Privacy Policy – How Mostpay Protects Your Data

01 Who We Are

Mostpay is a real-money gaming platform operated for players in Bangladesh. We offer a range of skill-based and chance-based games accessible via web browser and mobile app, with payment processing through bKash, Nagad, Rocket, and local bank transfer.

For the purposes of this Privacy Policy, Mostpay is the data controller responsible for the personal information you provide when registering and using the platform. If you have any questions about how your data is handled, you can reach us at [email protected].

This policy applies to all Mostpay services including the website at mostpay.app, the Mostpay mobile app, and any related customer support interactions.

02 Data We Collect

Mostpay collects personal data in three ways: information you provide directly, information generated automatically when you use the platform, and information received from third-party verification providers. Here is a breakdown of each category:

Category	Examples	Source
Identity Data	Full name, date of birth, national ID number, passport number	Provided by you during registration or KYC verification
Contact Data	Mobile number, email address	Provided by you during registration
Financial Data	bKash/Nagad wallet number, bank account details, transaction history	Provided by you when making deposits or withdrawals
Technical Data	IP address, device type, browser type, operating system, session duration	Collected automatically when you access the platform
Usage Data	Games played, bets placed, session times, feature interactions	Collected automatically during platform use
Verification Data	Identity document images, selfie photos for liveness checks	Provided by you during KYC; processed by our verification partner
Communications Data	Support chat transcripts, email correspondence, complaint records	Generated when you contact Mostpay support

Mostpay does not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, or health information unless specifically required by law.

03 How We Use Your Data

Every piece of data Mostpay collects has a specific purpose. We do not use your data for anything beyond what is described here. The main purposes for which we process your personal information are:

Account management: Creating and maintaining your Mostpay account, verifying your identity, and managing your login credentials.
Payment processing: Processing deposits and withdrawals via bKash, Nagad, Rocket, and bank transfer. Verifying that payment methods belong to you.
Game delivery: Providing access to games, recording game results, calculating winnings, and maintaining your transaction history.
Fraud prevention: Detecting and preventing fraudulent activity, money laundering, bonus abuse, and other violations of our Terms and Conditions.
Legal compliance: Meeting our obligations under applicable financial regulations, anti-money laundering laws, and any lawful requests from regulatory authorities.
Customer support: Responding to your enquiries, resolving disputes, and improving our support processes based on interaction history.
Platform improvement: Analysing usage patterns to identify bugs, improve game performance, and develop new features that players actually want.
Responsible gaming: Monitoring gameplay patterns to identify signs of problem gambling and proactively offering support tools where appropriate.
Communications: Sending account notifications, security alerts, and — where you have opted in — promotional messages about offers and new games.

Mostpay does not use automated decision-making or profiling in ways that produce legal or similarly significant effects on you without human review.

04 Legal Basis for Processing

Mostpay processes your personal data on one or more of the following legal bases, depending on the specific processing activity:

Contract performance: Processing necessary to provide the Mostpay service you have signed up for, including account management, game access, and payment processing.
Legal obligation: Processing required to comply with applicable laws, including anti-money laundering regulations, identity verification requirements, and responses to lawful authority requests.
Legitimate interests: Processing for fraud prevention, platform security, and service improvement, where these interests are not overridden by your privacy rights.
Consent: Processing for optional purposes such as marketing communications, where you have given clear and specific consent. You can withdraw consent at any time from your account settings.

05 Data Sharing

Mostpay does not sell your personal data. We share data only with the categories of third parties listed below, and only to the extent necessary for the stated purpose:

Payment processors: bKash, Nagad, Rocket, and banking partners receive the financial data necessary to process your transactions. These providers operate under their own privacy policies and are bound by financial data protection regulations.
Identity verification providers: Our KYC partner receives identity document images and personal details to verify your identity. Data shared for verification is not used for any other purpose by the provider.
Cloud infrastructure providers: Mostpay uses cloud hosting services to store and process data. Our hosting providers operate under strict data processing agreements and do not have access to your data for their own purposes.
Fraud prevention services: We may share technical data such as IP addresses and device fingerprints with fraud detection services to identify and block suspicious activity.
Regulatory authorities: Mostpay is required by law to report certain financial transactions and to respond to lawful requests from government authorities. We will always seek to limit the scope of any such disclosure to what is strictly required.
Professional advisers: Lawyers, auditors, and accountants may access data where necessary for legal, compliance, or financial audit purposes. All such parties are bound by confidentiality obligations.

All third parties who receive your data from Mostpay are required to handle it securely and in accordance with applicable data protection law. We do not allow them to use your data for their own marketing purposes.

06 Cookies and Tracking

Mostpay uses cookies and similar tracking technologies to keep you logged in, remember your preferences, and understand how players use the platform. Here is what we use and why:

Essential cookies: Required for the platform to function. These include session cookies that keep you logged in and security cookies that protect against cross-site request forgery. You cannot opt out of essential cookies without stopping use of the platform.
Functional cookies: Remember your preferences such as language settings, display options, and game history. These improve your experience but are not strictly necessary.
Analytics cookies: Help us understand which pages and features are most used, where players encounter problems, and how to improve the platform. Analytics data is aggregated and does not identify individual players.
Security cookies: Used to detect and prevent fraudulent login attempts, bot activity, and other security threats.

You can manage cookie preferences from your browser settings. Disabling non-essential cookies will not prevent you from using Mostpay, but some features may not work as smoothly. Mostpay does not use third-party advertising cookies or tracking pixels for ad targeting.

07 Data Retention

Mostpay retains your personal data for as long as your account is active and for a defined period after account closure. Retention periods vary by data type based on legal requirements and operational necessity:

Account and identity data: Retained for the duration of your account and for 5 years after account closure, as required by anti-money laundering regulations.
Transaction records: Retained for 7 years after the transaction date in accordance with financial record-keeping requirements.
KYC documents: Retained for 5 years after account closure or the date of the last transaction, whichever is later.
Support communications: Retained for 3 years after the interaction, or longer if the communication relates to an unresolved dispute.
Technical and usage data: Retained in aggregated, anonymised form for platform analytics. Individual-level technical data is deleted within 12 months of collection.
Marketing consent records: Retained for as long as you remain opted in, plus 3 years after opt-out to demonstrate compliance.

When data reaches the end of its retention period, it is securely deleted or anonymised so that it can no longer be linked to you as an individual.

08 Your Rights

As a Mostpay player, you have the following rights over your personal data. You can exercise any of these rights by contacting us at [email protected]. We will respond within 30 days.

Right to Access Request a copy of all personal data Mostpay holds about you.

Right to Rectification Ask us to correct any inaccurate or incomplete data.

Right to Erasure Request deletion of your data where there is no legal reason to retain it.

Right to Restriction Ask us to pause processing of your data in certain circumstances.

Right to Portability Receive your data in a structured, machine-readable format.

Right to Object Object to processing based on legitimate interests or for direct marketing.

Withdraw Consent Withdraw consent for optional processing such as marketing at any time.

Right to Complain Lodge a complaint with the relevant data protection authority if unsatisfied.

Some rights are subject to legal limitations. For example, we cannot delete transaction records that we are legally required to retain. Where a limitation applies, we will explain it clearly in our response to your request.

09 Data Security

Mostpay takes the security of your personal data seriously. We have implemented a range of technical and organisational measures to protect your information against unauthorised access, loss, or disclosure:

TLS encryption: All data in transit between your device and Mostpay servers is encrypted using TLS 1.2 or higher.
AES-256 encryption at rest: Sensitive stored data including payment details and identity documents is encrypted at rest.
Access controls: Access to personal data within Mostpay is restricted to staff who need it to perform their job. All access is logged and audited.
Two-factor authentication: Available for all player accounts and mandatory for internal staff accounts with data access.
Regular security audits: Mostpay conducts regular penetration testing and security reviews of its infrastructure and applications.
Incident response plan: We maintain a documented data breach response procedure. In the event of a breach affecting your data, you will be notified within 72 hours.

While we take every reasonable precaution, no online platform can guarantee absolute security. You also play a role in keeping your account safe — use a strong, unique password and enable two-factor authentication from your account settings.

10 Children's Privacy

Mostpay is strictly for adults aged 18 and above. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has registered on Mostpay, please contact us immediately at [email protected]. We will investigate and close the account promptly, deleting any associated personal data.

Age verification is a mandatory step in the Mostpay registration process. We use a combination of self-declaration and document-based verification to enforce this requirement. Accounts where age cannot be confirmed will be suspended pending verification.

11 Third-Party Links

The Mostpay platform does not contain links to external third-party websites. All navigation within the platform stays within the mostpay.app domain. If you arrive at Mostpay via a link from another website, that website's privacy practices are entirely separate from ours and are not covered by this policy.

Mostpay is not responsible for the privacy practices of any third-party payment providers you use to fund your account. We recommend reviewing the privacy policy of your payment provider — such as bKash or Nagad — to understand how they handle your financial data on their end.

12 Updates to This Policy

Mostpay may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or platform features. When we make changes, we will update the "last updated" date at the top of this page.

For significant changes that affect how we use your data in a material way, we will notify you directly via your registered email address at least 7 days before the changes take effect. Continued use of Mostpay after the effective date of any update constitutes your acceptance of the revised policy.

We encourage you to review this policy periodically. If you have questions about any changes, contact us at [email protected] before the effective date and we will be happy to explain.

13 Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or need to report a privacy concern, please get in touch with the Mostpay privacy team. We aim to respond to all privacy-related enquiries within 5 business days.

Email: [email protected]
Subject line for data requests: "Data Request – [Your Username]"
Subject line for privacy concerns: "Privacy Concern – [Brief Description]"
Response time: Within 5 business days for privacy requests; within 30 days for formal data subject requests

All privacy requests are handled by a real person, not an automated system. We take every request seriously and will always give you a clear, honest answer about what data we hold and how it is used.

Mostpay Privacy Policy – How We Handle Your Data

Six Ways Mostpay Protects Your Privacy

We Never Sell Your Data

Encryption at Every Step

You Control Your Data

Minimal Data Collection

Clear Retention Limits

Breach Notification

Contents