Privacy Policy · AU

Full name, date of birth, nationality, government-issued photo ID. Used exclusively to verify you are 18+, confirm your identity at KYC, and prevent fraud.

Email address, mobile number, residential address. Used for account notifications, password resets, withdrawal confirmations, and regulatory correspondence.

Payment tokens (not raw card numbers), transaction history, source of funds declarations. Required to process deposits, withdrawals, and comply with Australian AML legislation.

IP address, browser type, device ID, session timestamps, gameplay logs. Used for platform security, fraud detection, responsible gambling monitoring, and performance improvements.

Game history, session duration, wagering patterns, bonus usage. Used to personalise your experience, identify responsible gambling risk signals, and improve our game offering.

Live chat transcripts, support emails, complaint records. Retained for quality assurance, dispute resolution, and regulatory compliance for up to 3 years post-account closure.

All data in transit is protected by TLS 1.3 — the current gold standard. Sensitive data stored at rest is encrypted with AES-256, including all KYC documents and financial records.

Only authorised personnel with a documented business need can access personal data. Access is logged, time-limited, and reviewed quarterly by our security team.

Automated anomaly detection scans account activity around the clock. Unusual login locations, rapid balance changes, or device switching trigger immediate security review.

No raw payment card data is ever stored on WinSpirit servers. All payment processing is delegated to PCI DSS Level 1 certified processors who maintain their own audit programmes.

Independent security audits and penetration tests are conducted on a regular schedule. Critical findings must be remediated within 72 hours under our security SLA.

In the event of a data breach, you will be notified without undue delay. We follow OAIC notification requirements and will clearly explain what happened and what to do.

Request a complete copy of all personal data we hold about you. We provide this in a structured, readable format within 30 calendar days at no cost for the first request each year.

Have inaccurate or out-of-date personal data corrected. Changes to KYC-verified fields such as name or date of birth require fresh supporting documentation.

Request deletion of your personal data where we have no remaining legal obligation to retain it. AML law requires retention of financial records for up to 7 years regardless.

Where we process your data by automated means on the basis of consent or contract, request it in a machine-readable format for transfer to another service.

Ask us to pause or limit processing of your data — for example while you contest its accuracy or object to the purpose for which it is being used.

Object to processing based on legitimate interests — including profiling for personalised recommendations. We will cease unless we can demonstrate compelling grounds.

Withdraw marketing consent at any time via Account → Communication Preferences, or by emailing [email protected]. Does not affect core account functionality.

If you believe we have mishandled your personal data, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Suspect a minor has registered? Email [email protected] immediately. We investigate all such reports within 24 hours.

Updated silently. The effective date on this page is revised. No advance notice required.

Email notification to your registered address at least 14 days before the change takes effect.

Explicit re-consent required before the new processing begins. You retain full ability to decline.

If you are not satisfied with our response to a privacy complaint, you have the right to escalate to the OAIC free of charge at oaic.gov.au or by calling 1300 363 992.

Gambling Help Online
1800 858 858
gamblinghelponline.org.au