Privacy Policy

Last updated: 21 May 2026. This Privacy Policy explains how Realz Casino ("Realz", "we", "our") collects, uses, stores and discloses personal information about you. It is aligned with the Australian Privacy Principles (APP) under the Privacy Act 1988 (Cth), and with the EU General Data Protection Regulation (GDPR) for users in the European Economic Area and United Kingdom who request that overlay.

APP 1 — Open and Transparent Management of Personal Information

Realz publishes this policy in full on the site and links to it from the footer of every page, the sign-up form, and the cashier. Material changes are announced by email at least 14 days before they take effect. You can request a printable PDF by emailing [email protected].

APP 2 — Anonymity and Pseudonymity

Because we are an online casino licensed under AML/KYC rules, we cannot offer fully anonymous accounts. You may register with a username different from your legal name; however, your legal name and date of birth are required for KYC at the AU$2,000 cumulative withdrawal threshold.

APP 3 — Collection of Solicited Personal Information

We collect:

• Identity data: full legal name, date of birth, residential address, mobile number, email.

• Verification data: government ID image, proof-of-address document, proof of payment method, source-of-funds declaration above AU$10,000 cumulative deposit.

• Transactional data: deposits, withdrawals, game wagers and outcomes, bonus participation, session timestamps.

• Device and connection data: IP address, browser fingerprint (canvas, fonts, time zone, language), device model, OS version.

• Communications data: chat transcripts, email correspondence, complaints log.

Collection is limited to what is necessary to operate the casino, satisfy regulatory obligations, and respond to your queries.

APP 4 — Unsolicited Personal Information

If we receive personal information about you that we did not solicit — for example, a third party reports a suspected fraudulent account — we assess whether we could have collected it under APP 3. If yes, it joins your record. If no, we destroy or de-identify it within 30 days.

APP 5 — Notification of Collection

This page constitutes our APP 5 notice. At sign-up, the form links to this policy directly above the submit button, and you must acknowledge it before account creation.

APP 6 — Use or Disclosure of Personal Information

We use your information to:

1. Operate your account (deposits, withdrawals, gameplay, bonuses).

2. Comply with AML/KYC, responsible-gambling and tax-reporting obligations under our Curacao licence and AU law.

3. Detect and prevent fraud, multiple-accounting, and self-exclusion register breaches.

4. Send transactional communications (verification codes, withdrawal confirmations, complaints updates).

5. Send marketing communications, but only where you have opted in (toggle in account settings).

We disclose to: payment processors (PayID provider, BPAY, card acquirers, crypto processor), our KYC provider, our game studios for outcome verification, our regulator on request, and law enforcement when compelled by lawful order.

APP 7 — Direct Marketing

Marketing is opt-in. Every marketing email contains a one-click unsubscribe. Unsubscribing does not stop transactional emails — those are required for account operation and cannot be opted out of while the account is active.

APP 8 — Cross-Border Disclosure

Your data is primarily stored on AWS Sydney (ap-southeast-2). Encrypted backups sit in AWS Frankfurt (eu-central-1). Cross-border disclosure occurs only to our payment and KYC processors, who are contractually bound to handle data to a standard at least equivalent to the APP. If a processor is located outside Australia, we take reasonable steps to ensure compliance and remain accountable for any breach under APP 8.2.

APP 9 — Government-Related Identifiers

We do not use government-related identifiers (driver's licence number, passport number, Medicare number) as account identifiers. They are collected only for KYC verification and stored encrypted with restricted access.

APP 10 — Quality of Personal Information

You can update name, address, phone and email from the account dashboard. Material identity changes (legal name, date of birth) require supporting documentation and a manual review.

APP 11 — Security of Personal Information

Technical and organisational measures we apply:

• Data at rest: AES-256 encryption on database volumes.

• Data in transit: TLS 1.3 only; older protocols are disabled at the load balancer.

• Access controls: role-based, with separate logging and quarterly access reviews.

• Penetration testing: annual third-party engagement.

• Breach response: assessed within 30 days; notifiable breaches reported to the OAIC and affected individuals as required by the Notifiable Data Breaches scheme.

Retention: 7 years from account closure, to satisfy AML records-keeping under our licence. After 7 years, records are securely destroyed except where ongoing legal hold applies.

APP 12 — Access to Personal Information

You can request a copy of your personal information by emailing [email protected]. We respond within 30 days. The first request in any 12-month period is free; subsequent requests may incur a reasonable cost-recovery fee.

APP 13 — Correction of Personal Information

If you believe your information is inaccurate, incomplete or out of date, request a correction via the same email. We will correct or, if we disagree, attach a statement to the record reflecting your view, per APP 13.4.

Cookies and Similar Technologies

Active cookie providers on realz.com:

A cookie banner on first visit lets you accept or decline the analytics group. Strictly necessary cookies cannot be disabled without breaking site functionality.

Complaints and Contact

To raise a privacy complaint, email [email protected] with "Privacy Complaint" in the subject. We respond within 30 days. If unresolved, you may escalate to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.