Privacy Policy: How Ripper Casino Handles Australian Player Data

This policy explains what personal information we collect about Australian players, why we collect it, how we use and store it, who we share it with, and how you exercise your rights under the Privacy Act 1988 (Cth). The structure follows the 13 Australian Privacy Principles (APPs) administered by the Office of the Australian Information Commissioner (OAIC). Last reviewed: 12 May 2026.

APP 1 — Open and Transparent Management

Ripper Casino is operated under Curacao licence 8048/JAZ. We publish this policy openly, link it from every page footer, and notify registered players by email when material updates occur. Questions about handling go to privacy@ our domain or via live chat.

APP 2 — Anonymity and Pseudonymity

You can browse the site, view demo games, and read our policy pages anonymously. Once you register, anonymity ends — Australian regulators and our Curacao licensor require identifiable accounts for any real-money play.

APP 3 — Collection of Solicited Information

We collect: name, date of birth, residential address, email, mobile, AU postcode and state at registration; KYC documents (Medicare card, AU driver's licence, or passport, plus a proof of address under three months old) before first withdrawal; transaction data (deposit and withdrawal records, BSB/account last four digits, PayID handle if used); behavioural data (game preference, session duration, device fingerprint, IP, geo). Collection is limited to what is reasonably necessary for licensing, AML/CTF compliance, and account security.

APP 4 — Unsolicited Personal Information

If we receive personal information we did not request — for example, a screenshot you share in chat containing third-party details — we assess whether we could have lawfully collected it. If not, we destroy or de-identify it as soon as practicable, unless retention is required by law.

APP 5 — Notification

At collection points (registration, KYC upload, deposit), we notify you of: the purpose of collection, the consequences if you don't provide it, any third parties we share with, and a link back to this policy. The notice appears inline above the relevant form.

APP 6 — Use or Disclosure

We use your information only for the purpose stated at collection or a directly related secondary purpose you would reasonably expect — running your account, processing payments, complying with AML/CTF and responsible-gambling obligations, preventing fraud, and improving the service. We do not use your data for unrelated marketing without separate consent.

APP 7 — Direct Marketing

Marketing emails and SMS to AU residents are opt-in at registration. Every message includes a one-click unsubscribe. We do not sell, lease, or trade marketing lists. Self-excluded accounts are removed from all marketing channels immediately.

APP 8 — Cross-Border Disclosure

Some of our processors operate outside Australia — payment risk-scoring is partly handled in the EU; analytics and email delivery use US-headquartered providers under data processing agreements. We take reasonable steps to ensure overseas recipients comply with the APPs, including contractual clauses and ISO 27001 attestations.

APP 9 — Government Identifiers

We collect government identifiers (e.g., driver's licence number, Medicare number) only as required for KYC under the AML/CTF Act 2006. We do not adopt them as our own account identifier and do not disclose them except to verification providers and regulators on lawful request.

APP 10 — Quality

You can update your contact details, address, or marketing preferences any time from Account → Profile. We rely on you to keep these current; outdated information can delay withdrawals when our KYC system reconciles addresses against your bank's records.

APP 11 — Security

Data in transit is protected by TLS 1.3. Stored credentials use bcrypt with per-account salts. KYC documents are encrypted at rest (AES-256) on segregated storage. Access is role-based and logged. Our infrastructure runs penetration tests semi-annually, with findings remediated on a published schedule. In the event of a data breach meeting the Notifiable Data Breaches threshold, affected Aussies and the OAIC are notified within 72 hours.

APP 12 — Access

You may request a copy of the personal information we hold about you. Send the request to privacy@ our domain from your registered email. We respond within 30 days at no charge (the AML/CTF Act may require us to redact specific compliance records — we tell you which and why).

APP 13 — Correction

If anything we hold is incorrect, you can correct it via Account → Profile or by emailing privacy@ our domain. KYC corrections require fresh documents. Once corrected, we notify any downstream processors that received the incorrect data.

Retention Periods

KYC documents and AML/CTF transaction records are retained for seven years from the closure of the account, as required by Australian law. Behavioural and analytics data is retained for 24 months at account level, then aggregated. Marketing preferences and unsubscribe logs are retained indefinitely so we don't accidentally re-engage someone who opted out.

Cookies and Similar Technologies

We use three categories: functional (session, language preference — cannot be disabled without breaking login), analytics (anonymised page and game usage — opt-out via the cookie banner), and marketing (re-engagement tags, third-party advertising — opt-out via banner and on-platform). Cookie preferences can be reset any time from the footer link.

Complaints and OAIC Escalation

Internal complaints route to privacy@ our domain. We acknowledge within five business days and resolve within 30 days. If you remain dissatisfied, you can escalate to the OAIC on 1300 363 992 or at oaic.gov.au. The OAIC has authority to investigate Australian Privacy Principle breaches and order remediation.