Privacy Policy

Last updated: 10 June 2026

1. About this notice

This Privacy Policy explains how UNLK Casino ("UNLK", "we", "us") collects, uses, stores, and protects personal data when you use the UNLK Casino Telegram Mini App (the "Service"). It applies to all players worldwide where the Service is lawfully available.

Data Controller: the operator of UNLK Casino. References below to "we" or "UNLK" mean the Data Controller.

If any term here conflicts with a specific consent you have given inside the app, the more recent or more specific instruction prevails.

2. What we collect

When you use UNLK Casino through Telegram, we receive and store:

• Telegram identifiers — your Telegram user ID, username, first name, language preference, and platform/device type (iOS / Android / Desktop). Provided automatically by Telegram when you launch the Mini App.
• Approximate country — derived from your IP address at first request via Cloudflare's geolocation header (cf-ipcountry). Stored once per account to enforce geographic restrictions and detect abuse. We do not store your IP address itself beyond transient request logs.
• TON wallet address — collected when you connect your wallet. Used to process deposits and withdrawals.
• Game history and bet records — every bet is logged including game type, amount, outcome, server seed, client seed, and nonce. Required for provably fair verification, regulatory compliance, and dispute resolution.
• Balance and transaction history — necessary to operate your account and reconcile the wallet ledger.
• Session and progression data — XP, level, unlocks, UNLK Pass status, dig tokens, jackpot pool participation, streaks, and missions progress.
• Responsible gambling limits — deposit limits, session limits, and self-exclusion settings if you choose to set them.
• KYC data — when your activity crosses the regulatory threshold described in section 10, we collect: your full legal name, date of birth, residential address, nationality, a government-issued photo ID (passport, national ID, or driver's licence), a selfie or short video for liveness and face-match checks, proof of address (e.g. recent utility bill or bank statement), proof of source of funds where required, and a contact email address or phone number used solely to deliver verification results. KYC data is stored separately from gameplay data, encrypted at rest, and accessed only by trained reviewers. See sections 10 and 11.
• Support correspondence — messages you send to us via the Telegram bot or any other support channel.

3. What we do not collect

Outside the limited KYC data described in section 2, we do not collect:

• Payment card or bank account details — UNLK is crypto-only and never asks you to link a card or bank account
• Precise GPS location — only an approximate country derived from your IP at first request
• Browsing history or behaviour outside UNLK Casino
• Continuous biometric data — the only biometric processing we perform is the one-time liveness/face-match check inside the KYC flow described in section 2; we do not run face recognition for login or for ongoing identification
• Special-category personal data — health, religion, political opinions, sexual orientation, trade-union membership, or genetic data
• Data from anyone we know to be under 18 — see section 12

4. Legal basis for processing

We process your data on the following legal bases under UK GDPR and EU GDPR:

• Performance of a contract — to operate your account, process bets, deposits, and withdrawals, and provide customer support
• Legal obligation — to meet anti-money laundering (AML), counter-terrorist financing (CTF), tax reporting, KYC, and regulatory record-keeping requirements
• Legitimate interests — to detect fraud, abuse, bot activity, and bonus exploitation; to maintain platform security; to improve the Service through aggregate analytics
• Consent — for any optional feature you actively opt into (e.g., marketing announcements via the Telegram channel; you can leave the channel at any time)

5. How we use your data

Your data is used solely to:

• Operate your account, balance, and progression
• Process deposits and withdrawals on the TON blockchain
• Enable provably fair verification of every bet
• Enforce geographic and age restrictions
• Detect and prevent fraud, abuse, money laundering, and bot activity
• Provide customer support if you contact us
• Meet our regulatory and tax obligations
• Improve the Service through aggregate, anonymised analytics

6. On-chain data

TON blockchain transactions — including your wallet address and transaction amounts — are publicly visible on-chain by their nature. This is inherent to how blockchain technology works and is outside UNLK's control. Once you initiate a deposit or withdrawal, the on-chain record is permanent and cannot be deleted.

7. Cookies and local storage

The Mini App uses your device's local storage to remember your in-app preferences (display options, last-used game settings, dismissed prompts) and to maintain your session inside Telegram. We do not use third-party advertising cookies, tracking pixels, or cross-site identifiers. Clearing your Telegram app cache will remove these local entries.

8. International data transfers

UNLK's infrastructure is hosted on Railway.app, with database backups stored on Cloudflare R2. These providers operate servers across multiple regions including the United States and the European Union. When data is transferred from the UK or EEA to a country outside those regions, we rely on the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, together with our hosting providers' standard data-protection commitments, to provide an adequate level of protection.

9. Third parties

We do not sell or share your personal data with third parties for advertising or profiling purposes.

We use the following service providers strictly to operate the Service:

• Telegram — the Mini App platform on which UNLK runs. Telegram's own privacy policy governs data handled by Telegram itself.
• Railway.app — hosting and infrastructure provider
• Cloudflare — DNS, edge caching, geolocation header, and DDoS protection
• TON blockchain and TON Connect — for wallet connection and on-chain transactions
• KYC verification provider — a third-party identity-verification provider, engaged only when a withdrawal triggers the KYC threshold

These providers act as data processors on our behalf and are bound by contract to use your data only as instructed.

10. KYC and AML compliance

UNLK verifies the identity of players whose activity exceeds defined thresholds in line with applicable AML laws. KYC may be triggered when:

• Cumulative withdrawals or deposits cross a defined regulatory threshold
• We detect activity that requires source-of-funds verification
• A regulator or law enforcement authority lawfully requests verification

KYC documentation is encrypted at rest, accessed only by trained compliance reviewers, and retained for the minimum period required by law (typically five to seven years after the end of the customer relationship).

11. Data retention

• Account, balance, and progression data — retained while your account is active and for 12 months after you close it, then deleted or anonymised
• Bet history and provably fair seeds — retained indefinitely in anonymised form to preserve the integrity of the provably fair audit trail
• Transaction records — retained for the minimum period required by AML, gambling, and tax law (typically five to seven years)
• KYC documents — retained for the minimum period required by law (typically five to seven years after the end of the customer relationship), then permanently deleted
• Responsible gambling limits and self-exclusion records — retained even after account closure to honour any active or future self-exclusion request
• Support correspondence — retained for 24 months

12. Children

UNLK Casino is for adults aged 18 or older only. We do not knowingly collect personal data from anyone under 18. If we discover that we have collected data from a person under 18, we will delete the account and the associated personal data without delay. If you believe we hold data on a minor, contact us immediately at the address in section 17.

13. Your rights

If you are in the UK, EEA, or another jurisdiction with comparable data protection law, you have the right to:

• Access a copy of the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erase your personal data, subject to retention obligations described in section 11
• Restrict processing in certain circumstances
• Object to processing based on our legitimate interests
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time, where processing is based on consent
• Lodge a complaint with a supervisory authority — for the UK this is the Information Commissioner's Office (ico.org.uk); EEA residents can contact their local Data Protection Authority

To exercise any of these rights, contact us using the details in section 17. We will respond within 30 days.

14. Security

We use industry-standard security practices including encrypted connections (HTTPS/TLS), JWT-based authentication tied to Telegram's initData verification, atomic database operations for the wallet ledger, server-side seed hashing for provably fair integrity, and continuous database replication for disaster recovery. We do not store private keys or wallet mnemonics — wallet authentication is handled by TON Connect on your device.

15. Data breach notification

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, and will notify affected players without undue delay where the breach is likely to result in a high risk.

16. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the UNLK Telegram channel (@UNLKCasino) at least 14 days before they take effect, where reasonably possible. Continued use of UNLK Casino after changes take effect constitutes acceptance.

17. Contact

For privacy requests, data subject access requests, or any question about this policy, contact our Data Protection contact in-app: open @UNLKCasinoBot and send /support.

We aim to acknowledge all privacy requests within 5 business days and to provide a substantive response within 30 days.