Personal data collected

• Identity and KYC: name, date of birth, nationality, government identity details permitted by law (for example, PAN or Aadhaar number if provided), selfies, and verification documents.
• Contact details: mobile number, email address, postal address.
• Account and usage: username, settings, responsible gaming preferences, game and bet history, customer support records.
• Financial and transaction: payment method identifiers (such as UPI VPA, masked card details), deposits, withdrawals, refunds, chargebacks.
• Technical: IP address, device identifiers, browser type, operating system, language, mobile network, cookies and similar technologies, approximate location derived from IP.

Why this data is collected

• To provide and maintain services, verify identity, process payments, prevent fraud, manage risk, and deliver responsible gaming features.
• To comply with anti-money laundering, taxation, and record-keeping requirements.
• To improve online performance, personalise experience, and support customer queries.

Security measures

• Encryption in transit and at rest for appropriate data classes.
• Role-based access control, least-privilege permissions, and activity logging.
• Regular security testing, vulnerability management, and incident response procedures.
• Vendor due diligence and contractual confidentiality obligations.
• Alignment to recognised standards such as ISO/IEC 27001 and PCI DSS for payment processing.

User rights

• Access: obtain a copy of personal information and data sources.
• Correction: update inaccurate or incomplete details.
• Deletion: request erasure, subject to legal retention duties.
• Restriction and objection: limit certain processing where allowed by law.

Compliance statement

The platform seeks to comply with Indian law, including the Information Technology Act, 2000, the SPDI Rules, the Digital Personal Data Protection Act, 2023 (and applicable rules when in force), and relevant state requirements. Where applicable, comparable international standards such as GDPR are observed for cross-border users.

Lawful and transparent processing supports:

• Account servicing: registration, login, verification, responsible gaming tools, customer support.
• Payments and transactions: deposits, withdrawals, refunds, dispute handling, chargeback management.
• Service reliability and improvement: troubleshooting, analytics, performance monitoring, product enhancements.
• Personalisation: language, content, and settings tailored to user preferences.
• Safety and compliance: fraud detection, AML checks, sanctions screening, audit trails, and regulatory reporting.
• Communications: service notices, policy updates, transactional alerts, and optional marketing based on consent.

1win processes information for the purposes stated above on the basis of consent, the need to perform a contract, and legal obligations. Users may withdraw marketing consent at any time in account settings or through the support channels noted on the website.

How to exercise rights

• Access and update: use in-account settings to review or edit profile information, or contact support for assistance.
• Deletion: submit a request through the support channel indicated on the website. Certain records may be retained as required by law (for example, AML and tax).
• Verification: the platform may request additional information or documents to confirm identity before actioning a request.

Process and timelines

• Acknowledgement is provided after a valid request is received.
• A response is typically issued within 30 days, subject to permitted extensions for complex requests.

Security checks and payment processing consent

By using 1win, the user consents to identity and security checks, fraud screening, and the processing of payment information by authorised payment service providers for transaction purposes.

Escalation

Users may contact the Grievance Officer for India through the details published on the website. Where applicable, they may also raise concerns before the Data Protection Board of India once operational under the DPDP Act.

• Services are intended for persons aged 18 years or above. Registration or use by minors is not permitted.
• The operator cannot confirm age without appropriate documents. KYC checks may be conducted to validate age and identity.
• If a parent or guardian believes a minor has provided personal information, they may request deletion using the contact details provided on the website. Accounts proven to belong to minors are closed and related data is deleted subject to legal retention requirements.

• Personal information may be processed and stored outside India in locations where service partners, data centres, or support teams operate.
• By using the services, the user consents to international transfers for the purposes described in this policy.
• Partners are required to protect confidentiality and security through contracts, access controls, and appropriate safeguards. Where relevant, standard contractual clauses or equivalent mechanisms are implemented to protect the data during transfer and processing.

• A legal disclaimer published on the website may clarify or limit the scope or effect of certain rules in this document to the extent permitted by applicable law.
• The disclaimer applies when the user accepts this Privacy Policy by registering an account, clicking to accept, or continuing to access the services as an act of accession.
• Nothing in the disclaimer excludes rights granted under applicable Indian law or mandatory consumer protections.

What cookies are

Cookies are small text files stored on a device when a user visits websites or uses an application. Similar technologies include pixels, SDKs, and local storage.

How cookies are used

• Essential: enable core site functions and secure login.
• Analytics and statistics: measure traffic, performance, and error rates.
• Personalisation: remember preferences such as language and display settings.
• Marketing: assess the effectiveness of communications where consent is provided.

Retention

• Unless a shorter period is needed, cookies are generally retained for up to 1 year.

Control

• Users can manage cookies through browser settings or in-site preferences if available. Some essential cookies are necessary for services to function.

• Use of the website or apps signifies full acceptance of this Privacy Policy and any incorporated notices.
• The current version published on the website prevails over previous versions. Material changes will be posted with an updated effective date.
• Continued use after an update constitutes acceptance of the revised terms, subject to applicable law.

When sharing may occur

• Legal and regulatory: compliance with law, court orders, tax or AML obligations, and law enforcement requests.
• Disputes and risk: fraud prevention, chargeback handling, debt recovery, and dispute resolution.
• Service providers: payment gateways, KYC and sanctions screening partners, analytics, cloud hosting, customer support tools, and communication services.

Information on recipients

• Categories of recipients are described in this document. Where a public list of processors is available on the website, that list governs.
• If a specific third party is not listed, the user will be informed of the purpose and scope before sharing where practicable. Providing personal data and using transaction features constitutes consent to such sharing necessary to deliver the services.

• The website may contain links to third-party websites or services. Those external sites have their own privacy policies and practices.
• 1win is not responsible for how external parties handle personal information.
• Users should review the privacy policy of each external site before providing any data or completing a transaction.