This policy explains what personal information RiioBD collects when you use our website, why we collect it, who we share it with, and the choices you have. We have tried to write it in plain language rather than legalese.
RiioBD operates the online store at bdbasket.xyz, selling and delivering products to customers in Bangladesh. In this policy, “we”, “us” and “our” mean RiioBD. We decide how and why your personal data is processed on this website.
You can browse and buy from us without creating an account. We collect the following.
We do not ask for, collect or store card numbers, CVV codes, or your mobile-wallet PIN or password. See Payments.
We use a small number of cookies. The essential ones are set by our own website:
| Cookie | Purpose | Lifetime |
|---|---|---|
epocket_store_session |
Keeps your session and, if you sign in, keeps you signed in. HttpOnly and Secure. | ~2 hours |
XSRF-TOKEN |
Protects our forms against cross-site request forgery. | ~2 hours |
locale |
Remembers your language choice. | Up to 1 year |
_fbp, _fbc |
Set by the Meta Pixel to identify your browser and any ad you clicked, for measurement. | Set by Meta |
Google Analytics cookies (e.g. _ga) |
Distinguish visitors and measure how the site is used. | Set by Google |
We also store two items in your browser's local storage: your shopping cart, so it survives a page reload, and a short summary of your most recent order so we can show you the thank-you page. These stay on your device and you can clear them from your browser at any time.
Most browsers let you block or delete cookies. Blocking the two essential cookies above will break sign-in and checkout.
We load our measurement tags through Google Tag Manager (container
GTM-MMXPWS46) and use Google Analytics 4 (measurement ID
G-M6Z3EBFZBT) to understand how visitors use the site.
Analytics events — page views, product views, add-to-cart, checkout starts and purchases —
are collected in your browser and routed through a server-side tagging endpoint at
jepnpnfz.sav.stape.io, which is operated for us on the Stape platform, before being
forwarded to Google and Meta. This endpoint receives the event data described in this policy,
including your IP address and user-agent.
We advertise on Facebook and Instagram. To measure whether those ads work, we use the
Meta Pixel (pixel / dataset ID 833531114885686) in your browser, and the
Meta Conversions API, which sends event data directly from our server to
Meta rather than from your browser. When you complete an order, a
Purchase event is sent to Meta from our server in addition to the browser event.
Meta Advanced Matching is enabled. This means that, alongside the event itself, we send Meta identifying information about you so that Meta can match the event to a Facebook or Instagram account.
The following are hashed with SHA-256 before they leave our server, which is a one-way transformation — Meta receives the hash, not the plain value: your email address, phone number (first normalised to international format), first name, last name, city, state, ZIP / post code, country, and an internal customer identifier.
The following are sent to Meta without hashing, because Meta requires them in
their original form: your IP address, your browser's
user-agent string, and the Meta cookies _fbp and
_fbc. Together these can allow Meta to identify you.
Meta processes this data as an independent controller under its own terms. You can review and limit how Meta uses your data in your Facebook or Instagram Settings → Ads → Ad preferences. By using this website you consent to the processing described in this section; if you do not agree, please stop using the site or block the advertising cookies in your browser.
We do not sell your personal data. We share it only as set out below.
Meta, Google and Stape may process your data on servers outside Bangladesh.
We currently accept:
No card payment is processed on this website. We never receive, and never store, your card number, CVV, wallet PIN or wallet password. The only payment data we keep is which method you chose and, for wallet payments, the Transaction ID you gave us.
You can ask us to:
To make any of these requests, email us at support@riiobd.isti.studio from the address on your account or order, so that we can verify who you are. We will respond within a reasonable time.
Please note we may be unable to delete records of completed orders where we are required to keep them for tax or accounting purposes. You can also opt out of analytics and advertising by blocking those cookies in your browser, or through your Meta and Google ad settings.
The whole site is served over HTTPS. Session cookies are marked Secure and HttpOnly, passwords are stored as one-way hashes, our forms are protected against cross-site request forgery, and email addresses are verified with a one-time code. No website can promise perfect security, but we take these measures seriously and review them.
This website is intended for adults and is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has given us personal data, please contact us and we will delete it.
We may update this policy as our website, our tools or the law change. The date at the top of this page shows when it was last revised. If we make a significant change we will make that clear on this page. Please check back from time to time.
If you have any question about this policy or about your data, please get in touch.
Your wishlist is empty