platform improvement purposes. Non-anonymised session logs and IP address records are retained for 12 months and then deleted or anonymised.
- Marketing Preference Data: Retained for the duration of your active account or until you withdraw consent to marketing communications, whichever is earlier. Suppression records (confirming that you have opted out of marketing) are retained indefinitely to ensure we do not inadvertently contact you again after an opt-out.
When personal data is no longer required and no legal retention obligation applies, it is securely deleted or anonymised in accordance with 666m's data deletion procedures. Deletion requests submitted by players are processed within 30 days, subject to the legal retention obligations described above — data covered by a legal retention obligation cannot be deleted ahead of the applicable retention period even upon player request, but it will be restricted from all non-compliance processing during the retention period.
Retention Review Cycle
666m conducts a biannual data retention review to identify and securely delete personal data that has passed its retention period and is no longer subject to a legal hold. This review is managed by the compliance team and documented in our internal data governance records.
Legal Hold Override: Where personal data is subject to an active legal hold (for example, relating to an ongoing law enforcement investigation or court proceeding), standard deletion timelines are suspended for the duration of the hold. The player concerned will be notified of the hold where legally permissible.
6. Your Privacy Rights
The rights you hold in relation to your personal data held by 666m and how to exercise them.
666m recognises and respects the privacy rights of all players. As a 666m account holder, you hold the following rights in relation to your personal data. To exercise any of these rights, contact the 666m data team at [email protected] with a clear description of the right you wish to exercise. 666m will respond within 30 days of receiving a complete, verifiable request.
Right of Access
Request a copy of the personal data 666m holds about you, along with information about how it is being used, who it has been shared with, and how long it will be retained.
Right to Rectification
Request correction of any inaccurate or incomplete personal data held about you. Minor corrections (e.g., phone number updates) can be made directly in account settings; document-level corrections require a support request.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purpose it was collected, where you withdraw consent, or where processing is unlawful. Deletion is subject to legal retention obligations.
Right to Restrict Processing
Request that 666m restrict the processing of your data — for example, while you contest its accuracy or while a deletion request is under review. Restricted data is retained but not actively processed.
Right to Data Portability
Request a machine-readable export of the personal data you provided to 666m (account data, transaction history, communication preferences) in a structured format such as CSV or JSON.
Right to Withdraw Consent
Where processing is based on your consent (e.g., marketing emails), you may withdraw that consent at any time via account settings or by emailing [email protected]. Withdrawal does not affect the lawfulness of processing before withdrawal.
All privacy rights requests must be submitted in writing to [email protected] with sufficient information to verify your identity (to prevent unauthorised access to your data). 666m aims to respond to all verifiable requests within 30 calendar days. Where a request is complex or involves a large volume of data, the response period may be extended by a further 30 days; you will be notified of any such extension within the initial 30-day window.
7. Data Security Measures
The technical and organisational measures 666m uses to protect your personal data from unauthorised access, loss, or disclosure.
666m takes the security of player personal data seriously and applies a layered set of technical and organisational security measures designed to protect data against unauthorised access, accidental loss, destruction, and disclosure. These measures include:
- 256-Bit SSL/TLS Encryption: All data in transit between your device and the 666m platform is encrypted using industry-standard TLS protocols. This applies to account login sessions, game sessions, payment flows, and customer support interactions.
- Encryption at Rest: Sensitive data stored in 666m's databases — including identity documents, KYC records, and financial data — is encrypted at rest using AES-256 encryption. Encryption keys are managed separately from the data they protect, using hardware security modules (HSMs).
- Access Controls: Access to 666m's player data systems is restricted to authorised personnel on a strict need-to-know basis. All internal access to personal data is authenticated using multi-factor authentication and is logged for audit purposes. Access privileges are reviewed quarterly and revoked immediately upon staff departure.
- Vulnerability Management: 666m's platform infrastructure undergoes regular security assessments, including automated vulnerability scanning and periodic penetration testing conducted by independent security specialists. Critical vulnerabilities are patched within 24 hours of identification; non-critical vulnerabilities are addressed within a defined remediation schedule.
- Incident Response: 666m maintains a documented data breach response procedure. In the event of a confirmed data breach that poses a risk to player data, affected players will be notified without undue delay and in any case within 72 hours of 666m becoming aware of the breach. Notifications will describe the nature of the breach, the data affected, the likely consequences, and the measures taken or proposed to address it.
- Staff Training: All 666m staff with access to personal data receive data protection training at onboarding and on an annual basis. Staff are required to adhere to 666m's internal data handling policy and are subject to disciplinary procedures for any confirmed misuse of player data.
Your Role in Security: While 666m takes extensive measures to secure the platform, account security is a shared responsibility. You are responsible for maintaining the confidentiality of your login credentials, not sharing your password with any third party, and notifying 666m support immediately if you suspect unauthorised access to your account. 666m will never ask for your password via email, live chat, or any other communication channel.
SSL Secured Platform
The 666m platform runs exclusively over HTTPS with a valid SSL certificate. All browser connections are upgraded to secure connections automatically. Look for the padlock icon in your browser address bar when visiting 666m.im.
Regular Security Audits
Independent penetration tests and vulnerability assessments are conducted on the 666m platform on a scheduled basis. Findings are reviewed by the technical security team and remediated according to a risk-prioritised schedule.
72-Hour Breach Notification: If a data breach occurs that risks your personal data, 666m will notify affected players within 72 hours of confirming the breach, in line with data protection best practice. We will tell you what happened, what data was affected, and what steps we are taking.
8. Policy Updates & Contact
How 666m communicates changes to this Privacy Policy and how to reach the 666m data team with questions or requests.
Policy Amendments: 666m reviews this Privacy Policy periodically and will update it to reflect changes in our data practices, legal obligations, or platform features. When a material change is made to this Policy, we will notify active players by email to their registered address at least 14 days before the change takes effect. The "Last Updated" date at the top of this Policy is updated with every revision. Continued use of the 666m platform after the effective date of a revised Policy constitutes acceptance of the revised terms.
Non-Material Changes: Minor clarifications, formatting updates, and corrections that do not alter the substance of this Policy's data practices may be made without prior notice to players. Non-material changes will be reflected in an updated "Last Updated" date but will not trigger a player notification email.
How to Contact 666m About Privacy: If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or wish to report a potential data protection concern, please contact the 666m data team using the following channel:
- Email: [email protected] (mark your subject line as "Privacy Request" or "Data Protection" for priority routing to the compliance team)
- Live Chat: Available 24/7 at 666m.im — ask to be connected to the compliance team for data protection matters
- WhatsApp Support: Available during Bangladesh Standard Time (UTC+6) business hours — contact details provided within the platform after login
666m aims to acknowledge all privacy-related enquiries within 48 hours and to provide a substantive response within 30 calendar days. For complex data subject requests involving large data sets or multiple processing activities, the response period may be extended; you will be informed of any extension within the initial 48-hour acknowledgement.
Related Policies: This Privacy Policy should be read alongside the 666m Terms & Conditions and Responsible Gaming policy, both of which contain additional provisions relevant to how your account data is handled in specific circumstances such as self-exclusion, account closure, and bonus disputes.
Privacy Enquiries
All privacy-related emails to [email protected] are routed to the 666m compliance team. Mark your subject line "Privacy Request" for fastest handling. We acknowledge all enquiries within 48 hours.
Policy Version Control
Each revision of this Privacy Policy is archived internally and available to players on request. If you need a copy of a previous version of this Policy — for example, the version in effect when you registered your account — email [email protected] and reference the approximate date.
Ready to Play at 666m?
Your data is protected. Your experience is secure. Explore live casino games, cricket betting, slots, and more — all in BDT, all available 24/7 for players across Bangladesh.
18+ Only | Play Responsibly | SSL Secured | Fair Play Certified