Privacy Policy

Last updated: 22 May 2026 · Version 1.0 (stub)

📋 Stub notice — This Privacy Policy is an early reference draft. The full GDPR-aligned Data Processing Agreement (DPA) provided to customers takes precedence for the processing of player personal data under the Service.

1. Who we are

WOWsino is a B2B software platform for iGaming operators, organized as a Sociedad de Responsabilidad Limitada (S.R.L.) under the laws of Costa Rica. We are the “data processor” with respect to player data that Customer (the gambling operator) transmits to us. Customer is the “data controller” for that player data.

2. Information we collect

2.1 Customer account information

When you sign up for a WOWsino account at portal.wowsino.com, we collect:

Company name, slug, and contact email
Login email and securely-hashed password (we never store plaintext passwords)
Stripe / Payoneer / billing identifiers if you become a paying customer
API key usage statistics (which keys called which endpoints, when)

2.2 Player data processed on behalf of Customer

When Customer integrates WOWsino with their iGaming operation, Customer may transmit player data, including:

Player identifiers (username, email, external PAM reference)
KYC document references (typically a vendor-side identifier, not the document itself unless required for regulatory retention)
Wager, deposit, withdrawal, bonus, and engagement event metadata
Responsible-gaming preferences and limits

WOWsino processes this player data solely on the documented instructions of Customer, in accordance with the executed Data Processing Agreement and these Terms.

2.3 Technical telemetry

We log standard technical telemetry: IP addresses, user-agent strings, request timestamps, response latencies, error rates — for security, fraud prevention, performance monitoring, and abuse detection. This data is retained for up to ninety (90) days unless extended for legal hold.

3. How we use information

Service delivery — to operate, maintain, and improve the platform
Security & fraud prevention — to detect and prevent unauthorized access, abuse, and platform misuse
Billing & account management — to invoice paying customers and manage account lifecycle
Customer support — to respond to support requests
Legal & regulatory compliance — to comply with applicable law, court orders, and lawful regulatory requests

We do not sell Customer data or player data to third parties. We do not use player data to train models or build derivative products outside of the documented Service.

4. Sub-processors

To deliver the Service, WOWsino uses a small number of well-known cloud sub-processors, including:

Google Cloud Platform — compute and infrastructure hosting
Neon (or equivalent managed Postgres provider) — primary database hosting
Cloudflare — DNS, CDN, WAF, and DDoS protection

A current list of sub-processors is available on request at privacy@wowsino.com. We will notify Customer with at least thirty (30) days’ notice before adding a new sub-processor that processes player data.

5. International data transfers

The Service may transfer and process data outside the country where Customer or its players are located, including in the United States and the European Union, depending on the data-region selection of Customer’s tenant. Where personal data is transferred from the European Economic Area (EEA), United Kingdom, or Switzerland, transfers are governed by Standard Contractual Clauses (SCCs) included in the Data Processing Agreement.

6. Data retention

Customer account data — retained while the account is active, then thirty (30) days after termination for export, then deleted (subject to legal hold).
Player data — retained per Customer’s instructions and the executed DPA.
Audit and compliance logs — retained for seven (7) years or as required by applicable gambling regulators.
Technical telemetry — ninety (90) days unless extended for a specific investigation.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, port, or object to the processing of your personal data, and to withdraw consent. To exercise these rights for WOWsino account data, contact privacy@wowsino.com. For player data processed on behalf of Customer, direct your request to the Customer (the gambling operator) — they are the controller of that data; WOWsino will support Customer in fulfilling such requests.

8. Security

TLS encryption in transit (TLS 1.2+)
Encrypted-at-rest storage at the cloud-provider level
Role-based access controls and least-privilege principles
Append-only audit trail of compliance-relevant events
HMAC-SHA256-signed outbound webhooks
API keys hashed with SHA-256 at rest; plaintext shown only once at issue
Penetration testing and security review prior to enterprise deployments

9. Children

The Service is not intended for and is not directed at children under 18. We do not knowingly collect personal data from children. iGaming operations using the Service have an independent obligation under their gambling licenses to prevent underage access.

10. Cookies & tracking

The marketing website (wowsino.com) uses minimal essential cookies for session and security. We may add privacy-friendly analytics (e.g. Plausible or self-hosted) in the future; if so we will update this policy.

11. Changes to this policy

We may update this Privacy Policy. Material changes will be notified to the account’s primary contact email at least thirty (30) days before they take effect.

12. Contact

Privacy questions: privacy@wowsino.com