Privacy Policy
Last updated: May 25, 2026
1. Information We Collect
When you use BitMatka, we collect the following categories of data:
- Account data — email address, display name, and authentication credentials (Argon2-hashed password or Google account ID).
- Wallet data — identifiers used by our INR payment processor to route UPI transactions for deposits and withdrawals. The user-facing balance is denominated in Indian rupees.
- Activity data — bet history (chain selected for the round's result source, type, stake, outcome), balance transactions, referral relationships, login timestamps.
- Telegram data (only if you connect Telegram bot) — your Telegram user ID, username, first/last name, language code, and Telegram Premium status. We use these for direct notifications about your account and bets.
- Geo / device data — IP address, country derived from IP, time zone, and basic browser metadata, captured at signup and on each login. Used for fraud-prevention, regulatory compliance, and showing appropriate currency.
- Communications data — content of messages you send to [email protected] and your responses to our transactional emails.
2. How We Use Your Information
- To operate the BitMatka platform — provide the games, place bets, settle outcomes from on-chain block hashes, manage deposits and withdrawals.
- To authenticate you and secure your account, including detection of duplicate or fraudulent accounts (we may merge or reject signups originating from an IP address that already has an active account).
- To validate your email address at registration time (see Section 4 — Third-Party Services).
- To send transactional messages: welcome, account alerts, withdrawal confirmations, security notifications.
- To improve product quality through aggregated usage analytics.
- To comply with applicable law, respond to lawful requests from authorities, and enforce our Terms of Service.
3. Google Account Data
If you sign in with Google, Google returns your email address and profile name to us. We do not access your Google contacts, files, calendar, or any other Google service data. The email returned by Google is treated as verified and exempts you from the third-party email validation step that applies to password-based signups.
4. Third-Party Services
To run the platform we rely on the following processors. They each receive only the data necessary for their function and process it under their own privacy terms:
- Google Identity Services — OAuth sign-in flow. Receives the sign-in request and returns your Google email/name.
- Google Analytics (Measurement ID G-MYQYK91DRQ) — aggregated usage analytics. Receives anonymized page-view and interaction events. We do not pass through your email or user ID.
- ZeroBounce — third-party email-verification provider. Receives the email address you submit at password-based signup and returns a validity verdict. No other personal data is sent.
- UPI payment processor — third-party Indian payment provider used to facilitate INR deposits and withdrawals. Receives your transaction details, a routing key, and UPI identifiers.
- Telegram (Bot API) — only if you choose to link Telegram. Telegram receives your Telegram ID and the messages we send you.
- Cloudflare — CDN, DNS, and inbound email routing. Receives request logs (including IP) for security and infrastructure purposes.
- Bitcoin / Litecoin / Ethereum networks — public blockchains used as the verifiable source of randomness for game results. We read block hashes from these networks; we do not transmit any user data to them.
We do not sell, rent, or trade your personal data to advertisers or marketers.
5. Cookies and Tracking
We use the following cookies and similar storage mechanisms:
- Authentication cookies (httpOnly refresh token, JWT access token) — strictly necessary to keep you logged in.
- Google Analytics — sets analytics cookies for aggregated usage statistics. If you prefer not to be included, you can use a browser-level Do Not Track signal or install the official Google Analytics opt-out extension.
- Preference storage — localStorage entries for your selected chain, currency, language, and referral source. These never leave your browser unless you sign up.
We do not use third-party advertising or remarketing cookies.
6. Data Security
We protect your data with industry-standard measures, including:
- HTTPS/TLS for all traffic between you and BitMatka.
- Argon2id password hashing — passwords are never stored or logged in plain text.
- Rate limiting, IP-based abuse detection, and audited admin access.
7. Data Retention
We retain your account data for as long as your account is active. You may request deletion of your account by contacting [email protected]. Note that some records (financial transactions, bet history) may be retained for regulatory or audit purposes for the period required by applicable law even after account closure.
8. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data (subject to retention obligations above).
- Withdraw consent for processing that relies on consent.
- Object to processing or request restriction of processing.
- Receive your data in a portable format.
If you are in India, your rights under the Digital Personal Data Protection Act, 2023 (DPDP Act) apply. If you are in the European Economic Area or the UK, the GDPR/UK GDPR applies. To exercise any of these rights, write to [email protected].
9. Age Limit
BitMatka is intended for adults aged 18 and over. We do not knowingly collect data from minors. If you believe a minor has provided data to us, contact [email protected] and we will delete the account.
10. International Transfers
Our infrastructure, payment processors, and third-party services are located in multiple jurisdictions. By using BitMatka you consent to your data being transferred and processed outside your country of residence, including jurisdictions whose data-protection laws may differ from your own.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via in-product notice or email. The "Last updated" date at the top of this page always reflects the current version.
12. Contact
For questions, requests, or complaints related to this Privacy Policy or your data, contact [email protected].