Privacy Policy
Effective:
Last reviewed: by Aaron Collins, Editorial Lead.
This document explains what data Lucky Dreams collects, why we collect it, how long we keep it, and how you can request access, correction or deletion. Lucky Dreams operates under the Curaçao licensing framework and aligns its practices with the Australian Privacy Principles where Australian players are concerned. If anything below is unclear, email [email protected].
What information do we collect?
Three categories. Identity and contact information you provide during registration and KYC: full name, date of birth, residential address, email, mobile number, and the identity and address documents required for verification. Financial information: payment method details, deposit and withdrawal records, loyalty point ledger. Gameplay and technical information: every wager placed, tournament position changes, session timestamps, IP address, device fingerprint and browser metadata.
Why does each category exist?
Identity data exists because a Curaçao licensee must verify that every player is at least 18 years old and is the person they claim to be. Financial data exists because we have to maintain accurate accounting records for 7 years under the licensing framework and Australian tax-related obligations. Gameplay data exists because tournament leaderboards depend on a complete wager history, dispute resolution requires session logs, and responsible-gaming algorithms rely on betting-pattern monitoring.
Who do we share data with?
Game and live-studio providers (Evolution, Pragmatic Live, Ezugi) receive the minimum data needed to render game sessions — that is essentially a session token, not your identity. Payment processors receive what they need to settle deposits and withdrawals — typically your name, the relevant bank or card identifier, and the transaction amount. Our regulator (Curaçao gaming oversight) and law-enforcement agencies receive data only on lawful request, with the request logged internally. We do not sell any personal data to third parties.
| Data type | Retention | Reason |
|---|---|---|
| Identity and KYC documents | 7 years from account closure | AML and licensing |
| Financial transactions | 7 years from transaction date | Accounting and AML |
| Gameplay and tournament logs | 5 years | Dispute resolution and audit |
| Live chat and email transcripts | 3 years | Quality and compliance |
| Web analytics (anonymised) | 26 months | Product analysis |
| Marketing preferences | Until you opt out, then 30 days | Honour preference signals |
How do we secure data?
TLS 1.3 in transit, AES-256 at rest. KYC documents stored in an isolated bucket with bucket-level encryption keys rotated quarterly. Access logs on every read and write. Database backups encrypted and held in a geographically separate region. Penetration test once every 12 months by an independent third party — most recent test 14 January 2026, no critical findings.
Cookies and tracking
Necessary cookies for session management, fraud prevention and load balancing — these cannot be disabled without breaking core functionality. Analytics cookies for aggregate product analysis — these are opt-in via the cookie banner on first visit. No third-party advertising cookies. No cross-site tracking pixels. No social-media share buttons that load remote scripts. The site loads cleanly with analytics declined.
Your rights
- Access: request a JSON export of all data we hold on you. Email [email protected]. Delivered within 30 days, usually 5-10 business days.
- Correction: update inaccurate identity or contact data through the dashboard or by emailing support.
- Deletion: request account closure and erasure. Records that fall under the 7-year retention rule cannot be deleted before that window expires, but they are isolated from any active processing.
- Objection: opt out of marketing communications at any time. Necessary communications (transaction confirmations, security alerts, regulatory notices) cannot be disabled.
- Complaint: if you believe we have mishandled your data, raise it with [email protected] first. You retain the right to escalate to the Office of the Australian Information Commissioner if the response does not satisfy you.
Children
Our services are restricted to adults aged 18 and over. Identity verification at KYC is the technical control that prevents underage access. If we discover that a registration belongs to someone under 18, the account is closed immediately, any pending winnings are forfeited per Curaçao licensing rules, and any deposited funds are refunded to the verified payment method.
Changes to this policy
Material changes are notified via email and a banner on the home page for at least 14 days before they take effect. Minor changes (clarifications, formatting, broken-link fixes) are reflected in the "Last reviewed" date at the top of this page. The current review is 4 May 2026.
Contact us about privacy
[email protected] for any privacy matter. [email protected] for editorial questions about how this policy is written or enforced. Support live chat is available 24/7 for quick clarifications.
Questions about your data?
Email [email protected]. Median response 2-4 hours during AEST daytime.
Open contact page Back to home18+ | BeGambleAware.org | T&Cs apply · RG helpline 1800 858 858