1win Privacy Policy

What personal data is collected

• Identity and contact: name, date of birth, address, email, mobile number.
• KYC documents: PAN, Aadhaar or other ID details, proof of address, selfies or liveness checks (where lawful and required).
• Account and transaction information: deposits, withdrawals, wagering and gameplay logs, bonuses, balances, verified bank account or UPI identifiers.
• Payment details processed by providers: tokenised card data or masked account numbers; the platform does not store full card numbers, CVV, or PINs.
• Technical and usage data: device identifiers, IP address, browser type, operating system, app version, log files, approximate location, cookie identifiers, session events.
• Responsible gaming preferences: limits, self-exclusion status, interaction history.
• Communications: chat transcripts, emails, recorded calls where permitted by law, complaint records.

Why this information is collected

• To create and service the account, deliver online services, and provide support.
• To verify identity, conduct KYC/AML checks, prevent fraud, manage risk, and enforce platform rules.
• To process payments and comply with tax, anti-money laundering, and records obligations.
• To personalise the user experience, improve websites and apps, and support responsible gaming.
• To meet legal duties in India and other relevant jurisdictions.

Technical and organisational protection measures

• Encryption for information in transit and at rest; key management controls.
• Strict access controls, multi-factor authentication, role-based permissions, and audit logging.
• Segregated processing for payments; payment processors maintain PCI DSS compliance.
• Regular vulnerability scanning, penetration testing, and incident response procedures.
• Staff training, confidentiality commitments, and background checks where appropriate.
• Data minimisation, pseudonymisation where possible, and secure disposal when no longer needed.

User rights

• India (DPDP Act 2023 and IT Act 2000, including SPDI Rules 2011): right to access, correction, erasure, withdraw consent, and grievance redressal.
• EEA users (GDPR, if applicable): rights above plus restriction, portability, and objection to certain processing.
• Requests can be made through account settings or the Help Centre; identity verification may be required.

Compliance

• 1win aligns operations to the Information Technology Act 2000, the SPDI Rules 2011, and prepares for obligations under the Digital Personal Data Protection Act 2023 as notified.
• For users in the EEA, processing follows GDPR principles of lawfulness, fairness, purpose limitation, and accountability.

Lawful and transparent processing

• Contract necessity: account creation, authentication, gameplay, settlement of bets, deposits, and withdrawals.
• Legal obligation: KYC/AML screening, reporting under applicable regulations, responding to lawful requests.
• Legitimate interests: platform security, fraud prevention, service analytics, product improvement.
• Consent: marketing communications, certain cookies, optional features and surveys.

How information is used

• Account service and transactions: onboarding, verification, payments, and customer support for online services.
• Personalisation and improvement: content recommendations, interface preferences, and product testing.
• Marketing: newsletters, offers, and service notices; users can opt out in account settings or via unsubscribe links.
• Analytics and statistics: performance metrics, error diagnostics, behaviour analysis to improve websites and apps.
• Compliance and risk: sanctions and PEP screening, dispute management, enforcement of terms and responsible gaming tools.

Privacy by design

• Data is collected for defined purposes, retained only as needed, and processed using proportional safeguards.
• 1win documents processing activities and reviews vendors for security and confidentiality.

How to access, update, or delete

• Access: review profile and transactional information in account settings; request a full report via the Help Centre privacy request channel.
• Update: correct details in settings or submit a correction request; supporting documents may be required for KYC fields.
• Deletion: request account closure and erasure through the Help Centre. Certain records must be retained for a period required by law.

Procedures and timelines

• Verification of identity is required before actioning requests.
• Target response time is 30 days; complex requests may require additional time as permitted by law.
• Where a request is denied (for example, conflict with legal retention), the reason will be communicated.

Security and payments

• By using 1win, users consent to security reviews, KYC/AML checks, sanctions screening, and the processing of payment information by authorised providers.
• Financial records and KYC evidence may be retained for up to five years after account closure to comply with anti-money laundering and tax requirements.

Grievance redressal

• Users can raise a complaint through the in-app support channel or the Help Centre. Details of the designated Grievance Officer are available in the Help Centre and will be provided on request.

• Services are intended for adults aged 18 and above. Registration by minors is not permitted.
• Age cannot be verified without proper documents; proof may be requested where risk indicators arise.
• If a parent or legal guardian informs that a minor has provided personal information, submit a removal request through the Help Centre along with proof of authority. The account will be closed and information deleted subject to legal retention duties.

• Personal information may be collected in India and processed in other countries where service providers and partners operate.
• Use of the services constitutes consent to such transfers, subject to safeguards described in this policy.
• Partners are required to maintain confidentiality, apply appropriate security, and process information only on documented instructions.
• Contractual safeguards such as data processing agreements, standard contractual clauses, audits, and access restrictions are used. Transfers are performed as permitted under Indian law and other applicable regimes.
• For questions about cross-border processing, contact the support channel in the Help Centre; 1win will provide additional information where lawful and feasible.

• This privacy policy is a governing document for data handling. Any applicable disclaimer published on the websites may clarify, limit, or expand the operational effect of particular rules to the extent allowed by law.
• The disclaimer applies when the user indicates acceptance of this policy, including click-acceptance, signature, or other accession methods recognised by the platform.
• If a clause is held invalid by a competent authority, the remaining provisions continue to operate to the fullest extent permitted.

What cookies are

• Cookies are small text files stored on a device by a browser. Similar technologies include SDKs, pixels, and local storage.

How they are used

• Essential operations: account login, session management, fraud prevention, security.
• Statistics and analytics: site performance metrics and error diagnostics.
• Behaviour analysis and personalisation: remembering preferences and improving the user experience.
• Advertising: measurement and frequency capping where consented.

Retention and control

• Standard cookie retention is up to 1 year unless deleted earlier by the user or required for security.
• Users can manage preferences in site settings and in the browser, or opt out of certain third-party tools via their pages.
• If cookies are disabled, some services may not function as intended.

• Use of the websites, apps, or related services constitutes full acceptance of this privacy policy.
• The current version published on the site prevails over previous versions.
• Material changes will be notified through the website or by email where appropriate. Continued use after changes indicates acceptance of the updated document.
• Users who do not agree should adjust privacy settings or discontinue use of the services provided by 1win.

Sharing information

• Personal information may be shared with service providers, payment institutions, banks, KYC/AML vendors, analytics partners, and customer support platforms under binding contracts.
• Disclosure may occur to public authorities, law enforcement, courts, or arbitral tribunals where required by law or to establish, exercise, or defend legal claims.
• Information can be shared to execute agreements, resolve disputes, prevent fraud, or enforce platform policies.

Transparency and consent

• A list or categories of key providers is available on the site or on request; if not listed, the purpose and scope of sharing will be communicated where legally and operationally possible.
• Providing information to enable these services is treated as consent for the intended use. 1win requires third parties to use information only for the specified purpose and to keep it confidential.

• The site may contain links to external websites or apps that operate their own privacy practices.
• The platform is not responsible for how those third parties collect, use, or share personal information.
• Users should review the privacy policy of each external site before providing any information and exercise caution when navigating away from this document.