About this Privacy Policy

Personal information collected to deliver the services:

• Identity and contact details: name, date of birth, residential address, email, phone.
• Verification records: identity documents, proof of address, facial verification snapshots where required by law.
• Account and service activity: bets, deposits and withdrawals, gameplay logs, responsible gambling tools, self-exclusion status, interactions in the account.
• Payment information: card tokens or masked numbers, bank account identifiers, transaction references from PCI DSS compliant providers. Full card numbers are not stored on our systems.
• Technical data: device identifiers, IP address, browser type, app version, language, time zone, location data if enabled, cookies and similar technologies.
• Communications: chat transcripts, emails, support tickets, call recordings for quality and compliance.

Why this information is collected and processed:

• To open and service accounts, provide online services, and support users.
• To verify age and identity, meet Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) duties, and comply with AUSTRAC reporting.
• To process payments, manage risk, detect fraud, and secure the websites and apps.
• To offer responsible gambling protections and meet harm minimisation obligations.
• To improve performance, functionality, and user experience through analytics.
• To send service updates and marketing where consent has been given or permitted by law.

Technical and organisational measures to protect information:

• Encryption in transit and at rest for key data sets.
• Strict access controls, least-privilege permissions, and multi-factor authentication for sensitive systems.
• Segmented networks, continuous monitoring, logging, and intrusion detection.
• Regular security testing, vulnerability management, and independent audits.
• Staff training on privacy and security, and background checks for relevant roles.
• PCI DSS compliant payment processing and an ISMS aligned to ISO/IEC 27001.
• Incident response and notification under the Notifiable Data Breaches scheme.

Retention and secure destruction:

• Records are kept only as long as needed for the purposes set out here or as required by law.
• AML/CTF and transactional records may be retained for up to 7 years after account closure.
• When no longer required, information is de-identified or destroyed using secure methods.

User rights under Australian law:

• Access: request a copy of personal information (APP 12).
• Correction: ask us to correct inaccurate, out-of-date, incomplete, or misleading information (APP 13).
• Deletion: request deletion or de-identification where feasible and not required to be retained by law.
• Marketing controls: unsubscribe or change preferences at any time.

Compliance statement:

• Processing follows the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Where relevant, comparable protections such as the GDPR are applied for overseas users.

Personal information is used for these purposes:

• Account setup and management, including authentication and customer support.
• Payment processing, withdrawals, chargeback handling, and reconciliation through authorised providers.
• Service delivery for casino and sportsbook functions, including limits, self-exclusion, and safer gambling tools.
• Security and fraud prevention, device fingerprinting, risk scoring, and incident investigation.
• Analytics to improve features, fix issues, and enhance performance across online services and websites.
• Regulatory compliance, AML/CTF reporting, sanctions and PEP screening, and record-keeping.
• Service messages and marketing communications where consent exists or is permitted by law; users can opt out at any time.

Lawful and transparent processing:

• Consent applies where required, such as certain marketing and cookies.
• Contract necessity applies to provide requested services.
• Legal obligations apply to AML/CTF and other regulatory duties.
• Legitimate interests apply to security, fraud prevention, and service improvement, balanced against user privacy.

How to make a request:

• Submit a request in Account Settings or email the Privacy Officer at [email protected].
• Identity verification may be required before actioning a request.
• A response will be provided within a reasonable period, usually within 30 days.

Access and correction:

• Copies of personal information can be provided unless an APP exception applies.
• Inaccurate or incomplete records are corrected promptly, and third parties are notified where practical.

Deletion and retention:

• Deletion or de-identification is actioned where the information is no longer needed and not required to be retained by law.
• Certain records must be kept for AML/CTF, taxation, and dispute purposes for up to 7 years after account closure.

Security checks and payment processing consent:

• By using the service, the user consents to security checks, identity and age verification, source-of-funds inquiries, and screening against sanctions or PEP lists.
• The user consents to payment information being processed by authorised payment providers for deposits, withdrawals, and fraud control.

The service is for persons aged 18 years and over. Accounts for minors are not permitted. Age cannot be verified without documents during the collection and processing steps.

If a parent or guardian believes a minor has provided personal information:

• Contact the Privacy Officer at [email protected] to request deletion.
• The account will be closed and personal information removed or de-identified, subject to legal retention rules.
• Minimal records may be kept to meet legal requirements and to prevent re-registration by the minor.

Personal information may be processed in other countries where technology vendors, payment providers, identity verification services, or support partners operate. Use of the websites and apps indicates consent to these international transfers.

Safeguards for cross-border disclosures:

• Reasonable steps are taken to ensure recipients comply with standards comparable to the Australian Privacy Principles (APP 8).
• Contractual protections, including data protection clauses and, where relevant, standard contractual clauses, are used to maintain confidentiality and security.
• Partners are required to protect information and use it only for the agreed purposes.

This disclaimer may alter the scope or effects of certain rules in this policy to the extent allowed by law. It applies once the user indicates acceptance by signature, ticking acceptance during registration, or other forms of accession within the service.

Nothing in this document limits non-excludable rights under Australian law. If any part conflicts with legislation, regulator directions, or court orders, those requirements prevail. JB may update this policy to reflect changes in law or practice, and the current version applies from the date of publication.

Cookies are small files stored on a device to help the websites and apps function. They are used for statistics, behaviour analysis, personalisation, and site improvement. Unless a shorter period is stated, cookies are retained for up to 1 year.

Types and controls:

• Essential cookies: required for login, security, and core features.
• Performance and analytics: measure usage to improve services and fix issues.
• Preference cookies: remember choices such as language and display settings.
• Marketing cookies: measure the effectiveness of permitted marketing.

Users can manage cookies through browser settings or available consent tools. Blocking some cookies may affect functionality needed to use the service.

Use of the service signifies full acceptance of this Privacy Policy. The current version on the website prevails over any prior version. Updates may be posted from time to time, and continued use after an update indicates acceptance of the revised document.

Personal information may be shared in these situations:

• Service providers that support operations, such as payments, identity verification, AML/CTF screening, fraud prevention, hosting, analytics, customer support, and communications.
• Government agencies, regulators, courts, and dispute resolution bodies where required by law or to resolve claims.
• Professional advisers such as auditors, lawyers, and compliance consultants for governance and risk management.

Scope, purpose, and recipients:

• A list of key third parties is published on the website where practicable. If not listed, the purpose and scope of disclosure are provided as required by law.
• Providing personal information to use the services constitutes consent to such disclosures consistent with this policy. Third parties must protect confidentiality and use information only for authorised purposes.

The websites may contain links to external sites that have their own privacy policies and practices. JB is not responsible for how those sites collect, use, or disclose personal information. Users should review the privacy notices of any external site before providing details or continuing to browse.