lavabet Privacy Policy
At lavabet, your privacy is a fundamental commitment — not a formality. This Privacy Policy explains in plain English exactly what personal data we collect, why we collect it, how it is stored, who it is shared with, and what rights you hold over your own information. We encourage every player to read this document in full before creating an account.
Your Data, Your Rights
Privacy at a Glance
How lavabet Protects Your Information
We built lavabet on the principle that player trust is earned through transparency. The six pillars below summarise how your personal data is handled on this platform.
Minimal Data Collection
lavabet collects only the data that is strictly necessary for account operation, payment processing, identity verification, and legal compliance. We do not harvest data for its own sake or collect information beyond what is required to deliver a safe and reliable gaming experience.
End-to-End Encryption
All data transmitted between your device and lavabet's servers is encrypted using industry-standard TLS/SSL technology. Payment details processed via bKash, Nagad, Rocket, USDT, and other methods are handled through encrypted channels at every step of the transaction.
No Data Sales
lavabet does not sell, rent, or trade your personal data to third-party advertisers, data brokers, or marketing networks. Your information is shared only with carefully vetted service providers who are contractually bound to use it solely for the purposes lavabet specifies.
Transparent Cookie Use
lavabet uses cookies to maintain your login session, personalise your experience, and analyse platform performance. We do not use intrusive third-party advertising cookies. You can review and adjust your cookie preferences at any time through your account settings panel.
Full Player Rights
You have the right to access a copy of your personal data, request corrections, ask for deletion, object to certain processing activities, and request data portability. All such requests are handled by the lavabet support team within a reasonable time frame, subject to legal retention obligations.
AML & KYC Compliance
As part of lavabet's anti-money-laundering and Know Your Customer obligations, identity verification data submitted by players is retained for a mandatory period defined by our compliance framework. This data is stored securely and accessed only by authorised compliance personnel.
Section 1
A full account of the categories of personal data that lavabet collects from players, and the specific circumstances in which each category is gathered.
Section 1
Data We Collect
When you register an account on lavabet, use the platform's services, or interact with our support team, we collect certain categories of personal data. The table below sets out what we collect, why, and the legal basis on which that collection rests.
| Data Category | Specific Data Points | Purpose |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, government-issued ID number | Account registration, age verification, KYC compliance |
| Contact Data | Email address, mobile phone number, city/district (e.g., Dhaka, Chittagong) | Account communication, support, marketing (where consented) |
| Financial Data | bKash/Nagad/Rocket/Upay wallet numbers, transaction history, deposit and withdrawal records | Payment processing, AML monitoring, fraud prevention |
| Technical Data | IP address, device type, operating system, browser, session timestamps | Platform security, fraud detection, abuse prevention |
| Usage Data | Games played, bet amounts, win/loss history, session duration, bonus activity | Responsible gaming monitoring, platform improvement, dispute resolution |
| Communications Data | Live chat transcripts, support email content, survey responses | Quality assurance, complaint resolution, staff training |
| KYC Documents | Scanned national ID / passport, proof of address, payment method proof | Identity verification, regulatory compliance, withdrawal authorisation |
1.1 Data Collected Automatically
When you access the lavabet platform, certain technical data is collected automatically through server logs and browser signals. This includes your IP address, approximate geographic location (derived from IP — not GPS), the device and browser you are using, and the timestamps of your login and logout events. This data is used exclusively for platform security, fraud detection, and the provision of a stable gaming environment. It is not used for advertising profiling.
1.2 Data You Provide Voluntarily
Identity, contact, and financial data are provided directly by you at the time of account registration, during the KYC process, or when you contact the lavabet support team. lavabet will always make clear at the point of collection why that data is being requested and what will happen to it. Providing accurate data is a condition of maintaining an active account, as set out in the lavabet Terms & Conditions.
1.3 Data from Third Parties
In limited circumstances, lavabet may receive data about you from third-party sources. This includes identity verification data from KYC service providers, fraud-screening signals from payment processors, and, where relevant, information shared by sports data providers for the purpose of maintaining integrity in sports betting markets. lavabet only receives third-party data where there is a legitimate and proportionate basis for doing so.
Section 2
The specific purposes for which lavabet processes your personal data and the legal basis that justifies each processing activity.
Section 2
How We Use Your Data
lavabet processes personal data only for defined, legitimate purposes. We do not use your data in ways that are incompatible with the purpose for which it was originally collected. The following sets out our primary processing activities and the legal basis for each.
2.1 Account Management
Your identity and contact data are used to create and maintain your lavabet account, authenticate your login sessions, and communicate with you about account-related matters such as security alerts, withdrawal confirmations, and policy updates. This processing is necessary for the performance of the contract between you and lavabet.
2.2 Payment Processing
Financial data including your bKash, Nagad, Rocket, Upay, or crypto wallet details are processed solely to facilitate deposits into and withdrawals from your lavabet account. lavabet does not store full payment credentials beyond what is operationally necessary. Payment processing activities are governed by the terms of the relevant payment service provider (e.g., bKash, Nagad) in addition to this Privacy Policy.
2.3 Fraud Prevention and Platform Security
Technical data and usage data are processed continuously to detect and prevent fraudulent activity, account takeover attempts, bot usage, and other forms of platform abuse. This processing is in lavabet's legitimate interest to maintain a fair and secure environment for all players. Where suspicious activity is detected, lavabet may suspend account access pending investigation without prior notice.
2.4 Regulatory and Legal Compliance
lavabet processes identity data, KYC documents, and financial transaction records in order to comply with anti-money-laundering obligations, Know Your Customer requirements, and other applicable legal and regulatory frameworks. This processing is mandatory and cannot be opted out of as a condition of holding a lavabet account.
2.5 Responsible Gaming Monitoring
Usage data — including betting patterns, session lengths, deposit frequency, and loss thresholds — is analysed to identify players who may be at risk of developing problematic gambling behaviour. Where risk indicators are identified, lavabet's responsible gaming team may proactively reach out to the player to offer support tools such as deposit limits or cooling-off periods. This processing is in both the player's and lavabet's legitimate interests.
2.6 Marketing Communications
Where you have given explicit consent, lavabet may use your email address and phone number to send you promotional communications about new games, bonus offers, seasonal promotions, and platform updates. You may withdraw your marketing consent at any time by updating your communication preferences in your account settings or by contacting [email protected]. Withdrawal of marketing consent does not affect the lawfulness of processing carried out prior to withdrawal.
Section 3
The circumstances under which lavabet shares your personal data with third parties, and the safeguards in place to protect data during those transfers.
Section 3
Data Sharing & Third Parties
lavabet does not sell your personal data. We share data only with the categories of third parties listed below, and only to the extent necessary for the specified purpose. All third-party service providers engaged by lavabet are subject to data processing agreements that bind them to handle your data only as directed by lavabet and in accordance with applicable data protection standards.
3.1 Payment Service Providers
When you make a deposit or withdrawal, your financial data is shared with the relevant payment service provider — such as bKash, Nagad, Rocket, Upay, a crypto payment gateway, or a card network (Visa, Mastercard). These providers receive only the data necessary to process the specific transaction and are governed by their own privacy policies in addition to their contractual obligations to lavabet.
3.2 Identity Verification Services
To fulfil KYC obligations, lavabet may share identity documents and data with third-party identity verification service providers. These providers are selected based on their security standards and are contractually prohibited from using your data for any purpose other than the verification service they provide to lavabet.
3.3 Game Providers
When you play a game supplied by a third-party provider — such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, or Ezugi — your account identifier and game session data are shared with that provider's servers in order to deliver the game. Game providers do not receive your full identity data, financial details, or contact information through this process.
3.4 Legal and Regulatory Authorities
lavabet may be required by law, court order, or regulatory directive to disclose personal data to law enforcement agencies, financial intelligence units, or other competent authorities. In such cases, lavabet will disclose the minimum amount of data required to comply with the legal obligation and, where permitted by law, will notify the affected player of such disclosure.
3.5 Analytics and Platform Infrastructure
lavabet uses third-party infrastructure providers for hosting, content delivery, and platform performance analytics. These providers process technical data (such as server logs and anonymised usage metrics) on lavabet's behalf and are contractually restricted from using that data for their own commercial purposes.
Section 5
How long lavabet retains different categories of personal data, and the criteria used to determine appropriate retention periods.
Section 5
Data Retention
lavabet retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable legal and regulatory obligations. The retention periods below represent our standard practice; individual retention periods may be extended where a legal hold, ongoing investigation, or unresolved dispute requires it.
- Account and identity data — retained for the duration of the active account plus five (5) years following account closure, to satisfy standard AML record-keeping obligations.
- KYC documents — retained for a minimum of five (5) years from the date of the last verification event, in accordance with financial crime prevention requirements.
- Financial transaction records — retained for seven (7) years from the date of each transaction, consistent with standard financial record-keeping practice across the online gaming industry.
- Technical and usage logs — retained for twelve (12) months from the date of collection, after which they are either anonymised or deleted.
- Support communications — retained for three (3) years from the date of the last interaction, to enable consistent handling of follow-up enquiries and disputes.
- Marketing preferences and consent records — retained for the duration of the account plus two (2) years, to maintain an auditable record of consent status.
5.1 Data Deletion Upon Request
Where a player submits a valid request for erasure of their personal data (see Section 7 — Your Privacy Rights), lavabet will delete or anonymise all data that is not subject to a mandatory legal retention obligation. Data held for AML, KYC, or financial record-keeping purposes cannot be erased early, and lavabet will inform the requesting player of this limitation at the time of responding to their request.
Section 6
The technical and organisational measures lavabet has in place to protect your personal data against unauthorised access, loss, or disclosure.
Section 6
Data Security
lavabet implements a layered approach to data security, combining technical controls, organisational policies, and ongoing staff training to protect your personal information against accidental loss, unauthorised access, misuse, disclosure, alteration, or destruction.
6.1 Technical Measures
- TLS 1.2 / 1.3 encryption for all data in transit between your browser and lavabet's servers
- AES-256 encryption for sensitive data stored at rest, including KYC documents and financial records
- Multi-factor authentication (MFA) enforced for all lavabet administrative accounts
- Real-time intrusion detection and anomaly monitoring on platform infrastructure
- Regular third-party penetration testing and vulnerability assessments
- Automated alerting on unusual access patterns, including multiple failed login attempts
6.2 Organisational Measures
- Access to personal data is restricted on a strict need-to-know basis — only personnel whose role requires access to a specific category of data are granted it
- All staff with access to personal data are subject to confidentiality obligations
- Data handling procedures are reviewed and updated on a regular basis
- New staff receive data protection training before being granted access to player data systems
6.3 Data Breach Response
In the event of a personal data breach that poses a risk to the rights and freedoms of affected players, lavabet will act promptly to contain the breach, assess its scope, and notify affected players without undue delay. Notification will be made via the email address registered to the affected account and will include a description of the nature of the breach, the categories of data involved, and the steps lavabet is taking in response.
Section 7
The privacy rights available to lavabet players regarding the personal data held about them, and how to exercise those rights.
Section 7
Your Privacy Rights
As a player on the lavabet platform, you hold a set of rights in relation to your personal data. lavabet is committed to honouring these rights promptly and transparently. To exercise any of the rights below, contact the lavabet support team at [email protected] with a clear description of your request and sufficient identifying information to allow us to locate your account.
Right of Access
Request a copy of all personal data lavabet holds about you. We will provide a structured, readable summary within 30 days of receiving a valid request.
Right to Rectification
Ask lavabet to correct any inaccurate or incomplete personal data held about you. Certain corrections may require supporting documentation.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purpose collected, subject to mandatory legal retention obligations.
Right to Restrict Processing
Ask lavabet to pause processing of your data in certain circumstances, such as while the accuracy of the data is being contested or a legitimate interest objection is being assessed.
Right to Data Portability
Request that lavabet provide your personal data in a structured, commonly used, machine-readable format so that you can transfer it to another service provider.
Right to Object
Object to processing carried out on the basis of lavabet's legitimate interests, including direct marketing and certain profiling activities. lavabet will cease that processing unless compelling grounds override your objection.
7.1 Response Timeframes
lavabet will acknowledge all data rights requests within 5 business days (Bangladesh Standard Time) and will provide a substantive response within 30 calendar days of receiving a valid, verifiable request. Where a request is particularly complex or voluminous, this period may be extended by a further 30 days, in which case lavabet will notify you of the extension and the reason for it before the initial 30-day period expires.
7.2 Identity Verification for Rights Requests
To protect your privacy and prevent unauthorised access to your data, lavabet requires that all data rights requests be accompanied by sufficient identifying information to verify the requester's identity. This typically means confirming the registered email address, account username, and one additional verification factor. lavabet will not action a rights request that cannot be adequately verified, and will notify the requester of this determination promptly.
Section 8
How lavabet communicates changes to this Privacy Policy and what players should do to stay informed of updates that may affect their data rights.
Section 8
Updates to This Policy
lavabet reviews this Privacy Policy on a regular basis and may update it from time to time to reflect changes in platform operations, applicable law, or best practice in data protection. The effective date displayed at the top of this document will be updated whenever a revision is made. The most current version of this Privacy Policy will always be available at lavabet.club/privacy-policy.
8.1 Notification of Material Changes
Where a material change is made to this Privacy Policy — for example, a change to the categories of data collected, a new third-party sharing arrangement, or a change to retention periods — lavabet will notify registered players by email to their registered email address at least 14 days before the change takes effect. A prominent notice will also be displayed on the platform upon the player's next login during that notice period.
8.2 Continued Use as Acceptance
Your continued use of the lavabet platform after the effective date of any update to this Privacy Policy constitutes your acknowledgement of the revised terms. If you do not agree with a material change, you may request voluntary account closure before the change takes effect by contacting [email protected]. lavabet will process your closure request promptly and will handle any remaining balance in accordance with the account closure provisions set out in the Terms & Conditions.
8.3 Contact for Privacy Enquiries
If you have any questions about this Privacy Policy, about how lavabet handles your personal data, or about exercising your privacy rights, please contact the lavabet data support team at [email protected]. We aim to respond to all privacy-related enquiries within 5 business days (Bangladesh Standard Time). For urgent security concerns related to your account data, please indicate "URGENT DATA" in the subject line of your email so that your enquiry is escalated appropriately.
Your Privacy Is Protected
Ready to Explore lavabet?
Now that you understand how lavabet handles your data, you can enjoy the platform with confidence. Explore cricket betting, live casino games, slots, and more — all with secure bKash and Nagad payments.