RateCasino
Sign in Share experience

Privacy Policy

Last updated: May 14, 2026

RateCasino.com ("RateCasino", "we", "us", "our") respects your privacy. This policy explains what personal information we collect when you use ratecasino.com, why we collect it, how we use it, who we share it with, and the rights you have.

This policy is written to align with the EU General Data Protection Regulation (GDPR) and is the basis on which any personal data we collect from you, or that you provide to us, will be processed.

1. Who we are (data controller)

The data controller for ratecasino.com is RateCasino.com. For any privacy questions or to exercise your rights, contact us via the contact form with topic "Legal / takedown".

2. What information we collect

2.1 Information you give us

  • Account data: email address, display name, password (hashed using bcrypt — we never store it in clear text), and your account role (player, casino operator).
  • Reviews and complaints: the content you submit (star rating, title, written body, complaint thread messages) and any attachments you upload.
  • Operator data: if you register as a casino operator, the casino you claim, your role, and the verification details you provide.
  • Contact form: name, email, topic and message when you write to us.

2.2 Information we collect automatically

  • Technical logs: IP address, user-agent, request timestamp and path — kept for security and abuse prevention.
  • Submission metadata: when you post a review or complaint we store the time and the IP that posted it (used to detect spam and ban evasion; not shown to the public).
  • Session cookie: a single first-party cookie (named via our session-name setting) that keeps you logged in. It contains a random session identifier — no personal data.

We do not currently use third-party analytics, advertising cookies, tracking pixels, or social-media trackers. If that changes we'll update this policy and (where required) ask for your consent.

3. Why we use your information (legal bases)

  • To provide the service — create your account, publish your reviews and complaints, route operator replies, send transactional notifications. Legal basis: contract (Art. 6(1)(b)).
  • To keep the platform safe — detect spam, abuse, brute-force attacks, bot signups, and ban evasion. Legal basis: legitimate interests (Art. 6(1)(f)).
  • To respond to your messages — reply to contact form submissions and support emails. Legal basis: legitimate interests.
  • To comply with legal obligations — respond to lawful requests from competent authorities, handle legal claims. Legal basis: legal obligation (Art. 6(1)(c)).

4. What's public, what's private

Public on your casino profile: your display name, the star rating, review title and body, complaint summaries and resolution status, and operator replies.

Private (visible only to you, the casino operator party in a complaint, and our moderators): the contents of complaint dialogues marked private, your email address, your IP, and operator verification documents.

5. Who we share data with

We share personal data only with:

  • Hosting and infrastructure providers who process data on our behalf to run the site (server hosting, database, email delivery). They act as data processors under written agreements.
  • The casino operator involved in a complaint — limited to the information needed to resolve the complaint (your display name and the dispute content). Your email is shared only if you explicitly agree.
  • Authorities when we are legally required to (court orders, valid law-enforcement requests).

We do not sell your personal data, and we do not share it for advertising or marketing.

6. International transfers

Our infrastructure and our processors may operate outside your country of residence. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards (such as European Commission Standard Contractual Clauses) provided by our processors.

7. How long we keep your data

  • Account data — for as long as your account is active. Deleted accounts: we retain a hashed identifier to prevent re-creation and review-fraud, but personal details are removed within 30 days.
  • Reviews and complaints — published content stays public as part of the casino's history. You can request that your display name be anonymised on your past reviews; the rating and content stay.
  • Technical logs — typically up to 90 days, then deleted or aggregated.
  • Email logs — up to 12 months for delivery audit purposes.

8. Your rights under GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectify — correct inaccurate or incomplete data.
  • Erase — ask us to delete your account and personal data (subject to the retention exceptions above).
  • Restrict processing — temporarily limit what we do with your data.
  • Object — object to processing based on legitimate interests.
  • Portability — receive your data in a portable, machine-readable format.
  • Withdraw consent — where we rely on consent, withdraw it at any time.
  • Lodge a complaint with your local data-protection authority if you believe we've broken the law.

To exercise these rights, write to us via the contact form with topic "Legal / takedown". We'll respond within one month.

9. Cookies

We use one strictly-necessary first-party cookie to keep you signed in. Details:

  • Name: rcsess (or whatever value is set in our session configuration)
  • Purpose: maintain your authenticated session
  • Lifetime: the duration of your browser session, or until you sign out
  • Third-party: no

Browsers also store a small first-party item (rc-theme) in localStorage to remember your light/dark preference. It contains no personal data.

Because we currently use only strictly-necessary cookies and no tracking, we do not display a consent banner. If we ever add non-essential cookies we will ask for consent first.

10. Security

We protect your data with HTTPS for all traffic, bcrypt password hashing, CSRF protection, rate limiting, strict Content-Security-Policy headers, and access controls on the database. No system is perfect — please report any security concerns via contact.

11. Children

RateCasino is not directed at people under the legal gambling age in their jurisdiction (typically 18+ or 21+). We do not knowingly collect personal data from minors. If you believe a minor has registered, please tell us and we'll remove the account.

12. Changes to this policy

We may update this policy from time to time. Material changes will be announced on the site (and via email if you have an account). The "Last updated" date at the top will always reflect the most recent version.

13. Contact

For any privacy-related question — including subject-access requests, deletion requests, or complaints — use the contact form with topic "Legal / takedown".