Royale RushGamingBack to lobby

Legal

Privacy Policy

Last updated: June 23, 2026

This Policy explains how we collect, use, and protect personal data, and your rights under the GDPR, UK GDPR, CCPA, and similar laws.

1. Data controller

Royale Rush Gaming (the “Operator”) is the data controller. Contact our DPO: dpo@royalerush.example.

2. Personal data we collect

  • Account: email, username, password hash, date of birth.
  • KYC: full name, address, government ID images, selfie, proof of address.
  • Gameplay: bets, sessions, device data, IP address, geolocation.
  • Financial: transaction history (demo credits only at this time).
  • Support: messages, attachments, recordings.

3. Legal bases (GDPR Art. 6)

  • Contract — to operate your account and provide the Service.
  • Legal obligation — KYC/AML, responsible gaming, regulator reporting.
  • Legitimate interests — fraud prevention, security, product analytics.
  • Consent — marketing, optional cookies.

4. Retention

KYC and transaction data are retained for the minimum period required by applicable gambling and AML regulations (typically 5–7 years post-account-closure). Marketing data is retained until consent is withdrawn.

5. Sharing

We share data with vetted processors: KYC providers (Onfido / Sumsub / Veriff), payment acquirers, hosting (Lovable Cloud / Supabase), email providers, regulators, and law enforcement where legally required. A current list of subprocessors is available on request.

6. International transfers

Where data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses and supplementary measures.

7. Your rights

You may request access, rectification, erasure, restriction, portability, and objection. To exercise rights: dpo@royalerush.example. You may lodge a complaint with your supervisory authority.

8. CCPA / CPRA

California residents have the right to know, delete, correct, and opt out of sale/sharing of personal information. We do not sell personal information.

9. Security

Data is encrypted in transit (TLS) and at rest. Access is role-based and audit-logged. KYC documents are stored in segregated, restricted-access storage with row-level security.

10. Children

The Service is not directed to anyone under 18. We do not knowingly collect data from minors.

11. Changes

We will notify you of material changes by email and in-app banner.

Template notice: This document is a compliance-ready template and not legal advice. You must have a qualified gambling-law attorney review and adapt it to your jurisdiction(s) before relying on it.