Privacy Policy
Welcome to Our Privacy Policy
Our team has prepared this document to explain — clearly and without legal jargon — how our website handles your data. Whether you read our casino reviews casually or interact with newsletter subscriptions and comment sections, this policy applies to you.
What does our website do? In short, our team publishes independent reviews of online casinos, sportsbooks, and gambling platforms across various jurisdictions, with particular focus on Australian players. The goal? Help readers make informed choices before signing up anywhere. To run this kind of editorial operation properly, some data collection becomes necessary. This policy explains exactly what, why, and how.
Throughout this document, references to “our team,” “our website,” “our reviews,” or “we/us/our” all refer to the editorial and technical operation responsible for the content you read. We’ve deliberately avoided naming the specific platform — the policy framework applies equally regardless.
By using our website, you agree to the practices described here. Don’t agree? That’s fair. Simply discontinue use. For questions, the contact channels at the bottom of this document remain open.
What Information Gets Collected
The data we gather falls into several distinct categories. Each serves a specific purpose, and none gets collected without reason.
Information You Share Voluntarily
Some interactions require you to provide data directly. These include:
- Contact forms — name, email, subject line, message content
- Newsletter signups — email address plus optional preferences
- Comment sections — username, email, comment content
- Survey participation — demographic info, preferences, feedback
- Account creation (where applicable) — username, password, email
- Direct emails — anything you share when reaching out
Information Collected Automatically
Visit any modern website and standard web technologies capture certain data automatically. Our platform follows this same standard pattern:
- IP address and approximate geographic location (country/state level only)
- Browser type, operating system, device specifications
- Pages visited, time spent, scroll patterns, click behaviour
- Search queries within our internal search
- Performance metrics like load times and error reports
- Referring URLs showing how you arrived
This isn’t surveillance — it’s basic web analytics that every professional website uses to function. Without it, we couldn’t fix bugs, optimise page load speeds, or understand what content actually helps readers.
Information from Third Parties
Sometimes data about visitors reaches us through partners:
- Analytics providers like Google Analytics or Matomo (aggregated stats)
- Affiliate networks (conversion tracking when you click casino links)
- Social media platforms (when you interact with our social presence)
- Email service providers (delivery confirmations, open rates)
- Fraud prevention services (security risk indicators)
How We Actually Use This Information
Collecting data without purpose makes no sense. Here’s what happens with information after it reaches us.
Running the Website
Most data usage falls into operational categories. We use it to:
- Deliver pages quickly across different devices and connections
- Show content in the right language based on your location
- Fix technical bugs when they appear
- Improve site navigation based on actual usage patterns
- Optimise mobile experience for various screen sizes
- Personalise review recommendations based on browsing interests
Communicating with You
When you reach out, we respond. When you subscribe, we send newsletters. Standard stuff:
- Replying to contact form inquiries and emails
- Sending newsletter content you subscribed to receive
- Notifying about important policy or service changes
- Following up on previous support interactions
- Inviting participation in optional research surveys
Improving Our Reviews
Reader behaviour tells our editorial team what works. Aggregated patterns shape future content:
- Which casino reviews get the most engagement
- What topics readers actively search for
- Where users drop off or stay engaged
- How conversion paths perform across different pages
- Which formats deliver clearer information
Legal and Operational Necessities
Some processing happens because law or business operations require it:
- Meeting Privacy Act 1988, Australian Privacy Principles, and other regulatory obligations
- Addressing complaints when they arise
- Maintaining audit trails for accounting purposes
- Investigating terms of service violations
- Responding to legitimate legal requests
Cookies — Yes, We Use Them
Almost every website does. Cookies are small text files stored on your device. They serve different purposes depending on type.
Essential Cookies (Can’t Be Disabled)
These keep core features working:
- Session management as you browse between pages
- Security tokens preventing attacks
- Cookie consent records (yes, we use a cookie to remember your cookie preferences)
- Authentication for logged-in users
- Accessibility settings preservation
Performance and Analytics Cookies
These help us understand how the site performs:
- Google Analytics — page views, sessions, user flow
- Heatmap tools — click patterns and scroll depth
- Error tracking — JavaScript errors affecting users
- Speed monitoring — Core Web Vitals and load times
- Custom events — newsletter signups, review ratings
Functional Cookies
These remember your preferences:
- Selected language for future visits
- Dark/light mode display setting
- Region-based content adjustments (state and territory preferences)
- Filter selections when comparing casinos
- Saved bookmarks or favourite operators
Advertising and Affiliate Cookies
Our website partners with affiliate networks:
- Tracking referrals to casino operators from our reviews
- Conversion attribution showing which content drives signups
- Retargeting to previous visitors
- Audience segmentation for relevant content
- Campaign performance measurement
Taking Control of Cookies
Your browser gives you control. Most modern browsers let you:
- Block all cookies (will break some features)
- Block third-party cookies only
- Delete existing cookies
- Get notified when new cookies attempt to set
- Whitelist specific trusted sites
- Set expiration preferences
Our cookie consent banner on first visit allows granular choices. Adjust anytime through the banner that reappears or your browser settings.
Who Sees Your Information
Short answer: very few parties, and only when necessary. Our team does not sell, rent, or trade personal data to unrelated marketers. Some limited sharing happens as part of normal operations.
Service Providers
We work with trusted vendors who help run the website. Each operates under strict data processing agreements:
- Hosting providers — servers and infrastructure
- Analytics services — Google Analytics and similar
- Email service providers — Mailchimp, Sendinblue, or similar for newsletters
- Customer support tools — helpdesk software
- Content delivery networks — fast global delivery
- Security services — Cloudflare-type DDoS and attack protection
- Database providers — cloud storage services
All vendors must:
- Use information only for purposes we authorised
- Maintain appropriate security measures
- Comply with applicable data protection laws including the Privacy Act 1988
- Delete data when no longer needed
- Report security incidents promptly to us
Affiliate Partners
Revenue from affiliate partnerships funds our editorial work. When you click a casino link from our reviews, certain information passes to the operator:
- Referral source (you came from our platform)
- Campaign identifiers (which specific review)
- Click timestamps
- General device type and browser
- Aggregated conversion data (without personal details)
The affiliate model lets us produce reviews without charging readers. Editorial independence remains intact regardless of commission rates — we cover casinos honestly whether they pay us well, poorly, or not at all.
Legal Requirements
Sometimes law forces disclosure. Examples include:
- Valid court orders or subpoenas from Australian courts
- Legitimate government investigations by Commonwealth or state authorities
- Protecting our team’s legal rights or safety
- Investigating suspected fraud affecting our platform
- Defending intellectual property claims
When this happens, we provide only the minimum required and notify affected users when legally permitted.
Business Transfers
If our website ever undergoes a merger, acquisition, or similar transaction, personal information may transfer as part of that deal. Users would:
- Receive prior notice of planned ownership changes
- Retain rights granted under this policy
- Be able to opt out where legally required
- Get updated privacy notices for material changes
Aggregated and Anonymised Data
Statistics that can’t identify individuals may be shared more freely:
- Industry trend reports
- Research publications about gambling preferences
- Marketing materials with stats like “70% of our Australian readers prefer X”
- Public communications and press releases
How Long We Keep Your Data
Forever isn’t the answer. We retain data only as long as needed, with specific timelines for different categories:
| Data Type | Retention Period |
| Contact form submissions | 24 months after last interaction |
| Newsletter subscriber data | While active + 12 months after unsubscribe |
| Comment section data | Indefinitely (deletion available on request) |
| Analytics data (individual) | 26 months maximum |
| Analytics data (aggregated) | Indefinitely |
| Cookie data | 30 days to 24 months depending on type |
| Account information | While active + 6 months after deactivation |
| Support tickets | 36 months for service continuity |
| Legal records | As required by Australian Commonwealth and state law (often 7 years) |
Earlier deletion occurs when:
- You request it under the Privacy Act 1988 or applicable state law
- Accounts go completely inactive for extended periods
- The original purpose has been fulfilled
- Laws require earlier deletion
- Retention creates unnecessary risk
Backups complicate this slightly. Daily backups stay 30 days, weekly backups 90 days, monthly archives 12 months. Deleted data eventually disappears from backups through regular maintenance cycles.
Your Rights — What You Can Do
Depending on where you live, different privacy laws give you specific rights. Our team respects all of them.
If You’re in Australia
The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) give you these rights:
- Access — request access to personal information we hold about you (APP 12)
- Correction — correct inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information (APP 13)
- Anonymity and pseudonymity — option to interact anonymously where practicable (APP 2)
- Notification of collection — clear information about collection practices (APP 5)
- Direct marketing opt-out — right to opt out of direct marketing communications (APP 7)
- Complaint filing — lodge complaints with the Office of the Australian Information Commissioner (OAIC)
- State-based rights — additional rights under state privacy legislation where applicable
- Notifiable data breach notification — notification when eligible data breaches occur
- Cross-border transfer transparency — information about overseas data transfers (APP 8)
If You’re in the EU, EEA, or UK
GDPR (and its UK equivalent) gives you these rights:
- Access — request copies of data we hold about you
- Rectification — correct inaccurate information
- Erasure — request deletion (“right to be forgotten”)
- Restriction — limit how we process your data
- Data portability — receive your data in machine-readable format
- Objection — object to processing based on legitimate interests
- Consent withdrawal — revoke previously given consent
- Automated decisions — avoid decisions made solely by algorithms
- Lodge complaints — file with your national data protection authority
If You’re in the United States
Various state laws give U.S. residents specific rights:
- California (CCPA/CPRA) — right to know, delete, correct, opt-out of sale, limit sensitive info use
- Virginia (VCDPA) — access, correction, deletion, portability, opt-out rights
- Colorado (CPA) — similar rights to VCDPA with universal opt-out mechanism
- Connecticut, Utah, Texas — state-specific privacy rights
Other Jurisdictions
Similar rights exist in many regions:
- Canadian PIPEDA — access and correction rights
- Brazilian LGPD — GDPR-like protections for Brazilians
- New Zealand Privacy Act 2020 — comprehensive privacy rights for New Zealanders
- South African POPIA — comprehensive privacy rights
- Singaporean PDPA — access, correction, withdrawal
- Japanese APPI — disclosure and correction rights
Actually Using These Rights
Want to exercise any of them? Reach out through contact channels listed below. Requests should include:
- Sufficient identity verification (protecting against impersonation)
- Clear statement of which right you’re using
- Scope of what specific data or processing concerns you
- Preferred contact method for our response
Response timeline runs 30 days typically under the Privacy Act 1988, though complex requests may extend further with notification. First request in any 12-month period costs nothing. Excessive or repeated requests may incur reasonable administrative fees where law permits.
How We Protect Your Information
Security isn’t an afterthought — it’s foundational. Our team implements multiple protection layers across technical, organisational, and physical dimensions.
Technical Measures
- SSL/TLS encryption (minimum 256-bit) for all data in transit
- Database encryption for stored information
- Role-based access controls limiting employee data access
- Firewalls, intrusion detection, DDoS protection
- Regular security scans and prompt patching
- Annual third-party penetration testing
- Multi-factor authentication for administrative access
- Secure development lifecycle and code review processes
Organisational Measures
- Regular privacy training for all team members
- Strict confidentiality agreements with employees and contractors
- Due diligence reviews of all service providers
- Documented incident response procedures
- Data minimisation policies (collect only what’s needed)
- Internal and external privacy audits
- Background checks for personnel with sensitive access
- Clear data governance with defined roles
Physical Measures
- Data centres with restricted access and 24/7 monitoring
- Power redundancy, fire suppression, climate control
- Secure hardware disposal procedures
- Strict visitor management protocols
- Continuous camera surveillance in sensitive areas
When Things Go Wrong — Notifiable Data Breach Response
No security is perfect. If something happens, our commitment is:
- Immediate investigation to assess scope and impact
- Swift containment and remediation actions
- Reporting to the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) scheme when eligible data breaches occur
- Notifying affected individuals when breaches are likely to result in serious harm
- Providing guidance on protective steps
- Public acknowledgment of significant incidents while preserving investigation integrity
- Post-incident review to prevent recurrence
Honest disclosure: while we use strong measures, no internet transmission or electronic storage achieves complete security. We commit to commercially reasonable protection without claiming impossible perfection.
International Data Transfers
Modern internet operations cross borders constantly. Servers, services, and team members may operate from various countries. When transfers happen, we use appropriate legal safeguards:
- APP 8 requirements — reasonable steps to ensure overseas recipients handle personal information in accordance with the Australian Privacy Principles
- Standard Contractual Clauses — EU-approved contractual frameworks for European transfers
- Binding Corporate Rules — internal organisation-wide protection commitments
- Certification programs — recognised international privacy certifications
- Explicit consent — when other mechanisms don’t apply
- Necessity exemptions — for contract performance or vital interests
Common transfer destinations include the United States (hosting, analytics), European Union (various providers), United Kingdom (post-GDPR equivalent framework), Singapore, and other jurisdictions as operational needs require. Australian data may be transferred outside Australia, and users are notified of this practice as required by APP 8.
A Note About Minors
Gambling content targets adults. Full stop. Our team doesn’t knowingly collect personal information from anyone under 18 years of age, which is the minimum legal gambling age in all Australian states and territories.
We maintain:
- Minimum age requirements (18+ across all Australian jurisdictions)
- Age verification mechanisms for certain features
- Adult content warnings on gambling-related content
- Support for parental control tools blocking our content
- Educational resources about preventing minor access
If we ever learn that a minor’s data ended up in our systems, we act fast:
- Immediate investigation to verify and identify affected data
- Prompt deletion from our systems
- Parental notification when contact information allows
- System review to identify how collection occurred
- Process improvements preventing future occurrences
Parents who suspect a minor provided information should contact us immediately.
Responsible Gambling Resources
We review casinos, but we genuinely care about reader wellbeing. Our reviews include responsible gambling information, and we maintain links to Australian and international support organisations:
- BetStop (National Self-Exclusion Register) — betstop.gov.au, 1800 238 786 free national self-exclusion service
- Gambling Help Online — gamblinghelponline.org.au free 24/7 counselling and support
- Gambler’s Help (Victoria) — 1800 858 858 Victorian residents
- GambleAware NSW — gambleaware.nsw.gov.au, 1800 858 858 NSW residents
- Gambling Help Queensland — 1800 858 858 Queensland residents
- Gambling Help Western Australia — 1800 858 858 WA residents
- Gambling Help South Australia — 1800 858 858 SA residents
- Gambling Help Tasmania — 1800 858 858 Tasmanian residents
- Gambling Help ACT — 1800 858 858 ACT residents
- Amity Community Services (NT) — 1800 858 858 Northern Territory residents
- Australian Communications and Media Authority (ACMA) — acma.gov.au regulator of interactive gambling services
- Gamblers Anonymous Australia — gaaustralia.org.au peer support meetings nationwide
- Lifeline Australia — lifeline.org.au, 13 11 14 crisis support 24/7
- Beyond Blue — beyondblue.org.au, 1300 22 4636 mental health support
- Financial Counselling Australia — financialcounsellingaustralia.org.au, 1800 007 007
If gambling stops being entertainment and starts causing problems, these resources help. Reaching out shows strength, not weakness.
Third-Party Links
Casino reviews necessarily link to casino websites. This policy covers only our own platform. Once you click through to a third-party site:
- That site’s privacy policy applies, not ours
- We don’t control their data practices
- Standards may vary significantly between operators
- Update frequencies differ — their policies change without our knowledge
- Note that the Interactive Gambling Act 2001 prohibits Australian licensed online casinos, so casinos reviewed operate under overseas licences (Curaçao, Malta, Gibraltar, etc.)
- Offshore casinos may not follow Australian privacy standards
Reading the privacy policies of casinos you actually consider joining? Genuinely worthwhile, even though most people skip it.
About Our Affiliate Disclosure
Most casino links on our website are affiliate links. Clicking them and signing up may earn our team a commission. This relationship:
- Doesn’t compromise editorial independence — reviews stay honest regardless
- Funds our editorial work and infrastructure
- Gets disclosed clearly throughout the website
- Applies to most reviewed operators (we note exceptions)
- Allows alternatives — you can search direct casino URLs without our links
- Maintains transparency about commercial relationships
- Complies with Australian Consumer Law (Australian Competition and Consumer Commission) disclosure requirements
Policy Updates
This document evolves as our practices, the law, and industry standards change. When updates happen:
How You’ll Know
- Material changes get prominent notices on the website
- Newsletter subscribers receive email updates about significant changes
- The “Last Updated” date at the top reflects any modifications
- Previous versions stay archived and accessible on request
- Continued use after changes constitutes acceptance
Minor updates — fixing typos, clarifying language, updating contact info — may happen without specific notification beyond the date update.
Some changes require specific action from you:
- New consent requests for new processing types
- Updated preference options requiring choices
- Verification of existing preferences
- Account adjustments for significant changes
- Regional variations affecting specific users differently
Regional Specifics
Different regions have specific requirements addressed below.
Australia (Privacy Act 1988 and APPs)
For all Australian users, our team operates in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). Key APPs include:
- APP 1 — Open and transparent management of personal information
- APP 2 — Anonymity and pseudonymity where practicable
- APP 3 — Collection of solicited personal information
- APP 4 — Dealing with unsolicited personal information
- APP 5 — Notification of collection of personal information
- APP 6 — Use or disclosure of personal information
- APP 7 — Direct marketing (with opt-out rights)
- APP 8 — Cross-border disclosure of personal information
- APP 9 — Adoption, use or disclosure of government-related identifiers
- APP 10 — Quality of personal information
- APP 11 — Security of personal information
- APP 12 — Access to personal information
- APP 13 — Correction of personal information
Notifiable Data Breaches Scheme
Australia operates a mandatory Notifiable Data Breaches (NDB) scheme requiring:
- Assessment obligation — 30-day assessment period for suspected eligible data breaches
- OAIC notification — notification to Office of the Australian Information Commissioner
- Individual notification — direct notification to affected individuals
- Public notification — publication when direct notification is impracticable
- Serious harm threshold — only “eligible” breaches likely to cause serious harm require notification
State and Territory Privacy Laws
Various Australian states and territories have additional privacy legislation:
- New South Wales — Privacy and Personal Information Protection Act 1998, Information and Privacy Commission NSW (ipc.nsw.gov.au)
- Victoria — Privacy and Data Protection Act 2014, Office of the Victorian Information Commissioner (ovic.vic.gov.au)
- Queensland — Information Privacy Act 2009, Office of the Information Commissioner Queensland (oic.qld.gov.au)
- Western Australia — state-based freedom of information legislation
- South Australia — state-based Information Privacy Principles
- Tasmania — Personal Information Protection Act 2004
- Northern Territory — Information Act 2002, Office of the Information Commissioner NT
- Australian Capital Territory — Information Privacy Act 2014, ACT Information Privacy Commissioner
Interactive Gambling Act 2001
Australian gambling regulation includes:
- Interactive Gambling Act 2001 — prohibits online casino services being provided to Australians by unlicensed operators
- Australian Communications and Media Authority (ACMA) — enforces the IGA and maintains prohibited services register
- National Consumer Protection Framework — standards for online wagering services
- BetStop — National Self-Exclusion Register operated under IGA amendments
- Prohibition of credit betting — credit cards banned for online wagering since June 2024
European Union and EEA
For EU/EEA users, our team operates as data controller. Legal bases for processing include:
- Consent — explicit consent for specific processing
- Legitimate interests — analytics, security, service improvement (balanced against your privacy)
- Contract performance — providing services you requested
- Legal obligations — applicable laws and regulations
- Vital interests — rare emergency situations
- Public interest — important public interest purposes
California Residents
CCPA/CPRA-required notices:
- Categories collected — as detailed in “What Information Gets Collected”
- Sources — direct from users, automatic collection, third parties
- Business purposes — operating the website, communicating, security, analytics
- Categories of recipients — service providers, affiliate partners, legal disclosures
- Right to opt out — available through cookie banner and contact channels
- Sensitive information — we don’t intentionally collect sensitive personal information
Other Specific Regions
Users in specific regions get rights under their local laws. Contact us to exercise jurisdiction-specific rights, and we’ll respond according to applicable requirements.
Contact Information
Questions, requests, or concerns about this Privacy Policy? Our team is reachable through:
- Email — Privacy inquiries directed through the contact form on our website
- Postal Mail — Available upon request through our contact form
- Privacy Officer — Reachable through our standard contact channels for Privacy Act 1988 and APP-related matters
We aim to respond to all privacy-related communications within 30 days as required by the Privacy Act 1988, often much faster. Complex requests may take longer, but we’ll communicate timeline expectations clearly.
Complaint escalation: If you’re not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.
Glossary of Terms
A few definitions clarifying terms used throughout this policy:
- Personal Information — information or an opinion about an identified or reasonably identifiable individual (as defined under the Privacy Act 1988)
- Sensitive Information — information about health, race, religion, political opinions, sexual orientation, criminal record, and other categories requiring higher protection
- Processing — any operation performed on personal data (collection, storage, use, deletion)
- APP Entity — organisation or agency covered by the Australian Privacy Principles
- Data Controller — entity determining purposes and means of processing (GDPR term)
- Data Processor — entity processing data on the controller’s behalf (GDPR term)
- Cookies — small text files stored on your device by websites
- Third Party — entity other than you or our team
- Aggregated Data — information combined in ways that can’t identify individuals
- Anonymised Data — information stripped of identifying elements
- APPs — Australian Privacy Principles, 13 principles governing personal information handling
- OAIC — Office of the Australian Information Commissioner, federal privacy regulator
- NDB Scheme — Notifiable Data Breaches Scheme under Part IIIC of the Privacy Act 1988
- ACMA — Australian Communications and Media Authority, gambling services regulator
- IGA — Interactive Gambling Act 2001, Australian online gambling legislation