Privacy Policy

Who we are

america777.casino (the “hub”, “we”, “us”) is the data controller for the personal data processed through this website. Our company is registered in England & Wales and operates the editorial portal at america777.casino. We are not the data controller for the casino service at america777.com — that processing is handled by the licensed casino operator under a separate privacy notice. This policy describes how the hub processes data, the legal bases we rely on, your rights as a data subject and how to exercise them.

Data we collect

Information you provide

• Account data — email, display name, optional avatar, optional country (used to localise content and comply with restricted-country lists).
• Community content — reviews, chat messages, ratings, screenshots you upload to the proof-of-payouts ledger.
• Newsletter consent — when you subscribe, we store your email plus the consent timestamp and the IP from which consent was given.
• Support correspondence — emails sent to editor@ / privacy@ / complaints@ are retained for the duration of the open ticket plus 12 months.

Information we collect automatically

• Server logs — request timestamps, paths, HTTP status codes and truncated IPs (last octet stripped). Retained for 30 days for abuse detection.
• Self-hosted analytics — PostHog events including page-view, scroll-depth and outbound-click. IP is anonymised on ingest; no fingerprinting.
• Affiliate click events — when you click a Play / Sign Up button we log the slug, timestamp, hashed IP and country. We never receive the deposit amount or your real-money activity from the operator.

Why we collect it (legal bases)

We rely on the following GDPR Article 6 legal bases:

• Contract (Art. 6.1.b) — to operate your hub account and deliver community features you explicitly opted into.
• Legitimate interest (Art. 6.1.f) — to keep the site secure, prevent abuse, run aggregated analytics and improve the editorial product. Our balancing test is documented and available on request.
• Consent (Art. 6.1.a) — for the newsletter and for non-essential analytics cookies. Consent is freely given through the cookie banner and revocable at any time.
• Legal obligation (Art. 6.1.c) — to retain accounting and tax records, and to respond to lawful requests from regulators.

Cookies & tracking

The hub sets a small number of first-party cookies for essential functionality (locale, login session, CSRF protection). Optional analytics cookies are loaded only after explicit consent through the cookie banner. We do not run third-party advertising cookies and do not load Facebook Pixel, Google Ads, TikTok or similar marketing tags. The full cookie inventory is documented on the cookie policy page.

We respect Global Privacy Control (GPC) and the “Sec-GPC: 1” HTTP header — when GPC is enabled in your browser we treat it as an automatic refusal of non-essential cookies and skip the banner.

Sharing & processors

We only share personal data with carefully selected sub-processors when strictly necessary to operate the hub. All processors are bound by Data Processing Agreements meeting Article 28 GDPR requirements. The full sub-processor list is below.

We do not provide your hub account data to the casino platform. When you click a Play or Sign Up button, a random click identifier may be passed with the redirect so the casino can understand where the visit came from. The string is not linked to your hub account or your email.

International transfers

Production data is held in the EU. Where a processor is headquartered outside the UK/EEA (e.g. Cloudflare US legal entity), the transfer is governed by the European Commission’s Standard Contractual Clauses 2021/914 and a Transfer Impact Assessment that documents the supplementary measures we apply (encryption in transit and at rest, IP truncation, no access by sub-processor operations staff to personal data, prompt notification of any government access request).

Retention periods

• Hub account data — for as long as the account is active, plus 12 months after deletion for fraud-prevention purposes.
• Community content — anonymised on account deletion; permanently deleted after the legal retention period (typically 6 years for accounting traceability).
• Server logs — 30 days, then deleted.
• Analytics events — 12 months; aggregated counts retained beyond that.
• Newsletter — until you unsubscribe; consent records retained for 3 years for proof-of-consent.

Security measures

We protect data in transit with TLS 1.3, encrypt all backups with AES-256, run daily vulnerability scans on production images and rotate credentials every 90 days. Access to production systems requires hardware-token MFA and is restricted to the senior engineering team. Independent penetration tests are commissioned every 12 months — the latest report summary is available on request to qualified researchers.

Your rights

Under GDPR (and the UK GDPR / Swiss FADP / California CCPA where applicable) you have the right to:

• Access — receive a copy of all personal data we hold on you, in a structured machine-readable format. Self-service in the Privacy Centre or by emailing privacy@.
• Rectification — correct inaccurate data directly in your account or by emailing us.
• Erasure — request deletion of your account and content; we anonymise within 30 days.
• Restriction — temporarily freeze processing while a complaint is being investigated.
• Portability — export your reviews and chat history in JSON.
• Object — opt out of legitimate-interest processing including aggregated analytics.
• Withdraw consent — for newsletter and non-essential cookies, at any time and without justification.
• Lodge a complaint with your supervisory authority (see the contact section).

Children & age verification

The hub is for an adult audience and is not directed at children. Editorial pages are labelled 18+; hub account registration requires you to confirm you are of legal gambling age. We do not knowingly collect data from minors. If you believe a minor has registered on the hub, please contact privacy@america777.casino and we will delete the account immediately.

Profiling & automated decisions

We do not use personal data to make decisions that have a legal or similarly significant effect on you within the meaning of Article 22 GDPR. Our trust-and-safety moderation worker uses heuristic signals (image hashing, pattern detection) but every irreversible moderation action is reviewed by a human moderator before it is enacted.

Changes to this policy

Material changes to this policy are communicated by a banner on the home page and an email to registered users at least 14 days in advance. Non-material changes (typo fixes, address updates) take effect immediately and are reflected in the “Last updated” date at the top of this page. The diff history of this document is preserved in our public git repository.

Contact & supervisory authority

For privacy enquiries: privacy@america777.casino. Our designated EU representative under Article 27 GDPR can be reached at the same email and is physically located in Frankfurt, Germany. If you believe we have failed to handle your data lawfully you may lodge a complaint with the UK Information Commissioner’s Office (ICO) or with the Hessen data-protection authority (HBDI), whichever is more convenient. We always prefer to resolve issues directly first — please contact us before escalating.