Our Privacy Policy — What We Store and Why

What we collect

Three categories, and nothing beyond them. Account data: the name, date of birth, email address and country you give at registration. Verification data: the photo ID and proof of address required before your first withdrawal. Activity data: deposits, withdrawals, bets, bonus history, sign-in times, IP address and the device you played from.

We do not collect anything for its own sake. Each of those three exists because a rule requires it, a payment requires it, or the account cannot function without it. There is no fourth category built for advertising, and we do not buy data about you from anyone.

Why we hold it

Account data identifies you and keeps a single person to a single account. Verification data satisfies anti-money-laundering and age-verification obligations that a licensed operator cannot opt out of — this is the part of a gambling account that is genuinely not negotiable, and an operator that skipped it would be the one to worry about.

Activity data settles disputes. When a bet, a bonus or a payout is questioned, the log is what answers it, and it answers in your favour as often as ours. It also drives the loyalty tiers, since comp points are calculated from real turnover.

Who sees it

Our own staff, on a need-to-know basis: a support agent handling a payout sees the account, not the ID scan; the compliance team handling a verification sees the ID, not your session history. Payment providers see the minimum required to move money — a bank sees an amount and an account, not a betting log. Regulators and auditors see what a licence obliges us to show them.

Nobody else. We do not sell player data, we do not rent it to advertisers, and we do not pass it to other casinos. There is no arrangement under which a third party pays for a list of our players, and there never will be, because the entire operation depends on that not happening.

How long it stays

Verification and financial records are kept for the period the licence requires after an account closes — typically several years — because a regulator can ask for them long after you have stopped playing. Deleting them on request is not something we are permitted to do, and any operator who offers to is either lying or breaking a rule.

Marketing consent is different. Withdraw it and the emails stop immediately, without touching the account, the balance or the tier. Self-excluded accounts receive no marketing at all, by design and without needing to ask.

Security, and what you can ask for

Traffic runs over encrypted connections. Documents are stored encrypted and are reachable only by the staff whose job requires them. Passwords are hashed, never stored in a readable form, and no employee can tell you your own password because no employee can see it.

You can ask what we hold on you and receive a copy. You can correct anything wrong. You can withdraw marketing consent whenever you like. You can ask for deletion, and we will delete everything the licence does not require us to keep — and tell you plainly what is left and why, rather than pretending the request was fully honoured.

Every one of those requests goes through support, from the registered email address, and is answered by a person. If you would rather understand how the account works before you open one, the homepage sets out what it does.