phjoin Privacy Policy — Your Data, Your Rights
At phjoin, protecting the personal data of every Bangladesh player is a core responsibility, not an afterthought. This Privacy Policy explains in plain English exactly what information we collect, why we collect it, how we use and protect it, and what rights you hold over your own data.
SSL-Encrypted Data Transfer
All data exchanged between your device and phjoin is protected by 256-bit SSL encryption. Your personal and payment details are transmitted securely at every step, from account registration through to withdrawal processing.
No Data Sold to Third Parties
phjoin does not sell, rent, or trade your personal information to any third party for marketing purposes. Your data is used exclusively to operate, secure, and improve the phjoin platform and to fulfil our legal obligations.
Minimal Data Collection
phjoin collects only the personal data that is strictly necessary to operate the platform, verify player identities, process payments, and comply with applicable legal obligations. We do not collect data beyond what is needed for these defined purposes.
bKash & Nagad Payment Privacy
Payment details you provide when depositing via bKash, Nagad, Rocket, or Upay are used solely to process your transaction and verify the source of funds for anti-money-laundering compliance. phjoin does not store your full mobile banking PIN or password.
Clear Retention Periods
phjoin retains your personal data only for as long as your account is active or as required by applicable law. When data is no longer needed, it is securely deleted or anonymised in accordance with our data retention schedule.
You Control Your Data
You have the right to access, correct, or request deletion of your personal data at any time. Submit a data request to [email protected] and phjoin will respond within 30 days. See the Your Privacy Rights section for the full list of rights available to you.
Section 1
Data We Collect
phjoin collects personal data through several channels: directly from you when you register an account, make a deposit, contact support, or participate in a promotion; automatically when you browse or use the platform; and, in limited circumstances, from trusted third-party sources such as payment processors and identity verification providers.
1.1 Registration & Account Data
When you create a phjoin account, we collect the following information:
- Full legal name — as it appears on your government-issued identification document.
- Date of birth — to verify that you meet the 18+ age requirement.
- Residential address — including district, division, and postcode within Bangladesh, or your country of residence if outside Bangladesh.
- Email address — used as your primary contact channel and for account security notifications.
- Mobile phone number — used for two-factor authentication and for mobile payment linkage with bKash, Nagad, or Rocket.
- Username and hashed password — passwords are never stored in plain text; they are stored using a one-way cryptographic hash algorithm.
1.2 Identity Verification (KYC) Data
Before processing your first withdrawal, phjoin is required to verify your identity as part of our Know Your Customer (KYC) programme. KYC data collected includes:
- Scanned or photographed copy of a government-issued photo ID (National Identity Card, passport, or driving licence).
- Proof of residential address (utility bill, bank statement, or official government correspondence dated within 90 days).
- Selfie or live photograph taken at the time of verification, used to match your face against the photo on your identity document.
- Where required: screenshot or statement from your bKash or Nagad account confirming account ownership.
KYC documents are processed by phjoin's internal compliance team and, where applicable, by a certified third-party identity verification provider operating under a strict data processing agreement with phjoin. KYC data is retained in accordance with the retention periods set out in Section 6 of this policy.
1.3 Financial Transaction Data
phjoin records all financial transactions on your account, including deposit amounts, withdrawal requests, bonus credits, wagering activity, and refunds. This includes the mobile financial service account numbers (bKash, Nagad, Rocket, Upay) used for transactions. Full PIN numbers and mobile banking passwords are never collected or stored by phjoin.
1.4 Gameplay & Betting Data
phjoin records data about your gaming and betting activity on the platform, including: games played, bet amounts, win and loss outcomes, session durations, and responsible gaming tool settings (deposit limits, self-exclusion status, cool-off periods). This data is used to operate the platform, resolve disputes, detect prohibited conduct, and fulfil our responsible gaming obligations.
1.5 Technical & Device Data
When you access phjoin, we automatically collect certain technical information from your device and browser, including:
- IP address and approximate geolocation (used to determine eligibility and detect VPN usage from Restricted Territories).
- Device type, operating system, and browser version.
- Session timestamps, page views, and navigation paths within the platform.
- Referring URL (the website from which you arrived at phjoin, if applicable).
1.6 Communications Data
When you contact phjoin support via email, live chat, or any other channel, we retain records of the communications including the content of messages, timestamps, and the support agent handling the query. This data is used to resolve your query, train support staff, and maintain an audit trail for dispute resolution purposes.
Data Categories at a Glance
phjoin collects six categories of personal data: registration data, KYC identity documents, financial transaction records, gameplay activity logs, technical device data, and support communications. Each category has a defined collection purpose and retention period.
| Data Category | Collection Trigger |
|---|---|
| Registration Data | Account sign-up |
| KYC Documents | First withdrawal request |
| Transaction Records | Every deposit / withdrawal |
| Gameplay Logs | Each game session |
| Device / IP Data | Every platform visit |
| Support Records | Each support interaction |
Section 2
How We Use Your Data
phjoin processes your personal data only for the specific, defined purposes listed below. We do not use your data for any purpose that is incompatible with those originally stated at the time of collection. For each processing activity, phjoin relies on one of the following legal bases: performance of a contract (operating your account), compliance with a legal obligation, legitimate interest (platform security, fraud prevention), or, where required, your explicit consent.
2.1 Account Operation
Your registration data, login credentials, and account preferences are processed to create, maintain, and operate your phjoin account. This includes authenticating your identity when you log in, applying your responsible gaming settings, and managing your account balance and transaction history.
2.2 Payment Processing
Financial transaction data — including bKash, Nagad, Rocket, and Upay account references — is processed to execute your deposit and withdrawal requests, apply bonus credits, and maintain accurate financial records. phjoin shares the minimum necessary transaction data with payment processing partners to complete your requested transaction.
2.3 Identity Verification & Fraud Prevention
KYC documents and identity data are processed to verify that you meet the 18+ age requirement, confirm that you are who you say you are, detect and prevent multi-account fraud, and comply with anti-money-laundering obligations. IP address and device data are processed to detect prohibited use of VPNs to access phjoin from Restricted Territories and to identify automated bot activity.
2.4 Responsible Gaming
Gameplay activity data and account settings are processed to enforce deposit limits, cool-off periods, and self-exclusion restrictions that you have voluntarily activated. This data is also used to identify patterns of play that may indicate problem gambling, allowing phjoin to reach out proactively with responsible gaming resources where appropriate.
2.5 Customer Support
Support communications and account data are processed to respond to your queries, resolve disputes, and investigate complaints. Support records are also reviewed periodically for quality assurance and staff training purposes, with personal identifiers anonymised where possible.
2.6 Marketing Communications
Where you have provided consent to receive marketing communications, phjoin may send you promotional offers, bonus notifications, tournament updates, and seasonal promotions (such as Eid or Pohela Boishakh special offers) via email or on-platform notification. You may withdraw consent and unsubscribe from marketing communications at any time by emailing [email protected] or using the unsubscribe link in any marketing email. Withdrawal of marketing consent does not affect the operation of your account.
2.7 Legal & Regulatory Compliance
phjoin processes and retains personal data to the extent required by applicable law, including anti-money-laundering regulations, data protection obligations, and any lawful request from a competent authority. Where phjoin is required by law to disclose personal data to a government body or law enforcement agency, we will do so in accordance with the applicable legal process.
| Processing Purpose | Legal Basis |
|---|---|
| Account operation | Contract performance |
| Payment processing | Contract performance |
| KYC / fraud prevention | Legal obligation |
| Responsible gaming | Legal obligation |
| Customer support | Legitimate interest |
| Marketing emails | Consent |
| Legal compliance | Legal obligation |
Unsubscribe Anytime
You can opt out of all phjoin marketing emails at any time by emailing [email protected] or clicking the unsubscribe link in any promotional message. Opting out of marketing does not affect your ability to use your account or receive essential account notifications.
Section 3
Data Sharing & Disclosure
phjoin does not sell your personal data to any third party. We share your data only with the categories of recipient described below, and only to the extent strictly necessary for the stated purpose. Every third-party recipient that processes personal data on phjoin's behalf is bound by a data processing agreement requiring them to maintain appropriate technical and organisational security measures.
3.1 Payment Processing Partners
To process your deposits and withdrawals, phjoin shares the minimum necessary transaction data with mobile financial service providers including bKash, Nagad, Rocket, and Upay. The data shared is limited to the transaction amount, your registered mobile number linked to the payment method, and a transaction reference. These providers operate under their own privacy policies, which we encourage you to review.
3.2 Game Technology Providers
phjoin integrates games from certified studios including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi. To facilitate gameplay, a session token and anonymised player identifier are transmitted to the relevant game provider for each game session. Full personal identity data (name, address, ID documents) is not shared with game providers. Game providers retain session-level data for RNG audit and fairness certification purposes.
3.3 Identity Verification Providers
Where phjoin uses a certified third-party identity verification service to assist with KYC document review, your identity documents and selfie photograph may be transmitted to that provider's secure processing environment. The provider operates under a strict data processing agreement and is prohibited from using your data for any purpose other than completing the verification check requested by phjoin.
3.4 Legal & Regulatory Disclosure
phjoin may disclose personal data to competent authorities, law enforcement agencies, or regulatory bodies where required to do so by applicable law or valid legal process (such as a court order or official investigation request). In such circumstances, phjoin will disclose only the data specifically requested and will notify the affected player of the disclosure where legally permitted to do so.
3.5 Business Transfers
In the event that phjoin undergoes a merger, acquisition, or sale of all or a material part of its assets, player personal data may be transferred to the successor entity as part of the transaction. Players will be notified of any such transfer and of any material change to how their data is processed as a result, no less than 30 days before the change takes effect.
3.6 Aggregated & Anonymised Data
phjoin may share aggregated, anonymised, and non-personally-identifiable statistical data (such as total number of active players by region, average session duration, or most popular game categories) with partners, advertisers, or the public for business and research purposes. This data cannot be used to identify any individual player.
We Do Not Sell Your Data
phjoin has never sold and will never sell personal player data to advertising networks, data brokers, or any commercial third party. Data sharing is strictly limited to operational partners under binding data processing agreements.
| Recipient | Data Shared |
|---|---|
| bKash / Nagad / Rocket | Transaction amount, mobile number |
| Game providers | Session token, anonymous ID |
| KYC provider | ID documents, selfie photo |
| Law enforcement | As legally required |
| Successor entity | Full account data (with notice) |
Section 4
Cookies & Tracking
phjoin uses cookies and similar tracking technologies to operate the platform, maintain your session, remember your preferences, and analyse how players interact with the site. This section explains what types of cookies phjoin uses and how you can manage them.
4.1 Essential Cookies
Essential cookies are strictly necessary for the platform to function. They maintain your login session, store your language and currency preferences, and enable security features such as CSRF protection. Essential cookies cannot be disabled without breaking core platform functionality. No consent is required to set essential cookies, as they are necessary for the performance of the contract between you and phjoin.
4.2 Analytics Cookies
phjoin uses analytics cookies to understand how players navigate the platform — which pages are visited most, where players enter and exit the site, and how long sessions last. This data is used in aggregate to improve the platform's usability and performance. Analytics data is anonymised and is not used to build individual player profiles for marketing purposes.
4.3 Functional Cookies
Functional cookies store your account preferences beyond the current session, such as your preferred deposit method, responsible gaming settings, and notification preferences. These cookies improve your experience by reducing the need to re-enter preferences on each visit.
4.4 Managing Cookies
You can manage or disable non-essential cookies through your browser settings. Most modern browsers allow you to block or delete cookies on a per-site basis. Please note that disabling certain cookies may affect the functionality of the phjoin platform. Instructions for managing cookies in popular browsers are available in the help documentation of your specific browser. You may also adjust your cookie preferences at any time by contacting phjoin support at [email protected].
| Cookie Type | Purpose | Consent Required |
|---|---|---|
| Essential | Session, security | No |
| Analytics | Usage analysis | Yes |
| Functional | Preferences | Yes |
| Advertising | N/A — not used | N/A |
Browser Cookie Controls
You can manage cookies at any time via your browser settings. Blocking essential cookies will prevent you from logging in to phjoin. Non-essential analytics and functional cookies can be safely disabled without preventing access to the platform.
Section 5
Data Security
phjoin takes the security of your personal data seriously and implements a layered approach to information security covering technical controls, organisational policies, and staff training. No online platform can guarantee absolute security, but phjoin takes all reasonable and proportionate steps to protect your data from unauthorised access, disclosure, alteration, or destruction.
5.1 Technical Security Measures
- 256-bit SSL/TLS encryption: All data transmitted between your browser or app and phjoin's servers is encrypted in transit using industry-standard TLS protocols.
- At-rest encryption: Sensitive data fields — including identity documents and payment references — are encrypted at rest using AES-256 encryption within phjoin's database infrastructure.
- Password hashing: Account passwords are stored exclusively as one-way cryptographic hashes using a modern, salted hashing algorithm. Plain-text passwords are never stored or logged.
- Two-factor authentication (2FA): Players are encouraged to enable 2FA on their phjoin account via the security settings page. 2FA adds a second layer of protection requiring a time-based one-time code in addition to your password at login.
- Firewalls and intrusion detection: phjoin's server infrastructure is protected by enterprise-grade firewalls and continuous intrusion detection monitoring.
5.2 Organisational Security Measures
Access to personal data within phjoin is restricted on a strict need-to-know basis. Only staff members whose job function requires access to specific categories of player data are granted that access. All staff with access to personal data undergo data protection and security training. Access logs are maintained and reviewed regularly. Third-party contractors are required to sign confidentiality agreements before being granted any access to phjoin systems.
5.3 Data Breach Response
In the event of a data security incident that is likely to result in a risk to your rights and freedoms — for example, an unauthorised disclosure of account credentials — phjoin will notify affected players without undue delay after becoming aware of the breach, providing details of the nature of the incident, the categories of data affected, the likely consequences, and the steps phjoin has taken or proposes to take to address the breach and mitigate its effects.
5.4 Your Responsibility
While phjoin maintains robust platform-side security, you are also responsible for maintaining the security of your account. You should use a strong, unique password for your phjoin account, enable two-factor authentication, never share your login credentials with any third party, and log out of your account when using a shared device. If you suspect unauthorised access to your account, contact [email protected] immediately.
AES-256 At-Rest Encryption
Sensitive data stored in phjoin's database — including KYC documents and payment references — is encrypted at rest using AES-256, the same standard used by leading global financial institutions.
Enable Two-Factor Authentication
Protect your phjoin account with 2FA. Once enabled, every login requires both your password and a one-time code sent to your registered mobile number. Activate it in your account security settings.
Section 6
Data Retention
phjoin retains personal data for the minimum period necessary to fulfil the purpose for which it was collected, or for as long as required by applicable law. The retention periods below reflect both operational needs and legal compliance obligations.
6.1 Active Account Data
While your phjoin account is active, all account data — including registration information, transaction history, gameplay logs, and support records — is retained for the lifetime of the account. This data is necessary to operate your account, provide customer support, and fulfil ongoing legal obligations.
6.2 Post-Closure Retention
Following the closure of a phjoin account (whether voluntary or by phjoin), personal data is retained for a minimum period of five years from the date of closure. This retention period reflects anti-money-laundering and financial record-keeping obligations. KYC identity documents are retained for the same five-year period. After the retention period expires, data is securely deleted or irreversibly anonymised.
6.3 Marketing Data
Where you have consented to receive marketing communications, your contact details and marketing preferences are retained until you withdraw consent. Upon withdrawal of consent, your details are removed from active marketing lists within 10 business days. An anonymised record that consent was previously given and subsequently withdrawn may be retained indefinitely for compliance audit purposes.
6.4 Support Communications
Customer support correspondence is retained for three years from the date of each interaction, to allow phjoin to reference prior communications in the event of a later dispute, complaint, or regulatory inquiry. After three years, support records are deleted unless they relate to an open investigation or legal matter.
6.5 Technical Logs
Server-side technical and access logs — including IP address records associated with your account sessions — are retained for 12 months, after which they are automatically purged from phjoin's systems unless retained as part of an ongoing fraud investigation or legal hold.
| Data Category | Retention Period |
|---|---|
| Account & registration data | Lifetime of account + 5 years |
| KYC identity documents | 5 years post-closure |
| Transaction records | 5 years post-closure |
| Gameplay logs | Lifetime of account + 5 years |
| Support communications | 3 years per interaction |
| Marketing preferences | Until consent withdrawn |
| Technical / IP logs | 12 months |
Section 7
Your Privacy Rights
phjoin respects your rights over your personal data. The rights listed below are available to all phjoin players. To exercise any of these rights, submit a written request to [email protected]. phjoin will acknowledge your request within 5 business days and provide a substantive response within 30 days.
Right to Access
Request a copy of all personal data phjoin holds about you, including account data, transaction history, KYC records, and support communications.
Right to Rectification
Request correction of any inaccurate or incomplete personal data held in your phjoin account. Some corrections may require supporting documentation.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purpose it was collected, subject to our legal retention obligations under applicable law.
Right to Restrict Processing
Request that phjoin restricts processing of your data in certain circumstances — for example, while the accuracy of data you have disputed is being verified.
Right to Data Portability
Request a structured, machine-readable copy of the personal data you have provided to phjoin, which you may transmit to another service provider of your choice.
Right to Object
Object to phjoin processing your data on the basis of legitimate interest, including profiling for responsible gaming monitoring. Processing will cease unless phjoin can demonstrate compelling legitimate grounds.
Right to Withdraw Consent
Where processing is based on your consent (e.g., marketing emails), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Right to Account Closure
Request voluntary closure of your phjoin account at any time by emailing [email protected]. Withdrawal of any remaining real-money balance should be completed prior to closure. Bonus funds are forfeited at closure.
Section 8
Policy Updates & Contact
8.1 Changes to This Privacy Policy
phjoin reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or the services we offer. When a material change is made, phjoin will notify registered players via the email address associated with their account no less than 14 days before the change takes effect. The updated policy will be published on this page with a revised effective date. Your continued use of phjoin after the effective date of an updated policy constitutes acceptance of the revised terms. If you do not accept the revised policy, you should close your account before the effective date.
8.2 Minor Updates
Non-material updates — such as clarifications of existing language, corrections of typographical errors, or restructuring of sections for readability — may be made without advance notice. The effective date at the top of the policy will be updated to reflect the date of the most recent revision.
8.3 Contact the phjoin Privacy Team
If you have any questions about this Privacy Policy, how phjoin handles your personal data, or wish to exercise any of your privacy rights, please contact the phjoin privacy team using the details below. All privacy-related enquiries are handled by phjoin's dedicated compliance and data protection personnel.
- Email: [email protected]
- Subject line for data requests: Data Rights Request — [Your Username]
- Response time: Acknowledgement within 5 business days; substantive response within 30 days.
- Support hours: 24/7 English-language support available for Bangladesh players across Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, and all divisions.
8.4 Governing Language
This Privacy Policy is written in English. In the event of any conflict between the English version of this policy and any translation or paraphrase, the English version shall prevail.
Policy Change Notifications
Material changes to this Privacy Policy are communicated to registered players by email at least 14 days before they take effect. Ensure your registered email address is up to date in your phjoin account settings so you receive these notifications.
24/7 English Support
phjoin's customer support team is available around the clock to answer privacy questions, handle data rights requests, and assist with account security concerns. Contact [email protected] at any time — average first response is under 2 hours for Bangladesh players.
Questions About Your Privacy at phjoin?
Our English-language support team is available 24/7 to answer any privacy questions, process data rights requests, or help you manage your account settings. Explore our FAQ for quick answers, or visit the Responsible Gaming page for tools to keep your play safe.