Royal Vegas Privacy Policy

What we collect

When you open an account we collect your name, date of birth, email, phone number, residential address and a chosen password. This information is required to verify your age and identity under the gaming licence we hold.

When you deposit or withdraw, we collect payment method details, transaction amounts and timestamps. Card numbers are tokenised by our PCI-compliant payment processor and never stored in plain text on our servers.

When you play, we record game IDs, bet amounts, outcomes and timestamps. This is necessary for fairness audits, dispute resolution and our own anti-fraud systems.

When you visit the site, we collect device, browser, IP address and basic usage data through cookies and analytics tools. The Cookie Policy covers this in more detail.

Why we collect it

Identity and address data fulfils our legal age and KYC obligations and helps us prevent fraud and money laundering. Payment data lets the cashier function and lets us investigate disputed transactions. Game and account activity data underpins fairness audits and the responsible-gaming controls.

We do not sell your personal data to third parties for advertising. We do share necessary information with payment processors, identity verification providers, regulators and our compliance partners under contracts that bind them to the same standards we hold ourselves to.

How long we keep it

Account data is retained for the duration of your account plus a minimum of seven years after closure, in line with anti-money-laundering record-keeping rules under our licence.

Self-exclusion records are retained for the full exclusion period plus 12 months after, so we can prevent reopening before the period ends.

Your rights

You can request a copy of all the personal data we hold about you at any time, free of charge, by emailing privacy@royallvegas.net. We'll respond within 30 days.

You can ask us to correct inaccurate data, restrict processing in some circumstances, or object to certain uses such as marketing. You can also request deletion, although we may need to retain certain records for our regulatory obligations.

If you believe we've handled your data improperly, you can raise the matter with our Data Protection Officer at privacy@royallvegas.net.

Security and storage

All data is encrypted in transit using TLS, and at rest using industry-standard encryption. Access to personal data inside the company is limited to staff who need it for their role, and every access is logged.

Data is stored in secure data centres with formal certifications for information security management. International transfers, where they happen, are covered by standard contractual clauses approved by the relevant authorities.

Updates to this policy

We update this policy when our practices or the law change. The effective date at the top of the page tells you when the current version came into force. Material changes are communicated by email to active accounts at least 14 days before they take effect.

Your rights under AU privacy law

If you live in Australia, your data is also protected by the Privacy Act 1988 and the 13 Australian Privacy Principles. The Office of the Australian Information Commissioner (OAIC) at oaic.gov.au is independent and you can raise a concern on 1300 363 992.

Data-breach reporting is also covered. If a breach occurs that is likely to cause serious harm to you, we will notify you and the relevant authority without undue delay, with clear plain-English information about what happened and what you can do to protect yourself.

Marketing communications and your opt-out

Marketing emails, SMS messages and push notifications are sent only with explicit consent. Consent can be withdrawn at any time from the Communications tab in your account, with one-click unsubscribe links in every marketing email, and by replying STOP to any SMS. Opting out of marketing has no effect on transactional emails such as withdrawal confirmations, KYC requests or responsible-gaming notices, which we are required to send.

If you self-exclude, marketing automatically stops for the duration regardless of any active subscriptions. If you reactivate after exclusion, marketing remains off until you re-opt-in explicitly. We do not pre-tick consent boxes on registration or reactivation.

Profile-based targeting inside our marketing platform uses aggregated game and bonus preferences. It does not use sensitive personal data, health information or any third-party data broker source.

Personal data and fraud prevention

Anti-fraud systems compare patterns of deposit, withdrawal, login location and device fingerprint against typical activity for your account and against patterns flagged across the wider platform. Where a pattern triggers a manual review, our risk team will see only the information needed for that review, and access is logged.

Device fingerprinting uses non-personal browser and device signals such as screen size, time zone, installed font families and graphics-engine version. These signals are aggregated into a fingerprint that helps us spot account-takeover attempts. They are not sold or shared with third-party advertisers.

If a manual review changes your access in any way, you will hear from us within one business day with a clear explanation and a path to provide additional documentation if needed.

Children, minors and unauthorised users

Royal Vegas is strictly for players aged 18 and over. We do not market to minors, we use age-verification at registration and again on KYC, and we cooperate fully with any investigation into underage access. If you suspect a minor has accessed an account from your household, email support@royallvegas.net immediately. We will lock the account, refund any verified underage play, and work with you on any device-level controls that can prevent recurrence.

Parents and guardians are encouraged to use device-level filtering tools such as Apple Screen Time, Google Family Link and ISP-level family filters to block gambling sites at the network layer. Our preferred filter providers are listed on the safe-gambling page for reference.

International data transfers

Royal Vegas operates internationally, which means some processing of your personal information happens outside AU. The main locations are our European licence holder, our identity verification partner, our payments processor and our cloud hosting provider. Each is contracted to meet the same data-protection standards we apply ourselves.

If you would like a copy of the safeguards covering a specific transfer, email privacy@royallvegas.net.

Data retention periods

Account records including KYC documents are retained for at least five years after account closure under the anti-money-laundering rules our licence requires. Transactional records covering deposits, withdrawals and wagering activity are retained for the same period.

Marketing-consent records are retained for two years after consent is withdrawn so we can demonstrate compliance with the withdrawal. Support chat transcripts are retained for 24 months for quality and dispute purposes. Cookie-banner choices are retained on the device that made the choice for up to 13 months before the banner is shown again.

When a retention period ends, the affected data is deleted or anonymised so that it can no longer be linked back to you. Anonymised data may continue to inform aggregate analytics indefinitely because it no longer counts as personal information under AU privacy law.

How we respond to data-subject requests

Requests sent to privacy@royallvegas.net are acknowledged within 72 hours and answered in full within 30 days. The 30-day window can be extended by up to two further months for unusually complex requests, and we will tell you inside the first 30 days if that extension applies to your request.

If we need to verify identity before releasing personal information, we will ask for the minimum documentation needed and delete the verification copies once the request is closed. There is no charge for a first request inside any 12-month period; manifestly excessive repeat requests can attract a reasonable administrative fee, set at no more than A$25.