Privacy Policy

Personal information collected

• Identity and verification: full name, date of birth, national ID or passport details, proof of address, selfie or live photo, source-of-funds documents
• Contact details: email address, phone number, postal address
• Account and usage: username, preferences, responsible gaming settings, support history
• Financial and transaction records: deposits, withdrawals, payment method tokens (card numbers are not stored in plain form)
• Technical information: IP address, device identifiers, operating system, browser type, language, time zone, online session logs, cookies, approximate location

Why this information is collected

• Create and manage the user account and provide the services
• Process payments and payouts through licensed payment providers
• Perform KYC, AML, fraud prevention, and responsible gaming checks
• Provide support and resolve disputes
• Improve website performance, analytics, and service quality
• Meet legal obligations and regulatory reporting requirements

Protection measures

• Transport security using TLS encryption
• Access controls, role-based permissions, and audit logging
• Segmentation of systems and firewalls
• Hashing, tokenization, and encryption for sensitive information
• Regular security testing and staff training
• Payments processed by providers that follow card industry security standards

User rights

• Access: request a copy of personal data and information about processing
• Correction: update inaccurate or incomplete data
• Deletion: request erasure where permitted by law
• Restriction and objection: limit or object to certain processing activities
• Portability: receive personal data in a structured, commonly used format where applicable
• Consent withdrawal: withdraw consent at any time for activities based on consent

Legal compliance in Sri Lanka

• The company aligns practices to the Sri Lanka Personal Data Protection Act, No. 9 of 2022, to the extent applicable, and to core international principles of lawfulness, fairness, transparency, and purpose limitation.
• Anti-money laundering record-keeping follows the Financial Transactions Reporting Act, No. 6 of 2006 and guidance of the Financial Intelligence Unit, as applicable.

Retention

• Personal information is kept only as long as necessary for the purposes stated in this document.
• Records needed for AML, tax, and audit may be retained for a minimum of five years after account closure or as required by law.
• When retention ends, data is deleted or irreversibly anonymized.

• Account administration: registration, login, preferences, responsible gaming tools
• Transactions: processing deposits, withdrawals, and refunds through payment providers
• Service delivery: running games, bets, and account features
• Customer support: responding to requests and resolving incidents
• Analytics and improvement: measuring performance, troubleshooting, and developing new features
• Marketing communications: sending service updates or offers only where the user has consented or where permitted by law; users can opt out at any time
• Safety and integrity: identity verification, AML screening, fraud detection, chargeback prevention, and risk assessment
• Compliance: meeting legal duties, regulatory requests, and record-keeping

Processing is lawful, fair, and transparent, based on consent, contract performance, legitimate interests, or legal obligations, as applicable.

• Access: users may review personal information through account settings or by submitting a request via the Help Centre contact form or the privacy contact provided on the website footer.
• Correction: inaccurate details can be edited in profile settings or by contacting support; identity checks may be required.
• Deletion: users may request deletion; legal or regulatory duties (for example AML) may limit deletion until retention periods end.
• Response time: verified requests are handled without undue delay and within timelines permitted by law.

By using the services, the user consents to security checks including KYC and AML screening and agrees that payment information may be processed by payment service providers for transaction processing and fraud prevention.

• The services are intended for persons aged 18 and over.
• The operator cannot confirm age without receiving reliable documents during verification.
• If a parent or legal guardian informs the company that a minor has provided personal data, the account will be closed and the information deleted as permitted by law.

• Personal data may be stored and processed outside Sri Lanka in countries where the company, group entities, or trusted partners operate data centers or provide services.
• Using the services signifies consent to such international transfers for the purposes described in this document.
• Appropriate safeguards are used, including contractual protections and confidentiality obligations, to ensure that partners protect the information to a standard that is not less than that required by applicable law.

• A legal disclaimer may limit or clarify how certain rules apply in practice.
• The policy and any disclaimer take effect when a user accepts them by signing electronically, clicking to accept, or continuing to use the services (accession).
• If any provision is held invalid under applicable law, the remaining parts continue in force to the fullest extent permitted.

What cookies are

Cookies are small text files stored on a device by websites to remember a user and improve online experience.

How cookies are used

• Essential: enable core functions such as authentication and security
• Preferences and functionality: remember settings and improve user experience
• Analytics: measure traffic, diagnose issues, and improve content
• Advertising: deliver relevant information where permitted by law

Retention and control

• Standard cookie retention is up to 1 year unless a shorter or longer period is required for technical or legal reasons.
• Users can manage or delete cookies in browser settings. Blocking certain cookies may affect service functionality.
• Some third-party cookies may be used by analytics or advertising partners; their practices are described in their own policies.

• Use of the websites or apps constitutes full acceptance of this privacy document.
• The most recent version posted on the site prevails over previous versions.
• Material changes will be communicated through the site or by direct notice where legally required.

• Personal data may be shared to the extent necessary for:
  • Payment processing and payouts (banks, card schemes, payment gateways)
  • Identity verification, KYC/AML screening, fraud prevention, and sanctions checks
  • Customer support platforms, communications providers, and cloud hosting
  • Analytics and marketing service providers for permitted communications
  • Professional advisers (legal, audit) and dispute resolution bodies
  • Law enforcement, courts, regulators, or tax authorities when legally required
  • Corporate transactions such as mergers, acquisitions, or restructuring
• The website maintains or provides access to a list or description of key processors and the purpose of processing. If not listed, the company will inform users of the purpose and scope before or at the time of sharing, where required by law.
• Providing information and using the services constitutes consent to such sharing for the purposes set out here, subject to confidentiality and security commitments by each recipient.

• The site may contain links to other websites or services operated by third parties.
• Those websites have their own privacy policies and practices; the company is not responsible for how external parties process personal data.
• Users should review the privacy information on any external site and proceed with caution before providing personal information.