WinSpirit
Login Register

Winspirit Privacy Policy

This Privacy Policy sets out how Winspirit Casino ("Winspirit", "we", "us", "our") collects, holds, uses, discloses and protects your personal information. It is written to align with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) issued by the Office of the Australian Information Commissioner. The policy applies to all visitors to winspirit2026.com and all account holders.


By using our website or holding an account, you confirm you have read and accepted this policy. If you do not accept it, please do not register an account.

APP 1 — Open and Transparent Management

We publish this policy in plain English and keep an active version available at all times. The version date is shown at the foot of this page. Material changes are notified by email to active account holders at least 14 days before they take effect, with the previous version archived and available on request to [email protected].

APP 2 — Anonymity and Pseudonymity

You can browse winspirit2026.com without registering an account and without identifying yourself. To deposit, wager real money or withdraw, regulatory requirements (anti-money-laundering and counter-terrorism financing) require us to verify your identity, which precludes anonymity for those activities.

APP 3 — Collection of Solicited Personal Information

We collect personal information in three categories:

  • Identity information: legal name, date of birth, residential address, nationality, government-issued ID document.

  • Contact information: email address, mobile number.

  • Financial information: deposit and withdrawal methods, transaction history, source-of-funds documents where required by AML thresholds.

  • Account and play information: username, password (stored hashed and salted), wagering activity, bonus state, device fingerprint, IP address, session timestamps.

  • Communication information: support chat and email content, in-app form submissions.

We collect this information directly from you at sign-up, during KYC, when you contact support, and automatically through your interaction with our website and app.

APP 4 — Dealing with Unsolicited Personal Information

If we receive personal information we did not solicit (for example, a third party sending us information about you without your consent), we will determine within a reasonable period whether we could have collected it lawfully under APP 3. If not, we will destroy or de-identify the information as soon as practicable, where lawful and reasonable to do so.

APP 5 — Notification of Collection

At the point of collection we tell you: who we are, what we are collecting, why, who we may disclose it to, and how to access this Privacy Policy. The sign-up flow links directly to this page before you confirm your account.

APP 6 — Use and Disclosure

We use your personal information for the purposes you'd reasonably expect:

  • Operating your account, processing deposits, payouts and bonuses.

  • Verifying identity, age and source of funds under AML/CTF rules.

  • Preventing fraud, multi-accounting, payment abuse and underage play.

  • Providing customer support and responding to disputes.

  • Sending service messages (KYC requests, payout confirmations, security alerts).

  • Sending marketing communications only where you have opted in — you can opt out from any marketing email, SMS or push notification, free of charge, at any time.

  • Meeting our obligations to the Curacao Gaming Control Board and other lawful regulatory requests.

We do not sell your personal information to anyone.

APP 7 — Direct Marketing

Marketing is opt-in at sign-up. You can withdraw consent at any time from Account → Preferences, by clicking the unsubscribe link in any email, or by replying STOP to an SMS. Withdrawal takes effect within 48 hours across all channels and does not affect non-marketing service messages.

APP 8 — Cross-Border Disclosure

Some of our service providers operate outside Australia, including payment processors, KYC verification vendors, game studios (for transaction integrity checks), cloud infrastructure providers, and our parent group's compliance function. We take reasonable steps to ensure each overseas recipient handles your personal information in a manner consistent with the APPs, by contract and by audit.


Likely destinations include the European Union, the United Kingdom, Curacao, Cyprus, Malta, the Philippines (for support overflow), and Singapore (for cloud hosting).

APP 9 — Government Identifiers

We collect government identifiers (driver's licence numbers, passport numbers) only where required by AML/CTF law for identity verification. We do not adopt those identifiers as our own internal account identifiers and we do not disclose them except as required by law.

APP 10 — Quality of Personal Information

We take reasonable steps to keep your personal information accurate, up-to-date, complete and relevant. If your details change (name, address, mobile, email), please update them in Account → Personal Details or contact support. We may ask for supporting documentation for changes to identity fields.

APP 11 — Security

We secure personal information by:

  • Encrypting all traffic between you and our servers via TLS 1.3.

  • Storing passwords as salted bcrypt hashes — we cannot recover your password if forgotten, only reset it.

  • Encrypting KYC documents at rest with AES-256.

  • Restricting internal access on a need-to-know basis with audited role-based access controls.

  • Running quarterly penetration tests by an independent third party.

  • Operating a 24/7 fraud and anomaly monitoring team.

If a notifiable data breach occurs under the Notifiable Data Breaches scheme, we will notify affected individuals and the OAIC as required, in the timeframes prescribed by law.


Retention windows by category:

  • Identity and KYC: 7 years after account closure (AML/CTF statutory minimum).

  • Transaction records: 7 years after the transaction.

  • Marketing preferences and history: until withdrawn, then 12 months for audit.

  • Support communications: 24 months from last contact.

  • IP and session logs: 12 months.

APP 12 — Access

You can request a copy of the personal information we hold about you by emailing [email protected]. Our response window is 30 calendar days (we typically respond within 10 business days). We will verify your identity before releasing data. There is no charge for a standard subject-access request.

APP 13 — Correction

If you believe any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, contact [email protected]. We will correct it within 30 calendar days or, if we disagree, give you a written reason and a statement that you can attach to your record. Where information has been disclosed to third parties, we will notify them of the correction on request.

Cookies and Tracking

We use first-party cookies for session management, security, and remembering your preferences. We use third-party analytics cookies (counted in aggregate, not tied to your account) only with your consent at the cookie banner. You can manage cookies in your browser settings; disabling essential cookies will prevent login.

Complaints

If you believe we have breached the APPs or this policy, please raise a complaint with our Compliance Officer at [email protected]. We will acknowledge within 5 business days and respond substantively within 30 calendar days. If unresolved, you can escalate to the Office of the Australian Information Commissioner at oaic.gov.au.

Contact

[email protected] — Privacy enquiries and subject-access requests.

[email protected] — Complaints and formal disputes.


Policy version: 2026.05. Last updated 2026-05-20.