Overview of this privacy document

The platform collects personal data to deliver online services and meet legal duties. Depending on usage, the following information may be collected:

• Identity: full name, date of birth, nationality, photograph (for KYC where permitted).
• Contact: mobile number, email address, residential address.
• Account and gameplay: username, preferences, responsible gaming settings, self-exclusion flags.
• Payments: masked card details handled by PCI DSS compliant processors, UPI identifiers, bank account information for withdrawals.
• KYC/AML: PAN, passport, driving licence, voter ID, and verification outcomes from approved verification partners, where required by law.
• Technical data: device identifiers, IP address, browser type, app version, log files, cookies, and approximate location inferred from IP.
• Communications: customer support chats, emails, and call recordings where applicable.

Why the data is collected

• To create and manage accounts, verify age and identity, and provide services.
• To process deposits, bets, and withdrawals, and to prevent fraud.
• To support responsible gaming tools and comply with applicable rules.
• To respond to queries and resolve disputes.
• To meet legal and regulatory obligations, including tax or anti-money laundering checks where applicable.

How the data is protected

• Encryption in transit (TLS) and at rest for sensitive records.
• Payment card data is tokenised by certified processors; the platform does not store full card numbers.
• Strict access controls, audits, and role-based permissions.
• Multi-factor authentication/OTP for sensitive actions.
• ISO 27001 aligned practices, secure development lifecycle, and incident response procedures.
• Data minimisation and retention schedules linked to legal requirements.

User rights (subject to law and verification)

• Access: obtain a copy of personal information.
• Correction: update inaccurate or incomplete details.
• Deletion: request erasure of data that is no longer needed or where consent is withdrawn and no other lawful basis applies.
• Consent management: withdraw consent for non-essential processing at any time.
• Portability: request a machine-readable copy where feasible.
• Nomination: appoint a person to exercise rights in case of death or incapacity, as per the Digital Personal Data Protection Act, 2023.

Compliance statement

• The service operates in line with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and applicable rules on reasonable security practices, and relevant payment standards (including RBI/NPCI norms and PCI DSS via partnered processors). Where local state laws impose additional requirements, those are followed for users in those jurisdictions.

Data is processed lawfully, fairly, and in a transparent manner for purposes such as:

• Account setup and service delivery: registration, login, verification, preferences, and responsible gaming tools.
• Transactions: deposits, bets, payouts, refunds, chargeback handling, and reconciliation through payment providers.
• Support and operations: customer care, service notifications, maintenance, and incident management.
• Personalisation: language, content, and experience based on usage patterns.
• Marketing: emails, SMS, and in-app messages only where consent has been given; users can opt out at any time.
• Analytics and improvement: performance metrics, error analysis, and product enhancement using aggregated or pseudonymised data where possible.
• Security and fraud prevention: rate limiting, device checks, IP screening, and automated risk scoring, followed by human review when needed.
• Legal compliance: KYC/AML checks, sanctions screening where applicable, regulatory reporting, and record-keeping.

The platform does not sell personal data. Automated decisions are limited to risk and security checks required to protect users and comply with law, and users can request human review where such checks have a material effect.

Users can manage much of their information in account settings. For additional requests:

• Access and portability: submit a request through the help centre or by emailing [email protected]. A response is provided within 30 days, subject to identity verification.
• Correction: update details in the profile section or email supporting documents to [email protected] if system changes are not available.
• Deletion: request erasure for data that is not required for ongoing services, dispute handling, or legal retention. Some records (for example, payments and KYC logs) must be kept for compliance for a defined period.
• Consent withdrawal: adjust notification and marketing settings or email [email protected].

By using the services, the user consents to necessary security checks and the processing of payment information by authorised payment providers for deposits and withdrawals. Identity re-verification may be required before acting on sensitive requests.

Grievance and escalation (India)

• Grievance Officer (India): [email protected]
• Expected timelines: acknowledgement within 24 hours and resolution within 15 working days for grievances, unless a longer period is required by law.

The service is intended for persons aged 18 years and above. Access by minors is prohibited. The operator cannot confirm age without documents; age is verified through KYC when required by law or policy.

If a parent or legal guardian believes that a minor has provided personal data, contact [email protected]. After verification, the account will be closed and the information will be deleted, unless retention is required for legal reasons.

Personal data may be stored and processed outside India in locations where service partners, cloud providers, payment processors, or verification vendors operate, including the European Union, United Kingdom, Singapore, and the United States. By using the website and apps, the user consents to such transfers.

Safeguards used for international transfers

• Contractual protections requiring partners to maintain confidentiality and robust security.
• Access limited to what is necessary for providing services.
• Continuous oversight, audits where applicable, and incident reporting duties.

All recipients are required to protect information and to use it only for the agreed purposes.

This disclaimer clarifies that, to the extent permitted by law, it may limit or qualify how certain rules in this document apply in specific scenarios, such as legal investigations, fraud prevention, or mandatory retention. The disclaimer becomes effective when the user accepts this policy by signature, acceptance, or accession during registration or continued use.

If any provision is found invalid by a competent authority, the remaining parts continue to operate. In case of conflict between translations, the English (India) version and the latest published date govern.

Cookies are small files placed on a device to store information and help the website function. The service uses cookies for:

• Statistics: measuring visits, performance, and error rates.
• Behaviour analysis: understanding how users interact with pages and features.
• Personalisation: remembering preferences such as language and region.
• Site improvement: load balancing and security.

Cookie retention

• Non-essential cookies are kept for up to 1 year, unless deleted earlier by the user.

Controls

• Users can manage cookies in browser settings or in the preference centre. Essential cookies that are required for core functions may continue to operate.

Use of the website, apps, or related services constitutes full acceptance of this Privacy Policy. The current version published on the site prevails over any prior version. Continued use after updates indicates agreement to the revised policy.

Personal information may be shared in the following cases:

• Payment processing, KYC/AML checks, fraud prevention, hosting, analytics, customer support, and message delivery services.
• Where required by law, court order, taxation authorities, or to establish, exercise, or defend legal claims.
• To comply with agreements, resolve disputes, or enforce terms and policies.

A list or category-level summary of third parties is maintained in the help centre. If a new category of recipient is added, users will be informed about the purpose and scope. Providing information for a specific feature constitutes consent to share it for that feature.

Each third party has its own privacy practices. Partners are contractually bound to protect confidentiality and to process data only for defined purposes.

The website may contain links to other websites or apps. Those destinations have their own privacy policies and security practices. The operator is not responsible for how external parties use personal information. Users should review the privacy policy of any external site before providing data.