1. Introduction
 
Spins On Ltd (“Spins On”, “we”, “our”, “us”) develops and publishes real‑money and social casino games for iOS, Android and the web. Protecting your privacy is central to the way we design products and run our business. This Privacy Policy explains how we collect, use, disclose, store and protect your personal information when you visit spinson.io, download or play our games, interact with us on social media, or engage with any other service that links to this notice (“Services”).
By accessing or using our Services you acknowledge that you have read and understood this Privacy Policy.
 
2. Who we are
 
Spins On Ltd
Company No. 16251108
128 City Road
London, EC1V 2NX
United Kingdom
Spins On Ltd is the “controller” of your personal data for the purposes of the UK GDPR, the EU GDPR (where applicable) and the UK Data Protection Act 2018.
 
3. Scope & Eligibility
 
Our Services are intended for individuals aged 18 or over. We do not knowingly collect data from anyone under 18 years of age. If you are a parent or guardian and believe we have inadvertently collected data from a minor, please contact us (see §16) so we can delete it promptly.

4. Personal Data We Collect

CategoryExamplesCollected when…
Identity & Contactname, email, postal address, phone, device IDyou create an account, submit a form, join a beta
Profile & Gameplayusername, avatar, in‑game progress, bets, wins, loss limits, chat logsyou play or interact with social features
TechnicalIP address, device type, OS version, language, crash logsyour device connects to our servers
Financialpayment method token, deposit & withdrawal records (no raw card data)you make real‑money transactions
Marketingpreferences, survey responses, competition entriesyou opt‑in to newsletters or promotions
Complianceage‑verification docs, KYC/AML checks, open‑banking affordability datarequired by gambling regulations
We combine data from the sources above with publicly available information (e.g., App Store reviews) and data from trusted partners (advertising networks, analytics providers, payment processors, identity verification vendors).

5. How & Why We Use Your Data

We process your personal data only where we have a valid legal basis:
PurposeLegal basis (UK/EU GDPR)
Create, verify and administer player accountsContract performance
Enable gameplay, leaderboards, tournaments and social featuresContract performance
Process deposits, withdrawals and in‑app purchasesContract performance; Legal obligation
Detect and prevent fraud, money‑laundering and responsible‑gaming breachesLegal obligation; Legitimate interests
Deliver customer support and respond to enquiriesContract performance; Legitimate interests
Serve personalised offers and adsConsent (where required); Legitimate interests
Send service updates & marketing messagesConsent or Legitimate interests (opt‑out any time)
Conduct analytics, A/B testing and game balancingLegitimate interests
Comply with regulatory audits, tax and accounting dutiesLegal obligation

6. Cookies & Similar Technologies

We use cookies, SDKs and device identifiers to:
remember your log‑in state
measure traffic and in‑game behaviour
tailor advertising and AB tests
You can manage cookie preferences in your browser or device settings. For mobile games you may reset your advertising identifier or opt out of personalised ads through iOS/Android privacy controls.

7. Sharing Your Information

We never sell personal data. We share it only with:
Service providers: cloud hosting, payment gateways, analytics, anti‑fraud, KYC. All are bound by confidentiality and data‑processing agreements.
Business partners & operators: where you access our games through a licensed casino or white‑label platform, to meet contractual and regulatory requirements.
Regulators & authorities: the UK Gambling Commission, Malta Gaming Authority, tax offices and law‑enforcement, when required by law.
Corporate transactions: in the event of a merger, acquisition or asset sale, subject to appropriate confidentiality safeguards.

8. International Transfers

We host data on servers in the UK, the EEA and (for redundancy) the United States. When we transfer personal data outside the UK/EEA we rely on:
Adequacy regulations (where the destination country is recognised as providing adequate protection); or
Standard Contractual Clauses plus supplementary measures.

9. Data Retention

We keep your data only as long as necessary for the purposes set out in this policy:
Account & gameplay data: while your account is active and up to 5 years after closure (gambling‑regulation requirement).
KYC, AML & transaction records: 5–10 years (statutory retention).
Marketing data: until you withdraw consent or 24 months of inactivity.
When retention limits expire we delete or anonymise the data permanently.

10. Security

We apply industry‑standard safeguards, including:
TLS 1.3 encryption in transit and AES‑256 at rest
Zero‑trust network segmentation and WAF/DDoS protection
Regular penetration tests and secure‑code reviews
Role‑based access, MFA and least‑privilege principles for staff
No system is 100 % secure, but we continually improve defences to minimise risk.

11. Your Rights

Subject to local law, you have the right to:
Access – obtain a copy of your personal data.
Rectify – correct inaccurate or incomplete data.
Erase – request deletion where we have no overriding legal ground to keep it.
Restrict – limit processing while a complaint is resolved.
Portability – receive data you provided in a structured, machine‑readable format.
Object – object to processing based on legitimate interests or direct marketing.
Withdraw consent – at any time, where processing relies on consent.
To exercise any right, email us at privacy@spinson.io. We will respond within one month (extendable by two months for complex requests).

12. Marketing Opt‑Out

Click the “unsubscribe” link in any marketing email or adjust notifications in‑app. You will continue to receive transactional messages (e.g., password resets or legally required notices).

13. Third‑Party Links

Our Services may link to external sites we do not control. Once you leave our domain, this Privacy Policy no longer applies. Check the privacy notices of any third‑party service before providing data.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in‑app or on our website at least 14 days before taking effect. Continued use of the Services after the effective date constitutes acceptance of the revised policy.