Menu Welcome Bonus Banner Claim Bonus
Sahara Sands Casino Hero Banner
Welcome to SpinsUp Casino 150% up to $1,200 + 150 Free Spins Premium Online Casino with Fast Crypto Withdrawals Claim Your Bonus
Over 3,200 Games
Over 3,200 GamesPokies from NetEnt, Pragmatic Play, Microgaming & 52 providers
Live Casino 24/7
Live Casino 24/7Evolution Gaming dealers in HD streaming
$4,000 + 300 Free Spins
$4,000 + 300 Free SpinsExclusive welcome package for Australian players

Privacy Policy

Effective Date: November 2025
Last Updated: November 19, 2025

Digital Entertainment N.V. (operating SpinsUp Casino) collects, processes, and stores personal information in accordance with Curacao data protection regulations and international privacy standards. This policy details information collection practices, usage purposes, data sharing protocols, security measures, and user rights regarding personal data.

By creating an account, you consent to data collection and processing as described herein. Continued platform use after policy updates constitutes acceptance of modifications.


Data Collection Categories

Registration Information

Collected during account creation: Full legal name, date of birth, email address, mobile phone number, residential address (street, city, state, postcode), selected currency (AUD), username, encrypted password.

Purpose: Account creation, age verification (18+ requirement), identity confirmation, communication, regulatory compliance.

Verification Documents (KYC)

Collected before first withdrawal: Government-issued photo identification (passport, driver's license, national ID), proof of address documents (utility bills, bank statements, government correspondence dated within 90 days), payment method verification (card photos with obscured numbers, e-wallet screenshots, bank account details).

Purpose: Identity verification, fraud prevention, anti-money laundering compliance, payment processing validation, regulatory requirements.

Financial Transaction Data

Collected during deposits/withdrawals: Payment method details (card types/last 4 digits, e-wallet accounts, cryptocurrency addresses), transaction amounts, timestamps, processing status, transaction IDs, payment processor information.

Note: Full credit card numbers never stored on SpinsUp servers. Payment processors handle card data under PCI-DSS compliance independently.

Purpose: Transaction processing, financial reconciliation, fraud detection, dispute resolution, tax compliance where applicable.

Gameplay & Betting Activity

Automatically recorded: Games played, bet amounts, win/loss records, game session duration, feature usage, bonus activation, wagering progress, RTP achieved, tournament participation.

Purpose: Platform functionality, bonus management, responsible gaming monitoring, gameplay analytics, dispute resolution, regulatory reporting.

Technical & Device Information

Automatically collected: IP addresses, device types (desktop/mobile/tablet), operating systems, browser types and versions, screen resolutions, geographic location (city/country level), language preferences, referral sources.

Purpose: Security monitoring, fraud prevention, platform optimization, technical support, analytics.

Communication Records

Stored communications: Live chat transcripts, email correspondence, support tickets, phone records (if applicable), feedback submissions.

Purpose: Customer support, dispute resolution, service improvement, training, regulatory compliance.

Cookies & Tracking Data

Browser storage includes: Session cookies (login state, navigation), persistent cookies (preferences, settings), analytics cookies (usage patterns), authentication tokens (security).

Purpose: Session management, preference storage, analytics, security, fraud prevention. Detailed cookie information available in Cookie Policy.


How Collected Information Is Used

Core Platform Operations

  • Account creation and authentication
  • Payment processing (deposits and withdrawals)
  • Bonus allocation and wagering tracking
  • Game delivery and functionality
  • Customer support provision
  • Transaction history maintenance
  • Balance and gameplay record management

Security & Fraud Prevention

  • Account access authentication
  • Suspicious activity detection
  • Multiple account identification
  • Payment fraud prevention
  • Bonus abuse detection
  • Geographic restriction enforcement
  • Security breach monitoring

Regulatory & Legal Compliance

  • Age verification (18+ enforcement)
  • Anti-money laundering (AML) checks
  • Licensing authority reporting
  • Transaction record retention (7 years minimum)
  • Dispute documentation
  • Tax reporting where required
  • Legal request compliance (court orders, law enforcement)

Marketing & Communications

With explicit consent: Promotional emails (bonus offers, tournaments, new games), SMS notifications (optional), push notifications (mobile platforms), personalized offers based on play patterns.

Opt-out: Available anytime through account settings or unsubscribe links in emails. Transactional communications (deposit confirmations, withdrawal updates, security alerts) cannot be disabled as they're essential for account management.

Platform Improvement

  • User experience optimization
  • Game selection analysis
  • Feature usage patterns
  • Technical performance monitoring
  • Error identification and resolution
  • Interface design improvements

Analytics uses aggregated, anonymized data not identifying individual players.


Information Sharing & Third-Party Access

Essential Service Providers

Payment Processors: Receive transaction details necessary for deposit/withdrawal processing. Processors include card payment gateways, e-wallet services, cryptocurrency exchanges, bank transfer facilitators. All processors maintain PCI-DSS compliance or equivalent security standards.

Game Providers: Receive minimal data required for game functionality - username, session tokens, bet amounts. Do not receive financial information or identification documents. Providers include NetEnt, Pragmatic Play, Evolution Gaming, Microgaming, and others listed in game library.

Verification Services: Third-party KYC providers assist identity verification. Receive copies of submitted identification documents solely for verification purposes. Operate under strict confidentiality agreements and data protection obligations.

Cloud Hosting: Platform infrastructure hosted on secure cloud servers. Hosting providers access encrypted data only for technical maintenance. Cannot decrypt personal information without authorization keys held exclusively by SpinsUp.

Email Service Providers: Process transactional and marketing emails. Receive email addresses and message content only. Cannot access broader account information.

Legal & Regulatory Entities

Licensing Authority: Curacao eGaming receives operational reports including aggregated player data, financial transactions, dispute records. Individual player information shared only for specific investigations or compliance audits.

Law Enforcement: Information provided in response to valid legal requests - court orders, subpoenas, law enforcement investigations. Scope limited to specific inquiry requirements.

Dispute Resolution: Alternative dispute resolution (ADR) services receive relevant information for complaint investigation and mediation.

Business Transactions

In event of merger, acquisition, sale of assets, or bankruptcy: Player information may transfer to successor entity. Users notified via email of ownership changes. Privacy protections continue under new ownership unless users receive option to close accounts and delete data.

Information NOT Shared

Personal information never sold, rented, or traded to third parties for marketing purposes. No sharing with affiliate partners, advertising networks, or data brokers. Email addresses not provided to third-party marketing services without explicit separate consent.


Security Measures & Data Protection

Technical Security

Encryption: 256-bit AES encryption for stored data, TLS 1.3 for transmission. All data transfers between user devices and servers encrypted using banking-grade protocols.

Password Security: Passwords hashed using bcrypt algorithm with individual salt values. Original passwords unrecoverable - system only verifies hash matches. Password reset required if forgotten.

Access Controls: Role-based access permissions limit employee data access. Only authorized personnel access sensitive information, and all access logged for audit purposes.

Network Security: Firewalls, intrusion detection systems, DDoS protection via Cloudflare. Real-time monitoring for suspicious access patterns or data breaches.

Secure Infrastructure: Database encryption at rest, regular security patching, penetration testing, vulnerability assessments conducted quarterly by independent security firms.

Organizational Security

Employee Training: All staff complete data protection training. Non-disclosure agreements required. Confidentiality obligations continue post-employment.

Audit Trails: All data access logged with timestamps, user IDs, actions performed. Logs retained for security audits and compliance verification.

Incident Response: Data breach response plan includes immediate containment, user notification within 72 hours, regulatory reporting, remediation measures.

Limitations of Security

Despite comprehensive security measures, no system is completely invulnerable. Internet transmission and electronic storage carry inherent risks. SpinsUp implements industry-standard protections but cannot guarantee absolute security. Users responsible for maintaining confidentiality of login credentials and reporting suspicious activity immediately.


Data Retention Periods

Active Accounts: All information retained indefinitely while account remains active and in use.

Closed Accounts: Personal information, transaction records, and gameplay history retained for 7 years after account closure. Retention required for regulatory compliance, dispute resolution, financial audits, anti-fraud measures.

Self-Excluded Accounts: Name, date of birth, email address retained indefinitely to prevent circumventing self-exclusion through new registrations. Other personal data deleted after 7-year retention period.

Marketing Data: Email addresses for marketing purposes deleted within 30 days of unsubscribe request. Historical communication records retained up to 2 years for analytics purposes (anonymized).

Financial Records: Transaction data retained minimum 7 years for tax compliance and financial auditing. Some jurisdictions may require longer retention.

After retention periods expire, data securely deleted or anonymized beyond recovery. Anonymized data may be retained indefinitely for statistical analysis and research.


Your Privacy Rights

Right to Access

Request copies of personal information held. Submit requests to [email protected] with subject "Data Access Request" including username and registered email. Response provided within 30 days containing: personal details, account history, transaction records, communication logs.

Right to Rectification

Update inaccurate or incomplete personal information. Most details editable through account settings. Changes requiring verification (name, date of birth) must be requested through support with documentation proving corrections.

Right to Erasure ("Right to be Forgotten")

Request account deletion and data erasure. Note: Information subject to legal retention requirements (financial records, regulatory compliance data) cannot be deleted until retention period expires. Non-essential data deleted within 30 days of request. Self-exclusion information retained permanently to honor exclusion.

Right to Data Portability

Request personal data in machine-readable format (CSV, JSON) for transfer to another service. Provided within 30 days of request. Includes: account information, transaction history, gameplay records.

Right to Restrict Processing

Request limitation of data processing for specific purposes. While account remains active, essential processing (security, payment processing, legal compliance) cannot be restricted without account closure. Marketing processing can be restricted anytime through communication preferences.

Right to Object

Object to specific data processing activities, particularly marketing communications and analytics. Objections to essential processing (account management, security, legal compliance) require account closure as these are necessary for platform operation.

Right to Withdraw Consent

Where processing relies on consent (marketing, optional cookies), withdraw consent anytime through account settings. Withdrawal doesn't affect processing legality prior to withdrawal.

Exercising Rights

Submit requests via email to [email protected] with clear subject lines indicating right being exercised. Include username and registered email for verification. Identity verification may require additional information before fulfilling requests. No fees charged for reasonable requests. Excessive or repetitive requests may incur administrative charges.


Cross-Border Data Transfers

SpinsUp operates internationally. Personal information may be processed in countries outside Australia including Curacao (company registration), Europe (payment processors), United States (cloud hosting), Asia (game providers).

Data protection standards vary by jurisdiction. Where transferring to countries without adequate protection, SpinsUp implements safeguards: standard contractual clauses, binding corporate rules, processor agreements requiring equivalent protection, encryption during transfer and storage.

All third-party service providers contractually obligated to maintain data protection standards meeting or exceeding Australian Privacy Principles regardless of processing location.


Protection of Minors

SpinsUp Casino strictly prohibits access by individuals under 18 years. Platform does not knowingly collect information from minors. Registration system automatically rejects submissions indicating age under 18.

If minor access discovered: Account immediately suspended, all funds returned to deposit source, information deleted within 30 days, investigation conducted to prevent future occurrences.

Parents/guardians suspecting minor accessed platform should contact [email protected] immediately with subject "Minor Access Report." Immediate investigation and account termination initiated.


Privacy Policy Updates

Policy reviewed and updated as necessary for legal compliance, operational changes, or industry best practices. Significant changes announced via email notification and prominent platform notice 30 days before implementation.

"Last Updated" date at policy top indicates most recent revision. Users encouraged to review periodically. Continued platform use after changes constitutes acceptance. Users disagreeing with modifications should close accounts before changes take effect.


Australian Privacy Act Compliance

For Australian residents, data handling aligns with Australian Privacy Principles (APPs) under Privacy Act 1988. Rights include: access to personal information, correction of inaccurate data, complaints to Office of Australian Information Commissioner (OAIC), direct marketing opt-out.

Australian privacy complaints: Submit to [email protected] with subject "Privacy Complaint - Australia." Response within 30 days. Unresolved complaints may be escalated to OAIC: www.oaic.gov.au, phone 1300 363 992.


Privacy Inquiries & Requests

Email: [email protected]
Subject Line Templates:
- "Data Access Request"
- "Data Deletion Request"
- "Privacy Policy Question"
- "Data Correction Request"
- "Privacy Complaint"

Include username and registered email in all privacy-related communications. Response time: 30 days maximum for data requests, 7 days for general inquiries.

Quick Links
Legal Information
18+

2025 Sahara Sands Casino. All rights reserved.