Privacy Policy
This document governs how 1win handles personal information for users who access services from India. The policy applies to the desktop website, mobile website, and 1win app across all supported devices. Personal data encompasses identification details, contact information, payment credentials, and account activity records that the company collects and stores. Anonymous data and aggregated statistics that cannot identify individual users fall outside this framework. The policy addresses data collection methods, legal grounds for processing, sharing arrangements, retention timelines, user rights, security measures, and update procedures. Users who register an account or use any service agree to these terms and grant permission for data handling activities described throughout this document.
What data 1win collect and how
The platform gathers information through direct submission and automatic collection methods. The table below organizes data categories, describes their content, and specifies collection methods for each type.
| Data Category | What It Contains | Collection Method |
| Registration | Name, email, phone number, date of birth, residential address | User provides directly |
| Verification | Identity documents, proof of address, AML checks for India-region accounts | User provides directly |
| Support | Chat messages, request details, attached files | User provides directly |
| Financial | Payment card details, transaction records, wallet addresses, INR deposit amounts | User provides directly |
| Automatic Technical | IP address, device model, operating system version, browser type, crash reports, usage logs | Collected automatically |
| Cookies | Browsing history, login sessions, language preferences, site interaction patterns | Collected automatically |
| Analytics | Google Analytics data, page views, session duration, IP address tracking | Collected automatically |
| Mobile and App | Device identifiers, location signals, 1win APK usage metrics, mobile OS details | Collected automatically |
Legal grounds for processing Personal Data
The table below connects each main data-processing purpose to its corresponding authorization basis under applicable regulations in India.
| Processing purpose | Authorization basis | Brief description |
| Account creation | Contract performance | Registration data enables service delivery and account setup |
| Payments | Contract performance | Transaction records and payment details support fund transfers |
| Verification | Legal obligations | Identity document checks fulfill anti-money-laundering requirements and regulatory duties |
| Fraud prevention | Legitimate interests | Activity logs and IP address monitoring detect suspicious patterns and protect accounts |
| Service improvement | Legitimate interests | Usage metrics and crash reports help optimize features and fix technical errors |
| Marketing | Consent | Promotional messages and customized offers reach users who opt in |
| Legal compliance | Legal obligations | Retention periods and data disclosure respond to authority requests and legal claims |
Anti-money-laundering checks form a mandatory part of verification procedures in India. Regulatory duties also require identity confirmation before account activation. Fraud-prevention measures rely on device fingerprinting and location signals. Service-improvement activities analyze anonymous usage data alongside personal records. Marketing communications stop after opt-out requests reach support channels.
How website use Personal Data
The platform collects and applies information for multiple operational purposes tied to account functions and service delivery. Each processing activity supports specific features and complies with stated legal bases. The following list outlines core data applications across all stages of user interaction:
- Account setup and management – registration details enable profile creation, login authentication, and access control to betting features;
- Payment handling – financial information processes deposits, withdrawals, and transaction history records in INR;
- Identity verification – submitted documents confirm age, address, and anti-money-laundering compliance for India-region accounts;
- Content and language personalization – location signals and browser preferences adjust interface display and regional offerings;
- Promotion customization for India-region users – account activity and preferences shape bonus offers, tournament invitations, and cashback deals;
- Analytics and service measurement – usage logs, device data, and crash reports track performance metrics and technical improvements;
- Marketing communications with consent – opt-in preferences allow promotional emails, SMS notifications, and personalized campaign delivery.
How casino can transfer your Personal Data
The casino shares information with external partners and authorities under specific circumstances. Data transfers follow contractual safeguards and comply with India-region legal expectations.
- Payment providers receive identity and transaction details to process deposits and withdrawals;
- Verification partners access documents and registration information to complete KYC checks and identity confirmation;
- Public record sources supply supplementary account verification data when the casino needs additional confirmation;
- Analytics services receive anonymized usage metrics and device signals to measure site performance and visitor patterns;
- Competent authorities obtain stored information when fraud allegations appear or legal obligations require disclosure;
- Cross-border storage facilities hold encrypted data under contractual protection and access controls;
- Anti-money-laundering teams review transaction logs and payment details to detect suspicious activity patterns.
International data transmission
Personal information can be stored or processed on servers outside India. The company handles account details through teams and technical systems that operate across multiple jurisdictions. These cross-border transfers rely on contractual protections and technical safeguards to maintain appropriate security standards. India-region accounts remain subject to processing by staff and infrastructure located in other countries. Users accept these international transfers as part of service usage. The acceptance forms part of the terms that govern account operation and service delivery. Technical architecture requires distributed storage solutions that span different geographical locations. Contractual arrangements with third-party processors include data protection clauses that address transfer security. Users retain the rights described elsewhere in the policy regardless of where the company physically stores or handles the information.
Safety
1win protects personal data through multiple technical and organizational controls. Stored information sits on protected servers with restricted physical and digital access. Internal staff members handle data only when service delivery or compliance tasks require it. Access controls limit who can view or process sensitive records. The company follows industry-standard measures to reduce risks of unauthorized access, disclosure, alteration, or loss. Regular audits and monitoring procedures help detect potential breaches early. Staff training reinforces correct handling practices across departments. These protective steps align with recognized security frameworks used across India and international jurisdictions. No system can guarantee absolute protection against all threats. Data breaches remain possible despite preventive efforts. The company commits to maintaining reasonable safeguards proportionate to the sensitivity of collected information. Users share responsibility for account credentials and device security.
Data storage
1win retains different categories of information for various periods to meet anti-money-laundering requirements and legal obligations in India. The table below displays data categories and their typical retention schedules. Some records auto-delete after specific periods, and users can remove certain entries through account settings.
| Data type | Typical retention period |
| Account details | Up to 5 years after account closure |
| Verification records | Up to 5 years after account closure |
| Transaction data | Up to 5 years after account closure |
| Communication logs | Up to 5 years after account closure |
| Technical logs | Auto-deletes after 12 months |
Longer retention applies when legal claims remain active or when anti-money-laundering regulations demand extended storage. Users can access settings to delete optional information before closure. Financial records and identity documents stay protected during the entire retention window to support regulatory audits and fraud prevention tasks.
Users rights
The policy grants several rights that allow users to control personal data stored in the account. Identity confirmation can apply before the company processes requests to protect account security.
- Access personal data. Request details about stored information at any time;
- Correct inaccurate information. Submit updates when registration or verification data contains errors;
- Delete eligible data. Request removal of information where legal rules and account agreements allow deletion;
- Restrict certain processing. Limit how the company handles specific data categories;
- Object to particular processing. Challenge data uses based on legitimate interests when personal circumstances apply;
- Withdraw marketing consent. Stop promotional messages and optional data collection through account settings or support contact;
- Confirm identity before processing. Provide verification documents when the company requests additional confirmation for security purposes;
- Acknowledge retention obligations. Accept that some data must remain for legal compliance, financial records, and anti-money-laundering checks even after deletion requests.
Using Google Analytics
Google Analytics collects anonymous and pseudonymous information from visitors who access 1win pages. The service gathers page views, IP addresses, device models, browser types, and operating system details. Cookies store this measurement data and track how users interact with different sections. The analytics tool helps measure usage patterns and allows the company to improve language selection and content display for India-region visitors. Users can manage or block analytics cookies through their browser settings. Standard browser controls allow anyone to refuse cookie storage or delete existing tracking files. This adjustment stops Google Analytics from recording future browsing activity on the site.
SSL encryption
The platform protects sensitive communications through a multi-layered approach that combines transport security with internal controls:
- 256-bit SSL/TLS encryption covers all important website transmissions, which shields data during login sessions, payment transactions, and sensitive form submissions;
- Login credentials travel through encrypted channels that reduce the risk of interception during authentication attempts;
- Payment information flows through secured connections that protect card numbers, UPI details, and transaction amounts from unauthorized access;
- Sensitive form data receives the same encryption standard when users submit verification documents or account updates;
- Internal access controls restrict which staff members can view encrypted data after it reaches secure servers;
- Risk reduction applies to all encrypted communications, yet encryption does not guarantee absolute security against every possible threat.
