Privacy Policy

Effective Date: 28 Sept 2025

Last Updated: 28 Sept 2025

At Star Connect, your privacy is important to us. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you use our platform, including our website and associated services such as expert consultations, Star Wish video requests, and group call functionalities. By using Star Connect, you agree to the terms outlined in this policy.

Introduction

This Privacy Policy ("Policy") explains how Star Connect ("Company," "we," "us," or "our") collects, uses, processes, stores, and protects your personal information when you use our digital platform and services ("Platform").


Company Details:


  • Name: Star Connect
  • Registered Office: Level 07, JCX Business Tower, Plot 1136/A, Japan Street, Block # I, Bashundhara R/A 1229 Dhaka, Bangladesh

This Policy should be read in conjunction with our Terms and Conditions and forms part of your agreement with StarConnect.

Information We Collect

3.1 Personal Information

Registration Data:

  • Full name and date of birth
  • Mobile number and email address
  • Physical address (optional)
  • National Identity Card (NID) number (for experts only, optional for users)
  • Professional credentials and qualifications (experts only)

Account Information:

  • Username and encrypted passwords
  • Profile pictures and bio information
  • Preferences and settings
  • Account creation and last login dates

3.2 Financial Information

Under Bangladesh Bank guidelines:

  • Payment method information (mobile wallet numbers, card details)
  • Transaction history and payment records
  • Billing addresses and tax information
  • Refund and dispute records

3.3 Communication Data

Session Information:

  • Video call metadata (duration, participants, technical quality)
  • Text chat messages and timestamps
  • StarWish requests and fulfillment records
  • Session ratings and reviews

Platform Communications:

  • Customer support interactions
  • Email and SMS communications
  • Push notifications and alerts
  • Marketing communications (with consent)

3.4 Technical Data

Device Information:

  • IP addresses and device identifiers
  • Browser type and version information
  • Operating system and device specifications
  • App version and platform type

Usage Analytics:

  • Platform navigation patterns
  • Feature usage statistics
  • Session duration and frequency
  • Error logs and performance data

Location Data:

  • General location information (city/region level)
  • IP-based geographic location
  • Time zone information

3.5 Special Categories - Minor Data

For users under 18 years (in compliance with Children Act, 2013):

  • Parental consent records
  • Guardian contact information
  • Age verification documents
  • Enhanced monitoring logs
  • Safety incident reports

How We Use Your Information

4.1 Primary Service Delivery

Platform Operations:

  • Account creation and authentication
  • Expert-user matching and session facilitation
  • Payment processing and transaction management
  • Customer support and dispute resolution
  • Platform security and fraud prevention

Communication Services:

  • Video call facilitation and quality assurance
  • Text messaging delivery and storage
  • StarWish request processing and fulfillment
  • Notification delivery and alerts

4.2 Legal and Regulatory Compliance

Mandatory Legal Uses:

  • KYC (Know Your Customer) verification under Bangladesh Bank guidelines
  • Anti-money laundering monitoring and reporting
  • Digital service provider compliance (ICT Act, 2006)
  • Tax calculation and reporting (VAT Act)
  • Law enforcement cooperation when legally required

Child Protection Compliance:

  • Minor age verification and parental consent processing
  • Enhanced safety monitoring for users under 18
  • Mandatory reporting of child safety concerns
  • Parental access facilitation for minor accounts

4.3 Business Operations

Analytics and Improvement:

  • Platform performance monitoring and optimization
  • User experience enhancement and feature development
  • Market research and trend analysis (anonymized data)
  • Quality assurance and expert performance evaluation

Marketing and Communications (With Consent):

  • Service updates and feature announcements
  • Promotional offers and expert recommendations
  • Educational content and platform tips
  • Survey invitations and feedback requests

4.4 Safety and Security

Platform Security:

  • Fraud detection and prevention
  • Account security monitoring
  • Suspicious activity identification
  • Technical vulnerability assessment

User Safety:

  • Inappropriate content detection and removal
  • Harassment and abuse prevention
  • Emergency response coordination
  • Safety incident investigation and reporting

Data Sharing and Disclosure

6.1 Expert Service Delivery

Necessary Sharing with Experts:

  • User profile information relevant to session
  • Session booking and scheduling details
  • Communication during sessions
  • Payment confirmation (amount and status only)

6.2 Service Providers

Authorized Third Parties:

  • Payment processors (bKash, Nagad, Rocket, banks)
  • Cloud storage and hosting providers
  • Customer support platform providers
  • Security and fraud prevention services
  • Analytics and performance monitoring tools

All service providers are contractually bound to protect your data and use it only for specified purposes.


6.3 Legal and Regulatory Disclosure

Mandatory Disclosure to:

  • Bangladesh Financial Intelligence Unit (suspicious transactions)
  • Law enforcement agencies (with valid legal authority)
  • Regulatory authorities (Bangladesh Bank, BTRC, ICT Division)
  • Court orders and legal proceedings
  • Child protection authorities (safety concerns involving minors)

6.4 Business Transfers

  • Users will be notified 30 days in advance
  • Data protection standards will be maintained
  • Users may opt-out during transition period
  • New entity must comply with this Privacy Policy

6.5 Data We Do NOT Share

Never Shared:

  • Complete personal information to unauthorized parties
  • Private messages or session content to third parties (except legal requirements)
  • Financial account details beyond transaction confirmation
  • Personal data for commercial sale or marketing by others
  • Minor data without parental consent (except legal obligations)

Data Retention

7.1 Account Data

Active Accounts:

  • Profile information: Retained while account is active
  • Communication history: 3 years from last activity
  • Payment records: 7 years (as required by tax law)
  • Session data: 2 years from session date

Closed Accounts:

  • Personal data deleted within 90 days of account closure
  • Legal and financial records: Retained as required by law (up to 7 years)
  • Anonymous analytics data: May be retained indefinitely

7.2 Minor Data Retention

Special Provisions for Users Under 18:

  • Data deleted upon reaching 18 years (unless ongoing legal requirement)
  • Parental consent records: 3 years after minor reaches 18
  • Safety incident records: Retained as required by child protection law
  • Enhanced deletion rights for parents/guardians

7.3 Legal Hold

Data may be retained beyond standard periods when:

  • Subject to ongoing legal proceedings
  • Required for regulatory investigation
  • Necessary for child safety protection
  • Mandated by court order

Data Security

8.1 Technical Safeguards

Encryption and Protection:

  • End-to-end encryption for sensitive communications
  • Advanced encryption standard (AES-256) for data storage
  • Secure Socket Layer (SSL) for data transmission
  • Regular security updates and patches

Access Controls:

  • Multi-factor authentication for admin access
  • Role-based access controls
  • Regular access reviews and updates
  • Secure password policies

8.2 Organizational Safeguards

Staff Training and Policies:

  • Regular data protection training for employees
  • Strict confidentiality agreements
  • Background checks for data-handling personnel
  • Incident response procedures and protocols

Physical Security:

  • Secure data center facilities
  • Environmental controls and monitoring
  • Restricted physical access to servers
  • Backup and disaster recovery procedures

8.3 Monitoring and Response

Continuous Monitoring:

  • 24/7 security monitoring and alerts
  • Regular vulnerability assessments
  • Penetration testing and security audits
  • Real-time threat detection systems

Incident Response:

  • Immediate containment procedures
  • User notification within 72 hours (where legally required)
  • Regulatory reporting as mandated by law
  • Forensic investigation and remediation

8.4 Security Limitations

IMPORTANT DISCLAIMER: While implementing industry-standard security measures, we cannot guarantee absolute data security. Users acknowledge:

  • Inherent risks in digital data storage and transmission
  • Responsibility for maintaining account security
  • Obligation to report suspected security breaches
  • Limited liability for breaches beyond reasonable control

Your Privacy Rights

9.1 General Rights

All Users Have the Right to:

  • Access: Request copies of personal data we hold
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of personal data (subject to legal requirements)
  • Portability: Receive data in a structured, machine-readable format
  • Objection: Object to processing for direct marketing
  • Restriction: Request limitation of processing in certain circumstances

9.2 Enhanced Rights for Minors

Special Protections for Users Under 18:

  • Parental Access: Parents/guardians can access minor's data
  • Enhanced Deletion: Right to delete data when reaching majority age
  • Consent Withdrawal: Parents can withdraw consent for minor's account
  • Monitoring Rights: Parents can request account activity reports

9.3 Marketing Communications

Opt-Out Rights:

  • Unsubscribe from marketing emails
  • Disable push notifications
  • Opt-out of SMS marketing
  • Withdraw consent for promotional communications

9.4 How to Exercise Rights

Response Timeframes:

  • Simple requests: 5 business days
  • Complex requests: 30 business days
  • Identity verification may be required
  • No charge for reasonable requests

International Data Transfers

10.1 Cross-Border Transfers

When Data May Leave Bangladesh:

  • Cloud storage services hosted internationally
  • Payment processing through international providers
  • Customer support services
  • Technical maintenance and updates

10.2 Transfer Safeguards

Protection Measures:

  • Contractual data protection clauses
  • Adequacy decisions for recipient countries
  • Explicit user consent for transfers
  • Regular compliance monitoring

10.3 User Control

Your Options:

  • Opt-out of international transfers (may limit service availability)
  • Request data localization (where technically feasible)
  • Receive notification of transfer destinations
  • Withdraw consent for future transfers

Cookies and Tracking Technologies

11.1 Types of Cookies

Essential Cookies:

  • Session management and authentication
  • Shopping cart and booking functionality
  • Security and fraud prevention
  • Platform performance and stability

Analytics Cookies:

  • Usage statistics and behavior analysis
  • Feature performance measurement
  • Error tracking and debugging
  • User experience optimization

Marketing Cookies (With Consent):

  • Targeted advertising and promotions
  • Social media integration
  • Email marketing optimization
  • Campaign effectiveness measurement

11.2 Cookie Management

User Controls:

  • Browser cookie settings
  • Opt-out mechanisms for non-essential cookies
  • Granular consent management
  • Cookie deletion and blocking options

11.3 Third-Party Tracking

External Services:

  • Google Analytics (anonymized data)
  • Payment gateway tracking
  • Customer support tools
  • Social media integrations

Users can opt-out of third-party tracking through browser settings or platform controls.

Children's Privacy

12.1 Legal Framework

In compliance with the Children Act, 2013 and international child protection standards:


12.2 Enhanced Protections for Minors

Special Safeguards:

  • Mandatory parental consent verification
  • Limited data collection (only necessary information)
  • Enhanced security measures and monitoring
  • Restricted access to certain platform features
  • Regular parental notification requirements

12.3 Parental Rights and Responsibilities

Parents/Guardians Can:

  • Access and review child's account information
  • Request correction or deletion of child's data
  • Withdraw consent and close child's account
  • Receive notifications of account activities
  • Request detailed activity reports

12.4 Age Verification

Verification Process:

  • Self-declaration of age during registration
  • Additional verification for enhanced features
  • Parental identity confirmation
  • Document verification where necessary

12.5 Data Deletion Upon Majority

When a minor reaches 18 years:

  • Option to transition to adult account
  • Right to delete all minor-period data
  • New consent required for continued service
  • Enhanced privacy controls available

Privacy Impact Assessments

13.1 Regular Assessments

We conduct privacy impact assessments for:

  • New feature developments
  • Changes to data processing purposes
  • Integration of third-party services
  • Regulatory compliance updates

13.2 High-Risk Processing

Special assessments for:

  • Minor data processing
  • International data transfers
  • Marketing automation systems
  • AI and automated decision-making

13.3 Stakeholder Consultation

Assessment process includes:

  • User feedback collection
  • Expert privacy review
  • Legal compliance verification
  • Regulatory consultation (where required)

Data Breach Response

14.1 Breach Detection

Monitoring Systems:

  • Real-time security alerts
  • Regular system audits
  • Employee reporting mechanisms
  • User complaint analysis

14.2 Response Procedures

Immediate Actions:

  • Breach containment and investigation
  • Risk assessment and impact analysis
  • Regulatory notification (within 72 hours if required)
  • User notification (for high-risk breaches)

14.3 User Communication

Breach Notifications Include:

  • Nature and extent of the breach
  • Data categories potentially affected
  • Protective measures already taken
  • Steps users should take
  • Contact information for further inquiries

14.4 Remediation

Post-Breach Actions:

  • Security improvements implementation
  • Affected user support and assistance
  • Regular progress updates
  • Prevention measure enhancement

Privacy Governance

15.1 Data Protection Officer (DPO)

Responsibilities:

  • Privacy policy development and updates
  • Data protection compliance monitoring
  • User privacy rights facilitation
  • Staff training and awareness programs
  • Regulatory relationship management

15.2 Privacy Committee

Membership:

  • Data Protection Officer (Chair)
  • Legal and Compliance team
  • Technical Security team
  • Customer Support representative
  • Business Operations representative

15.3 Regular Reviews

Privacy Program Reviews:

  • Quarterly policy effectiveness assessment
  • Annual comprehensive privacy audit
  • Regulatory compliance verification
  • User feedback integration
  • Technology and process updates

Contact Information

16.1 Privacy Inquiries

Data Protection Officer:

  • Email: privacy@starconnect.com
  • Phone: +880-1678206
  • Address: Data Protection Officer, Star Connect, Level 07, JCX Business Tower, Plot 1136/A, Japan Street, Block # I, Bashundhara R/A 1229 Dhaka, Bangladesh

16.2 General Support

Customer Service:

  • Email: support@starconnect.com
  • Phone: +880-1678206
  • Hours: Saturday to Thursday, 9:00 AM to 6:00 PM (BST)

16.3 Complaints and Disputes

Internal Resolution:

  • Email: complaints@starconnect.com
  • Response timeframe: 15 business days

External Authorities:

  • Right to Information Commission of Bangladesh
  • Consumer Rights Protection Directorate
  • Relevant court jurisdiction in Dhaka

Policy Updates

17.1 Notification Process

Policy Changes:

  • 30 days' advance notice for material changes
  • Email notification to all users
  • Platform announcement and popup notifications
  • Updated version posting on website

17.2 User Options

Upon Policy Updates:

  • Continue using service under new terms
  • Contact us with questions or concerns
  • Exercise deletion rights before changes take effect
  • Close account if unwilling to accept changes

17.3 Change Documentation

Version Control:

  • Detailed changelog maintenance
  • Previous version archival
  • Implementation date tracking
  • User notification records

Miscellaneous Provisions

18.1 Language

This Privacy Policy is available in English and Bengali. In case of any discrepancy, the English version shall prevail.


18.2 Severability

If any provision of this Policy is found unenforceable, the remaining provisions shall continue in full force and effect.


18.3 Relationship to Terms and Conditions

This Privacy Policy supplements our Terms and Conditions and should be read together with all other platform policies.


18.4 Jurisdiction

Any disputes regarding this Privacy Policy shall be subject to the exclusive jurisdiction of competent courts in Dhaka, Bangladesh.


Acknowledgment

BY USING STARCONNECT, YOU ACKNOWLEDGE THAT YOU HAVE:

  • Read and understood this Privacy Policy
  • Consented to the collection and processing of your personal information as described
  • Understood your privacy rights and how to exercise them
  • Agreed to the data sharing and transfer practices outlined herein

Document Version: 1.0

Last Updated: 28 Sept 2025


Star Connect

  • Registered Office: Level 07, JCX Business Tower, Plot 1136/A, Japan Street, Block # I, Bashundhara R/A 1229 Dhaka, Bangladesh

This Privacy Policy has been prepared in compliance with Bangladesh data protection laws and international privacy standards. Users are advised to review this policy regularly for updates and changes.

Privacy Policy - StarConnect