Privacy Policy

Pixi Entertainment Ltd. ('Pixi Casino', 'we', 'us', 'our') is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Pixi Casino platform ('the Service').

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the laws of Malta. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

The data controller responsible for your personal data is Pixi Casino.

For privacy concerns, contact us at privacy@pixicasino.com.

Registration data: email address, chosen username, date of birth confirmation (18+ verification), and password (stored as a cryptographic hash — we never store plaintext passwords).

Identity verification (KYC): government-issued photo ID, proof of address, and selfie when required by anti-money laundering (AML) regulations. KYC is triggered for withdrawals above defined thresholds.

Financial data: cryptocurrency wallet addresses used for deposits and withdrawals, transaction amounts, and payment processor reference IDs. We do not store private keys or full wallet credentials.

Gameplay data: bet history, game outcomes, session duration, wagering volumes, and bonus usage. This data is required for regulatory compliance and provably fair verification.

Device and technical data: IP address, browser user agent, device type, operating system, and session timestamps. Used for security, fraud detection, and responsible gambling monitoring.

Communications: any support tickets, chat messages, or correspondence you send to us.

Providing the Service: processing bets, calculating payouts, managing balances, and facilitating deposits and withdrawals.

Regulatory compliance: maintaining AML/KYC checks, responsible gambling monitoring, and audit log maintenance.

Security and fraud prevention: detecting suspicious activity, preventing multiple accounts, and protecting the integrity of our platform.

Responsible gambling: monitoring play patterns that may indicate problem gambling, and triggering responsible gambling interventions where appropriate.

Communications: sending transactional emails (account confirmation, withdrawal updates), and — with your explicit consent — marketing communications about promotions.

Analytics and improvement: understanding how players use the platform to improve user experience. We use PostHog for analytics with IP anonymisation enabled.

Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the Service you have signed up for, including account management, game operation, and payment processing.

Legal obligation (Art. 6(1)(c) GDPR): AML/KYC verification, regulatory reporting to the Malta Gaming Authority, and audit log retention required by law.

Legitimate interests (Art. 6(1)(f) GDPR): fraud prevention, platform security, and responsible gambling monitoring.

Consent (Art. 6(1)(a) GDPR): marketing communications and non-essential analytics cookies. You may withdraw consent at any time via your account settings.

We do not sell your personal data to third parties.

Payment processors: we share transaction data with NowPayments for cryptocurrency payment processing. NowPayments processes data in accordance with their own privacy policy.

Regulatory authorities: we may share data with law enforcement agencies where legally required.

KYC/AML providers: identity verification data may be shared with licensed identity verification services for AML compliance.

Analytics: anonymised usage data is shared with PostHog (EU-hosted). IP addresses are anonymised before processing.

All third-party processors are bound by data processing agreements compliant with GDPR requirements.

Account data and transaction records are retained for a minimum of 5 years after account closure, as required by applicable AML regulations.

Chat messages are retained for 90 days for moderation purposes, then permanently deleted.

KYC documents are retained for the duration of the account plus 5 years, or as required by applicable law.

You may request deletion of your account and associated data, subject to our legal retention obligations. Some data (transaction records, audit logs) cannot be deleted early due to regulatory requirements.

Right of access (Art. 15): you may request a copy of all personal data we hold about you.

Right to rectification (Art. 16): you may request correction of inaccurate data.

Right to erasure (Art. 17): you may request deletion of your data, subject to our legal retention obligations.

Right to restriction (Art. 18): you may request that we limit processing of your data in certain circumstances.

Right to data portability (Art. 20): you may request your data in a machine-readable format.

Right to object (Art. 21): you may object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@pixicasino.com. We will respond within 30 days.

We use essential cookies for session management and authentication. These are strictly necessary and cannot be disabled.

Analytics cookies (PostHog) collect anonymised usage data to help us improve the platform. You may opt out via your browser settings or our cookie preference centre.

We do not use advertising or tracking cookies for third-party advertising purposes.

We implement industry-standard security measures including TLS encryption for all data in transit, AES-256 encryption for sensitive data at rest, and access controls limiting staff access to personal data on a need-to-know basis.

Passwords are stored using bcrypt with appropriate work factors. We never store plaintext passwords.

In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR.

Your data is primarily stored and processed within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., to NowPayments or PostHog infrastructure), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or prominent in-platform notice. The date at the top of this page reflects the most recent revision.