Privacy Policy

What Personal Information We Collect

Registration requires your full legal name, date of birth, residential address, email address, and phone number. Identity verification — mandatory under GCB licence conditions and consistent with AUSTRAC guidance on know-your-customer obligations — requires a government-issued photo ID and, in some cases, proof of address or source-of-funds documentation. Payment processing requires card details or e-wallet identifiers; we do not store full card numbers on our servers. Behavioural data — session duration, wagering history, deposit and withdrawal patterns — is recorded automatically and forms part of your account record.

Why We Collect Personal Information

Account creation and operation is the primary purpose. Identity verification is a legal obligation under anti-money laundering frameworks applicable to GCB licensees. Transaction processing requires payment data by necessity. Responsible gambling monitoring uses behavioural data to identify patterns consistent with harm; this is not optional and is a licence condition. Marketing communications are sent only where you have given explicit consent and can be withdrawn at any time by contacting [email protected] or updating your account preferences.

Legal Basis for Processing

GCB licence conditions require identity verification and transaction monitoring as non-negotiable obligations. Contractual necessity covers account operation and payment processing. Legitimate interest applies to fraud prevention and security monitoring — this fact, not marketing language. Consent applies only to optional communications. Australian Privacy Principle 3 requires that collection be reasonably necessary for one or more of the operator’s functions; each category listed above meets that standard.

How We Use Your Information

Verification data is used to confirm identity and prevent fraud. Transactional data is used to process deposits and withdrawals and to comply with financial reporting obligations. Behavioural data is used to operate responsible gambling tools including deposit limits, session reminders, and self-exclusion mechanisms. Aggregate, de-identified data may be used for internal analysis and product improvement. No individual player profile is sold to third parties — this is a factual statement of our data practices.

Disclosure of Personal Information

Payment processors receive the minimum data required to complete transactions. Identity verification providers receive document images and personal details to complete KYC checks; these providers operate under contractual data protection obligations. Regulatory and law enforcement authorities receive data when legally required. Cloud infrastructure providers store encrypted data under agreements that prohibit independent use of that data. Australian Privacy Principle 8 requires that cross-border disclosures be made only to recipients who provide comparable privacy protections; our contracts with third-party processors reflect this requirement.

Data Retention

Account data is retained for a minimum of five years following account closure, consistent with GCB licence requirements and AML record-keeping obligations. Identity documents are retained for the period required by applicable law and then securely deleted. Inactive accounts — no login for 36 consecutive months — are reviewed and, where no legal hold applies, data is deleted or anonymised. You may request deletion of data that is no longer required for legal or contractual purposes by contacting [email protected] ; requests are assessed within 30 days.

Your Rights Under Australian Privacy Principles

APP 12 gives you the right to access personal information we hold about you. APP 13 gives you the right to correct inaccurate or outdated information. You may request a copy of your data or a correction by contacting [email protected] . Requests are completed within 30 days. Where access is refused — for example, where disclosure would prejudice an ongoing fraud investigation — we will provide written reasons. The Office of the Australian Information Commissioner (OAIC) at oaic.gov.au handles complaints where you believe your privacy rights have not been respected.

Cookies and Tracking

Session cookies are necessary for platform operation and cannot be disabled without breaking core functionality. Analytics cookies track aggregate usage patterns; these can be disabled via your browser settings. Marketing cookies are only set where you have provided consent. Full details of cookies in use are set out in our Cookie Policy .

Security Measures

Data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Access to personal data is restricted to staff with a verified operational need. Security practices are reviewed annually. No security measure eliminates all risk; this is a fact, not a disclaimer.

Children

The platform is not available to persons under 18 years of age. Age verification is conducted at registration. Where a minor is identified, the account is closed immediately and relevant data is reported as required by GCB licence conditions.

Changes to This Policy

Material changes are communicated by email to registered account holders at least 14 days before taking effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

Contact

Privacy-related queries, access requests, and correction requests: [email protected] . Response time: within 30 days.

Complaints that remain unresolved may be referred to the Office of the Australian Information Commissioner: oaic.gov.au