Privacy Protection

P40 — Your Privacy Our Highest Priority

Everything about how your data is collected, stored, and who can access it is explained here in plain, straightforward English — no hidden clauses, no fine print.

Last updated: January 2026
🔒 Key Highlights
How Secure Is Your Data at p40?
The six core pillars of our Privacy Policy that keep your data safe
End-to-End Encryption

All your personal information and financial transactions are secured with 256-bit SSL encryption, making it impossible for anyone to intercept or read your data.

No Sale of Data to Third Parties

P40 never sells your data to advertisers or any third party. This is an absolute, non-negotiable policy.

Minimal Data Collection

We only collect the data needed to deliver our services — nothing unnecessary is ever requested.

Right to Erasure

You may request the deletion of your personal data at any time, and we will process your request promptly.

Regular Security Audits

Regular security audits conducted by independent third-party experts to keep your data protected at all times.

A Clear Policy in Bengali

We believe you have the right to understand this policy in your own language, so everything has been written in plain, simple terms.

Quick Summary: p40 respects your privacy. This policy explains what information we collect, why we collect it, and how we keep it safe. Feel free to reach out to us with any questions.

Section 01
What Data We Collect

P40 collects certain information to deliver the best possible service. We never ask for anything beyond what's necessary. Here's a breakdown of exactly what we collect:

1.1 Information Collected at Registration

  • Mandatory: Mobile number, password, and date of birth (for age verification).
  • Optional: Email address, full name, and district.
  • For identity verification: National ID number or passport number (required before your first major withdrawal).

1.2 Data Collected During Service Use

  • Gaming activity: which games you played, duration of play, and the amounts wagered.
  • Financial data: deposit, withdrawal, and transaction history.
  • Device information: browser type, operating system, and device ID.
  • IP address and approximate geographic location.
  • Support chat messages and communication history.

1.3 Automatically Collected Data

  • Cookie and session data (see Section 5 for details).
  • A log of which pages you visited on the website and for how long.
  • Date and time of each login and logout.

Our Promise: We only collect what's necessary. p40 will never ask for your social media credentials, family details, or any other sensitive information beyond what is required.

Section 02
How Your Information Is Used

The data we collect is used solely for the purposes listed below — nothing else.

Data TypePurpose of UseLegal Basis
Mobile Number & PasswordAccount Registration & LoginContractual Necessity
Date of Birth & Identity DocumentsAge & Identity VerificationLegal Obligation
Transaction DataPayment Processing & Fraud PreventionContractual & Legal
Gaming ActivityPersonalised Experience & Responsible GamingLegitimate Interest
Device & IPSecurity & Fraud DetectionLegitimate Interest
Email / MobileSending Important NotificationsConsent / Contractual

2.1 Marketing Communications

With your consent, p40 may send you promotional offers and special bonus notifications. You can withdraw this consent at any time — either through your account settings or by reaching out to our support team.

Your gaming history is analyzed to promote responsible gaming — this is for your protection, not for advertising purposes.

Section 03
Who We Share Your Data With

P40 does not sell your data. However, in certain specific situations, it may be necessary to share information in order to deliver our services:

3.1 Service Provider Partners

  • Payment Gateway: bKash, Nagad, Rocket — used solely to process transactions.
  • Game Providers: Only the minimum data necessary to operate the games.
  • Cybersecurity Agency: For fraud detection and IP verification purposes.
  • Cloud Hosting: For secure data storage.

3.2 Sharing for Legal Requirements

P40 may be required to disclose information to legal authorities in the following circumstances:

  • Court orders or government directives.
  • Requests from regulatory authorities in connection with money laundering investigations.
  • Requests from law enforcement agencies in connection with cybercrime investigations.

Important: We will never share your data without your consent, except where legally required. Every sharing arrangement is subject to binding confidentiality obligations.

Section 04
Data Storage, Security & Retention

4.1 Retention Period

Your data is retained for as long as your account remains active. Even after closure, certain information may be kept for up to 5 years to meet legal and regulatory requirements.

4.2 Security Measures

  • 256-bit SSL TLS Encryption — across all data transfers.
  • AES-256 Encryption — for stored data.
  • Two-Factor Authentication (2FA) — for account protection.
  • Firewall & Intrusion Detection System — for server protection.
  • Regular Backups — at a different geographic location.
  • Restricted Staff Access — only authorized personnel can access specific data.

P40's data centre operates in an ISO 27001 certified facility. Third-party security penetration testing is conducted every three months.

Section 06
Your Privacy Rights

As a p40 member, you have several important rights regarding your personal data:

📋
Right to Know

To find out what data we hold about you, submit a written request and we'll provide full details within 30 days.

✏️
Right to Rectification

If any of your information is incorrect, you may request a correction. Our support team will be happy to assist.

🗑️
Right to Erasure

You may request the deletion of your data at any time, provided there are no legal obligations requiring us to retain it.

🚫
Right to Restrict Processing

You may object at any time to your data being used for marketing purposes.

📦
Right to Data Portability

You may request an export of your data in a machine-readable format.

⏸️
Right to Restriction

You may request that the processing of your data be temporarily restricted while an investigation is ongoing.

To exercise any of the rights listed above, support@p40.run— email us with the subject line "Privacy Request".

Section 07
Child & Minor Protection

P40 is strictly for users aged 18 and above. Registration by or collection of data from minors is strictly prohibited.

For Parents: If you suspect your child is using p40, please support@p40.run. We will immediately close that account and delete any collected data associated with it.

We verify age at registration and request identification in any cases where doubt arises. There is absolutely no compromise on child protection.

Section 08
International Data Transfers

Your data may be stored on servers outside Bangladesh. Regardless of location, the same level of protection is always maintained.

8.1 Transfer Conditions

  • Data is only transferred to countries with adequate data protection laws in place.
  • Data processing agreements are in place with all third-party partners.
  • All international data transfers remain compliant with Bangladeshi law.

P40's cloud infrastructure is operated through ISO 27001 and SOC 2 certified providers, ensuring data protection that meets international standards.

Section 09
Our Data Breach Response Procedure

In the event of any potential breach of your data security, p40 will follow these steps:

  1. Within 72 Hours: A preliminary investigation will be conducted and the relevant authorities will be notified.
  2. Within 24 hours: Affected users will be notified via email or SMS.
  3. Affected Members: Free password resets, assistance with 2FA activation, and compensation consideration where applicable.
  4. Long-term: The cause will be investigated and steps will be taken to prevent similar incidents in the future.

P40 has never experienced a data breach in its history. Even so, we maintain the highest level of preparedness at all times.

Section 10
Privacy Policy Updates

P40 reserves the right to update this Privacy Policy as needed. Any changes will be communicated to you transparently.

  • For significant changes, you will be notified by email or SMS at least 30 days in advance.
  • The effective date of any updated policy will be displayed at the top of the page.
  • Continued use of p40 after any changes have been made will be considered your acceptance of the updated policy.
  • You may contact our support team to request access to a previous version of the policy.
Section 11
Contact & Complaints

For any privacy questions, concerns, or rights requests, please reach out to us:

Data Privacy Officer, p40
Email: privacy@p40.run
General Support: support@p40.run
Response Time: Within 48 Hours

We always take your privacy concerns seriously. If you're not satisfied with the resolution we provide, you have the right to lodge a complaint with the relevant regulatory authority.

📖 Learn More

Why Does p40 Take Privacy So Seriously?

Many people wonder what online platforms actually do with their data — and it's a fair question. p40 believes in answering it directly. We see your mobile number and transaction details as yours — we only manage them temporarily; ownership never transfers to us.

P40's approach to data protection is built on three core principles. First, Data Minimisation — only what is absolutely necessary, nothing more. Second, Transparent Use — clearly stating why it is being collected. Third, Strict Security — protected using the most advanced technical safeguards available.

Online privacy can still feel unclear to many people in Bangladesh's digital landscape. That's why we've written this policy in plain, simple language — so you can read and understand it yourself, without needing a lawyer. This is our commitment to transparency.

Thousands of people trust p40 with their personal data every day. That trust is our most valuable asset. A data breach isn't just a technical incident — it's a betrayal of our members. That's why we never compromise on security.

Our security team monitors servers around the clock. Automated systems respond instantly to any suspicious activity detected. In addition, external specialists conduct quarterly reviews of our systems to identify and address any vulnerabilities before they can be exploited.

If you ever feel that p40 is not adhering to this policy, please contact our Privacy Officer directly. We take every complaint seriously, investigate it thoroughly, and respond with full transparency.

❓ Frequently Asked Questions

Your Privacy Questions, Answered

No. p40 does not directly store your bank card or account details. Payments are processed through bKash, Nagad, or Rocket. These payment platforms operate their own security infrastructure and are solely responsible for managing your financial information.

Most personal data is deleted once your account is closed. However, financial transaction records are retained for up to 5 years for legal and regulatory compliance, after which they are permanently deleted.

p40 does not track GPS or real-time location. We do use your IP address to determine approximate geographic location — primarily for security and fraud prevention purposes. This data is never used for advertising.

No. Your account information is entirely personal. However, if someone else uses the same device while you're still logged in, they may be able to see your details — so we recommend logging out after each session.

Only authorized staff can access specific data — for example, a support agent may view your transaction history to resolve an issue. However, no staff member can view or change your password. All staff access is logged and recorded.
🔒 Trust Us, Play Safely

Your Data Is Safe — Join p40 with Confidence

You've read our Privacy Policy — and now you know just how transparent we are. Go ahead and register with confidence, and enjoy the best gaming experience.

বাংলা