PRIVACY POLICY

1.1. This Policy applies to all Kirgo websites, apps, and related Services.

1.2. We process personal data in line with applicable privacy laws, including the GDPR, CCPA/CPRA (where applicable), and other relevant regulations.

1.3. By using the Services, you acknowledge this Policy. If you do not agree, please do not use the Services.

We process personal data under these bases:

• Performance of a contract - create/manage your account, provide Services.
• Legitimate interests - secure our platform, prevent fraud/abuse, improve Services.
• Consent - where required (e.g., certain marketing cookies or communications).
• Legal obligations - AML/KYC, sanctions screening, tax, regulatory reporting.

Categories of personal data we may collect and process include:

• Account & Contact: email, username, full name, age/DoB, country, address, phone.
• Compliance (KYC/AML): ID details, proof of address, selfie (where required), sanctions/PEP/adverse media results.
• Device & Usage: IP, device identifiers, OS/browser, session data, gameplay history, site interactions.
• Financial/Transactions: wallet addresses, deposits/withdrawals, transaction history (crypto-only).
• Location: approximate geolocation (to enforce jurisdiction and RG/AML controls).
• Security/Fraud: risk scores, velocity flags, suspicious activity indicators.
• Preferences: communication/marketing preferences, language, accessibility settings.

We do not intentionally collect sensitive data (e.g., race, religion, sexual orientation) unless required by law and with explicit consent.

• Provide, operate, and maintain the Services.
• Verify identity and age; perform KYC/AML/sanctions screening.
• Process transactions and support withdrawals (crypto-only).
• Detect, investigate, and prevent fraud, abuse, and policy violations.
• Improve performance, security, and user experience.
• Provide customer support and resolve disputes.
• Comply with legal/regulatory obligations (e.g., AML recordkeeping).
• Send service and (where permitted) marketing communications; honor opt-outs.

We may transfer personal data outside your country. Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses, DPAs) to protect your data and rights.

We retain data only as long as necessary for the purposes below, then delete or anonymize unless law requires longer retention:

• Account data: for the life of the account and a reasonable period after closure for legal/security purposes.
• Transactions/AML records: up to 5-7 years (regulatory/AML requirements).
• Fraud/security data: up to 5 years to protect the platform and users.
• Marketing preferences: until you opt out or the data is no longer needed.

Depending on your jurisdiction, you may have rights to:

• Access your data and receive a copy.
• Rectify inaccurate or incomplete data.
• Erase data ("right to be forgotten") where legally applicable.
• Restrict or object to certain processing (including direct marketing).
• Portability - receive certain data in a structured, machine-readable format.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority (EEA/UK, or relevant authority).

To exercise rights, we may need to verify your identity. We aim to respond within one month, extendable where legally permitted for complex requests.

Kirgo is for 18+ only (or higher if your local law requires). We do not knowingly collect data from minors. If we learn a minor has provided data, we will delete the data and close the account. We may notify relevant authorities where required by law.

We do not sell or rent personal data. We may share data with:

• Service providers: KYC/AML/sanctions vendors, blockchain analytics, fraud prevention, hosting, support tools.
• Payment/crypto infrastructure: to process permitted transactions and security checks.
• Affiliates within our corporate group (only as necessary and under agreements).
• Authorities/regulators: where legally required or to protect rights, safety, and security.
• Business transfers: as part of mergers/acquisitions/restructuring, under appropriate safeguards.

We apply administrative, technical, and physical safeguards to protect personal data, including:

• Encryption in transit (e.g., TLS/SSL) and at rest where appropriate.
• Access controls, role-based permissions, logging/monitoring.
• Multi-factor authentication (MFA) options for accounts.
• Vendor due diligence, DPAs, and periodic security reviews.
• Breach response procedures; we will notify users/authorities where legally required.

No system is 100% secure. You are responsible for safeguarding your credentials and devices.

We may send direct marketing where permitted. You can opt out at any time by using the unsubscribe link in emails or updating your Profile → Preferences. Responsible-gaming and AML notifications are service/legally required and not subject to marketing opt-out.

We use cookies/SDKs to operate the site, measure performance, and (where permitted) personalize content. See our Cookie Policy for details and controls. Where required, we obtain consent before setting non-essential cookies.

EU/EEA and UK users may contact their local supervisory authority. California residents may have additional rights under CCPA/CPRA. We will honor applicable rights requests in line with the law.

We may update this Policy to reflect legal, technical, or business changes. The latest version is posted here with the "Last Updated" date. Material changes may be notified via email or in-product notices.

For questions or to exercise your rights, contact: [email protected]. For security/privacy concerns, include "Privacy Request" in the subject and use your registered email address.