Create ad

iGaming Online Platform Privacy Policy

We respect your privacy and are committed to protecting our users' personal data. This Privacy Policy describes what data is collected and processed when you use our iGaming online classifieds platform with personal accounts, ad placement, the Expay payment system, and an affiliate program. We comply with the requirements of the EU General Data Protection Regulation (GDPR) and other applicable privacy laws, adhering to the principles of lawfulness, transparency, minimization, and security in data processing.

Purposes and Principles of Personal Data Processing

We process personal data strictly for specified and legitimate purposes. The main purposes include providing Platform functions (account creation, ad posting and viewing, payments and transactions, participation in the referral program), supporting user experience (e.g., saving interface language settings), and ensuring service security. Data processing is conducted on a lawful and transparent basis — we collect and use only the data necessary to achieve the stated purposes and do not use it in a manner incompatible with the original purposes. We also ensure that personal data is accurate and up-to-date, store it no longer than necessary for the processing purposes, and protect it with appropriate technical and organizational measures.

GDPR Principles.

In our work with personal data, we adhere to the main GDPR principles:

  • Lawfulness, fairness, and transparency:All data is processed on legal grounds (e.g., your consent, necessity for fulfilling terms of service, or legitimate interests) and is open to users. We clearly inform you about what data is collected and why.
  • Purpose limitation:Data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.
  • Data minimization:We collect the minimum amount of personal data sufficient to achieve the stated purposes, avoiding excessive information. For example, registration only requires an email and a one-time confirmation code — passwords are not used, which reduces the volume of sensitive information stored.
  • Accuracy:We take measures to keep personal data accurate and up-to-date; you have the option to update your data if necessary.
  • Storage limitation:Personal data is stored no longer than necessary. Upon achieving the processing purposes or upon withdrawal of consent/account deletion, data is deleted or anonymized within a reasonable timeframe.
  • Integrity and confidentiality:We apply appropriate security measures to protect data from unauthorized access, leakage, or destruction. Access to personal data is limited to a circle of authorized persons, and all employees and partners who work with data are obliged to maintain confidentiality.

Categories of Data Collected

When using the Platform, we may collect the following categories of personal data:

  • Contact data:email address used for registration and logging into the Platform, as well as for communication (sending a one-time login code, notifications, and important messages). Registration is done by entering an email and receiving a one-time access code.
  • Profile and account information:details in your personal account, including selected interface language and user notification settings. Your email also appears in your profile and is the main account identifier.
  • Ad data:information you publish in ads on the Platform. This may include the ad title and description, category, attached images (up to 8 photos), and other content information you choose to post. We also store information about your ads, such as their status (draft, active, expired, or blocked), publication and expiration dates, number of views, etc..
  • Financial data and transaction history:data related to your internal wallet and payments on the Platform. We record your account balance in USD equivalent, transaction history, deposits, and withdrawals, as well as information about purchased services or plans. Direct payment details (e.g., bank card data) are not stored on the Platform — all payments are processed through a third-party provider, Expay. However, we keep records of payment facts (amount, date, status, transaction ID, etc.) to display the history of operations and for reporting.
  • Affiliate program data:if you participate in the referral program, we process your unique referral link, information about clicks on it, and accrued rewards for referred users.
  • Technical data and logs:when you interact with the Platform, certain technical data is automatically collected. This includes your device's IP address, browser type and version, operating system, access time, URLs of visited pages, and other log data. This data is necessary for security (e.g., to limit the frequency of requests from a single IP), fraud prevention, and for diagnosing technical problems and service usage analytics. Log files (e.g., an audit log of actions) are stored for a limited time (default setting is 30 days) unless a longer period is required by law or for incident investigation.
  • Cookies and similar technologies:Cookies and similar technologies may collect information about your actions on the site (see the section below on Cookies). This includes saving your session, preferences, and collecting usage statistics. For example, when using analytical services (Google Analytics), cookies with anonymized identifiers are saved in your browser to evaluate traffic.

Please note that we do not collect special categories of personal data (such as racial or ethnic origin, political views, health, biometric data, etc.), nor do we collect data about age or identity, except where necessary for the functioning of the Platform (e.g., email for login). The Platform is intended for users 18 and over, and we do not knowingly collect information about children. If you are under 18, please do not use our services.

Data Collection and Storage Methods

Methods of collection:

Personal data comes to us primarily from you. You provide data directly when registering and using the Platform — for example, by entering your email during registration, filling out your profile, publishing ads, or making a payment. Data is also automatically generated during your interaction with the service: with each request, technical connection parameters (IP, user agent, etc.) are recorded, cookies may be set, and actions on the site are saved in event logs. In some cases, we may receive data from third parties — for example, payment confirmation from the payment provider Expay or statistics from an analytics service.

Storage and infrastructure:

Personal data is stored on secure servers located in data centers within the European Union (EU-Central region). We use modern cloud infrastructure (VPS/VDS servers) with the necessary resources for reliable data storage. Data backup and replication are carried out using S3-compatible cloud storage (e.g., Wasabi, Backblaze) to prevent information loss in case of a failure. Database data (PostgreSQL) and file storage are protected by access control measures. All connections between your device and the Platform are protected with TLS encryption (SSL certificate from Let's Encrypt), which prevents interception of your personal data in transit.

We store your data only for as long as necessary to fulfill the purposes described in this Policy (see the section "Data Retention Period"). The retention period may depend on the type of data — for example, transaction information may be stored longer for accounting purposes and to comply with legal requirements, while technical logs are automatically deleted after a relatively short time (as noted above, ~30 days for audit logs by default).

Data Usage

The collected personal data is used to ensure the operation and improvement of our Platform, specifically for the following purposes:

  • Provision of services and functions:We use data for user registration and identification, providing access to personal accounts and the ability to post/edit ads. Your email serves as your login and a means of communication; profile information (language, settings) is used to customize the interface to your preferences, and ad data is used to display them to other users and manage them.
  • Financial operations:Personal data is necessary to complete payment transactions and purchases on the Platform. We transfer necessary payment details (e.g., your user ID and amount) to the payment provider Expay for payment processing. After a successful payment, we receive a confirmation from Expay (webhook) and update your payment history and balance. Thus, your data is used to top up your account, perform paid services (e.g., raise the ad limit, highlight an ad, etc.), and display the current status of your account and purchases in your personal account.
  • Affiliate (referral) program:If you participate in the affiliate program, we process your data to track new users you have invited. This is necessary to accrue rewards according to the program's terms — we record who clicked your referral link and registered, and we credit the due payments to your balance.
  • Communication with users:We may use contact data (email) to send you important notifications related to the use of the service. For example, we send a one-time code for login, notify you about the status of your ads (published, expired, blocked by a moderator), warn you about ad quota exhaustion, or about the availability of new features. Within the settings, you can choose your preferred notification format and volume. We do not send third-party spam ads, and informational newsletters (platform news, promotions) are only sent with your consent, and you can unsubscribe at any time.
  • Analytics and product improvement:We analyze anonymized and aggregated data on how users interact with the Platform to improve our services. We use cookies and third-party analytics tools, such as Google Analytics 4, to collect visitor statistics and user actions. This data helps us understand which features are in demand, how to improve interface usability, and identify bottlenecks. Analytical data is anonymized and used in an aggregated form; at the same time, we comply with GDPR requirements for the use of such tools (e.g., we ask for your consent for analytical cookies when required).
  • Ensuring security and preventing violations:Log data and technical information are used to protect accounts and our service as a whole. We monitor anomalous activity (e.g., multiple unsuccessful login attempts, frequent requests) by using automated request rate limits by IP and access token. The information may also be used to investigate suspicious actions, prevent fraud, spam, and other violations of the Terms of Service. For example, we save action logs and in the event of incidents, we can link them to a specific account or IP address. The data may be used to take measures against violators (account blocking, deletion of prohibited content, etc.), as well as to respond to law enforcement requests if required by law.
  • Fulfilling legal obligations:In cases where processing and storage of personal data are necessary to comply with our legal obligations, we use the data appropriately. For example, financial record-keeping of payment information for tax and financial reporting, or providing data upon a legitimate request from government authorities. Also, if the platform has requirements to restrict access for minors (due to the iGaming theme), we may request age confirmation or take measures to prevent access by minors.

We use data strictly in accordance with the specified purposes and do not transfer it to third parties for their own marketing purposes without your consent. We also do not carry out automated decision-making that significantly affects your rights without human intervention — any important decisions (e.g., account blocking) are made with the participation of moderators or administrators, not exclusively by algorithms.

Data Sharing with Third Parties

We do not sell or disclose your personal data to third-party organizations except as described in this Policy. Data transfer to third parties is carried out only when necessary and based on contractual obligations of these parties to ensure proper protection of your information. These third parties include:

  • Payment providers:To process payments for services on the Platform, we use a third-party payment system, Expay, through which all transactions are processed. When making a payment, the necessary data (e.g., a unique account ID, amount, possibly your email or ID for the account) is transferred to the Expay system. Expay may request additional payment details from you (e.g., cryptocurrency wallet address or other details) directly on its secure payment page. We do not receive or store full financial details like your card numbers — we only receive information about the payment status (successful/unsuccessful) and basic details for accounting purposes. Expay, as the payment operator, is solely responsible for the legality and security of processing your payment data; we recommend that you familiarize yourself with the Expay privacy policy when making a payment.
  • Email delivery service:To send technical emails (one-time login codes, notifications), we may use the services of email providers (e.g., an SMTP provider). Your email address and the content of the messages sent (e.g., a confirmation code) may pass through the servers of such a service. These providers do not use your email for their own purposes and store data solely for email delivery, according to their storage policies.
  • Infrastructure and hosting providers:Our Platform operates on the servers of a third-party data center/hosting provider that provides us with computing resources (VPS/VDS in the European region). We also use Cloudflare as a CDN (Content Delivery Network) and a web application firewall to protect against DDoS and malicious activity. This means that your traffic may pass through Cloudflare servers, where suspicious requests are automatically filtered. Cloudflare may temporarily process your IP address and cookies to perform these security functions. All such providers act in accordance with our instructions and do not use user data for purposes other than ensuring the Platform's operability and security.
  • Analytics services:As mentioned, we use Google Analytics 4 (via Google Tag Manager) to collect statistical data on site usage. Google Analytics sets its own cookies and collects anonymized information about your actions (e.g., pages viewed, time on site, geographic assumption based on IP, etc.). This data is transferred to Google's servers in an aggregated form. We do not transfer any data to Google that could directly identify you (e.g., name or email). Google acts as a data processor for us and is subject to standard contractual data protection clauses. You can opt out of analytics by disabling the corresponding cookies (see the "Cookies" section below) or by installing a Google Analytics blocker.
  • User content processors:If you upload files to the Platform (e.g., images for ads), these files may be stored in cloud storage (e.g., S3-compatible, as mentioned above). Accordingly, the providers of these storage services technically process the file content, but access to them is protected, and the provider is not entitled to view or use their content other than for storage and retrieval upon request. Additionally, uploaded files are automatically scanned by the ClamAV antivirus for malicious content. This check is performed in a container on our servers; if viruses or prohibited content are detected, the file may be rejected.
  • Law enforcement and legal requirements:We may disclose certain user data to government agencies, courts, or other authorized parties if we are required to do so by law. For example, upon an official request in the course of investigating unlawful activity or to protect the rights, property, and security of the Platform, our users, or the public. In each such case, we carefully verify the legality of the request and disclose only the information that is necessary to comply with the legal obligation.
  • Business transfer:In the event that our Platform or product company undergoes a merger, acquisition, sale of assets, or other business reorganization, user personal data may be transferred to a successor as part of the relevant assets. In such a case, we will require the new data recipient to comply with the provisions of this Policy, and we will notify users of the change in control over their personal data.

All third-party data recipients are listed here for transparency. We enter into confidentiality and data processing agreements with each of them, requiring them to ensure the protection of your information at a level no less strict than that provided by our Policy. Data transfer occurs primarily within the European Economic Area (EEA). If in some cases cross-border data transfer outside the EEA is required (for example, Google Analytics servers may be located outside the EU), we guarantee that the necessary protective measures will be applied in accordance with GDPR Chapter V (standard contractual clauses, verification of data recipient certification, etc.).

User Rights Regarding Personal Data

We recognize and respect your rights as a data subject. In accordance with GDPR and other applicable laws, you have the following rights:

  • Right to accessyou have the right to request confirmation of whether your personal data is being processed, as well as to receive a copy of the current data we hold about you in a structured format. You can request explanations regarding what data is processed and for what purposes.
  • Right to rectificationif any information about you is inaccurate or outdated, you have the right to demand its correction or supplementation. You can update many profile details (e.g., settings) yourself in your personal account. Changing more important data (e.g., email address) may require additional verification for security.
  • Right to erasure ("right to be forgotten")you can request the deletion of your account and associated personal data. Our Platform has the option to submit a request for account deletion directly from your profile. After confirming such a request, we will delete or anonymize your personal data, except for data we are required to retain for legal reasons (e.g., data about financial transactions already conducted may be stored for reporting). Please note: account deletion is an irreversible action — your profile, ads, and balance will be permanently deleted, and it will be impossible to restore this data.
  • Right to restriction of processingin certain cases (e.g., if you contest the accuracy of the data or the legality of its processing), you have the right to demand temporary restriction of your data processing (other than storage) pending clarification of the circumstances.
  • Right to data portabilityyou have the right to receive the personal data we have provided in a machine-readable format for subsequent transfer to another controller (if technically feasible) or, if possible, to demand a direct transfer of this data by us to another service specified by you. As a rule, this right applies to data processed based on your consent or a contract and in an automated format.
  • Right to withdraw consentin cases where processing is based on your consent (e.g., newsletters, use of certain cookies), you can withdraw your consent at any time, after which we will stop the corresponding processing. Withdrawal of consent will not affect the lawfulness of data processing already performed before this.
  • Right to object to processingyou have the right to object to the processing of your personal data carried out based on our legitimate interests or for direct marketing purposes. In particular, you can opt out of receiving marketing materials, and we will stop sending them. You can also object to the automated analysis of your data if it significantly affects your rights (we do not have such profiling, except for standard analytics).
  • Right to lodge a complaintif you believe that your privacy rights have been violated, you can file a complaint with a competent data protection supervisory authority. We hope that you will give us the opportunity to resolve the issue directly by contacting us first, but this remains your legal right. In the European Union, such authorities are national data protection commissions/inspectorates. For example, if our company is registered in a specific EU country, you can contact the relevant authority in that country.

To exercise any of the listed rights (request for access, rectification, erasure, etc.), please contact us using the contacts specified at the end of the Policy. We will review your request and respond within the legally established timeframe (usually within 30 days). The exercise of your rights is free of charge for you, except in cases of repetitive or clearly unfounded requests — then we reserve the right to charge a reasonable fee or refuse to fulfill such a request with a justification of the reasons.

Please note that some rights may be limited if their fulfillment would affect the protection of the rights and freedoms of others or if we have compelling legitimate grounds to continue processing. For example, even after a request for deletion, we may retain a minimal amount of information if it is necessary to fulfill legal obligations, resolve disputes, or prevent fraud.

Data Security

The security of your personal data is a priority for us. We have implemented a set of security measures that meet current industry standards to prevent unauthorized access, disclosure, or loss of data. Our security measures include:

  • Encryption and delivery network:All data transmission between your browser and our servers is protected by the HTTPS protocol using SSL/TLS encryption (certificate from Let's Encrypt). This ensures that personal data cannot be intercepted by attackers in transit. We also use Cloudflare CDN to filter traffic and speed up content delivery. Cloudflare provides an additional layer of security by weeding out malicious requests and preventing DDoS attacks.
  • Web Application Firewall (WAF) and filtering:Through Cloudflare and built-in platform mechanisms, a web application firewall is active, blocking suspicious activity. Limits are implemented on the number of requests from a single IP address per unit of time to prevent automated data collection (scraping) or code/password attacks. These mechanisms reduce the risk of malicious system load and hacking attempts.
  • Passwordless authentication:Our authorization system uses one-time email codes instead of permanent passwords. This approach (passwordless authentication) eliminates the threat of password database leaks or hacks, simplifies login for users, and at the same time increases security (an attacker doesn't just need to know your email — they need access to your mail to log in). Additionally, access tokens (JWT) are issued with a limited lifespan and can be revoked if a compromise is suspected.
  • Antivirus file scanning:All user files uploaded to the Platform (e.g., ad images or attachments) are automatically scanned by the ClamAV antivirus in a secure environment. This allows us to block the upload of infected or prohibited files and thereby protect both other users and our infrastructure from potentially malicious content.
  • Access control and data encryption:Access to databases, servers, and the admin panel is strictly limited. Only authorized employees (administrators, moderators) have access to personal data, and only to the extent necessary to perform their job functions. Each such action can be logged in an audit log, which allows us to track who accessed the data and when. Our admin panel has a secure entry with multi-factor authentication for employees. Data in storage is protected at the OS and DBMS level; especially sensitive information (e.g., access tokens, API secrets) is stored in an encrypted form.
  • Monitoring and updates:We use monitoring systems (e.g., Prometheus, Grafana, Sentry) to track server status and quickly respond to emerging errors or suspicious anomalies. Regular updates of server and software are carried out (including the installation of relevant security patches for the OS, DBMS, frameworks). We also periodically review our security processes and, if necessary, implement new security tools.
  • Content policies and leak prevention:On the Platform itself, a Content Security Policy (CSP) and security headers (HSTS, X-Frame-Options, etc.) are implemented, which protect against certain web vulnerabilities (e.g., XSS, clickjacking). In addition, we limit the ability of users to post dangerous content in ads: descriptions and messages may have a filter for prohibited scripts or HTML.
  • Backup and recovery:We regularly back up important data and store it securely (in encrypted form in remote storage). In the event of a failure or data loss, we have plans for information recovery from backups, which minimizes the risk of irreversible loss of your data.

Despite the measures listed, no method of data transmission over the Internet or electronic storage method can be guaranteed 100% secure. We are constantly improving our security system but cannot absolutely exclude the occurrence of incidents. In the event of a security breach affecting your personal data, we will act in accordance with applicable laws: we will notify the competent authorities and, if necessary, the users whose data may have been affected, and we will take measures to eliminate the causes and consequences of the incident.

Data Retention Period

We store users' personal data no longer than is necessary to achieve the purposes specified in this Policy or as required by laws and regulations. The retention period depends on the type of data and the situation:

  • Account data:The main data of your account (email, profile settings, ad records) are stored as long as your account is active. If you decide to delete your account, we will delete or anonymize this data, except in cases where its retention is necessary for legitimate purposes (e.g., preventing fraud or resolving disputes). In any case, inactive accounts and associated data may also be deleted or anonymized if we deem them no longer necessary.
  • Ad content:Information about your ads is stored while the ad is actively published on the site, as well as for a certain period after the ad is deleted or expires. This allows you to restore or view recently expired ads, and also serves to resolve disputes (e.g., if there was a complaint about an ad). As a rule, outdated ads and associated data are automatically deleted or archived after a set period (e.g., several months) after deactivation.
  • Financial and operational data:Payment history, transaction information, and account balance are stored longer because this information is necessary for financial reporting, supporting user requests (e.g., for refunds), and complying with legal requirements. We may store information about payment transactions for the period required by accounting standards and tax legislation (e.g., 5 years or another period provided for by local laws). This data may be anonymized if the purposes allow — for example, amounts and dates may remain in reports without being linked to personal data after an account is deleted.
  • Logs and technical records:Activity logs and system logs are stored for a short time, sufficient for analysis, debugging, and security. The standard retention period for audit and security event logs is 30 days, after which they are automatically deleted or archived. Some technical metadata (e.g., records of consent to the Policy, records of cookie consent) may be stored longer to have proof of compliance with legal requirements.
  • Cookies:The storage period for cookies depends on their type (details in the next section). Session cookies (e.g., to maintain your login) only exist for the duration of the session and are deleted upon logout or closing the browser. Persistent cookies (e.g., for remembering language or analytics) are stored on your device for a period determined by their parameters — usually from several months to several years, unless you delete them manually. We try not to use excessively "long-lived" cookies without necessity.

Upon the expiration of the corresponding retention periods, we either completely delete the personal data or anonymize it in a way that makes it impossible to identify the data subject. If for some reason data deletion is impossible (for example, the data is in backups), we continue to store it securely and isolated from further processing until deletion becomes possible.

Use of "Cookies" and Similar Technologies

To ensure the convenience of the site, as well as to collect statistics and protect against abuse, we use cookies and similar technologies (web beacons, local storage, etc.). A cookie is a small text file that a website saves on your device through your browser. Within our Platform, cookies perform a number of important functions:

  • Strictly necessary cookies:These cookies are essential for the functioning of the site and cannot be disabled in our systems. For example, they are used to maintain your session after logging into your account, so you don't have to re-enter the code when moving between pages. This category also includes cookies used by the Cloudflare security system to distinguish between legitimate traffic and malicious requests — such cookies help ensure access security. Without these files, the correct operation of the Platform is impossible, so they are set by default, and their use is based on our legitimate interest in ensuring service operability.
  • Preference and functionality cookies:These files help remember your choices on the site for more convenient use. For example, we can save the interface language you have chosen (if you are not logged in, this is done via a cookie so that the site is immediately displayed in the correct language on your next visit). This can also include cookies that remember other user settings or store temporary information necessary to provide a service (e.g., the contents of your service cart, if such functionality appears). These cookies improve the user experience but are not strictly necessary; however, without them, some of your settings may not be saved.
  • Analytical cookies:We use them to collect information about how visitors use our Platform. This allows us to calculate traffic, view statistics on the most popular sections, and understand how users interact with the interface. In particular, Google Analytics sets several cookies (e.g., _ga) with unique identifiers to recognize your browser on subsequent visits. The data collected through these cookies is aggregated and anonymized — it is not intended for your personal identification. For example, we learn the total number of visitors per day or the average session duration, but not specifically what you did. We use analytical cookies based on your consent (in jurisdictions where it is required). When you first visit the site, you will be given the option to accept or decline such cookies. You can also always change your decision through the cookie settings (if available on the site) or by blocking cookies in your browser settings. Declining analytical cookies will not affect the main functions of the site.
  • Advertising and social cookies:Currently, our Platform does not place third-party advertising, and we do not use advertising trackers aimed at user behavior. Similarly, we do not integrate social network plugins that set their own cookies (e.g., Facebook "Like" buttons, etc.). In the event that such functionality appears in the future, the corresponding cookies will be used only with your explicit consent, and we will update the Policy with a description of their use.

When you visit the site, you may see a banner or pop-up notification requesting your consent to the use of non-essential cookies (e.g., analytics). You have the right to decline their installation — then only the minimally necessary set of cookies will be stored in your browser. In addition, you can manage cookies at any time through your browser settings: delete already saved cookies or set an automatic ban/allow for certain types of cookies. Please note that deleting or blocking all cookies may cause some parts of our site to not work properly (for example, the system may "forget" that you are logged in, and you will need to re-authenticate).

Дополнительную информацию о том, какие конкретно cookie использует наш сайт и их срок действия, вы можете запросить у службы поддержки или найти в отдельной политике использования cookie, если она предоставляется. Мы стараемся минимизировать использование cookie и обеспечить, чтобы срок хранения для них был соразмерен их назначению (например, cookie аналитики Google автоматически истекают через 14 месяцев, если вы не посещаете сайт, но вы можете очистить их и раньше).

Contact Information

The administrator (controller) of personal data for this Platform: iGaming. If you have any questions or complaints related to this Privacy Policy or the processing of your personal data, you can contact us at the following contacts:

Email: [email protected] — for general privacy questions and exercising your rights.

We recommend that you indicate the nature of your request in the subject line of the email (e.g., "Data Deletion Request" or "Question about the Privacy Policy") so that we can respond more quickly. We will review all requests and try to provide comprehensive answers or resolve the issue as quickly as possible, but no later than the legally established deadline.

Effective Date:

This Privacy Policy is effective from the date of its publication on the website. We may periodically update the Policy (for example, in the event of changes in Platform functionality or legislative requirements). In the event of material changes, we will notify users through the website or email newsletter. By continuing to use the Platform after the changes take effect, you confirm your agreement to the updated terms of the Policy.

If you have any additional questions about how we process your personal data, do not hesitate to contact us. Thank you for using our Platform and for your trust. Your privacy is our responsibility and priority.