Privacy Policy — Luckessa Casino

01 ——

Overview

This Privacy Policy describes how Luckessa Entertainment Ltd. ("Luckessa," "we," "us," or "our") collects, uses, stores, and shares personal information when you use our website and social casino platform (the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Service.

This Policy applies to all users of the Service, including registered account holders and visitors who access the platform without creating an account. It does not apply to third-party websites, services, or applications that may link to or from our Service.

02 ——

Information We Collect

We collect several categories of information, depending on how you interact with the Service:

Category	Examples	Source
Account Information	Username, email address, password (hashed), date of birth, country	You, directly
Usage Data	Games played, session duration, bet amounts (coins), win/loss records, feature interactions	Automatically collected
Device & Technical Data	IP address, browser type, operating system, device identifiers, screen resolution	Automatically collected
Cookie Data	Session tokens, preference settings, analytics identifiers	Cookies & local storage
Communications	Support tickets, feedback submissions, emails sent to us	You, directly
Social Features	Chat messages, friend interactions, leaderboard data (where applicable)	You, directly

We do not collect financial information such as credit card numbers, bank account details, or any payment information, as the Service is entirely free-to-play with no real-money transactions.

We do not knowingly collect sensitive personal data (e.g., health data, political opinions, biometric data) and ask that you do not submit such information through the Service.

03 ——

How We Use Your Data

We use the information we collect for the following purposes:

Service Delivery: To operate, maintain, and provide the features and functionality of the Service, including account management, game sessions, and coin balances.
Personalization: To remember your preferences, customize your game experience, and display relevant content and promotions.
Analytics & Improvement: To analyze how users interact with the Service, identify bugs and performance issues, and improve game quality and user experience.
Safety & Security: To detect and prevent fraud, cheating, account abuse, unauthorized access, and other harmful activity.
Communications: To respond to your support requests and provide service-related notifications (e.g., account alerts, policy updates).
Legal Compliance: To comply with applicable laws, regulations, court orders, and other legal obligations.
Leaderboards & Social: To display your username and game statistics on public leaderboards with your consent.

We do not use your data for automated individual decision-making that produces significant legal or similarly significant effects without human oversight.

04 ——

Legal Basis for Processing

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data on the following legal bases under GDPR:

Contract performance: Processing necessary to provide the Service and fulfill our Terms and Conditions (e.g., maintaining your account, running games).
Legitimate interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and Service improvement — where these interests are not overridden by your rights.
Legal obligation: Processing required to comply with applicable legal obligations.
Consent: Where we rely on your consent (e.g., for optional analytics cookies or marketing communications). You may withdraw consent at any time without affecting the lawfulness of prior processing.

For California residents, we process data in accordance with the California Consumer Privacy Act (CCPA). We do not sell your personal information to third parties.

05 ——

Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:

Service Providers: Trusted third-party vendors who assist in operating the Service (e.g., cloud hosting, analytics, email delivery). These parties are bound by contractual data processing agreements and may only use your data on our behalf.
Legal Requirements: When required by law, subpoena, court order, or government authority, or when we believe disclosure is necessary to protect our legal rights, safety, or the safety of others.
Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you before your data becomes subject to a materially different privacy policy.
With Your Consent: In any other case where we have obtained your explicit prior consent.

♦ We will never sell your personal data to advertisers, data brokers, or marketing agencies. Your information is used solely to operate and improve the Service.

06 ——

Cookies & Tracking Technologies

We use cookies and similar technologies (e.g., local storage, session tokens) to operate and enhance the Service. Below is a summary of the types of cookies we use:

You can control optional cookies through your browser settings. Most browsers allow you to block or delete cookies, though doing so may affect Service functionality. We also honor Do Not Track (DNT) signals where technically feasible.

We do not use advertising cookies or cross-site tracking technologies.

07 ——

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Active accounts: Data is retained for the duration of your account's active lifetime.
Inactive accounts: Accounts with no activity for more than 24 consecutive months may be automatically deleted, with advance email notice.
Deleted accounts: Upon account deletion, most personal data is purged within 30 days. Certain information (e.g., transaction logs, abuse records) may be retained for up to 5 years for legal compliance purposes.
Backups: Anonymized or aggregated data may persist in secure backups for operational continuity purposes.
Legal holds: Where data is subject to a legal hold or regulatory requirement, we may retain it for longer periods as required.

When data is no longer needed, we securely destroy or anonymize it in accordance with industry-standard practices.

08 ——

Your Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at [email protected].

👁

Right to Access

Request a copy of the personal data we hold about you, including how it is used.

✏️

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

🗑

Right to Erasure

Request deletion of your personal data (the "right to be forgotten") where legally applicable.

⏸

Right to Restrict

Request that we restrict processing of your data in certain circumstances.

📦

Data Portability

Receive your data in a structured, machine-readable format to transfer to another provider.

🚫

Right to Object

Object to processing based on legitimate interests, including profiling and analytics.

↩️

Withdraw Consent

Withdraw consent at any time where processing is based on your prior consent.

⚖️

Right to Complain

Lodge a complaint with your local data protection authority if you believe your rights have been violated.

We will respond to all rights requests within 30 days. In complex cases, we may extend this by an additional 60 days with notice. We may need to verify your identity before processing a request.

California residents have additional rights under CCPA, including the right to know categories of data sold (we do not sell data), the right to opt-out of sale, and the right to non-discrimination for exercising your rights.

09 ——

Data Security

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: All data in transit is protected using TLS 1.3. Passwords are stored using bcrypt hashing with appropriate salt rounds. Sensitive fields are encrypted at rest.
Access controls: Personal data is accessible only to authorized personnel on a strict need-to-know basis. All access is logged and audited.
Infrastructure security: Our servers are hosted on SOC 2 Type II certified cloud infrastructure with automatic security patching and continuous vulnerability scanning.
Monitoring: We operate 24/7 security monitoring for intrusion detection, anomalous access patterns, and DDoS protection.
Incident response: We maintain a documented data breach response plan. In the event of a breach affecting your personal data, we will notify you and the relevant authorities within 72 hours as required by GDPR.

While we take data security seriously, no system is completely impenetrable. We encourage you to use a strong, unique password for your account and to log out when using shared devices.

10 ——

Children's Privacy

The Service is intended for users who are 18 years of age or older. We do not knowingly collect, solicit, or process personal information from individuals under the age of 18.

If we discover that we have inadvertently collected personal data from a user under 18, we will promptly delete that information and suspend the associated account. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at [email protected].

We do not direct marketing communications at children and do not knowingly permit individuals under 18 to create accounts.

11 ——

International Data Transfers

Luckessa is operated from the United States. If you are located in the EEA, United Kingdom, or other regions with data protection laws, your personal data may be transferred to, stored, and processed in a country with different data protection standards than your home country.

Where we transfer data internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to non-adequate third countries.
Adequacy decisions where the recipient country is recognized as providing an adequate level of data protection.
Binding Corporate Rules (BCRs) for intra-group transfers where applicable.

You may obtain a copy of the safeguards we use for international transfers by contacting our Data Protection Officer at the address below.

12 ——

Contact & Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our dedicated privacy team:

Privacy Email: [email protected]
Data Protection Officer: [email protected]
Mailing Address: Luckessa Entertainment Ltd., Attn: Privacy Team, 123 Luckessa Way, Suite 500, Wilmington, DE 19801, United States

You also have the right to lodge a complaint with your local supervisory authority. In the EEA, this is your national Data Protection Authority (DPA). In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

♦ We take all privacy requests seriously and will respond to your inquiry within 30 days. For identity verification purposes, we may request additional information before processing your request.