Privacy Policy
Last updated: June 2026
This Privacy Policy describes how CasinoMass collects, uses, and protects personal information of users of the CasinoMass platform (the "Platform") — a B2B verified iGaming data infrastructure platform. CasinoMass is not a gambling operator and does not accept registrations from or process personal data of individual players.
CasinoMass is committed to complying with the EU General Data Protection Regulation (GDPR) (Regulation 2016/679), the UK GDPR, and other applicable data protection laws.
1. Data controller
The Data Controller responsible for your personal data is CasinoMass.
For data protection enquiries: Contact support
2. Scope and nature of the Platform
CasinoMass is a B2B data research and infrastructure platform. We do not operate a gambling website, accept player deposits, or publish player-facing content. Personal data we process is limited to that of our Platform users (employees and representatives of B2B businesses) and does not include data of individual gambling players. This Privacy Policy applies to our web portal, any related applications, and the future REST API.
3. What we collect
3.1. Information you voluntarily provide
- Account information — name (first and last) and email address, collected at signup. Used to authenticate your account, display your identity within the platform, and send transactional emails (account access, billing receipts, service notices).
- Password — created independently by the user. We do not store passwords in plain text and do not have access to them.
3.2. Information automatically collected
- Usage data — page views, feature interactions, filtering activity, and export activity. Collected via PostHog analytics to improve the product. IP addresses are anonymised.
- Device and connection information — IP address, browser type, operating system, device identifiers, and system language. Used for security and service operation.
3.3. Payment information
Payment information is handled by our payment processor (WhitePay or such other processor as we designate). Payments are made in cryptocurrency (USDT and others). We do not store card numbers or wallet private keys — only the transaction reference, plan purchased, amount, and confirmation status.
3.4. Other data categories
- Correction requests — if you submit a data correction, we record your account ID, the entity and field reported, and your suggestion.
- API waitlist — if you join the waitlist, we store your email and the source (referrer) to notify you when API access opens.
- Support communications — if you contact us via Telegram support or email, we process the content of your communications to resolve your query.
4. How we use your information
We use personal information for the following purposes:
- To provide and maintain the Platform and its features;
- To authenticate your account and display your identity within the Platform;
- To process payments and send billing communications;
- To verify and improve data quality (correction requests);
- To analyse product usage and prioritise features;
- To contact you about significant service changes;
- To respond to support enquiries and resolve technical issues;
- To enforce these Terms and applicable acceptable use policies;
- To comply with applicable legal obligations.
We do not sell your data to third parties.
5. Data retention
We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law.
| Data type | Retention period |
|---|---|
| Account data (email, name, role, settings) | Active life of account; removed within 30 days of deletion request |
| Session cookies | Expire after 12 hours of inactivity |
| Reveal / data view history | Retained until account deletion |
| Export logs | 12 months; anonymised (userId removed) thereafter |
| Correction requests | 24 months; anonymised when the submitter deletes their account |
| Payment invoices | 7 years (statutory accounting / financial record-keeping requirement) |
| Audit logs | 24 months in identifiable form; retained in anonymised form thereafter |
| Analytics events (PostHog) | 12 months per PostHog's retention policy |
| Support messages (Telegram / email) | 90 days after case resolution |
| API waitlist data | Until API access opens or consent is withdrawn |
If you request account deletion, personal identifiers are removed within 30 days. Payment invoices are retained for 7 years as required by applicable accounting regulations regardless of account status. Anonymised aggregate data may be retained indefinitely for product analytics.
6. Third-party services and data transfers
| Service | Purpose | Transfer mechanism |
|---|---|---|
| Supabase | Authentication and database hosting | SCCs / Supabase DPA |
| PostHog | Product analytics | SCCs / PostHog DPA |
| WhitePay | Crypto payment processing | SCCs / WhitePay DPA |
| Vercel | Hosting and edge delivery | SCCs / Vercel DPA |
| Telegram | Customer support communications | Telegram Privacy Policy / SCCs |
Each provider has its own privacy policy governing data processed on their infrastructure. Where processors are located outside the EEA, transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR Chapter V.
We do not share personal data with third parties for marketing or advertising purposes. We may share data with law enforcement or regulatory authorities where required by applicable law.
7. Cookies
CasinoMass uses cookies for session management (authentication) and analytics (PostHog). No advertising or tracking cookies are used. Non-essential analytics cookies are placed only with your consent, which you may withdraw at any time. Please see our Cookie Policy for full details.
8. Your rights
You may request a copy of your personal data or ask for deletion by contacting support. We will respond within one month (30 days).
Under GDPR, you also have the following rights:
- Right to rectification — correct inaccurate or incomplete data;
- Right to restriction — ask us to limit how we process your data;
- Right to data portability — receive your data in a structured, machine-readable format;
- Right to object — object to processing based on legitimate interests;
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing;
- Right to erasure (right to be forgotten) — request deletion of your personal data where applicable under GDPR Art. 17;
- Right to lodge a complaint with your national supervisory authority (e.g. your local EU Data Protection Authority).
To exercise any right, contact us at Contact support.
9. Data security
CasinoMass implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS), access controls, and regular security reviews. In the event of a personal data breach, we will notify affected users and relevant supervisory authorities in accordance with GDPR Art. 33–34.
No electronic transmission over the Internet or information storage technology can be guaranteed to be completely secure. While we implement commercially reasonable measures to protect your data, you acknowledge inherent risks in using online services.
10. Children's data
The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it.
11. Changes to this Policy
We may update this Privacy Policy. If changes are material, we will notify you by email at least 14 days before the changes take effect.
12. Contact
For privacy enquiries: Contact support