mnok Privacy Policy
— Your Data & Rights
At mnok, the privacy of every player in Bangladesh is treated as a fundamental obligation, not an afterthought. This Privacy Policy explains in plain terms exactly what personal data we collect, why we collect it, how we use and protect it, and the rights you hold over your own information.
// privacy.config
End-to-End Encryption
All data transmitted between your device and mnok's servers is protected by TLS 1.3 encryption. Sensitive stored data — including payment details and identity documents — is encrypted at rest using AES-256.
We Never Sell Your Data
mnok does not sell, rent, or trade your personal information to any third party for their own marketing purposes. Your data is used exclusively to operate and improve the mnok platform for you.
You Control Your Data
Registered mnok Users can access, correct, export, and request deletion of their personal data at any time via the account settings dashboard or by contacting [email protected] directly.
Transparent Cookie Use
mnok uses only essential and analytical cookies. We do not deploy invasive advertising trackers or fingerprinting scripts. Cookie preferences can be reviewed in your browser settings at any time.
GDPR-Aligned Practices
Although mnok primarily serves the Bangladesh market, our data handling practices are aligned with internationally recognised privacy standards including the principles of the EU General Data Protection Regulation (GDPR).
No Data from Minors
mnok strictly prohibits use of the platform by anyone under 18. We do not knowingly collect personal data from minors. If we discover that data from an underage individual has been collected, it will be permanently deleted without delay.
Section 01
Information We Collect
mnok collects personal data through several channels: information you provide directly during registration and account management, information generated automatically as you use the platform, and information received from trusted third-party partners involved in payment processing and identity verification. Below is a detailed breakdown of each category.
Information you provide directly:
- Registration data: Full legal name, date of birth, email address, mobile phone number, and chosen username. This data is required to create and maintain your mnok account.
- Identity verification (KYC) documents: Government-issued photo identification (National ID card, passport, or driver's licence), proof of address, and in some cases a selfie photograph for biometric matching. KYC is mandatory before your first withdrawal.
- Payment information: Mobile financial service account numbers (bKash, Nagad, Rocket, Upay), bank account details, and crypto wallet addresses associated with deposits or withdrawals. Full card numbers for Visa/Mastercard are handled exclusively by our PCI-DSS-compliant payment partners — mnok does not store raw card data.
- Communications data: The content of messages you send to mnok via live chat, email ([email protected]), or any feedback or complaint submission form on the platform.
- Responsible gaming preferences: Any deposit limits, session time caps, cool-off periods, or self-exclusion requests you configure on your account.
Information collected automatically:
- Device and browser data: IP address, device type, operating system, browser type and version, screen resolution, and language settings.
- Usage and behavioural data: Pages visited on mnok, games played, bets placed, session duration, click-through patterns, and feature interactions. This data is used for platform optimisation and fraud detection.
- Log data: Server-side logs recording access times, request types, referring URLs, and error events. Logs are retained for security and compliance auditing purposes.
- Cookies and similar technologies: Session identifiers, authentication tokens, and analytics cookies. See Section 4 for full details on cookie use.
Information received from third parties:
- Payment processors: Transaction status updates, fraud risk scores, and payment reference numbers from providers such as bKash, Nagad, Rocket, Upay, and crypto processing partners.
- Identity verification services: Verification results and watchlist screening outcomes from KYC/AML service providers used to confirm the authenticity of identity documents.
- Anti-fraud services: Device reputation data and risk indicators from third-party fraud prevention tools used to protect the integrity of the platform.
Section 02
How We Use Your Data
mnok uses personal data collected from Users exclusively for the purposes described in this Privacy Policy. We do not process your data in ways that are incompatible with those stated purposes. The following table sets out the primary purposes for which data is used, along with the legal basis for each.
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Account creation & management | Contractual necessity | Name, email, mobile number, date of birth |
| Identity verification (KYC/AML) | Legal obligation | ID documents, proof of address, selfie |
| Processing deposits & withdrawals | Contractual necessity | Payment method details, transaction history |
| Fraud prevention & security | Legitimate interest | IP address, device data, behavioural data |
| Customer support | Contractual necessity | Account data, communications history |
| Platform analytics & improvement | Legitimate interest | Usage data, session data, cookie data |
| Responsible gaming monitoring | Legal obligation & legitimate interest | Betting patterns, session data, self-exclusion flags |
| Marketing communications | Consent (opt-in only) | Email address, preferences, betting history |
With regard to marketing communications: mnok will only send you promotional emails, bonus notifications, or seasonal campaign communications if you have explicitly opted in to receive them during registration or via your account communication preferences. You may withdraw this consent at any time by updating your notification settings or by emailing [email protected] with the subject line "Unsubscribe". Opt-out requests are processed within 5 business days.
mnok does not use your personal data to make any fully automated decisions that produce significant legal effects on you without a human review step. Automated systems are used to flag potential fraud or responsible gaming concerns, but any resulting account action (such as suspension or limit application) is reviewed by a member of the mnok compliance team before being enforced.
Section 03
Data Sharing & Third Parties
mnok does not sell, rent, or trade your personal information to any third party for commercial gain. However, in order to operate the platform and fulfil our legal obligations, mnok shares certain data with carefully selected categories of third-party service providers. Every such arrangement is governed by a data processing agreement that binds the third party to handle your data securely and only for the specified purpose.
Categories of third parties with whom data may be shared:
- Payment processors: bKash, Nagad, Rocket, Upay, USDT/crypto processing partners, Visa, and Mastercard. Shared data is limited to what is strictly necessary to process the specific transaction (e.g., mobile wallet number for bKash transfers, wallet address for crypto).
- KYC and identity verification providers: Third-party services used to verify the authenticity of identity documents and screen Users against sanctions and watchlists for AML compliance. These providers receive identity document images and personal details solely for the verification process.
- Game content providers: Providers such as Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi may receive a session token and pseudonymous player identifier to facilitate game-round integrity and return-to-player calculations. They do not receive your full name, payment details, or contact information.
- Analytics and platform performance tools: Server-side analytics providers that help mnok understand aggregate platform usage patterns. Data shared with these providers is anonymised or pseudonymised wherever technically feasible.
- Legal and regulatory authorities: Where mnok is required by applicable law, court order, or regulatory demand to disclose personal data, we will comply with such requirements. Where legally permissible, mnok will notify affected Users of any such disclosure.
- Professional advisers: Lawyers, accountants, and auditors engaged by mnok who may require access to certain account or transaction data as part of their professional mandate. All such advisers are bound by confidentiality obligations.
Section 04
Cookies & Tracking Technologies
Cookies are small text files stored on your device by your web browser when you visit a website. mnok uses cookies and similar technologies (such as local storage tokens) to ensure the platform functions correctly, to keep your session secure after login, and to gather anonymised data on how the platform is used so that we can improve the experience for all players.
Types of cookies used by mnok:
| Cookie Type | Purpose | Retention |
|---|---|---|
| Essential / Session | Maintain your login session, store authentication token, remember cart/balance state across page loads. Cannot be disabled without breaking core platform functionality. | Session (deleted on browser close) |
| Functional | Remember your language preference, notification settings, and responsible gaming limit configurations between visits. | Up to 12 months |
| Analytical | Collect anonymised data on page views, feature usage, and navigation paths to help mnok identify performance issues and improve UX. Data is aggregated and never tied to individual identities. | Up to 24 months |
| Security | Detect and mitigate fraudulent activity, bot traffic, and brute-force login attempts. These cookies record device fingerprint components that help distinguish legitimate Users from automated threats. | Up to 6 months |
mnok does not use third-party advertising cookies, cross-site tracking pixels, or behavioural profiling technologies that share your browsing data with external advertising networks.
You can manage or delete cookies at any time through your browser's settings (typically found under "Privacy" or "Security" in your browser preferences). Note that disabling essential session cookies will prevent you from logging in to your mnok account and using the platform normally. Analytical and functional cookies can be disabled without affecting core platform access.
For the avoidance of doubt, mnok's use of analytical cookies is based on our legitimate interest in understanding how the platform is used and improving it accordingly. No consent pop-up is required for cookies that are either essential to service delivery or based on legitimate interest, provided that Users are clearly informed — as they are by this section.
Section 05
Data Security & Storage
mnok takes the security of your personal data seriously and implements a multi-layered set of technical and organisational measures to protect it against unauthorised access, accidental loss, alteration, or disclosure.
Technical security measures in place at mnok include:
- Transport encryption: All connections between Users' devices and mnok's servers use TLS 1.3 (Transport Layer Security). The padlock icon in your browser confirms an encrypted connection is active.
- Storage encryption: Sensitive data at rest — including identity documents, payment method references, and hashed passwords — is encrypted using AES-256 encryption. Plaintext passwords are never stored.
- Password hashing: User passwords are hashed using a modern adaptive hashing algorithm (bcrypt with a suitable cost factor) before storage. mnok staff cannot retrieve your plaintext password — only reset it.
- Two-factor authentication (2FA): Optional but strongly recommended for all accounts. 2FA requires a time-based one-time password (TOTP) in addition to your password when logging in from an unrecognised device.
- Access controls: mnok staff access to User data follows a strict need-to-know principle. Role-based access controls (RBAC) ensure that only authorised personnel with a specific operational reason can view personal account data, and all such access is logged.
- Regular security audits: mnok undergoes periodic independent security assessments to identify and remediate vulnerabilities before they can be exploited.
Data storage locations: mnok's primary data infrastructure is hosted on secure cloud servers. Data is backed up regularly to geographically separate locations to ensure business continuity. All storage locations are subject to the same encryption and access-control standards described above.
While mnok employs rigorous security practices, no online platform can guarantee absolute security against all possible threats. In the event of a personal data breach that poses a risk to your rights and interests, mnok will notify affected Users without undue delay and, where required by applicable law, notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
Section 06
Your Privacy Rights
mnok respects your right to understand, control, and where appropriate restrict or erase the personal data we hold about you. The following rights are available to all registered mnok Users. To exercise any of these rights, contact [email protected] with the subject line Privacy Rights Request and include your registered email address and a brief description of your request.
- Right of Access: You have the right to request a copy of the personal data mnok holds about you. We will provide this in a structured, commonly used, machine-readable format (JSON or CSV) within 30 days of receiving your verified request.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected. Basic profile details (name, email, phone number) can be updated directly from the account settings dashboard without contacting support.
- Right to Erasure ("Right to be Forgotten"): You may request that mnok delete your personal data. This right is not absolute — mnok is required to retain certain data for legal, regulatory, and anti-money-laundering compliance purposes for a minimum period after account closure (see Section 7). Data that is not subject to these retention obligations will be permanently deleted within 30 days of a verified erasure request.
- Right to Restriction of Processing: In certain circumstances (for example, while you contest the accuracy of data we hold), you may request that mnok temporarily restrict how it processes your data.
- Right to Data Portability: You may request that mnok transfer your personal data directly to another service provider in a structured electronic format, where technically feasible.
- Right to Object: Where mnok processes your data on the basis of legitimate interest (such as for analytics or fraud prevention), you have the right to object to that processing. mnok will cease the processing unless it can demonstrate compelling legitimate grounds that override your interests.
- Right to Withdraw Consent: Where processing is based on your consent (such as for marketing emails), you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.
mnok will respond to all privacy rights requests within 30 days. In complex cases, this period may be extended by a further 60 days, in which case mnok will notify you of the extension and the reasons for it within the initial 30-day window. There is no charge for exercising your privacy rights unless requests are manifestly unfounded or excessive, in which case a reasonable administrative fee may be applied.
Section 07
Data Retention
mnok retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. The following retention periods apply:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | AML / legal compliance |
| KYC identity documents | Duration of account + 5 years post-closure | Regulatory requirement |
| Transaction & payment records | 7 years from transaction date | Financial record-keeping law |
| Responsible gaming records | Duration of account + 5 years post-closure | Player welfare obligation |
| Support communications | 3 years from last interaction | Dispute resolution / legitimate interest |
| Analytical / usage data | 24 months (anonymised thereafter) | Platform improvement |
| Marketing consent records | Until consent withdrawn + 1 year | Consent management compliance |
| Security / server logs | 12 months | Security auditing |
When the applicable retention period expires and there is no further legal basis for continued storage, personal data is securely deleted or permanently anonymised so that it can no longer be attributed to any individual. Anonymised, aggregated data (such as aggregate betting statistics that contain no individually identifying information) may be retained indefinitely for research and business reporting purposes.
Users who close their mnok account should be aware that their personal data will be retained for the regulatory periods stated above even after closure. This is a legal obligation and not a matter of discretion. Data subject to mandatory retention cannot be deleted in response to a Right to Erasure request during the applicable retention window.
Section 08
Contact & Data Controller
mnok is the data controller responsible for the personal data described in this Privacy Policy. This means mnok determines the purposes and means by which your personal data is processed. If you have any questions, concerns, or requests relating to this Privacy Policy or to the way mnok handles your personal data, please contact us using the details below.
Primary privacy contact:
All privacy-related queries, data subject access requests, and complaints should be directed to:
Email: [email protected]
Subject line: Privacy Rights Request
Response target: within 30 days of receipt of a verified request.
If you are not satisfied with mnok's response to your privacy concern, you have the right to escalate the matter to a relevant data protection supervisory authority. Given that mnok primarily serves Users in Bangladesh, escalation may be directed to the Bangladesh Telecommunication Regulatory Commission (BTRC) or any other competent authority recognised under Bangladeshi law as having oversight of data protection matters.
mnok reserves the right to update this Privacy Policy periodically to reflect changes in our data practices, legal obligations, or platform features. When material changes are made, registered Users will be notified via email or on-platform notification at least 7 days before the updated policy takes effect. The "Last Updated" date at the top of this page will always reflect the date of the most recent revision. Continued use of the mnok platform after the effective date of a revised Privacy Policy constitutes acceptance of the updated terms.
18+ mnok is an adult-only platform. We do not knowingly collect or process personal data belonging to individuals under the age of 18. If you believe a minor has registered on the platform, please contact [email protected] immediately so we can investigate and take appropriate action.
Ready to Play?
Explore mnok — Safe, Secure & Trusted
Your data is protected. Your privacy is respected. Now enjoy cricket betting, slots, live casino, and crash games — all with bKash, Nagad, Rocket, and USDT support. For adults aged 18 and above only.