Dafabet Privacy Policy

Privacy rules explain how a betting platform handles information that can identify a person or connect activity to a specific account. A practical privacy approach limits data collection to what supports account services, safety controls, legal duties, and service improvement. Data protection also covers transparency, user access rights, and clear procedures for updates, retention, and deletion.

Data protection practices for Indian users aim to align with evolving Indian privacy principles and widely used international norms, where relevant. Some processes may reflect concepts found in GDPR-style frameworks, especially around user access, correction, and security practices. Gambling and payment rules can also require record retention, even after account closure, so privacy rights may have limits where the law requires storage.

Personal information can be collected directly from a user, indirectly through device and network logs, and through authorised partners used for verification and payments. The platform usually collects only the data needed for defined purposes such as account setup, security checks, and transaction processing. Main categories of personal information can include:

• Identity details: full name, date of birth, age confirmation, nationality, and gender, where required for eligibility checks
• Contact details: residential address, email address, mobile number, and communication preferences
• Account details: username, encrypted password, security questions or similar authentication data, login history, and account activity records
• Verification and compliance data: copies of identity documents, proof of address, proof of payment method ownership, and other KYC information
• Transaction and payment data: deposit and withdrawal records, payment instrument details in masked or tokenised form, currency information, and transaction history
• Technical and device data: IP address, browser type, device identifiers, operating system, access time, and log files
• Usage and support data: pages visited, sports and game selections, time spent within features, preferences, and records of support contact, including chat logs and call recordings where used for dispute handling or quality checks

Collection of sensitive personal data is not a standard goal. Sensitive data may be processed where compliance duties require it, for example, during enhanced identity checks, sanctions screening, fraud investigations, or reviews related to anti-money laundering and counter-terrorist financing obligations.

Data can enter the system through several routes.

Account registration creates the core dataset, since the user provides identity and contact details and selects account credentials. Verification steps can add documents and compliance data, especially when deposits, withdrawals, or account limits require a KYC review.

Browser and app use can transmit technical signals to the servers that host the platform. Such signals can include IP address, device details, access times, and log entries linked to security and diagnostics. These records support stability checks, fraud detection, and technical support.

Support contact creates communications records. Email exchanges, chat transcripts, and phone calls may be stored so that support can resolve issues, track prior requests, manage disputes, and maintain quality standards.

Payment activity generates transaction records. Banks, payment gateways, card schemes, and wallet providers can also return confirmations and status updates linked to deposits, withdrawals, and reversals.

Third-party data can be received from verification providers, fraud prevention systems, and payment processors. Third parties should provide only the data needed to complete a defined task, such as confirming identity or processing a payment.

Personal information should be used only for clear and lawful purposes connected to account services and legal duties. Data is not intended for sale to third parties for independent marketing. Key purposes can include:

• Account setup and management: registration, age checks, eligibility checks, account security, profile updates, and account recovery
• Service delivery: access to betting and gaming features, bet placement records, bonus administration, and account balance management
• Payments and financial operations: deposits, withdrawals, refunds, reversals, chargeback handling, and transaction reconciliation
• Legal and regulatory compliance: KYC checks, anti-money laundering controls, counter-terrorist financing controls, sanctions screening, and record-keeping duties
• Security and risk control: fraud detection, multi-accounting detection, misuse prevention, technical incident review, and enforcement of platform rules
• Support and dispute handling: response to questions, complaint handling, dispute resolution, and documentation of outcomes
• Analytics and improvement: performance measurement, navigation testing, reliability work, and risk control improvements based on aggregated insights
• Marketing where permitted: promotional messages, updates about new features, tournaments, or offers, based on lawful permission and user preference settings

Marketing preferences can be changed through account settings, where available, or through opt-out options in messages. Security alerts, legal notices, and account safety messages may still be delivered when needed.

Different activities can rely on different legal grounds, depending on what the user requests and what the law requires.

Contract performance often applies when the user requests account services, uses betting features, or initiates withdrawals. Legal obligation can apply where gambling and financial rules require identity checks, transaction monitoring, and record keeping.

Legitimate interests can apply where the operator protects platform security, prevents fraud, keeps services reliable, and improves internal controls, while balancing user privacy interests. Consent can apply to certain marketing messages, cookie categories, and optional features where the law requires user permission.

Further details about the legal basis for specific activities can be provided through the privacy contact channel, subject to identity verification.

Account operations depend on accurate user data. Identity and contact details support registration, age verification, and safe account recovery. Activity records support the betting history, bonus tracking, and account balance management.

Compliance duties can require ongoing monitoring. Transaction data can be reviewed for unusual patterns, and verification data can be requested when thresholds or risk triggers appear. Support interactions can be reviewed when a dispute arises or when an account security report requires investigation.

Analytics can rely on aggregated datasets. Aggregation reduces the ability to link patterns to a specific person. Pseudonymisation may also be used where feasible so that internal analysis can proceed without direct exposure of identity fields.

Some platforms publish winning information for promotional use. Publication can include a username or abbreviated name, the win amount, and basic context related to the prize. Controls may exist through support channels, depending on rules and legal requirements.

Protection of personal information depends on both technical controls and internal procedures. Security measures can include encryption of data in transit and, where feasible, encryption at rest. Network defenses can include firewalls, monitoring systems, and intrusion detection. Internal access controls can restrict data access to authorised personnel with a defined need to handle it.

Security procedures can include logging of administrative access, periodic reviews, secure backups, and recovery planning. Staff training and internal policies support the correct handling of user data and reduce accidental exposure.

Absolute security cannot be guaranteed for any online system. Users also have responsibilities. Password secrecy, device hygiene, and caution around phishing reduce risk. Any suspected unauthorised access should be reported quickly so that support can apply protective steps.

Users may have rights that allow access to personal data and control over certain processing. Rights can vary based on applicable law and compliance duties. Identity verification may be required before rights requests are processed, since privacy requests should not create a path for account takeover. Rights commonly available under privacy standards can include:

• Right of access: request a copy or summary of personal data held and information about how it is used
• Right to correction: request updates to inaccurate or incomplete data
• Right to deletion: request deletion or anonymisation where no legal reason exists to keep the data
• Right to restriction: request limits on certain processing activities in defined situations
• Right to portability: request transfer of certain data to another provider where technically feasible
• Right to object: object to processing for direct marketing, and in some cases object to processing based on legitimate interests
• Right to withdraw consent: withdraw consent where consent is the legal basis for a specific activity, without affecting earlier lawful processing

Legal duties can limit some requests. Anti-money laundering rules, dispute handling, tax duties, and law enforcement requests can require retention and continued processing. A refusal may occur where the law requires it, with an explanation provided where permitted.

A user can request access to personal data by contacting customer support or the designated privacy contact. Verification steps may be required, such as identity checks or confirmation of account ownership. A request may also require clarification, for example, which time range or which data category the user wants.

After verification, the platform can provide information about categories of data held, main purposes for processing, data sources where the user did not provide the data directly, and categories of recipients where disclosures occurred.

Users should keep their account data accurate. Some updates can be completed inside account settings, such as email, phone, or preference options. Other changes may require support assistance and document proof, such as name changes or address changes. Verification protects both the user and the platform, since inaccurate identity fields can increase fraud and payment disputes.

Account closure does not always trigger immediate deletion of all records. Gambling platforms and payment systems often operate under record-keeping duties tied to tax, accounting, anti-money laundering, and dispute resolution. These duties can require retention for a defined minimum period, and sometimes longer, where disputes or investigations exist.

A user can request account closure and can request deletion or anonymisation of personal data where the platform has no valid reason to keep it. Where retention duties apply, access to the account may be restricted while data is stored securely for the required period. After retention obligations end, deletion or anonymisation can occur according to internal procedures.

Backup systems can also affect deletion. Full deletion can be difficult when backups hold historical copies. A common approach keeps backups protected and rotates them out over time. Residual traces may exist in deletion logs or audit records, since those logs support security accountability.

A safe betting environment relies on verification and monitoring. By using the service, the user accepts that security checks and compliance reviews may occur at any time, especially when risk signals appear.

Checks can include confirmation of identity, age, residency, payment method ownership, and account behaviour patterns. Data sources for these checks can include documents submitted by the user, payment records, public databases where permitted, and authorised verification providers.

These controls aim to reduce fraud, prevent misuse, and meet legal duties tied to anti-money laundering and counter-terrorist financing requirements.

Payment processing requires third-party providers such as banks, payment gateways, card schemes, and wallet services. These providers can process deposits, withdrawals, refunds, and reversals.

To complete transactions, the platform can share limited payment data with the chosen provider. Shared fields can include the name connected to the payment, masked account references, tokenised card identifiers, amounts, timestamps, and status codes. Providers should use the data only to execute the payment and perform related compliance checks.

Secure protocols and encryption are commonly used to protect payment transfers. By initiating deposits or withdrawals, the user authorises the processing of payment data through these providers under applicable financial and privacy rules.

Third parties may have their own privacy notices. Reviewing those notices can help users understand data handling that occurs within the provider’s separate systems.

The platform is intended for adults. In India, eligibility for real-money betting and gaming typically starts at age 18, subject to local law.

Registration, deposits, and real-money play are not intended for minors. Account opening includes a user confirmation about age eligibility, and verification steps may require government-issued identification that shows date of birth.

If underage use is discovered or reasonably suspected, access to the account may be suspended. Bets may be voided in line with platform rules and legal duties. Remaining balances may be handled under regulatory guidance and applicable law.

Parents or guardians who suspect that a minor provided data or opened an account can contact support. After verification of authority, the operator may investigate, close any confirmed underage account, and attempt deletion or anonymisation of data connected to the minor, subject to retention duties tied to fraud prevention and legal compliance.

The operation of an online gaming platform can involve infrastructure and teams across several countries. Personal data of Indian users may be transferred to, stored in, or processed in jurisdictions outside India.

Cross-border processing can occur for server hosting, backups, disaster recovery, support operations, payment processing, fraud prevention, identity verification, compliance reporting, and auditing. Data protection rules differ across jurisdictions, so that safeguards may be applied through contractual controls and confidentiality duties.

By using the service and providing personal data, the user acknowledges that cross-border transfers may occur, subject to this policy and applicable law. Authorities in other jurisdictions may have access rights under their own legal frameworks.

Running the service can require trusted partners. Data sharing should follow a minimum-necessary approach, with contractual controls that define permitted use and security requirements. Recipients can include:

• payment service providers, banks, and financial institutions
• identity verification and KYC providers
• fraud detection and security vendors
• hosting and technology suppliers
• professional advisers such as auditors and legal counsel
• regulators, courts, and law enforcement, where the law requires disclosure

Shared data should relate to a defined purpose such as payment execution, identity verification, fraud prevention, dispute resolution, or legal compliance. Recipients are responsible for their own privacy practices under their policies and applicable law.

Where a user interacts directly with a provider, review of that provider’s privacy notice can help clarify how data is handled in that separate relationship.

Cookies are small text files stored on a device when a user accesses a website. Similar tools can include pixels, tags, and local storage. These technologies help maintain secure sessions, store preferences, measure site performance, and support marketing measurement where allowed. Cookie categories can include:

• Strictly necessary cookies: support secure login, navigation, and core functions
• Functional cookies: store preferences such as language and display settings
• Performance and analytics cookies: measure usage patterns to improve site speed and stability
• Personalisation cookies: support content selection based on prior preferences, where enabled
• Marketing cookies: support promotion measurement and delivery where allowed and where consent exists

Non-essential cookies may require consent, depending on applicable rules. Users can manage cookies through browser settings and, where provided, through on-site cookie controls. Blocking cookies can reduce access to certain functions, such as persistent login or preference storage.

Analytics, personalisation, and marketing cookies may be stored for up to 1 year from the last visit unless a shorter duration applies to a specific cookie. Session cookies often expire when the browser closes.

The website may include links, banners, or references to external services operated by third parties. Those external services have their own privacy policies and terms.

After a user leaves the betting site through a third-party link, data handling falls under the external provider’s rules. The operator does not control those third-party practices. Users should read the external privacy notice before providing data on those sites, especially payment data.

Responsibility for content, accuracy, availability, and data handling of third-party websites sits with the external operator.

Privacy policies may change due to updates in law, technology, and platform operations. When revisions occur, the updated text is typically posted on the website with a revision date.

Continued use of the services after publication of changes indicates acceptance of the revised policy. The version available on the platform should be treated as the current version in case older copies exist elsewhere.

Questions about privacy practices, rights requests, and data corrections can be directed to customer support or the privacy contact channel shown on the platform. Identity verification may be required before any account-specific data is disclosed or changed.

Clear requests that specify what the user needs, such as access to a data category or a correction to a profile field, can help support process requests faster while protecting account security.