hi2 Privacy Policy
Your privacy matters to hi2. This Privacy Policy explains exactly what personal data we collect from players in Bangladesh, why we collect it, how it is stored and protected, and what rights you have over your own information. We are committed to handling your data with the same care and transparency we bring to every aspect of the hi2 platform.
The cards below give you a quick overview of our core privacy commitments. These summaries are provided for convenience only — the full legal text in each section below is the definitive statement of our data practices.
Minimal Data Collection
hi2 collects only the data necessary to operate your account, process payments, verify your identity, and comply with applicable anti-fraud and anti-money laundering obligations.
256-bit SSL Encryption
All data transmitted between your device and hi2's servers is protected by 256-bit TLS encryption — the same standard used by leading Bangladeshi banks including BRAC Bank and Dutch-Bangla Bank.
No Third-Party Sale
hi2 does not sell, rent, or trade your personal data to any third-party commercial entity for marketing or advertising purposes. Your data is used solely to deliver hi2 services.
Your Data Rights
You have the right to access, correct, and request deletion of your personal data held by hi2 at any time. Requests are processed within 30 days of receipt and at no charge.
Transparent Cookie Use
hi2 uses strictly necessary and analytical cookies to keep the platform functional and improve the user experience. We do not deploy third-party advertising cookies that track you across other websites.
Contact Our Team
For any privacy-related question, data access request, or complaint, contact our English-language support team at [email protected]. We respond to all privacy enquiries within 48 hours.
Data Controller & Scope
This Privacy Policy applies to all personal data collected and processed by hi2 ("hi2", "we", "us", "our") in connection with your use of the hi2 online casino and sports betting platform, accessible at https://hi2.bio (the "Platform"). hi2 acts as the data controller in respect of the personal data it collects from registered players and visitors located in Bangladesh and elsewhere.
This Policy governs all personal data collected through:
- The hi2 website and any mobile-optimised version of the Platform.
- Account registration and KYC verification processes.
- Deposit and withdrawal transactions conducted via bKash, Nagad, Rocket, Upay, and local bank transfer.
- Customer support interactions, including communications sent to [email protected].
- Promotional and marketing communications where you have opted in to receive them.
- Cookies, server logs, and other automated data collection technologies described in Section 5 below.
This Policy does not apply to third-party websites, payment service providers, or game software providers that may be accessible through or in connection with the hi2 Platform. Each such third party operates under its own privacy policy, and hi2 encourages you to review those policies independently. hi2 is not responsible for the data practices of any third-party provider.
Information We Collect
hi2 collects personal data through two primary channels: information you provide directly when using the Platform, and information collected automatically through your interaction with the Platform's technical infrastructure. The categories of data we collect are described in detail below.
Information You Provide Directly
- Registration data: Full legal name, date of birth, gender, residential address (including city — Dhaka, Chittagong, Sylhet, Khulna, Rajshahi, Barisal, Rangpur, Mymensingh, or elsewhere in Bangladesh), mobile phone number, and email address.
- Identity verification (KYC) documents: Scanned or photographed copies of your National Identity Card (NID), passport, or other government-issued identity document; proof of address; and proof of payment method (e.g., a screenshot of your bKash or Nagad account registered in your name).
- Financial data: Mobile wallet numbers (bKash, Nagad, Rocket, Upay) and local bank account details used for deposit and withdrawal transactions. hi2 does not store full card numbers or full bank account numbers beyond what is necessary for transaction reference purposes.
- Support correspondence: The content of any messages, emails, or chat conversations you initiate with the hi2 support team, including any attachments or screenshots you provide.
- Promotional data: Preferences you indicate regarding bonus types, favourite games, or sporting interests (e.g., BPL cricket, IPL, T20 matches) when filling in optional profile fields or survey responses.
Information Collected Automatically
- Device and browser data: IP address, device type, operating system, browser type and version, screen resolution, and device fingerprint identifiers.
- Usage data: Pages visited, time spent on each page, game sessions initiated, bet amounts placed, sports markets viewed, and navigation paths through the Platform.
- Transaction logs: Timestamps, amounts, and reference numbers for all deposit and withdrawal transactions processed through the Platform.
- Session and authentication data: Login timestamps, session duration, and records of failed login attempts used for security monitoring purposes.
- Cookie data: As described in full in Section 5 of this Policy.
Data We Do Not Collect
hi2 does not collect or store full payment card numbers, CVV codes, or full bank account numbers. hi2 does not collect biometric data (such as fingerprints or facial recognition data) at this time. hi2 does not collect data from social media profiles unless you explicitly connect a social login to your hi2 account.
How We Use Your Data
hi2 processes your personal data only for specific, clearly defined purposes. We do not use your data in ways that are incompatible with the purpose for which it was originally collected. The primary purposes for which hi2 uses your personal data are as follows:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation and management | Registration data, contact details | Contractual necessity |
| Age and identity verification (KYC) | KYC documents, date of birth | Legal obligation |
| Processing deposits and withdrawals | Financial data, transaction logs | Contractual necessity |
| Fraud detection and prevention | Device data, IP address, session logs | Legitimate interest |
| Responsible gaming monitoring | Usage data, betting history | Legal obligation / legitimate interest |
| Customer support | Support correspondence, account data | Contractual necessity |
| Platform improvement and analytics | Usage data, cookie data | Legitimate interest |
| Promotional communications (opted-in) | Contact details, game preferences | Consent |
| Anti-money laundering compliance | KYC documents, transaction logs | Legal obligation |
Marketing Communications
hi2 will only send you promotional emails, SMS messages, or in-Platform notifications about bonuses, new games, cricket betting markets, or special events if you have explicitly opted in to receive such communications during registration or within your account settings. You may withdraw your consent at any time by updating your notification preferences in your account dashboard or by contacting [email protected]. Withdrawal of consent does not affect the lawfulness of any marketing communication sent before the opt-out was processed.
hi2 does not use automated decision-making or profiling in a way that produces legal or similarly significant effects on individual players, except where necessary for fraud detection purposes — in which case any adverse account action may be reviewed upon written request.
Data Sharing & Third Parties
hi2 does not sell, rent, or trade your personal data to any third party for commercial purposes. Your data is shared with third parties only in the limited circumstances described below, and only to the extent strictly necessary for the stated purpose.
Payment Service Providers
To process your deposits and withdrawals, hi2 shares the minimum necessary transaction data with your chosen mobile financial service provider — bKash, Nagad, Rocket, or Upay — or with the relevant local bank. This sharing is strictly limited to what is required to complete the specific transaction. Each payment provider processes this data under its own privacy policy and applicable financial services regulation.
Game Software Providers
hi2 integrates games from reputable third-party game studios and providers including Pragmatic Play, Evolution Gaming, NetEnt, Microgaming, Spribe, and Ezugi, among others. These providers may receive limited technical session data (such as a pseudonymous session token and game round outcomes) to ensure proper game operation, result verification, and fair play certification. Game providers do not receive your name, contact details, or payment information.
Fraud Prevention and Compliance
hi2 may share personal data with fraud prevention agencies, identity verification services, and financial intelligence bodies where required to meet anti-money laundering obligations or to investigate suspected fraudulent activity. Such disclosures are made only to the extent required by applicable law or a valid legal process (such as a court order or regulatory directive).
Technology and Infrastructure Providers
hi2 uses trusted third-party technology partners for cloud hosting, data storage, cybersecurity monitoring, and customer support platform infrastructure. These providers process data strictly under written data processing agreements with hi2 and are prohibited from using your data for any purpose other than delivering the contracted service.
Business Transfers
In the event that hi2 undergoes a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred as part of that transaction. In such circumstances, hi2 will take reasonable steps to ensure that the receiving entity maintains privacy protections that are at least equivalent to those described in this Policy, and registered players will be notified of any material change to data controllership by email.
Data Retention & Deletion
hi2 retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply to the main categories of data held by hi2:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | Legal and contractual obligations |
| KYC identity documents | Duration of account + 5 years after closure | Anti-money laundering compliance |
| Financial transaction records | 7 years from transaction date | Financial record-keeping requirements |
| Betting and game session logs | 3 years from session date | Dispute resolution and fair play audit |
| Customer support correspondence | 3 years from last interaction | Dispute resolution and service quality |
| Cookie and usage analytics data | 13 months from collection | Platform improvement analysis |
| Marketing preference data | Until consent is withdrawn | Consent-based processing |
When the applicable retention period expires, hi2 will securely delete or anonymise your personal data in a manner that prevents reconstruction or re-identification. Data that is anonymised beyond the possibility of re-identification may be retained indefinitely for statistical and analytical purposes.
Account Deletion Requests
If you close your hi2 account and request deletion of your personal data, hi2 will process the deletion request within 30 days. Please be aware that certain categories of data — particularly financial transaction records and KYC documents — are subject to mandatory legal retention periods and cannot be deleted on request until those periods have elapsed, regardless of account closure. hi2 will clearly communicate which data categories are subject to mandatory retention at the time your deletion request is received.
Your Privacy Rights
As a player registered with hi2, you hold a number of rights in relation to the personal data we hold about you. hi2 is committed to honouring these rights promptly and without charge. Your rights include the following:
- Right of Access: You have the right to request a copy of all personal data that hi2 holds about you. Upon receipt of a verified access request, hi2 will provide a structured summary of your data within 30 days.
- Right to Rectification: If any personal data held by hi2 is inaccurate or incomplete, you have the right to request that it be corrected. You may update basic profile information (such as your email address or phone number) directly within your account settings; other corrections should be requested via [email protected].
- Right to Erasure ("Right to Be Forgotten"): Subject to the mandatory retention periods described in Section 6, you may request that hi2 delete your personal data. Requests will be fulfilled within 30 days to the extent technically and legally possible.
- Right to Restriction of Processing: You may request that hi2 restrict the processing of your data in certain circumstances — for example, while a data accuracy dispute is being resolved, or where you have objected to processing based on legitimate interest and that objection is under review.
- Right to Object: Where hi2 processes your data on the basis of legitimate interest (such as for fraud detection or Platform analytics), you have the right to object to that processing. hi2 will cease such processing unless it can demonstrate compelling legitimate grounds that override your interests.
- Right to Withdraw Consent: Where hi2 processes your data on the basis of your consent (for example, for marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
- Right to Data Portability: You may request that hi2 provide your personal data in a structured, commonly used, machine-readable format, or that it be transmitted directly to another data controller where technically feasible.
How to Exercise Your Rights
To exercise any of the rights described above, please submit a written request to [email protected] with the subject line "Privacy Rights Request" and include your full registered name and the email address associated with your hi2 account. hi2 may request additional verification to confirm your identity before processing any rights request. All requests are processed free of charge within 30 days of receipt.
Data Security Measures
hi2 takes the security of your personal data seriously and has implemented a layered set of technical and organisational measures to protect it against unauthorised access, accidental loss, alteration, disclosure, or destruction. The key security measures in place include:
- Transport Layer Security (TLS): All data transmitted between your browser or mobile device and hi2's servers is encrypted using TLS 1.2 or higher, preventing interception during transit.
- Data Encryption at Rest: Sensitive personal data — including KYC documents, payment references, and account credentials — is stored in encrypted form using industry-standard AES-256 encryption.
- Access Controls: Access to personal data within hi2's internal systems is restricted to authorised personnel on a strict need-to-know basis. All internal access is logged and audited regularly.
- Two-Factor Authentication (2FA): hi2 strongly encourages all players to enable SMS-based 2FA for their accounts. Internal hi2 systems handling personal data require 2FA for all staff access.
- Intrusion Detection and Monitoring: hi2 operates continuous automated monitoring for unusual access patterns, potential data breaches, and suspicious transaction activity across all Platform systems.
- Regular Security Audits: hi2's Platform and data infrastructure undergo periodic security assessments and penetration testing to identify and remediate vulnerabilities proactively.
- Incident Response: In the event of a confirmed data breach that poses a risk to your rights and freedoms, hi2 will notify affected players without undue delay and will take immediate remediation steps.
Your Responsibilities
While hi2 applies robust technical safeguards to protect your data on our systems, you also play an important role in keeping your account secure. You are responsible for maintaining the confidentiality of your hi2 login credentials and for not sharing your password or OTP codes with any other person. If you believe your account has been compromised, you should contact [email protected] immediately. For full guidance on account security best practices, please refer to Section 3 of the hi2 Terms & Conditions.
Questions About Your Privacy?
Our English-language support team is available around the clock to answer any question about how hi2 handles your personal data. You can also read our full Terms & Conditions or explore our Responsible Gaming guide. 18+ only.