1win

Privacy Policy

This Privacy Policy (“Policy”) outlines how our online gaming platform collects, uses, processes, and protects your personal information in accordance with applicable Indian data protection laws, including the Information Technology Act, 2000, and related regulations. By accessing and using our services, you consent to the practices described herein. Last updated: January 18, 2026.

1. Information We Collect

We collect various categories of personal information to provide our gaming services, ensure compliance with regulatory requirements, and enhance user experience. The information we gather includes data you provide directly, data collected automatically, and information from third-party sources. Understanding what information we collect helps us serve you better while maintaining transparency about our data handling practices.

  • Account Registration Data: Full name, email address, date of birth, phone number, residential address, and identity verification documents
  • Financial Information: Banking details, wallet identifiers, payment method information, transaction histories, and deposit-withdrawal records
  • Gaming Activity Data: Gameplay preferences, betting patterns, game selection history, winning and losing records, session duration, and account balance information
  • Device Information: IP address, device identifiers, browser type, operating system, hardware specifications, and mobile device identifiers
  • Communication Records: Emails, chat logs, support ticket conversations, feedback submissions, and customer service interactions
  • Biometric Data: Facial recognition for age verification and security purposes, as permitted under applicable laws
  • Location Data: Geographic information derived from IP addresses and device settings for compliance and service delivery

2. Purpose and Legal Basis for Data Processing

We process your personal information for specific, defined purposes that align with our business operations and legal obligations. Each processing activity is grounded in a legitimate legal basis recognized under Indian data protection frameworks and international standards. We never process your data for purposes beyond those disclosed, and we maintain clear records of our processing activities.

  • Account Creation and Management: Processing is necessary for establishing and maintaining your user account, providing access to gaming services
  • Age Verification and Compliance: Ensuring you meet legal age requirements for gambling activities as mandated by Indian regulations and international gaming standards
  • Know Your Customer (KYC) Requirements: Fulfilling anti-money laundering obligations and regulatory compliance for financial institutions operating in India
  • Fraud Prevention and Security: Detecting, investigating, and preventing fraudulent activities, unauthorized access, and abusive behavior on our platform
  • Payment Processing: Facilitating deposits, withdrawals, and financial transactions through secure payment gateways and partner institutions
  • Customer Support and Communications: Responding to inquiries, providing technical assistance, sending transactional notifications, and maintaining service quality
  • Marketing and Promotional Activities: Sending personalized offers, gaming updates, and promotional content based on your preferences and consent
  • Analytics and Performance Improvement: Analyzing user behavior patterns, platform performance metrics, and usage trends to enhance service quality
  • Legal Obligations and Dispute Resolution: Complying with legal requests, investigating complaints, and resolving disputes between users and our platform

3. Data Sharing and Third-Party Disclosure

We recognize that protecting your information requires careful management of data sharing practices. We share your personal information only with authorized parties who assist in providing services, comply with legal requirements, or have legitimate business purposes. All third-party partners are bound by confidentiality obligations and must adhere to data protection standards equivalent to our own. We never sell your personal information for marketing purposes or share it with unauthorized commercial entities.

  • Payment Service Providers: Financial institutions, payment gateways, and e-wallet operators required to process your transactions securely
  • Identity Verification Partners: Third-party verification services conducting KYC checks and age validation through secure databases
  • Regulatory Authorities: Government agencies, law enforcement, and gaming regulators when legally required or to prevent illegal activities
  • Technology Service Providers: Cloud hosting providers, cybersecurity firms, and IT service providers supporting our infrastructure and security
  • Customer Support Platforms: Communication service providers managing customer inquiries, feedback, and technical support interactions
  • Analytics and Research Partners: Data analysis companies helping us understand user behavior and improve service offerings
  • Legal Advisors and Compliance Officers: Law firms and compliance consultants assisting with regulatory adherence and dispute resolution

4. Data Security and Protection Measures

We implement comprehensive security protocols designed to protect your personal information from unauthorized access, alteration, disclosure, and destruction. Our security infrastructure combines technical safeguards, organizational procedures, and administrative controls to maintain the highest standards of data protection. We continually update our security measures to address emerging threats and vulnerabilities in the digital landscape.

  • Encryption Technology: End-to-end encryption for all data transmissions using industry-standard TLS/SSL protocols and AES-256 encryption for stored sensitive information
  • Secure Infrastructure: Firewalls, intrusion detection systems, and network segmentation protecting our servers and databases from unauthorized access
  • Access Controls: Role-based access restrictions ensuring only authorized personnel can access personal information necessary for their functions
  • Regular Security Audits: Periodic penetration testing, vulnerability assessments, and security audits conducted by independent third-party experts
  • Data Minimization: Collecting only essential information required for stated purposes and limiting retention periods to necessary durations
  • Employee Training: Mandatory data protection and cybersecurity training for all staff members handling personal information
  • Incident Response Plan: Documented procedures for identifying, reporting, and responding to data breaches with minimal user impact
  • Compliance Monitoring: Continuous monitoring of our systems for suspicious activities, unauthorized access attempts, and policy violations

5. User Rights and Data Subject Access

You possess fundamental rights regarding your personal information under applicable Indian data protection laws. We are committed to facilitating these rights and providing transparent access to your data upon request. You can exercise your rights by submitting written requests to our Data Protection Officer through verified communication channels, and we will respond within the timeframes specified by law.

  • Right to Access: Requesting copies of all personal information we hold about you in a structured, commonly used, and machine-readable format
  • Right to Correction: Submitting requests to update, correct, or modify inaccurate or incomplete personal information in our systems
  • Right to Erasure: Requesting deletion of your personal information in certain circumstances, subject to legal retention obligations
  • Right to Restrict Processing: Requesting that we limit how your information is processed while disputes are being resolved or specific conditions exist
  • Right to Data Portability: Obtaining your personal information in a portable format and transferring it to other service providers
  • Right to Object: Objecting to specific processing activities, particularly marketing communications and profiling activities
  • Right to Lodge Complaints: Submitting complaints to the appropriate data protection authority if you believe your rights have been violated
  • Right to Know Processing Details: Requesting information about how your data is processed, with whom it is shared, and for what duration it is retained

6. Data Retention and Deletion Policies

We maintain personal information only for the duration necessary to fulfill the purposes for which it was collected or as required by applicable laws. Our retention policies balance the need to maintain accurate records for legal compliance, fraud prevention, and service improvement with your privacy interests. When data is no longer needed, we implement secure deletion procedures to ensure complete removal from our systems.

  • Account Information: Retained for the duration of your active account and seven years thereafter to comply with financial record-keeping requirements
  • Transaction Records: Maintained for minimum ten years as required by anti-money laundering regulations and tax authorities in India
  • KYC Documentation: Preserved for ten years post-account closure in compliance with Reserve Bank of India guidelines and financial regulations
  • Marketing Communications: Retained only while you maintain an active subscription; immediately deleted upon unsubscribe requests
  • Support and Communication Records: Maintained for three years to resolve disputes and address historical inquiries
  • Analytics and Behavioral Data: Aggregated data retained indefinitely; individual-level gaming logs deleted after twelve months unless legal holds exist
  • Security Logs and Incident Records: Maintained for eighteen months for investigating security breaches and unauthorized access attempts
  • Deletion Procedures: Secure deletion using cryptographic erasure and data overwriting techniques ensuring complete data destruction

7. Policy Updates and Contact Information

We may update this Privacy Policy periodically to reflect changes in our practices, technology advancements, or modifications to applicable laws. We will notify you of significant changes through email or prominent notifications on our platform at least thirty days before implementation. Your continued use of our services following policy updates constitutes acceptance of the revised terms. For questions about our privacy practices or to exercise your data rights, please contact our dedicated Data Protection Officer.

  • Policy Review Schedule: Quarterly reviews to ensure alignment with evolving regulations and best practices in data protection
  • Notification Method: Email notifications sent to registered address with clear summaries of substantive changes and effective dates
  • Archival Access: Previous versions of this policy available upon request to document our privacy commitments over time
  • Data Protection Officer: Appointed official responsible for overseeing compliance and serving as primary contact for data protection inquiries
  • Contact Methods: Email correspondence, written requests via registered mail, and encrypted messaging for sensitive communications
  • Response Timeframe: Acknowledgment of requests within forty-eight hours and substantive responses within thirty days of verified requests
  • Dispute Resolution: Commitment to addressing concerns through transparent dialogue before escalation to regulatory authorities
  • Legal Compliance: Full adherence to Information Technology Act 2000, Information Technology Rules 2011, and all applicable gaming regulations in India