GXMBLE Privacy Policy

A plain English summary of what we collect, why we collect it and how we keep it safe.

Your data, your rights

GXMBLE Privacy Policy: what data we hold and why

GXMBLE collects personal data because it is required to run a regulated casino, not because we want a marketing profile. At registration we store your name, date of birth, address, contact details and the identity documents you provide for age verification, all of which are needed to meet UK age and identity rules. During play we keep transaction history, game logs, IP address and device information for fraud prevention and dispute resolution. None of that data is sold to third parties, and none of it is used for marketing without your explicit opt in.

The legal basis for processing your data is a combination of contractual necessity (you cannot have an account without providing the registration data), legal obligation (UK gambling regulations require operators to verify and monitor accounts) and legitimate interest (fraud prevention, system security and service improvement). Marketing communications run on explicit consent only and can be turned off in your account settings or by clicking unsubscribe in any email.

GDPR aligned

We follow UK GDPR and Data Protection Act 2018 standards.

Encrypted in transit

TLS 1.3 across the site, every page, every form.

Document storage

ID and address documents stored in encrypted, access controlled systems.

Limited access

Only staff with a documented need access your personal data.

Retention windows

Data kept only as long as required by law or operational need.

Subject access

Request a copy of your data at any time from the contact form.

What personal information does GXMBLE actually collect?

At account creation we collect your full name, date of birth, residential address, email address, phone number and a username. To verify your identity in line with UK regulations we ask for a government issued photo ID and a recent proof of address. During play we automatically log your IP address, the device you are using, the browser version, the games you play, deposits, withdrawals and bets. Payment data submitted through the cashier is handled by our payment service providers and stored in tokenised form, which means we never hold a full card number on our own systems.

We also keep records of your interaction with safer gambling tools, including any deposit, loss or session limits you set and any time outs or self exclusions you trigger. This is partly so the tools work correctly across sessions and partly because UK regulators require us to evidence that the controls are honoured. The full data inventory is on our internal records of processing and is summarised here in plain English.

Who do we share GXMBLE personal data with?

We share personal data with a defined list of categories: payment service providers that handle your deposits and withdrawals, identity verification partners that confirm your documents are genuine, fraud prevention services that flag stolen cards or shared device fingerprints, cloud hosting providers that run our infrastructure, and customer support tools that route your chats and emails. Every category sits under a data processing agreement that obliges them to handle your data to the same standards we use ourselves.

We also share data with regulators and law enforcement where a legal request is made, which is a standard requirement for any regulated UK gambling operator. We do not sell your data to advertisers, brokers or any third party for commercial purposes. Marketing partners only ever receive segmented, anonymised audience data unless you have given explicit consent to share more.

How long does GXMBLE keep your personal data?

Account data is kept for as long as the account is open and for a minimum of five years after closure, in line with UK anti money laundering rules that require operators to maintain customer records for that period. Transaction logs, including deposits, withdrawals and game history, are kept for the same five year minimum. Documents submitted for identity verification are kept securely for the lifetime of the account and for the same regulatory retention period after closure.

Marketing data is kept only while your consent is active. Once you withdraw consent, marketing records are deleted within thirty days, although core account data continues to be retained under the regulatory rules described above. Logs that are not legally required are deleted on a rolling schedule, typically twelve months for security telemetry and twenty four months for product analytics.

Data subject rights

You can request access, correction, deletion or portability of your data at any time. Some requests are subject to regulatory exceptions, particularly around the five year anti money laundering retention period. We respond within thirty days.

How does GXMBLE keep your data secure in practice?

Encryption is the baseline. Every connection to the site uses TLS 1.3 with modern cipher suites, and personal data is encrypted at rest in the underlying databases. Identity documents are stored in a separate, access controlled system with audit logs on every read or write. Multi factor authentication is required for any staff account with access to player data, and access is granted on a strict need to know basis with regular reviews.

Infrastructure runs in UK and EU data centres operated by major cloud providers, with redundant backups and tested disaster recovery procedures. We run regular penetration tests and have an internal incident response process that is rehearsed quarterly. If a breach affecting your data ever occurred, we would notify you and the Information Commissioner's Office within the seventy two hour window required by UK GDPR.

How do you exercise your data rights at GXMBLE?

You have the right to access your data, correct inaccuracies, request deletion subject to regulatory exceptions, object to processing, restrict processing in some circumstances and ask for a portable copy of the data we hold on you. The simplest route is to email our data protection team from the address registered on your account. We may ask for additional verification to make sure the request is genuinely from you, and we respond within thirty days as required by UK GDPR.

If you believe we have not handled your data correctly, you can complain to the UK Information Commissioner's Office at ico.org.uk. We would much rather hear about the issue directly first so we can put it right, but the regulator route is always open to you. For day to day queries the live chat team can usually help, and the get help page has the full contact list.

How does the GXMBLE privacy policy interact with the cookie policy?

This privacy policy covers everything we do with personal data once it sits on our systems. The GXMBLE cookie policy covers the smaller question of which cookies and similar technologies we set on your browser and what each one is for. The two documents are complementary: cookies are one of the sources of the data described here, and your cookie preferences influence which data we collect in the first place.

Continue reading: the cookie policy or the close account page.