Privacy Policy — SkyCrown Casino

Last updated: 4 May 2026.

This policy explains what personal data SkyCrown Casino collects when you use the site, how we use it, who we share it with, how long we keep it, and the rights you can exercise over it. The framework draws on EU GDPR principles even where they're not strictly mandatory in Curaçao — that's a deliberate choice. Plain-English rule of thumb: we only collect what we need to run the casino legally; we don't sell your data; you can ask for a copy or deletion at any time.

Who is the data controller?

The controller is SkyCrown Casino, registered office Willemstad, Curaçao, operating under Curaçao Gaming Authority licensing oversight (verification on request via contact). Privacy enquiries go to [email protected]. Our Data Protection Officer can be reached at [email protected].

What information do we collect?

Information you provide directly

  • Account registration: full name, date of birth, email, residential address, phone (optional), username, password (hashed).
  • KYC verification: government-issued ID image, proof-of-address document, payment-method verification image, source-of-funds documents for deposits over A$1,000.
  • Financial data: card details (tokenised by our PCI-DSS payment processors — we do not store full PANs), bank account details for transfers, crypto wallet addresses, transaction history.
  • Communications: live-chat transcripts, support emails, complaint records, survey responses.
  • Preferences: currency, language, marketing-comms opt-in state, responsible-gambling settings.

Information collected automatically

  • Device data: IP address, device type, OS, browser, screen resolution, device identifiers.
  • Usage data: pages visited, time on page, games played, bet amounts and outcomes, click stream, referral source.
  • Geolocation: coarse city-level location derived from IP. We do not collect GPS coordinates.
  • Cookies and similar: see the cookie section below.

Information from third parties

Payment processors share transaction confirmations and fraud screening results. Identity-verification providers (e.g., regtech vendors) confirm document authenticity and age. Marketing partners may share referral attribution if you arrived through a campaign. Fraud-prevention networks may share risk scores tied to your IP or email.

GDPR-aligned legal bases:

  • Contract performance. Running your account, processing deposits and withdrawals, supporting bonuses.
  • Legal obligation. KYC, AML, sanctions screening, transaction reporting, tax compliance.
  • Legitimate interests. Fraud prevention, service improvement, security monitoring. Balanced against your interests; you can object via [email protected].
  • Consent. Marketing communications, non-essential cookies. Withdraw consent at any time via account settings or unsubscribe links.

How we use your information

  • Operate the account and the cashier — deposits, withdrawals, gameplay, bonuses, support.
  • Verify identity and age to prevent underage gambling and fraud.
  • Detect and investigate fraud, money laundering, sanctions violations and abuse of bonus terms.
  • Comply with KYC, AML, and other regulatory obligations.
  • Personalise the gaming experience — recommended pokies, bonus eligibility, VIP-tier benefits.
  • Send service-critical notifications (transaction confirmations, security alerts, KYC outcomes).
  • Send marketing where you have opted in. Opt-out at any time.
  • Enforce responsible-gambling tools (deposit limits, self-exclusion, cooling-off).
  • Protect our rights, property and the safety of users.

Who we share data with

We do not sell personal data. We share with limited parties for specified purposes:

  • Payment processors — to settle deposits and withdrawals.
  • Identity verification providers — to confirm KYC documents.
  • Game providers (Pragmatic Play, NetEnt, Evolution, etc.) — to deliver the games and reconcile session data.
  • Cloud hosting and CDN — to serve the site.
  • Customer-support platforms — to manage chat and email.
  • Analytics providers — aggregated, in many cases anonymised.
  • Marketing platforms — only if you've opted in.
  • Regulators, law enforcement, courts — when legally required.
  • Acquirers, in a business transfer — with notification of any change.

All processors are bound by data-processing agreements requiring confidentiality and use only for the stated purpose.

Cookies and tracking technologies

Cookie categories used at SkyCrown
CategoryPurposeDurationOpt-out
EssentialLogin state, security, cart-style preferencesSession to 12 monthsRequired for service
FunctionalRemember language, currency, layout choiceUp to 12 monthsOptional
AnalyticsAggregate usage, page-load metrics, error loggingUp to 24 monthsOptional
MarketingCampaign attribution, retargetingUp to 90 daysOptional

You can manage cookies via the consent banner on your first visit and via your browser settings. Disabling essential cookies will break login.

How long we keep data

  • Account data: active life of the account plus 5–7 years (AML retention).
  • KYC documents: 5 years post-account-closure (AML).
  • Transaction records: 7 years (financial recordkeeping).
  • Support communications: 3 years.
  • Marketing data: 24 months from last engagement, or sooner on opt-out.
  • Server logs: 90 days, then aggregated/anonymised.

After retention periods expire, data is securely deleted or irreversibly anonymised.

Data security

  • 256-bit TLS for all data in transit.
  • Encryption at rest for sensitive fields (KYC documents, payment tokens).
  • One-way password hashing — we cannot recover your original password.
  • Optional two-factor authentication for account login.
  • Role-based access control internally; staff access is logged and audited.
  • Regular third-party penetration testing.
  • Network segmentation and firewall protection.

No system is perfectly secure. Promptly report suspected unauthorised access at [email protected].

Your privacy rights

Subject to your jurisdiction, you can exercise the following rights:

  • Access — request a copy of personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion (subject to AML/financial retention obligations).
  • Restriction — limit processing while a dispute is resolved.
  • Objection — object to processing based on legitimate interests, including direct marketing.
  • Portability — receive your data in a structured, commonly used, machine-readable format.
  • Withdraw consent — for processing that relies on consent.
  • Lodge a complaint with the relevant data protection authority in your jurisdiction.

To exercise rights, email [email protected] from your registered address. We respond within 30 days; complex requests may take up to 60 days with notice.

International data transfers

Operating globally means data may move between countries — payment processing in EU jurisdictions, cloud hosting in multiple regions. For transfers outside the EU/EEA, we rely on Standard Contractual Clauses or equivalent safeguards, plus data-processing agreements that mirror EU-grade obligations.

Children's privacy

SkyCrown is restricted to players aged 18 and over. We do not knowingly collect data from anyone under 18. If we discover an underage account, we close it immediately, refund any deposits to the original payment method, and delete data subject to legal retention. Parents or guardians who believe a minor has used the site should contact [email protected].

Third-party links

We link out to a small number of third parties — for example, BeGambleAware and Gambling Help Online for responsible-gambling support. Their privacy practices are governed by their own policies. Our policy applies only to data collected directly by SkyCrown Casino.

Changes to this policy

We update this policy when our practices change, or when laws change, or when we add features that affect data handling. Material changes are notified by email and via an in-site banner. The "Last updated" date at the top reflects the most recent revision. Older versions are available on request.

Contact us about privacy

Privacy email: [email protected]

Data Protection Officer: [email protected]

General support: [email protected]

Live chat: 24/7 in-site widget

Postal correspondence: SkyCrown Casino, Willemstad, Curaçao

If you believe we've mishandled your personal information, please raise it with our DPO first. If you remain unsatisfied, you may complain to the data protection authority in your jurisdiction. Australian users can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Summary

  • We collect only what we need to run the casino legally.
  • We do not sell personal data.
  • You have GDPR-grade rights — access, deletion, correction, portability, objection.
  • KYC documents are kept for 5 years post-closure due to AML rules.
  • You can withdraw marketing consent at any time without affecting your account.
  • Privacy questions: [email protected].