Privacy Policy

Information is collected through various channels to ensure that data is complete and reliable, both for providing the Services and for meeting regulatory requirements.

Most of the data is provided directly by the user during interaction with the platform. This occurs during the registration phase when a profile is created, during the mandatory verification process (KYC – Know Your Customer) required for withdrawals and fraud prevention, and during deposits or support requests. Data provided by the User forms the basis for further account maintenance.

At the same time, passive collection of technical and behavioral information is ongoing. Each time a user visits a website or application, a range of parameters is automatically recorded: IP address, device type and operating system, browser version, crash data (crash reports), as well as the sequence of actions on the platform. For this purpose, we use cookies, browser local storage, and analytics tools such as Google Analytics. This data helps diagnose technical issues, analyze usage patterns, and identify suspicious activity.

In some cases, information is obtained from external authorized sources. This may include data from payment providers (for example, to confirm a transaction), credit and identity verification services, and public records. Collecting information from third parties serves as an additional mechanism to verify and supplement the data provided by the user, increasing the overall level of security and compliance with AML (Anti-Money Laundering) standards.

The operator’s activities are strictly regulated, and personal data processing is possible only if there is a clear legal basis.

• Performance of a contract with the user. By registering on the platform and accepting the User Agreement, a person enters into a contractual relationship with the operator. To perform this contract (accepting bets, crediting winnings, and granting access to games), it is necessary to process the provided data;
• Compliance with legal obligations imposed on the operator. Betting companies and casinos belong to highly regulated industries. They are required to comply with anti-money laundering laws, responsible gambling rules, tax requirements, and the terms of their gaming licenses (for example, Curaçao or Malta licenses). Without processing personal data, it is impossible to meet these requirements;
• Legitimate interests of the operator. This includes objectives such as service security (fraud prevention and DDoS attack mitigation), marketing analysis to improve products, financial risk management (including odds calculation), and maintaining internal records and archives. Data processing on this basis is carried out with a mandatory assessment of the balance between the operator’s interests and the User’s rights;
• User consent. This is used in situations not described above, such as subscribing to marketing communications or using certain types of analytical cookies. Such consent must be informed, specific, freely given, and may be withdrawn by the user at any time.

Data processing is not an end in itself; it serves to solve specific business tasks and ensure the operation of the platform.

• Provision and administration of services. This is the core of all activities. Data is used to create and manage the User’s account, process financial transactions (deposits, payouts), provide access to the sportsbook or casino lobby, as well as for technical support and service communications;
• Security and legal compliance. Data is carefully analyzed to detect and prevent fraud, money laundering, underage participation, and to comply with sanctions lists and self-exclusion programs (responsible gambling);
• Verification and risk management. Identity and payment detail verification through third-party services is necessary to protect both the User and the operator against fraud. Analysis of gaming behavior helps assess risks and adjust betting odds;
• Development and improvement of Services. Analysis of anonymized and aggregated data on User behavior (which sports are popular, which games are played most often) makes it possible to identify trends, fix interface issues, test new features, and generally make the platform more convenient and relevant;
• Marketing and communication. With the User’s consent, the operator may send personalized offers about bonuses, promotions, and new games. Without consent, communication is limited to mandatory notifications (for example, changes to terms or important security updates).

The operator does not sell users’ personal data. However, within strictly defined limits, transferring data to partners is necessary for operations.

• Technical partners and service providers. These are companies that provide critical infrastructure: hosting providers, payment systems (Visa, Mastercard), SMS services, analytics platforms (Google Analytics), and gaming software providers. Agreements are concluded with these partners that require them to process data only in accordance with the operator’s instructions and with the same level of protection;
• Government authorities and regulators. By law, the operator is required to provide information upon requests from courts, law enforcement agencies, tax authorities, or gaming license authorities. This usually occurs as part of investigations or to comply with regulations;
• Affiliates and marketing partners. Within a corporate group, data may be transferred for internal administration. In addition, information may be shared with partners who referred the User to the platform (affiliates) for proper commission tracking;
• Other cases. In exceptional circumstances, such as company reorganization (merger or sale), the user database may be transferred to a successor. Additionally, transfer is possible with the explicit consent of the User for a specific action.

Information protection is a priority and is implemented through a multi-layered system of measures.

• Cryptographic protection. All data transmitted between the user’s device and the servers is encrypted using the TLS protocol (usually version 1.2 or higher), making interception almost impossible. Sensitive data (for example, passwords) is also stored in encrypted form on servers;
• Access control and segmentation. Access to personal data within the company is strictly limited according to the principle of least privilege. Different groups of employees (support, finance, security) have access only to the data they need to perform specific tasks. Networks and databases are segmented to isolate critical systems;
• Physical security and infrastructure. Servers are hosted in professional data centers with 24/7 security, biometric access, video surveillance systems, and redundant power supplies. Security audits and penetration tests are conducted regularly;
• Procedures and training. All employees are trained in data protection and sign confidentiality agreements. We implement internal policies for information handling, incident response, and password management.

The operator adheres to the principle of storage minimization: data is stored only for as long as necessary to fulfill the purposes for which it was collected.

An active user may, at any time, delete some information from their profile or completely close their account via the settings or by contacting support. However, data is not deleted immediately afterward. Basic account data (identity and transactions) is generally retained for an additional 5 years after account closure. This period is due to the need to comply with tax obligations, the possibility of resolving disputes or claims, as well as regulatory and anti-money laundering requirements.

In special cases, retention periods may be extended. For example, data of a user who activated self-exclusion will be retained for the entire duration of the exclusion period, plus an additional period to prevent re-registration. Information related to a fraud investigation may be retained until all proceedings are completed.

After the specified periods expire, data is securely deleted (using methods that make recovery impossible) or fully anonymized and may be used for statistical analysis.

Data protection legislation grants users several fundamental rights that the operator is obliged to respect.

• Right of access and rectification. The user may request confirmation that their data is being processed and receive a copy of it in a convenient format. They also have the right to demand correction of inaccuracies;
• Right to erasure (“right to be forgotten”). The user may request deletion of their data if it is no longer necessary for the original purposes, if consent is withdrawn, or if they object to processing. This right is not absolute: the operator may refuse if processing is still necessary for contract performance, legal obligations, or the establishment, exercise, or defense of legal claims (for example, in a dispute over winnings);
• Right to restrict processing. In certain situations (for example, while the legality of an objection is being verified), the user may request temporary suspension of active data use;
• Right to data portability. The user has the right to receive the provided data in a structured, machine-readable format for transmission to another operator;
• Right to object. The user may object to data processing based on the operator’s legitimate interests (for example, for direct marketing). In this case, the controller must cease such processing unless it demonstrates compelling legitimate grounds that override the user’s interests;
• Right to withdraw consent. If processing is based on consent (for example, sending newsletters), the user may withdraw it at any time, which will not affect the lawfulness of processing carried out before withdrawal.

To exercise these rights, the User must submit a request via a special form in the personal area or by sending an email to the support address specified in the policy (for example, [email protected]). The operator is obliged to respond within the statutory period (usually one month) and may request additional information to verify the sender’s identity. If the user is not satisfied with the response, they have the right to complain to the data protection supervisory authority in their country.

Cookies are small text files that a website stores on the user’s device. They play a key role in the functioning of modern online services.

• Strictly necessary cookies. Provide basic functionality that is essential for the site to operate properly. These include, for example, cookies for storing session data when logging into an account or for securely processing a payment. They do not require user consent;
• Functional cookies. Remember User preferences (selected interface language, region settings) to improve convenience;
• Analytical cookies. Collect non-personal information about how users interact with the site (most visited pages, traffic sources). This helps understand what works well and what needs improvement. Google Analytics is often used for this purpose;
• Marketing/advertising cookies. Used to track user interests and show relevant advertising both on the operator’s website and on other websites.

On the first visit to the site, the user sees a banner requesting consent for the use of different categories of cookies, except for those that are strictly necessary. Settings can be changed at any time via a dedicated section on the site. Disabling cookies through browser settings may result in incorrect functioning of some platform features.

This Privacy Policy demonstrates a comprehensive and responsible approach to managing personal data. It balances the operator’s need to provide services, ensure security, and comply with the law with users’ fundamental rights to privacy and control over their information. Understanding these principles allows users to interact consciously with online platforms and enables operators to build relationships based on trust and transparency.