Privacy Policy
Effective: January 1, 2025 ยท Applies to: All users globally
This policy complies with GDPR (EU 2016/679), CCPA (California), and applicable international data protection standards.
1. Data Controller
RocketCrash Operations Ltd. ("we," "us") is the data controller responsible for your personal information. Our Data Protection Officer can be contacted at dpo@rocketcrash.io.
2. Data We Collect
2.1 Information You Provide
- Account registration data: username, email address, password (hashed)
- Identity verification documents: government ID, proof of address, selfies
- Financial information: PayPal account details, transaction history
- Communications: support tickets, chat messages, email correspondence
- Self-exclusion preferences and responsible gaming settings
2.2 Information Collected Automatically
- Device information: IP address, browser type, operating system, device identifiers
- Usage data: pages visited, game sessions, bet history, session duration
- Location data: country and region (derived from IP address)
- Cookies and similar tracking technologies (see our Cookie Policy)
- Marketing attribution data: UTM parameters, referral codes, campaign identifiers
2.3 Third-Party Sources
- PayPal: transaction confirmations, payer information
- Identity verification services: document authentication results
- Fraud prevention services: risk scores and device fingerprints
- Google Analytics: anonymized behavioral analytics
3. Legal Basis and Purposes of Processing
| Purpose | Legal Basis |
|---|---|
| Account creation and service delivery | Contract performance (Art. 6(1)(b) GDPR) |
| Payment processing and fraud prevention | Contract performance + Legitimate interests |
| Identity verification (KYC/AML) | Legal obligation (Art. 6(1)(c) GDPR) |
| Game operation and result logging | Contract performance |
| Customer support | Contract performance + Legitimate interests |
| Marketing communications (opt-in) | Consent (Art. 6(1)(a) GDPR) |
| Analytics and platform improvement | Legitimate interests |
| Regulatory compliance and reporting | Legal obligation |
| Responsible gaming monitoring | Legal obligation + Vital interests |
4. Data Sharing and Third Parties
We do not sell your personal data. We may share your data with:
- Payment processors (PayPal): To process deposits and withdrawals
- Identity verification providers: To comply with KYC/AML obligations
- Fraud prevention services: To detect and prevent fraudulent activity
- Analytics providers (Google Analytics): Anonymized usage data only, with IP anonymization enabled
- Law enforcement and regulators: When required by court order, subpoena, or applicable law โ without prior notice to you
- Successors in business: In the event of merger, acquisition, or sale of assets, with prior notice to users
- Professional advisors: Lawyers, accountants, auditors, under confidentiality obligations
All third-party data processors are contractually required to maintain appropriate security measures and process data only for specified purposes.
5. Data Retention
6. Your Rights (GDPR / CCPA)
Depending on your jurisdiction, you may have the following rights:
Right of Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of data where no legal basis for retention exists
Right to Restriction
Limit how we process your data in certain circumstances
Right to Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing based on legitimate interests or for marketing
Right to Withdraw Consent
Withdraw consent at any time without affecting prior processing
CCPA: Right to Know & Delete
California residents: right to know what data is collected and request deletion
To exercise your rights, contact privacy@rocketcrash.io. We will respond within 30 days (GDPR) or 45 days (CCPA). Identity verification may be required before fulfilling requests. Some rights may be limited where we have legal obligations to retain data.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.
7. International Data Transfers
Your data may be transferred to and processed in countries outside your jurisdiction. Where such transfers occur, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms to ensure your data receives equivalent protection.
8. Security
We implement industry-standard technical and organizational security measures including:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Bcrypt password hashing with individual salts
- JWT authentication with short-lived tokens
- Regular security audits and penetration testing
- Multi-factor authentication available for accounts
- Access controls limiting data access to authorized personnel only
- Incident response procedures with 72-hour GDPR breach notification
Despite these measures, no internet transmission is 100% secure. You acknowledge and accept this inherent risk.
9. Children's Privacy
Our Platform is strictly intended for adults 18 years of age or older. We do not knowingly collect personal information from minors. If we discover that a minor has provided personal information, we will delete it immediately and terminate the associated account. If you believe a minor has registered, please contact us at privacy@rocketcrash.io.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent Platform notice at least 14 days before changes take effect. Your continued use of the Platform following notification constitutes acceptance of the updated policy.
Contact Our Privacy Team
Privacy inquiries: privacy@rocketcrash.io
Data Protection Officer: dpo@rocketcrash.io
RocketCrash Operations Ltd.