Privacy Policy

Last updated: 1 April 2026

1 April 2026 Version 1.0

1. Information We Collect

We collect personal information that is necessary to provide our services, meet our legal obligations, and protect the integrity of our platform. The categories of information we may collect include:

  • Identity information: full legal name, date of birth, gender, and government-issued identification (e.g. passport, driver's licence).
  • Contact information: residential address, email address, and phone number.
  • Account information: username, password (stored in hashed form), account preferences, and communication settings.
  • Financial information: payment method details (processed and tokenised by our PCI-DSS compliant payment providers), transaction history, deposits, withdrawals, and prize payments.
  • Usage information: IP address, browser type, device identifiers, pages visited, session duration, and referring URLs, collected via cookies and server logs.
  • Responsible gaming information: records of any limits, cooling-off periods, or self-exclusion requests you make, which we are required to retain for regulatory purposes.

We collect only the minimum amount of personal data necessary for the purpose for which it is collected, in line with the principles of data minimisation under Australian privacy law.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

  • To verify your identity and confirm your eligibility to use our services (age verification, residency, and identity checks).
  • To process ticket purchases, record draw entries, and disburse prize payments to eligible winners.
  • To send transactional communications, including purchase confirmations, draw results, and prize notifications.
  • To comply with our regulatory and legal obligations, including anti-money laundering (AML) and responsible gambling requirements imposed by the NSW Department of Gaming and Racing.
  • To maintain the security and integrity of our platform and detect, investigate, and prevent fraud or other unlawful activity.
  • To improve our products and services through aggregated analytics and user feedback (in de-identified form).
  • To send marketing and promotional communications, where you have opted in to receive them. You may opt out at any time.

We will never use your personal information for a purpose that is incompatible with the reason it was originally collected, unless we have your consent or are required to do so by law.

3. Data Sharing

We do not sell, rent, or trade your personal data to any third party for commercial purposes. We may share your information in the following limited circumstances:

  • Service providers: trusted third-party vendors who process data on our behalf, including payment processors, identity verification providers, email delivery platforms, and IT service providers. These parties are bound by strict confidentiality obligations and are not permitted to use your data for any purpose other than providing the contracted service.
  • Regulatory authorities: we may be required to disclose your information to the NSW Department of Gaming and Racing, AUSTRAC, law enforcement agencies, or other government bodies where required by law.
  • Business transfers: in the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred to the relevant party, subject to equivalent privacy protections.

We take all reasonable steps to ensure that any third party with whom we share your data processes it securely and in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

4. Data Security

We take the security of your personal information seriously and implement industry-leading technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or destruction.

  • All data transmitted between your browser and our servers is encrypted using TLS 1.3.
  • Data stored at rest is encrypted using AES-256 encryption.
  • We are PCI-DSS compliant and do not store full card numbers on our systems.
  • Access to personal data is restricted to authorised personnel on a need-to-know basis, enforced through role-based access controls.
  • We conduct regular security audits, penetration testing, and vulnerability assessments.
  • We maintain an incident response plan and will notify affected users and relevant authorities promptly in the event of a data breach, in accordance with the Notifiable Data Breaches scheme.

While we take every reasonable precaution, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to continuously improving our protective measures.

5. Data Retention

We retain your personal information for as long as your account remains active, and for a period thereafter as required by our legal and regulatory obligations. Specifically:

  • Account and identity records are retained for a minimum of 7 years after account closure, as required by AML legislation.
  • Transaction records are retained for 7 years for tax and accounting purposes.
  • Responsible gaming records (including self-exclusions) are retained indefinitely in accordance with our regulatory obligations.
  • Marketing preferences and opt-out records are retained to ensure we respect your communication choices.

When your data is no longer required, we securely delete or de-identify it in accordance with our data retention policy.

6. Your Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights in relation to your personal information:

  • Access: you may request a copy of the personal information we hold about you.
  • Correction: you may request that we correct any inaccurate, incomplete, or out-of-date information.
  • Deletion: you may request that we delete your personal information, subject to our legal and regulatory obligations to retain certain records.
  • Opt-out of marketing: you may withdraw consent to receive marketing communications at any time via your account settings or by contacting us directly.
  • Complaints: you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your personal information.

To exercise any of the above rights, please contact our Privacy Officer at [email protected]. We will respond to all requests within 30 days.

7. Cookies

We use cookies and similar tracking technologies to enhance your experience, remember your preferences, and analyse how our platform is used. See our Cookie Policy for full details on the types of cookies we use and how to manage them.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify registered users by email and update the "last updated" date at the top of this page. We encourage you to review this policy periodically.

9. Contact Us

For any privacy-related enquiries, access requests, or complaints, please contact our Privacy Officer: