Skip to content
Privacy & Data

Privacy Policy

Last updated: 26 May 2026

This policy explains what data Aurum7 collects, why we collect it, how long we keep it, and how you can review or delete it. We aim to collect the minimum data needed to operate the platform and protect players. If anything here is unclear, email concierge@aurum.casino.

What we collect

  • Account identifiers — email address, display name, country, and (optionally) phone number. Provided directly by you when you register or supplied by Facebook / Google when you choose social sign-in.
  • Authentication data — hashed password (we never see your plain password), two-factor secrets, passkey credentials.
  • Wallet & play history — deposit and withdrawal transactions, game results, bonus grants. Required by gaming licence regulations and for fraud detection.
  • Identity-verification documents — submitted only when KYC review is triggered. Stored encrypted, accessed only by trained compliance staff, and deleted within 90 days of account closure.
  • Technical logs — IP address, browser/device fingerprint, timestamps. Used for security audits, abuse detection, and legally required record-keeping.

How we use it

  • To run your account: sign-in, balance, withdrawals, support.
  • To comply with gaming licence, anti-money-laundering, and tax-reporting laws.
  • To detect fraud, bonus abuse, and unauthorised access.
  • To send transactional notifications (deposit confirmations, withdrawal approvals, KYC requests). Marketing email is opt-in only and you can unsubscribe with one click.

We do not sell your personal data. We do not share it with advertisers. We do share it with payment processors and identity-verification providers when strictly necessary to complete a transaction or KYC check, and with regulators when legally compelled.

How we protect it

  • All connections are TLS-encrypted.
  • Secrets and KYC documents are stored encrypted at rest using AES-256-GCM.
  • Passwords are hashed using a modern memory-hard algorithm; we cannot recover them, only verify them.
  • Staff access to player data is role-gated and audit-logged.
  • Backups are encrypted, retained for a rolling 30 days, and stored separately from production.

Your right to deletion

You can request a complete export or a complete deletion of your Aurum7 account and associated personal data at any time.

How to request deletion

  1. Send an email to concierge@aurum.casino from the email address registered to your Aurum7 account.
  2. Use the subject line "Data deletion request".
  3. Include your account email and (optionally) a brief reason. Reason is not required.
  4. We will verify ownership of the account, settle any pending balance, and complete deletion within 30 days. You will receive an email confirmation when deletion is complete.

Note: certain records — withdrawal logs, KYC outcomes, anti-fraud signals — must be retained for the period required by your jurisdiction's gaming and anti-money-laundering regulations (typically 5 years). These are kept in restricted-access archives and are never used for any purpose other than legal compliance.

If you signed in with Facebook, deleting your Aurum7 account does not delete your Facebook account — it only severs the link between the two. You can revoke Aurum7's access from your Facebook account at any time via Facebook's "Apps and Websites" settings.

Contact

Privacy questions, data-export requests, complaints: concierge@aurum.casino

For regulatory complaints you may also contact your local data protection authority or the gaming regulator that licenses Aurum7. See the footer for the licence reference.