Privacy policy
What personal data we collect, how we use it, how long we retain it, and how to exercise your rights under India’s Digital Personal Data Protection Act 2023.
On this page
- Data Fiduciary identity
- What data we collect
- What we do not collect
- Purposes of processing
- Legal basis under DPDPA 2023
- Cookies and tracking technologies
- Affiliate links and operator data
- Third-party services and processors
- Cross-border data transfers
- Data retention periods
- Your rights under DPDPA 2023
- Children and minors
- Security measures
- Breach notification
- Data Protection Officer
- Right to complaint
- Updates to this policy
- Contact
Data Fiduciary identity
Naseebbet ("we", "us", "our") is the Data Fiduciary as defined under Section 2(i) of the Digital Personal Data Protection Act 2023 for personal data collected through the website naseebbet.com. We determine the purposes and means of processing personal data described in this policy.
What data we collect
- Server logs: IP address, browser user-agent, referring URL, pages visited, timestamps, HTTP response codes. Collected automatically by web server software for security and traffic analysis. Retention: 30 days.
- First-party cookies: session cookies for site functionality (cart-style preference storage, no tracking). Retention: session lifetime + 30 days.
- First-party analytics: aggregated, cookie-less analytics (Plausible) tracking page views, referrer, device type, country. No personal identification possible from analytics data alone.
- Email correspondence: if you contact us at [email protected], [email protected] or [email protected], we retain the email thread for the duration of correspondence and 12 months after the last reply.
- Click-through tracking: when you click an affiliate link (/go/{operator}/), we log the click event with timestamp, IP and referrer for affiliate-attribution purposes. No personally identifying data is shared with the operator beyond the standard HTTP referrer.
What we do not collect
- No third-party advertising trackers (no Google Ads, no Meta Pixel, no DoubleClick)
- No cross-site behavioural profiling
- No data brokers or data-aggregator pixels
- No PAN, Aadhaar, bank account, payment card or other financial data — we are not a betting operator and never see your operator account details
- No biometric, health, location-precise (GPS-coordinate) or sensitive-category personal data as defined under DPDPA 2023
Purposes of processing
- Site security and abuse prevention (server logs)
- Aggregate traffic analytics for editorial planning (Plausible)
- Affiliate-attribution accounting (click-through tracking)
- Editorial correspondence (email)
- Compliance with applicable law (record retention as required)
We do not use personal data for automated decision-making, profiling, or marketing.
Legal basis under DPDPA 2023
- Section 4(1)(a) consent: implicit consent given by visiting the site and not opting out of cookies (functional cookies are essential)
- Section 7(c) legitimate use: for compliance with legal obligations (record-keeping)
- Section 7(g) legitimate use: for performance of any function under any law (regulatory compliance)
Cookies and tracking technologies
We use only first-party cookies. We do not deploy third-party tracking cookies, advertising pixels or fingerprinting technologies. Detailed breakdown on our dedicated Cookie Policy page.
Affiliate links and operator data
When you click a /go/{operator}/ link, we redirect you to the operator’s site with a tracking parameter that identifies the click as coming from Naseebbet. The operator may set their own cookies and collect their own data per their privacy policy — we have no control over the operator’s data practices.
We do not see your operator account, your bet history, your wallet balance or any subsequent activity at the operator. The affiliate relationship is a click-attribution model only.
Third-party services and processors
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Cloudflare | CDN, DDoS protection | IP, request metadata | Global edge nodes |
| Plausible Analytics | Traffic analytics | Aggregated, no PII | EU (Germany) |
| Hosting provider | Site hosting, server logs | IP, request data | India (primary), EU (backup) |
| Email service | hello@/privacy@/grievance@ delivery | Email contents | India (primary) |
Each processor is contractually bound to security and confidentiality terms equivalent to DPDPA 2023 standards.
Cross-border data transfers
Cloudflare CDN nodes are global; analytics processing happens in the EU; primary hosting is in India with EU backup. All cross-border transfers are to jurisdictions with comparable data-protection frameworks (EU GDPR, UK GDPR). The Government of India under Section 16 of DPDPA 2023 may restrict transfers to specific countries; we comply with any such notifications.
Data retention periods
| Data category | Retention period | Basis |
|---|---|---|
| Server logs | 30 days | Security, then aggregated/discarded |
| Functional cookies | Session + 30 days | Site functionality |
| Plausible analytics | Indefinite (no PII) | Editorial planning |
| Email correspondence | 12 months after last reply | Editorial workflow + record-keeping |
| Affiliate click logs | 24 months | Commission reconciliation |
| DSAR records | 3 years after closure | DPDPA 2023 audit trail |
Your rights under DPDPA 2023
- Right to access (Section 11) — obtain confirmation of processing and a summary of personal data held
- Right to correction and erasure (Section 12) — correct inaccurate data; request erasure where lawful basis no longer applies
- Right to grievance redressal (Section 13) — raise complaints with our Data Protection Officer
- Right to nominate (Section 14) — designate another person to exercise your rights in case of incapacity or death
- Right to withdraw consent (Section 6) — withdraw any consent given for processing at any time
To exercise any right, email [email protected] with the request type and verification of identity. We respond within 30 days.
Children and minors
Naseebbet is not intended for users under 18. We do not knowingly collect personal data from minors. Under Section 9 of DPDPA 2023, processing of children’s personal data requires parental consent — if we discover such data was collected, we delete it immediately. Parents who believe their child has submitted data: email [email protected] with proof of guardianship.
Security measures
- HTTPS/TLS encryption on all connections
- Firewall and DDoS protection (Cloudflare)
- Access control on backend systems with multi-factor authentication
- Regular security patching of WordPress core, plugins, themes
- Daily automated backups with 30-day retention
- No storage of payment card or financial data
Breach notification
Under Section 8(6) of DPDPA 2023, we notify affected Data Principals and the Data Protection Board of India of personal-data breaches without undue delay (target: within 72 hours of detection). Notifications include the nature of the breach, categories of data affected, likely consequences, and mitigation measures.
Data Protection Officer
Email: [email protected]
The DPO is responsible for overseeing this privacy policy, handling DSARs, and acting as the contact point with the Data Protection Board of India.
Right to complaint to the Data Protection Board of India
If we fail to address your grievance, you may lodge a complaint with the Data Protection Board of India under Section 27 of DPDPA 2023. The Board’s contact details are published on the Ministry of Electronics and Information Technology website.
Updates to this policy
We update this policy when laws change, when our practices change, or when we add new third-party services. The footer of every page links here. Material changes are announced via a banner on the home page for 30 days. The byline above shows the last effective date.
Contact
For any privacy enquiry: [email protected]. For grievance redressal under IT Rules 2021: [email protected].