Privacy Policy

Robocat Casino is an online casino operating under a Malta Gaming Authority licence. When this policy talks about "we", "us" or "Robocat", that is who we mean.

For any privacy-related question — a data-access request, a complaint, a mistake you want us to correct — the fastest route is our live chat, available 24/7. Alternatively, email us at [email protected]. We respond to privacy requests within one business day in most cases, and always within the 30-day window required under GDPR and the Australian Privacy Act.

We only collect information that we genuinely need. Nothing is gathered "just in case". Here is the full picture, broken into the four categories that matter most:

Every use of your data falls into one of six purposes. If we ever want to use it for something else, we will ask you first or update this policy and tell you.

1. Running your account. Creating it, letting you log in, remembering what you deposited and won, showing your transaction history.
2. Processing payments. Moving money into and out of your account via cards, e-wallets, bank transfers or crypto.
3. Meeting legal obligations. Age verification, identity checks, reporting suspicious activity to regulators, preserving records our licence requires.
4. Protecting everyone on the platform. Detecting fraud, multi-accounting, bonus abuse, account takeovers. This is where most of our automated monitoring sits.
5. Support and safety. Answering your questions, resolving disputes, enforcing self-exclusion and deposit limits you have set.
6. Improving the product. Aggregate analytics on which games are popular, where players get stuck, what loads slowly. This is always done on de-identified data where feasible.

Under the GDPR (and equivalent provisions in the Australian Privacy Act), every processing activity needs a specific legal basis. Ours map cleanly to the six purposes above:

• Contract. You opened an account; we need your data to deliver the service that contract promises. Covers purposes 1 and 2.
• Legal obligation. AML, KYC, fraud-reporting, licence-compliance data is processed because the law requires it — no consent needed, and none will be asked. Covers purpose 3.
• Legitimate interest. Security monitoring, fraud prevention and support are processed on the basis that any reasonable operator would do the same to keep the platform safe for everyone. Covers purposes 4 and 5.
• Consent. Marketing emails, non-essential cookies, and any analytics that involves identifying individuals require your opt-in. You can withdraw that consent at any time from your account settings, without affecting anything else. Covers purpose 6 and marketing.

We share your information only with parties who need it to make the casino work, or where we are legally required to. Every sharing relationship is governed by a written data-processing agreement that obliges the other party to meet at least the standard we do.

Payment providers process deposits and withdrawals — Visa, Mastercard, Skrill, Neteller, PayID, and our crypto gateway partner. They receive only what they need to process the transaction.

Identity-verification services (Jumio, Onfido, SumSub) check that your documents are real. They see the documents; they do not see your gameplay or financial information.

Game providers — Pragmatic Play, Evoplay, NetEnt, Evolution and the rest of our studio partners — receive a pseudonymous session ID so the game knows which player just spun the reels. They never see your name, email or payment details.

Regulators and law enforcement receive what our licence or a valid legal order requires. The Malta Gaming Authority has inspection rights over our records. Australian law-enforcement agencies can request information through Mutual Legal Assistance channels in the specific circumstances the law allows.

We never sell your data. Not to advertisers, not to data brokers, not to affiliates, not to anyone. That is an absolute rule, not a marketing line.

Some data goes away when you ask for it to. Some we are legally required to retain for years after your account closes. The split looks like this:

• Account records and KYC documents: kept for five years after your account closes. This is a hard requirement under MGA and international AML law — we cannot waive it, even if you ask us to.
• Transaction history: kept for seven years to meet tax-compliance and financial-audit obligations.
• Gameplay session logs: kept for two years for fraud analysis and dispute resolution, then deleted.
• Marketing preferences and consent records: kept for three years after you last interacted with us, so we can prove we respected your choices.
• Support conversations: kept for 18 months, then anonymised unless the conversation relates to a live complaint.

Once a retention period expires, the data is deleted from live systems and purged from backups within the next 90 days.

Cookies are small text files stored in your browser that let a website remember you between visits. We use four categories of them, and we treat each differently.

Strictly necessary cookies keep you logged in, remember your language, and protect against CSRF attacks. These cannot be disabled without breaking core functionality and they do not require consent under GDPR because the site literally could not work without them.

Functional cookies remember small preferences — your preferred currency, whether you have dismissed a banner, which games you have recently played. Turning these off does not break the site, but it will forget the small choices you have made.

Analytics cookies help us understand, in aggregate, which pages are used and where loading is slow. We use a privacy-respecting analytics tool that does not share data with third parties. These cookies run only if you opt in.

Marketing cookies would let us retarget you with adverts outside the site. We do not currently use any marketing cookies and any change would require a fresh consent banner.

You can manage all non-essential cookies from the "Cookie preferences" link in the footer, or clear everything via your browser settings at any time.

Under GDPR and the Australian Privacy Principles you have specific, enforceable rights over your personal information. You can exercise all of them either from your account settings or by emailing [email protected]. We will confirm receipt within one business day and complete the request inside the 30-day legal window.

• Right to access. Ask us for a copy of everything we hold on you. We deliver it as a structured JSON export plus a human-readable PDF.
• Right to correction. If anything we hold is wrong or out of date, tell us and we will fix it.
• Right to erasure. Ask us to delete your data. We do — except for the parts we are legally required to retain for AML purposes. We tell you exactly what survives and why.
• Right to portability. Ask us to send your data to another service in a structured machine-readable format. The JSON export is designed for this.
• Right to restriction and objection. Ask us to limit how we use your data or to stop altogether for a specific purpose. For marketing this is a one-click opt-out.
• Right to withdraw consent. For anything we process on the basis of your consent, you can revoke it any time and without explanation.
• Right to complain. If we get something wrong, you can complain to the Office of the Information Commissioner (in the EU) or the Office of the Australian Information Commissioner (in Australia). We would rather hear about it first and fix it — but you do not have to come to us first.