e2bat Privacy Policy —
Your Data, Your Rights,
Our Responsibilities
At e2bat, the privacy and security of every player's personal data is treated with the same seriousness as the security of their account balance. This Privacy Policy explains in clear terms what information e2bat collects, why we collect it, how it is stored and protected, who it may be shared with, and what rights you hold as a data subject under our platform's data governance framework.
Six Core Privacy Principles Behind e2bat's Data Practice
Before reading the complete policy, understand the six principles that govern how e2bat approaches personal data at every level of the organisation — from registration through to account closure.
Purpose Limitation
e2bat collects personal data only for the specific, legitimate purposes set out in this Policy. We do not collect data on a speculative basis, and any data collected for one purpose is not repurposed for an unrelated use without appropriate legal basis and, where required, your explicit consent.
Data Minimisation
We collect the minimum amount of personal information required to deliver each specific function — account creation, KYC verification, payment processing, responsible gaming compliance, and customer support. Fields that are not strictly necessary for the stated purpose are not included in our data collection processes.
Security by Default
All personal data held by e2bat is protected by 256-bit SSL encryption in transit and AES-256 encryption at rest in our secure database infrastructure. Access controls, role-based permissions, and regular third-party security audits ensure that only authorised e2bat personnel can access personal data, and only to the extent required by their role.
Your Rights Are Enforceable
e2bat recognises your rights as a data subject — including the right to access your data, correct inaccuracies, request deletion where legally permissible, object to processing, and request data portability. These rights are not passive policy statements; they are exercisable through e2bat's data request process described in this Policy.
Defined Retention Periods
e2bat retains personal data only for as long as it is required for the purpose for which it was collected, or as required by applicable law. Account data is retained for a minimum of five years following account closure due to anti-money laundering regulations. Data no longer required is securely deleted or anonymised.
Transparency at Every Step
e2bat will always tell you what data we hold about you, why we hold it, and on what legal basis. We do not engage in covert data collection beyond standard technical logs necessary for platform security. This Policy is written in plain English and is available at all times from every page of the e2bat platform.
Introduction & Scope of This Policy
This Privacy Policy ("Policy") is published by e2bat and governs the collection, processing, storage, transfer, and deletion of personal data relating to all individuals who access or use the e2bat online gaming platform at https://e2bat.lol ("Platform"), irrespective of the device or access method used.
e2bat serves players across Pakistan, with our user base concentrated in major cities including Karachi, Lahore, Islamabad, Faisalabad, Rawalpindi, and Multan. This Policy applies to all e2bat users regardless of their geographic location within Pakistan and describes our data practices in relation to account registration, KYC identity verification, financial transactions, gaming activity, customer support interactions, and platform communications.
By creating an e2bat account, making a deposit, or otherwise using the Platform in any capacity, you acknowledge that you have read and understood this Policy and consent to the data practices described herein. This Policy should be read together with e2bat's Terms & Conditions and Responsible Gaming Policy, which are incorporated by reference.
This Policy does not cover data practices of third-party payment processors (JazzCash, EasyPaisa, HBL, UBL, Meezan Bank, Raast, 1LINK) or game content providers whose platforms may be accessed through e2bat. Those parties operate under their own published privacy policies, which we encourage you to review separately.
Data Controller
For the purposes of applicable data protection law, e2bat is the data controller in respect of personal data collected through the Platform. As data controller, e2bat determines the purposes and means by which personal data is processed, and bears primary accountability for ensuring that such processing is conducted lawfully, fairly, and transparently in accordance with this Policy.
Where e2bat engages third-party service providers to process personal data on its behalf — including payment processors, identity verification services, fraud detection providers, and cloud infrastructure providers — those parties act as data processors under contractual arrangements that require them to process data only on e2bat's documented instructions and to maintain data security standards consistent with those described in this Policy.
All enquiries regarding e2bat's data controller responsibilities, data subject rights requests, and privacy complaints should be addressed to the e2bat Data Protection contact via the channels set out in Section 15 of this Policy.
Categories of Personal Data We Collect
e2bat collects personal data through three primary channels: information you provide directly, information generated by your use of the Platform, and information received from trusted third-party sources as part of our identity verification and fraud prevention processes.
3.1 — Information You Provide Directly
| Data Category | Specific Data Points | Collection Point |
|---|---|---|
| Identity Data | Full name (as per CNIC), date of birth, CNIC number, CNIC document scans | Registration & KYC |
| Contact Data | Pakistani mobile number, email address | Registration |
| Authentication Data | Password (hashed), OTP codes (not stored post-use), device trust tokens | Login & Security |
| Financial Data | Payment method type, account identifiers (JazzCash/EasyPaisa number, bank account details), transaction amounts and timestamps | Deposits & Withdrawals |
| Support Data | Live chat transcripts, email correspondence, support ticket content | Customer Support |
| Responsible Gaming Data | Self-set limits, cooling-off requests, self-exclusion elections | Account Settings |
3.2 — Information Generated by Platform Use
- Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and access timestamps collected automatically on each session.
- Usage Data: Pages visited, game categories browsed, time spent per section, search queries within the Platform, and feature interaction patterns.
- Gaming Activity Data: Bets placed, game titles accessed, wager amounts, outcomes, session durations, cricket betting market selections, slot spins, jackpot bingo sessions, and live casino table participation records.
- Transaction Logs: Complete records of all financial transactions including deposit timestamps, withdrawal requests, bonus claims, and balance adjustments.
- Geolocation Data: Approximate location data derived from IP address for fraud prevention and regulatory compliance purposes. e2bat does not collect precise GPS-level location data.
3.3 — Information from Third-Party Sources
- Identity verification data received from approved KYC service providers confirming the validity of documents and identity claims;
- Fraud risk scores and watchlist screening results from third-party anti-fraud and sanctions screening providers;
- Payment confirmation data received from JazzCash, EasyPaisa, and banking partners confirming successful transaction processing.
Legal Basis for Processing
e2bat processes personal data only where a valid legal basis exists under applicable data protection law. The following legal bases apply to our processing activities:
- Contractual Necessity: Processing required to perform our contract with you as an e2bat account holder — including account creation, payment processing, game delivery, and withdrawal processing;
- Legal Obligation: Processing required to comply with anti-money laundering regulations, age verification requirements, licensing obligations, and law enforcement requests — including KYC document retention and transaction monitoring;
- Legitimate Interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and improvement of our Services where these interests are not overridden by your privacy rights;
- Consent: Processing for marketing communications, optional personalisation features, and non-essential analytics where you have provided explicit, freely given, and withdrawable consent.
Where processing is based on consent, you retain the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal. Exercising this right will not affect your ability to use core e2bat platform functions.
How e2bat Uses Your Personal Data
e2bat uses the personal data we collect for the following specific purposes, each of which aligns to a legal basis identified in Section 4:
- Account Management: Creating and maintaining your e2bat account, authenticating your identity on each login, managing account settings, and communicating material account-related notices;
- KYC & Age Verification: Verifying that you are aged 21 or over and that your identity matches the payment methods associated with your account, as required by our licensing framework;
- Payment Processing: Facilitating deposits via JazzCash, EasyPaisa, HBL, UBL, Meezan Bank, and other supported methods, and processing withdrawal requests to your verified payment accounts;
- Game Delivery & Personalisation: Delivering cricket betting, live casino, slot, and jackpot bingo content, recording gaming sessions for settlement and audit purposes, and where consented, personalising game recommendations based on your activity patterns;
- Fraud Prevention & Security: Monitoring account activity for indicators of fraud, bonus abuse, money laundering, or unauthorised access, and taking appropriate protective action where risks are identified;
- Responsible Gaming: Monitoring gaming behaviour patterns to identify potential indicators of problem gambling, enforcing self-imposed limits, processing self-exclusion requests, and delivering intervention communications where our responsible gaming protocols are triggered;
- Customer Support: Responding to enquiries, complaints, and disputes submitted via live chat or email, and maintaining records of interactions for quality assurance and dispute resolution purposes;
- Legal & Regulatory Compliance: Meeting reporting obligations to licensing authorities, responding to valid legal orders, and maintaining records required under anti-money laundering and counter-financing-of-terrorism legislation;
- Marketing (Consent-Based): Sending you promotional offers, bonus notifications, and platform news where you have opted in to receive such communications. Each marketing message includes an unsubscribe mechanism.
Cookies & Tracking Technologies
e2bat uses cookies and similar tracking technologies to operate the Platform securely, maintain your session state across pages, and understand how users interact with different parts of the Platform in aggregate.
6.1 — Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Session Cookies | Maintain your logged-in session state, CSRF protection tokens, and load balancing assignments. Required for Platform to function. | Session (deleted on browser close) |
| Security Cookies | Device trust tokens for OTP bypass on verified devices; fraud risk scoring parameters. | Up to 90 days |
| Preference Cookies | Remembering your language preference, display settings, and last-visited game category. | Up to 12 months |
| Analytics Cookies | Aggregate usage statistics — page visits, feature usage rates, session duration averages — used to improve Platform design. No individual profiling. | Up to 24 months |
| Marketing Cookies | Tracking of promotional campaign performance where consent is given. Used to measure the effectiveness of bonus campaigns. | Up to 30 days (consent-dependent) |
You may manage cookie preferences through your browser settings. Disabling essential and security cookies will impair core Platform functionality, including login persistence and OTP device trust. Analytics and marketing cookies may be disabled without affecting your ability to use e2bat's core services.
Data Sharing & Third-Party Disclosure
e2bat does not sell, rent, or commercially trade personal data to any third party. We share personal data with third parties only in the following specific circumstances, each governed by appropriate data processing agreements:
- Payment Processors: JazzCash, EasyPaisa, HBL, UBL, Meezan Bank, Raast, and 1LINK receive the minimum data required to execute your payment instructions — typically your account identifier and transaction amount;
- KYC Verification Providers: Approved identity verification services receive copies of CNIC documents and identity data solely for the purpose of age and identity verification. These providers are contractually prohibited from using this data for any other purpose;
- Fraud Detection Services: Transaction data and risk indicators are shared with fraud prevention providers to screen for money laundering and suspicious activity patterns;
- Game Content Providers: Where you access games delivered by third-party providers through the e2bat platform, session data and wager records are shared with those providers to the extent required to deliver and settle the game;
- Cloud Infrastructure: Personal data is stored on secure cloud servers operated by contracted infrastructure providers who are bound by strict data processing agreements;
- Legal Authorities: e2bat will disclose personal data to law enforcement, regulatory bodies, or courts where legally compelled to do so by a valid order or where disclosure is necessary to prevent serious harm. We will notify affected users of such disclosures where legally permissible.
International Data Transfers
e2bat's infrastructure and certain third-party service providers may process personal data in jurisdictions outside Pakistan. Where such transfers occur, e2bat ensures that appropriate safeguards are in place to protect your personal data to a standard equivalent to that described in this Policy.
Safeguards applied to international transfers include: contractual data processing agreements incorporating internationally recognised standard data protection clauses; engagement of service providers who operate under recognised data protection certifications; and transfer impact assessments conducted before any new international data flow is established.
By using the e2bat Platform, you acknowledge that your personal data may be processed in countries outside Pakistan. In all such cases, e2bat applies contractual and technical safeguards to ensure your data is protected in accordance with the standards set out in this Policy, regardless of the jurisdiction in which it is processed.
Data Security Measures
e2bat implements a layered, defence-in-depth approach to personal data security. Our current technical and organisational security measures include:
- Encryption in Transit: All data transmitted between your device and e2bat servers is protected by TLS 1.3 / 256-bit SSL encryption. Unencrypted HTTP connections are rejected and redirected to HTTPS;
- Encryption at Rest: Personal data stored in e2bat's databases is encrypted using AES-256 encryption. Encryption keys are managed through a dedicated key management system with access restricted to authorised system administrators;
- Password Security: User passwords are never stored in readable form. Passwords are hashed using bcrypt with per-account salting before storage. Even e2bat's engineering team cannot retrieve your password — only a reset is possible;
- Access Controls: Access to personal data is restricted to e2bat personnel who require it for their specific role functions. Role-based access control (RBAC) systems enforce the principle of least privilege across all internal systems;
- Intrusion Detection: Automated monitoring systems scan for unusual access patterns, failed authentication attempts, and potential data exfiltration indicators on a 24/7 basis;
- Security Audits: e2bat undergoes periodic third-party penetration testing and security audits. Critical vulnerabilities identified through these assessments are remediated within defined SLA timelines;
- Incident Response: e2bat maintains a documented data breach response plan. In the event of a breach that poses a material risk to users' rights, affected users will be notified without undue delay and appropriate remediation steps will be implemented.
Data Retention Periods
e2bat retains personal data for the minimum period necessary to fulfil the purpose for which it was collected, subject to any longer retention requirements imposed by applicable law. The following standard retention periods apply:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account & Identity Data | Duration of account + 5 years post-closure | AML/KYC legal obligation |
| Financial Transaction Records | 7 years from transaction date | Financial record-keeping obligations |
| Gaming Activity Logs | 5 years from date of activity | Licensing audit requirements |
| KYC Documents (CNIC scans) | 5 years post-account closure | Regulatory compliance |
| Customer Support Records | 3 years from interaction date | Dispute resolution & quality assurance |
| Marketing Consent Records | Until consent is withdrawn + 2 years | Consent audit trail |
| Technical / Security Logs | 90 days rolling | Fraud detection & security monitoring |
Following expiry of the applicable retention period, personal data is securely deleted from active systems and anonymised in any backup archives, such that individual re-identification is not possible.
Your Data Subject Rights
As an e2bat user, you hold the following rights in respect of your personal data. All rights requests should be submitted to e2bat via the contact channels in Section 15, and will be responded to within 30 calendar days:
- Right of Access: You may request a copy of the personal data e2bat holds about you, together with information about how it is processed, on what legal basis, and with whom it has been shared;
- Right to Rectification: You may request correction of inaccurate or incomplete personal data. Identity data corrections require supporting documentation;
- Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to e2bat's obligation to retain certain data under applicable law;
- Right to Restriction of Processing: You may request that e2bat limits its processing of your data to storage only while a rectification or objection request is under review;
- Right to Data Portability: Where processing is based on consent or contractual necessity and is carried out by automated means, you may request a structured, machine-readable copy of your personal data;
- Right to Object: You may object to processing based on legitimate interests, including profiling for responsible gaming or marketing purposes. Your objection will be evaluated against e2bat's competing legitimate interests;
- Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Please note that certain rights are subject to legal limitations. For example, the right to erasure cannot override e2bat's obligation to retain transaction records for 7 years under applicable financial regulations. Where a right cannot be fulfilled in full due to a legal limitation, e2bat will explain the specific reason in its response to your request.
Children's Privacy — 21+ Platform
Strict 21+ Policy: The e2bat platform is not intended for, and does not knowingly collect personal data from, individuals under the age of 21. The platform operates a mandatory age verification process through CNIC-based KYC that is designed to prevent minors from accessing gaming services.
If e2bat becomes aware that personal data has been collected from an individual who is under the age of 21, we will immediately suspend the associated account and securely delete all personal data associated with that account, subject only to any legal obligations that require retention of data relating to detected fraud or regulatory violations.
If you are a parent or guardian and have reason to believe that a minor has created an e2bat account using false age information, please contact e2bat support immediately via live chat or email. We will investigate and take appropriate action within 48 hours of receiving a verified report.
Marketing Communications & Opt-Out
e2bat may send you marketing communications including promotional offers, bonus notifications, PSL cricket betting promotions, new game launch announcements, and platform news. Marketing communications are sent only where you have provided explicit consent at registration or have subsequently opted in through account settings.
You may withdraw your consent to receive marketing communications at any time by: (a) clicking the unsubscribe link included in any marketing email or SMS; (b) updating your communication preferences in account settings; or (c) contacting e2bat support with a written unsubscribe request. Withdrawal of marketing consent will be actioned within 5 business days.
Please note that withdrawing consent to marketing communications does not affect your receipt of transactional messages — such as deposit confirmations, withdrawal processing notifications, OTP codes, account security alerts, and KYC verification requests — which are sent on the basis of contractual necessity and cannot be opted out of while your account remains active.
Updates to This Privacy Policy
e2bat reviews and updates this Privacy Policy periodically to reflect changes in our data practices, Platform functionality, applicable law, or regulatory guidance. The current version and effective date are clearly stated at the top of this document.
For material changes to this Policy — those that meaningfully alter your rights or e2bat's data processing activities — we will provide advance notice of at least seven (7) days via registered account email and in-Platform notification before the revised Policy takes effect. Non-material clarifications and structural updates may be made without prior notice.
Your continued use of the e2bat Platform following the effective date of a revised Policy constitutes acceptance of the changes. If you do not agree with the revised Policy, you may request account closure in accordance with the process described in e2bat's Terms & Conditions.
Contact Us — Privacy & Data Enquiries
For all enquiries, data subject rights requests, consent withdrawals, and privacy complaints relating to e2bat's data practices, please contact us through the following channels. We aim to acknowledge all privacy enquiries within 48 hours and provide substantive responses within 30 calendar days of receipt.
- Email — Privacy Enquiries: [email protected] — Please include "Privacy Request" in the subject line together with your registered mobile number so that we can locate your account promptly.
- Live Chat: Available 24/7 through the e2bat Platform. For complex data requests, our live chat agents will log your request and escalate it to the data protection team for a formal written response.
e2bat is committed to resolving all privacy concerns through our internal process. We serve players across Pakistan — Karachi, Lahore, Islamabad, Faisalabad, Rawalpindi, and beyond — and our support team is staffed with Urdu and English-speaking agents who understand the local context of our users' enquiries and are trained to handle data protection requests with appropriate confidentiality and care.
Privacy Questions or Ready to Start Playing?
Our 24/7 support team handles data requests alongside all account queries. Or if you're confident in how e2bat protects your data, log in and enjoy cricket betting, live casino, slots, and jackpot bingo. 21+ only.