01 Data We Collect
When you register, verify, and use your winrm account, we collect personal information across several categories. The scope of data collected depends on the services you use and the verification level required for your account. Below is a summary of the categories of personal data winrm processes.
| Data Category | Examples | Collection Point |
|---|---|---|
| Identity Data | Full name, date of birth, National ID (NID), passport number | Registration & KYC verification |
| Contact Data | Email address, mobile number (bKash/Nagad registered), residential address | Account registration |
| Financial Data | Payment method type (bKash, Nagad, Rocket, Upay, bank), transaction history, deposit and withdrawal amounts in ৳ | Deposit & withdrawal processing |
| Technical Data | IP address, device type, browser type, operating system, session timestamps | Platform access (automatic) |
| Usage Data | Pages visited, games played, bets placed, session duration, feature interactions | Platform activity (automatic) |
| Communications Data | Support chat transcripts, email correspondence, feedback submissions | Customer support interactions |
winrm collects data directly from you (through registration forms, KYC submissions, and support interactions), automatically through your use of the platform (via cookies and server logs), and in limited cases from third-party identity verification providers used to confirm the authenticity of documents submitted during the KYC process.
02 How We Use Your Data
winrm processes your personal data only for specific, legitimate purposes. We do not use your data for purposes that are incompatible with those for which it was originally collected. The primary purposes for which winrm processes personal data are as follows:
- Account Management: To create, maintain, verify, and administer your winrm account. This includes processing your registration details, confirming your identity, and managing your account settings and preferences.
- Payment Processing: To facilitate deposits and withdrawals in Bangladeshi Taka (৳) via your chosen payment method — including bKash, Nagad, Rocket, Upay, and linked bank accounts. Financial data is used to match incoming and outgoing transactions to your account and to detect payment anomalies.
- Platform Operation: To deliver the betting, casino, slots, and live gaming services you access on winrm, to personalise your experience, and to maintain the integrity of in-play markets and game results.
- Security and Fraud Prevention: To detect, investigate, and prevent fraudulent activity, multi-accounting, bonus abuse, money laundering, and other prohibited conduct as defined in the winrm Terms and Conditions. Technical and usage data are analysed for behavioural anomalies that may indicate fraudulent intent.
- Responsible Gaming Compliance: To enforce age verification, to apply deposit limits, loss limits, or self-exclusion restrictions at the player's request or in response to identified problem gambling indicators, and to flag accounts for responsible gaming intervention where appropriate.
- Legal and Regulatory Compliance: To comply with applicable legal obligations, respond to lawful requests from competent authorities, and maintain records as required by relevant financial and anti-money-laundering regulations.
- Customer Support: To respond to your support queries, resolve disputes, and maintain a record of communications for quality assurance and audit purposes.
- Marketing Communications: To send you promotional offers, bonus notifications, and platform updates — but only where you have opted in to such communications. You may withdraw this consent at any time via your account preferences.
03 Cookies and Tracking
winrm uses cookies and similar tracking technologies to operate the platform effectively, keep your session secure, and gather aggregated analytical data about how players interact with the site. A cookie is a small text file placed on your device by the winrm server when you access the platform.
The following categories of cookies are used on winrm:
- Strictly Necessary Cookies: These cookies are essential for the platform to function and cannot be switched off. They include session authentication tokens, CSRF protection tokens, and load-balancing cookies. Without these, core services such as account login, game loading, and payment processing would not function correctly.
- Functional Cookies: These cookies remember your preferences — such as your preferred language setting and display options — so that you do not need to re-enter them on each visit. They improve your experience but are not strictly required for platform operation.
- Analytical Cookies: winrm uses first-party analytical cookies to collect aggregated, anonymised data about which pages and features are most popular, how long players stay on particular game pages, and where errors or friction points occur. This data is used to improve platform performance and user experience. We do not use third-party analytics services that share data with advertising networks.
- Security Cookies: These cookies assist winrm's fraud detection systems by capturing device fingerprint data and login behaviour patterns. They help identify suspicious access attempts and protect your account from unauthorised access.
winrm does not use cross-site tracking cookies, retargeting pixels, or third-party advertising cookies that monitor your behaviour on other websites. Our cookie use is limited to the operation and improvement of the winrm platform itself.
04 Data Sharing and Disclosure
winrm does not sell, rent, or otherwise trade your personal data to third parties for commercial purposes. Your data may be shared with external parties only in the limited circumstances described below, and only to the extent necessary for the specified purpose.
- Payment Service Providers: When you make a deposit or withdrawal, relevant transaction data — including your name and payment method details — is shared with the relevant payment processor (e.g., bKash, Nagad, Rocket, Upay, Visa, Mastercard) solely to complete the transaction. These providers operate under their own privacy policies and data security obligations.
- Identity Verification Partners: For KYC compliance, winrm may use third-party identity verification services to validate documents such as National ID cards or passports. These partners process your identity documents under strict data processing agreements and are not permitted to use your data for any other purpose.
- Game Technology Providers: Some usage data related to in-game behaviour and bet history may be accessible to game software providers (such as Pragmatic Play, Evolution Gaming, or Spribe) for the purpose of game auditing, RNG certification, and dispute resolution. No financial or identity data beyond what is required for game operation is shared with these providers.
- Legal and Regulatory Authorities: winrm will disclose personal data to competent courts, law enforcement agencies, or regulatory bodies where required to do so by a lawful order, warrant, or legal obligation. winrm will, where legally permitted, notify the affected account holder of any such disclosure.
- Anti-Fraud and AML Networks: To detect and prevent money laundering and match manipulation, winrm may share limited account and transaction data with industry-wide anti-fraud networks and sports integrity organisations where there is a genuine and reasonable suspicion of wrongdoing.
05 Data Security Measures
winrm employs a layered approach to data security, combining technical controls, operational procedures, and access management policies to protect your personal information against unauthorised access, loss, alteration, or disclosure.
- Encryption in Transit: All communications between your device and winrm servers are encrypted using TLS 1.2 or higher. This applies to account login, payment transactions, game data, and all API communications.
- Encryption at Rest: Sensitive personal data — including identity documents, payment details, and authentication credentials — is stored in encrypted format on winrm's servers. Encryption keys are managed under strict access controls.
- Access Control: Access to personal data within the winrm organisation is restricted to personnel who require it to perform their specific role. Access is granted on a least-privilege basis and is subject to regular review and audit.
- Two-Factor Authentication: winrm supports OTP-based two-factor authentication via your registered mobile number. Enabling 2FA significantly reduces the risk of unauthorised account access even in the event of a password compromise.
- Penetration Testing: The winrm platform undergoes periodic security assessments including vulnerability scanning and penetration testing to identify and remediate potential weaknesses before they can be exploited.
- Incident Response: In the event of a confirmed data breach that poses a risk to your personal data, winrm will notify affected users within a reasonable timeframe and take immediate steps to contain the breach and prevent further exposure.
While winrm implements robust security controls, no system connected to the internet can guarantee absolute security. You are responsible for maintaining the confidentiality of your own login credentials and for reporting any suspected unauthorised access to your account promptly via [email protected].
06 Data Retention Policy
winrm retains personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable legal, regulatory, or contractual obligations. The table below outlines our standard retention periods by data category.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account & Identity Data | 5 years post-account closure | Legal / AML compliance |
| Financial Transaction Records | 7 years from transaction date | Financial record-keeping |
| KYC Documents | 5 years post-account closure | AML / identity verification |
| Betting & Game History | 3 years from activity date | Dispute resolution / audit |
| Support Communications | 2 years from last interaction | Quality assurance / disputes |
| Technical & Log Data | 90 days rolling | Security monitoring |
| Marketing Preferences | Until consent withdrawn | Consent-based processing |
Following the expiry of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be associated with an identifiable individual. Anonymised and aggregated data — from which no individual can be identified — may be retained indefinitely for statistical and analytical purposes.
07 Your Privacy Rights
As a user of the winrm platform, you hold the following rights with respect to the personal data winrm processes about you. These rights may be exercised by contacting the winrm support team at [email protected] with a clear description of your request.
- Right of Access: You have the right to request a copy of the personal data winrm holds about you. We will provide a summary of your data within 30 calendar days of receiving a valid request, subject to identity verification.
- Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. You may update certain information directly within your account settings.
- Right to Erasure: You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected and where there is no overriding legal obligation requiring its retention. Note that financial transaction records and KYC data are subject to mandatory retention periods and cannot be erased on request during those periods.
- Right to Restrict Processing: You may request that winrm restricts the processing of your personal data in certain circumstances — for example, while the accuracy of the data is being contested, or while an objection to processing is being considered.
- Right to Object: You have the right to object to the processing of your personal data where that processing is based on winrm's legitimate interests. You also have an unconditional right to object to processing for direct marketing purposes at any time.
- Right to Data Portability: Where technically feasible and legally applicable, you may request a copy of your personal data in a structured, machine-readable format for transfer to another service provider.
- Right to Withdraw Consent: Where processing is based on your consent — for example, for receiving marketing communications — you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
08 Contact and Policy Updates
If you have any questions, concerns, or requests relating to this Privacy Policy or the way winrm handles your personal data, please contact the winrm support team using the details below. All privacy-related enquiries are handled by winrm's designated data responsibility team.
- Email: [email protected] — please use the subject line "Privacy Enquiry" for faster routing.
- Response Time: winrm aims to acknowledge all privacy enquiries within 2 business days and to provide a substantive response within 14 business days.
- In-Platform Support: You may also raise privacy concerns via the 24/7 live chat feature available within the winrm platform.
Policy Updates: winrm reserves the right to update or revise this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or platform features. When material changes are made, we will notify registered users via the email address associated with their account and/or via a prominent notice on the platform before the changes take effect. The "Last Updated" date at the top of this page will always reflect the date of the most recent revision.
Your continued use of the winrm platform following the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the revised policy, you should discontinue use of the platform and may request account closure as described in the winrm Terms and Conditions.