1. Information We Collect
We collect information you provide directly, including:
- Account registration data: email address, username, state/province of residence;
- Identity verification (KYC) data: legal name, date of birth, residential address, government-issued ID, selfie/liveness images;
- Tax documentation: IRS Form W-9 or equivalent;
- Payment information: payment method details, transaction history;
- Mail-in AMOE requests: name, address, account information;
- Support communications: messages and attachments sent to support;
- Gameplay activity: game sessions, bets, outcomes, balances.
We also collect information automatically, including:
- Technical data: IP address, browser type, operating system, device identifiers;
- Usage data: pages visited, features used, session duration, click patterns;
- Cookies and similar tracking technologies (see Section 5).
2. How We Use Your Information
We use your information to:
- Operate, maintain, and improve the platform;
- Process sweepstakes entries and redemptions;
- Verify eligibility, identity, and location;
- Process payments and prevent payment fraud;
- Comply with KYC, AML, tax, and sanctions obligations;
- Enforce our Terms of Use and detect abuse;
- Send account notifications, daily bonus reminders, and promotional communications;
- Respond to support requests;
- Conduct analytics and improve user experience.
3. Legal Bases for Processing
We process personal data on the following bases:
- Contract: processing necessary to provide the service you signed up for;
- Legal obligation: KYC, AML, tax, sanctions screening, and fraud reporting requirements;
- Legitimate interests: fraud prevention, platform security, abuse detection, and analytics;
- Consent: promotional emails and optional communications (you may withdraw consent at any time).
4. Data Sharing
We do not sell your personal information. We share data only where necessary:
- Service providers: Supabase (authentication and database), Stripe (payment processing), and other vendors who assist in operating the platform, each under confidentiality obligations;
- Identity and fraud vendors: KYC, sanctions screening, and fraud-prevention providers used to verify identity and comply with legal obligations;
- Tax authorities: IRS and applicable tax agencies where required by law;
- Law enforcement and regulators: when required by law, court order, or regulatory demand;
- Successors: in connection with a merger, acquisition, or sale of assets, subject to confidentiality commitments.
5. Cookies and Tracking
We use cookies and similar technologies for:
- Authentication: session cookies to keep you logged in;
- Security: cookies to detect fraud, duplicate accounts, and geo-compliance signals (e.g. state-verification cache);
- Analytics: understanding how users interact with the platform to improve features;
- Preferences: storing your settings and choices.
Most browsers allow you to manage or delete cookies through their settings. Disabling certain cookies may affect your ability to use the platform.
6. Data Retention
We retain data for as long as necessary for the purpose it was collected, subject to these minimums:
- Account data: for the life of the account and for a reasonable period after closure;
- Game session and transaction logs: minimum 7 years for compliance;
- KYC and identity documents: minimum 5 years from the date of verification;
- AMOE records: minimum 5 years from receipt;
- Fraud and risk records: minimum 5 years or as required by law;
- Tax records: as required by applicable tax law (typically 7 years);
- Support communications: minimum 3 years.
7. Your Rights
You may request access to, correction of, or deletion of your personal data by contacting us at support@blackjack21.xyz. Account deletion requests are processed within 30 days, subject to legal retention obligations. We may retain certain data even after account closure where required by law.
You may opt out of promotional emails at any time by clicking the unsubscribe link in any email or by contacting support.
8. Security
We use industry-standard technical and organisational measures to protect your personal data, including encrypted storage, access controls, and secure transmission. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
9. Children
The platform is not directed to persons under 18. We do not knowingly collect personal information from minors. If we become aware that a minor has registered, we will terminate the account and delete associated data.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes are effective when posted. Continued use of the platform after changes constitutes acceptance.