Bankroll Casino
$0.00

Privacy Policy

Version 1.0.0 · Last updated 2026-04-07

1. Introduction

This Privacy Policy explains how Bankroll Ltd. (“Bankroll”, “we”, “us”) collects, uses, shares, and protects personal data when you use the Service. We are the data controller for the personal data described here.

2. Data We Collect

We collect the following categories of personal data:

  • Identity data: email address, password (stored as an Argon2 hash — we never see your plaintext password), self-declared date of birth, self-declared country of residence.
  • KYC data: when you initiate a withdrawal you may be asked to verify your identity through Sumsub, our KYC partner. Sumsub collects identity documents, a selfie, and performs PEP and sanctions screening. See our AML / KYC Policy for details.
  • Financial data: deposit and withdrawal amounts, wallet addresses, transaction hashes, and double-entry ledger records of every wager and payout.
  • Technical data: IP address, device type, browser, operating system, and approximate geolocation derived from your IP for soft geoblocking purposes.
  • Usage data: games played, bet history, responsible-gaming limit changes, login timestamps, and consent records.

3. Lawful Basis

We process your personal data on the following lawful bases:performance of contract (to operate the Service and honor wagers), legal obligation (to comply with AML and anti-fraud laws under the Anjouan Gaming Authority and FATF guidance), legitimate interest (fraud prevention, platform security, analytics), and consent (for marketing and non-essential cookies, which you can withdraw at any time).

4. Cookies

We use both essential and optional cookies. Essential cookies are required for the Service to function (session, CSRF, auth) and cannot be disabled. Optional cookies (analytics, marketing) are only set after you click “Accept All” on the cookie banner. See our Cookie Policy for the full list.

5. Third Parties

We share personal data with the following processors, each under a written data processing agreement:

  • NOWPayments — cryptocurrency deposit and withdrawal processing.
  • Sumsub — identity verification and KYC.
  • MoonPay — fiat-to-crypto on-ramp (where supported).
  • Termly — legal document generation and cookie consent management.
  • Infrastructure providers — Railway and Render for hosting, Cloudflare for CDN/DDoS, PostgreSQL and Redis for data storage.

We do not sell your personal data. We may disclose personal data to law enforcement or regulators when legally compelled to do so.

6. Data Retention

We retain personal data for 5 years after account closure or last financial event, whichever is later, after which personal identifiers are anonymized. Financial ledger entries are retained indefinitely. This retention period is the minimum required by applicable anti-money-laundering regulations. After 5 years, your name, email, and date of birth are replaced with a non-identifying reference, while the underlying double-entry ledger remains intact for audit and regulatory purposes.

You may request earlier deletion under applicable data protection laws, subject to our AML hold until 5 years after your last financial event.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, erase, or export your personal data, to object to or restrict processing, and to withdraw consent. To exercise any of these rights, email privacy@bankrolld.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Security

We use industry-standard security practices including TLS 1.3 for all traffic, Argon2 password hashing, JWT session tokens, row-level database encryption, strict CORS and CSP headers, and rate limiting on authentication endpoints. No system is 100% secure; you are responsible for protecting your login credentials.

9. Contact

Privacy questions and data-subject requests may be directed to privacy@bankrolld.app.

Bankroll
Privacy Policy — Bankroll · Bankroll