Your Data at Royal Reels
Trust starts with knowing exactly what we hold about you and why. Members hand over personal details at three moments: opening an account, verifying identity before a first payout, and moving money through the cashier. What follows is a plain inventory of the data each moment creates, where it is stored, who can reach it and the controls you keep. Royal Reels LTD operates the service and is responsible for everything listed here.
What We Collect at Registration
Signing up asks for the minimum a real-money account can run on: full name, date of birth (we confirm every member is 18 or over), email address, mobile number and residential address. Your password is stored as a salted hash, so no staff member can ever read it.
Once you start playing, the account generates further records on its own. Here is the full inventory:
| Category | Examples | Why we hold it | How long |
|---|---|---|---|
| Account details | Name, date of birth, email, mobile, residential address | Running the account and confirming members are 18+ | Life of the account, then seven years |
| Verification documents | Photo ID, proof of address | Identity checks before the first withdrawal | Seven years |
| Payment records | Deposit and withdrawal history, masked card digits, wallet addresses | Processing transactions and anti-money-laundering duties | Seven years from each transaction |
| Gameplay and sessions | Bets, results, login times, device type | Account statements and fair-play monitoring | Life of the account |
| Responsible-play settings | Deposit limits, time-outs, self-exclusion records | Enforcing the limits you set | Kept after closure so exclusions stay in force |
| Support history | Chat transcripts, emails | Resolving disputes and improving answers | Two years |
Documents Held from Verification
Before a first withdrawal we ask for a government photo ID — an Australian driver licence or passport — plus proof of address such as a utility bill or bank statement issued within the last three months.
Both files are encrypted at rest, and access is limited to the verification team; support agents can see that a document was approved, never the document itself. Where an external identity-check provider confirms a file, it works under contract and erases its working copy once the check closes. Upload documents through the account area only — the connection is encrypted, unlike standard email.
Payment Records and How Long We Keep Them
Card payments are stored masked: the first six and last four digits, never the full number and never the security code. Crypto transfers are logged by wallet address and transaction hash. Every deposit, payout, bonus credit and adjustment is written to a ledger you can review from the account area.
Anti-money-laundering rules oblige us to keep transaction records for seven years, counted from each transaction rather than from account closure. Inside that window the records sit on encrypted storage with access logging; afterwards a scheduled purge erases them.
Cookies, Sessions and Devices
Three cookie groups run on the site. Session cookies keep you signed in and expire when the browser closes. Preference cookies remember language and display settings for up to twelve months. Analytics cookies measure, in aggregate, which lobby areas get used so we can fix slow screens — they never feed advertising profiles.
Block the analytics group in your browser and everything still works; block session cookies and the login will not hold. We also read basic device signals — browser type, operating system and IP address — to power security alerts, such as an email when a new device signs in.
Who Can See Your Data
Inside Royal Reels, access follows the job:
- Support agents view account status, balances and transaction states — not documents and not full card numbers.
- Payment processors receive only the details required to move one specific transaction.
- An identity-verification provider may examine documents during a check, under contract and on documented instructions.
- Email and SMS delivery services hold your address or number solely to send the messages you have agreed to receive.
Some of these processors run infrastructure outside Australia. Where data crosses a border, the same contractual safeguards travel with it: processing on instruction only, encryption in transit and deletion at contract end. We do not sell personal information to anyone, and no third party may use member data for its own marketing.
Your Choices and How to Exercise Them
You hold three standing rights over your data: request a copy of it, correct anything inaccurate, and ask for deletion of whatever we are not legally bound to keep. Lodging a request takes four steps:
- Open live chat from the account area, or use the routes listed on our contact page, and label the message "Privacy request".
- Name the right you are exercising — access, correction or deletion — and quote the email registered to the account.
- We acknowledge within 48 hours and may ask one security question to confirm the request comes from the account holder.
- A full answer follows within 30 days; deletion responses list any records retained for the seven-year legal period and the date each one expires.
Marketing is a separate switch. Opt out of promotional email and SMS at any time through the unsubscribe link, the preferences screen in the account area, or a single line to support — transactional messages such as payout confirmations and verification requests continue, because the account cannot operate without them.
Responsible-play records sit apart from every marketing system. A deposit limit, time-out or self-exclusion stays on file even after account closure, so it cannot be undone by re-registering, and a self-excluded member is removed from all promotional lists within 24 hours. The contractual rules behind each clause above live in our terms of use; for anything unanswered, the privacy route through support is staffed around the clock.