Privacy policy: the documents we ask for, and the ones we destroy
What we collect, and why
Three groups of data, and no fourth. Everything below exists because an account cannot function without it, not because it is worth something to us on a market.
- Account data — the email address, password hash, name, date of birth and currency you gave us at registration. Without it there is no account to hold your balance.
- Transaction data — deposits, withdrawals, bets, bonuses, and the payment instruments they moved through. This is a financial record and we are obliged to keep it.
- Verification data — the photo ID, proof of address and masked card image you upload before your first payout. This is the most sensitive category and the one we hold most carefully.
We also log technical data — IP address, device, browser, session times — because it is how we detect a compromised login and how we enforce one account per player. It is not sold, and it is not used to build an advertising profile of you anywhere outside this site.
Why the identity check is unavoidable
Because the licence requires it, and because a casino without one becomes a laundry. Verification is what confirms you are over 18, that the person withdrawing is the person who deposited, and that the payout is going to a real account in a real name. There is no version of a licensed casino that skips it, and any operator who offers to is telling you something important about themselves.
The check is triggered by your first withdrawal rather than by registration, which means you can play without uploading anything. Uploads go through the account, over an encrypted connection, and never by email — if a message claiming to be from us asks you to send a driver licence as an email attachment, it is not from us.
How long we keep it, and what we destroy
Transaction and account records are retained for as long as anti-money-laundering law requires, which outlives your account by years and is not something we can shorten on request. Verification documents are held for the period the licence obliges us to hold them, and then deleted — we have no interest in a filing cabinet full of other people's passports.
Marketing preferences are the part you control completely. Unsubscribe and the promotional email stops; self-exclude and the marketing flag is suppressed along with account access, so an excluded player does not get a reload offer through the door on day three.
Who ever sees your data
Our own staff, on a need-to-know basis — a payout reviewer sees your documents, a chat agent does not. Payment providers see what they must to move money. The regulator sees what it asks for. Nobody else. We do not sell personal data to other casinos, affiliates or data brokers, and there is no arrangement under which your name leaves this operator as a lead.
Cookies do the ordinary work: keeping you signed in, remembering your currency, and telling us which pages get read. You can refuse the non-essential ones in your browser and the site still functions — the login cookie is the only one it genuinely needs.
Your rights, and how to use them
Ask us and we will tell you what we hold on you. Ask us and we will correct anything wrong. Ask us to delete what we are not obliged to keep, and we will — the limit is the legal retention period on financial and verification records, which we cannot waive for anyone, including ourselves. Requests go through the support desk from inside the account, which is itself a security measure: it proves the person asking is the person the data is about.
Security is boring and that is the goal: SSL on every page that touches your information, hashed passwords, restricted internal access, and a login you should protect the way you protect a banking one. If you suspect an account has been accessed by someone else, change the password and tell support the same day. The homepage explains what the account can do — which is exactly why it is worth locking down.