1win IN

Privacy Policy

This Privacy Policy outlines how our gaming platform collects, processes, uses, and safeguards personal information of users from India and other jurisdictions. We are committed to maintaining the highest standards of data protection and transparency in accordance with applicable laws, including the Information Technology Act, 2000, and related regulations governing online gaming platforms. Last updated: January 18, 2026

Information Collection and Categories

Our platform collects various categories of personal information to facilitate account creation, verification, gameplay, and payment processing. We gather identifying information including your full name, date of birth, email address, and telephone number during the registration process. Additionally, we collect address-related data such as residential address, city, state, and postal code for account verification and responsible gaming purposes.

Financial information collected includes bank account details, payment card information, digital wallet identifiers, and cryptocurrency wallet addresses for deposits and withdrawals. We also collect government-issued identification numbers, including Aadhaar details where applicable, to comply with anti-money laundering regulations and know-your-customer requirements mandated by Indian authorities. Device information such as IP addresses, browser types, operating systems, and device identifiers are automatically collected to enhance security and prevent fraudulent activities.

Behavioral data is collected through cookies, analytics tools, and tracking pixels to understand user preferences, gaming patterns, and website navigation. Communication records, including emails, chat messages, and support tickets, are retained for dispute resolution and customer service purposes. We may also collect information about your gaming activity, including bets placed, winnings, losses, and time spent on various games.

Purpose and Legal Basis for Data Processing

We process personal data for several essential purposes that support our gaming operations and legal obligations. The primary purpose is to establish and maintain user accounts, enabling secure access to our platform and tracking individual gameplay history and balances. We process identification and financial information to verify user identity and prevent underage gambling, which is illegal in India and internationally recognized as a critical protective measure.

Payment processing represents a core function requiring data processing, including transmitting financial information to authorized payment processors, banking institutions, and digital payment providers. We process data to detect, prevent, and investigate fraudulent transactions, unauthorized access attempts, money laundering, and other illegal activities that could harm our operations and other users.

Compliance with legal requirements forms a critical basis for data processing, including adherence to anti-money laundering regulations, counter-terrorism financing laws, taxation requirements, and reporting obligations to relevant regulatory authorities. We also process data to send account notifications, gaming updates, promotional offers, and responsible gaming reminders that users have opted to receive or that are legally required communications.

  1. Establishing and managing user accounts for platform access
  2. Performing identity verification and age confirmation procedures
  3. Processing deposits, withdrawals, and financial transactions
  4. Detecting and preventing fraud, unauthorized access, and illegal activities
  5. Complying with legal and regulatory requirements
  6. Delivering customer support and resolving disputes
  7. Sending promotional communications and responsible gaming messages
  8. Conducting analytics to improve user experience and platform security
  9. Maintaining records for accounting and taxation purposes
  10. Enforcing terms of service and protecting platform integrity

Data Sharing and Disclosure Practices

We maintain strict limitations on data sharing and disclose personal information only to authorized third parties when necessary for legitimate business purposes or when required by law. Payment processors and financial institutions receive necessary transactional information to facilitate deposits and withdrawals, but we provide only essential data required for completing the transaction. These partners operate under contractual confidentiality agreements and must implement security standards comparable to our own.

Regulatory authorities and law enforcement agencies may receive personal information when legally required through court orders, subpoenas, or direct regulatory requests. We cooperate fully with Indian authorities including the Ministry of Electronics and Information Technology, income tax departments, and police cybercrime units when investigating illegal activities or enforcing compliance with gaming regulations.

Third-party service providers supporting our operations, including cloud storage providers, customer support platforms, and analytics companies, receive limited access to personal data necessary for performing their specific functions. These service providers are bound by confidentiality obligations and are prohibited from using data for purposes other than those specified in their service agreements.

We do not sell personal information to unrelated third parties for commercial purposes. However, we may share aggregated and anonymized data with research organizations, gaming industry partners, and academic institutions to support responsible gaming research and industry standards development. This data cannot be used to identify individual users.

User Rights and Data Access Control

Every user maintains fundamental rights regarding their personal information, consistent with international data protection standards and applicable Indian laws. Users have the right to access their personal information at any time by logging into their account dashboard or submitting a formal request to our support team. We provide complete information about what data we hold and how it is being processed.

Users may request correction of inaccurate or incomplete personal information by submitting documented evidence of the required changes. We will review such requests and make corrections within a reasonable timeframe, typically within fourteen business days. Users retain the right to request deletion of their personal data, subject to legal obligations to retain certain information for anti-money laundering and taxation purposes.

Users may withdraw consent for receiving promotional communications at any time through account settings or by contacting our support team. This withdrawal does not affect the lawfulness of processing that occurred before withdrawal. Users also have the right to request a copy of their personal data in a structured, commonly used, and machine-readable format for transfer to another service provider.

  1. Right to access personal information held by the platform
  2. Right to request correction or updating of inaccurate data
  3. Right to request deletion of personal information
  4. Right to withdraw consent for marketing communications
  5. Right to request data portability in machine-readable formats
  6. Right to object to certain types of data processing
  7. Right to lodge complaints with relevant data protection authorities
  8. Right to receive information about how data is being used

Retention Duration and Data Lifecycle

We maintain personal information for the duration necessary to provide gaming services and fulfill legal obligations. Account information and gaming history are retained as long as the user account remains active. After account closure, we retain sufficient data to prevent re-registration and fraud, typically for five years from the closure date, to comply with anti-money laundering requirements and potential regulatory investigations.

Financial transaction records are retained in accordance with Indian tax law requirements, generally for seven years from the transaction date, to support income verification, tax compliance, and potential disputes. Identification documents used for account verification are retained for the duration of the account plus five additional years to comply with know-your-customer regulations and regulatory audits.

Communication records including support tickets and emails are typically retained for three years to assist with dispute resolution and quality improvement. However, communications related to financial transactions or regulatory matters may be retained longer to meet compliance obligations. Analytics and behavioral data are generally retained for twelve months unless aggregated into anonymized datasets that can be retained indefinitely.

Personal information related to detected fraud, illegal activities, or security incidents may be retained longer than standard retention periods to prevent future incidents and support ongoing investigations. Users who request account deletion will have personal data removed within thirty days, except for information that must be retained for legal compliance, fraud prevention, or legitimate business interests.

Security Measures and Data Protection Technology

We implement comprehensive security measures to protect personal information against unauthorized access, modification, disclosure, or destruction. All data transmissions between user devices and our servers utilize industry-standard TLS encryption protocols, ensuring that information cannot be intercepted during transmission. Our platform maintains a minimum encryption standard of TLS 1.2, with regular upgrades to maintain security against emerging threats.

Personal information is stored on secure servers protected by firewalls, intrusion detection systems, and continuous monitoring for unauthorized access attempts. Access to personal data is restricted to authorized personnel who require the information to perform their job functions. Employees with access to personal information undergo regular security training and sign confidentiality agreements.

We conduct regular security audits and vulnerability assessments performed by independent third-party security firms to identify and remediate potential weaknesses. Penetration testing is performed at least annually to simulate real-world attack scenarios. Our infrastructure utilizes multi-factor authentication, role-based access controls, and detailed audit logs to track all access to personal information.

Despite implementing robust security measures, no system is entirely impervious to security breaches. We maintain incident response procedures to address any potential data breaches promptly. In the event of unauthorized access affecting personal information, affected users will be notified within seventy-two hours as required by applicable regulations, along with information about the nature of the breach and steps users should take to protect themselves.

  1. TLS encryption for all data transmission between users and servers
  2. Secure server infrastructure with firewall protection
  3. Restricted access based on user role and job function requirements
  4. Regular security audits by independent third-party firms
  5. Annual penetration testing to identify vulnerabilities
  6. Multi-factor authentication for sensitive operations
  7. Continuous monitoring for unauthorized access attempts
  8. Detailed audit logs tracking all data access and modifications
  9. Data encryption both in transit and at rest
  10. Incident response procedures for rapid breach notification

Cookies, Tracking, and Analytics Technologies

Our platform utilizes cookies and similar tracking technologies to enhance user experience, maintain security, and analyze platform usage. Essential cookies are necessary for basic functionality, including authentication cookies that keep users logged in and security cookies that prevent unauthorized access. These cookies are automatically placed and cannot be disabled without losing core platform functionality.

Performance and analytics cookies track how users interact with our platform, including which games are most popular, how long users typically play, and which features are underutilized. This information helps us optimize the platform and improve user experience. Users may manage analytics cookies through their browser settings or our cookie preference center, although disabling analytics does not affect platform functionality.

Marketing cookies are used to display personalized gaming recommendations and promotional content based on user preferences. We respect user privacy choices regarding marketing cookies, and users may opt out of receiving personalized content through their account settings. Third-party analytics providers including Google Analytics may collect information about user behavior across multiple websites, subject to their own privacy policies.

Web beacons and similar tracking pixels embedded in emails and promotional materials allow us to track whether communications have been opened or links clicked. This helps us understand which communications are effective and improve future messaging. Users can disable pixel tracking in email through their email client settings or by unsubscribing from promotional communications entirely.

Responsible Gaming and Age Verification

We maintain strict policies ensuring that only individuals eighteen years of age or older can access our gaming platform, consistent with Indian law and international responsible gaming standards. During account creation, users must provide their date of birth and confirm their age through our verification system. We employ advanced age verification technology that cross-references provided information against government databases where legally permitted.

We process identity information not only to verify age but also to maintain records proving we have fulfilled our legal obligations to prevent underage gambling. This constitutes an important public interest purpose justifying the collection and retention of sensitive identification information. Any account identified as belonging to a minor is immediately suspended, and we take appropriate steps to prevent re-registration.

Personal information may be shared with age verification services and databases to confirm user age and identity. These service providers are contractually obligated to use information solely for age verification purposes and must maintain strict confidentiality. Users should understand that providing false age information constitutes fraud and may result in account termination, forfeiture of winnings, and reporting to appropriate authorities.

International Data Transfers and Cross-Border Compliance

Personal information collected from users may be transferred to and processed in countries outside India, including jurisdictions where we maintain servers, support centers, or payment processing operations. These transfers are conducted under appropriate safeguards including standard contractual clauses approved by regulatory authorities, ensuring that personal data receives protection equivalent to Indian standards regardless of transfer destination.

Users should understand that different countries may have varying data protection regulations, and once transferred internationally, personal data may be subject to different legal frameworks. However, we contractually obligate all international recipients of personal data to maintain security standards and confidentiality commitments comparable to our own. We maintain data processing agreements with all international partners defining permitted uses and security obligations.

If you are located in the European Union, United Kingdom, or other regions with strict data protection regulations, we apply those regulations’ standards to your personal information even though our platform operates primarily for Indian users. This means EU residents receive the protections mandated by GDPR and equivalent regulations regardless of our primary jurisdiction.

Policy Updates and User Notification

We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or technological capabilities. Material changes to the policy will be communicated to users through email notification at least thirty days before implementation, allowing users to review changes and decide whether to continue using our platform. Minor clarifications or non-substantive updates may be implemented immediately with notice provided in the policy document.

Users are encouraged to regularly review our Privacy Policy to remain informed about how we handle their personal information. Continued use of our platform after policy updates constitutes acceptance of the updated terms. If you disagree with material changes, you may request account closure and deletion of personal information as permitted by law before the changes take effect.

We maintain an archive of previous Privacy Policy versions for reference, which can be requested from our support team. This allows users to understand what protections applied when they provided specific information.

Contact Information and Grievance Redressal

Users who have questions, concerns, or complaints regarding our privacy practices should contact our dedicated privacy team through multiple available channels. Our primary contact email for privacy matters is [email protected], where requests are processed within five business days. We also maintain a dedicated privacy inquiry form on our website allowing users to submit detailed questions and receive personalized responses.

For formal complaints or grievances, users may submit written correspondence to our registered office address in India. All formal complaints are logged, assigned case reference numbers, and investigated thoroughly. We commit to responding to all formal complaints within fourteen business days with either resolution or an explanation of ongoing investigation status.

Users dissatisfied with our internal grievance resolution may lodge complaints with the Indian Information Technology Act regulatory authorities or the Ministry of Electronics and Information Technology. Users also maintain the right to pursue legal remedies through appropriate courts of law. We encourage users to resolve disputes through our direct communication channels before pursuing formal regulatory or legal action.

  1. Email privacy inquiries to [email protected]
  2. Submit privacy forms through our dedicated website portal
  3. Send formal written complaints to our registered office address
  4. Contact regulatory authorities for unresolved concerns
  5. Receive case reference numbers for all formal complaints
  6. Expect responses within five business days for email inquiries
  7. Expect responses within fourteen business days for formal complaints
  8. Request escalation to senior management for complex matters