Skip to main content

PokieSurf Casino privacy policy: what happens to your data

Last updated: 03-07-2026
Relevance verified: 03-07-2026

Your data at PokieSurf is collected for one purpose – running a secure casino. This page explains exactly what is collected, why, who can see it, and what you can do about it.

Why a privacy policy actually matters at an online casino

Most players scroll past a privacy policy without reading it. That is understandable – they are usually long, written in dense legal language, and seem irrelevant until something goes wrong. At an online casino, however, the privacy policy answers the questions that matter most before you register: what information will you hand over, who will see it, how long will it be kept, and whether your personal details could end up somewhere unexpected.

PokieSurf Casino operates under a Curaçao Gaming Authority (CGA) B2C licence, which requires the platform to meet defined data handling, anti-money laundering (AML), and player verification standards. This framework is not optional – operators that breach it face licence suspension. Understanding what the policy covers gives you a clear picture of what you are agreeing to before creating an account.

What data PokieSurf collects from players

Data collection at PokieSurf falls into two categories: information you provide directly, and information collected automatically when you use the platform. Both are necessary for the platform to function, but they serve different purposes and are handled differently.

In order to operate an online casino platform securely, PokieSurf collects certain types of information from players and visitors. Some information is provided directly by users when they create an account or interact with our services, while other information is collected automatically to improve performance and security.

Data you provide directly

When you register an account, the form collects your full name, date of birth, residential address, phone number, and email address. Setting the account currency to AUD during this step is also part of the registration data – it locks in at sign-up and cannot be changed. During KYC verification, you provide a government-issued photo ID and proof of address; these documents are handled separately from standard account data and used solely for identity and age verification purposes.

Data collected automatically

Automatic data collection may include information about device type, operating system, browser settings, and website activity. This technical data helps the platform identify unusual access patterns, prevent fraud, and improve how the site performs across different devices and connection types. It includes session data, IP address, browser type, and pages visited during each login.

What PokieSurf uses your data for

Collected data at PokieSurf is used across a defined set of operational purposes. The list below covers the primary uses confirmed by the platform’s privacy documentation.

The most important thing to understand is that data use is tied to running the casino – not selling player profiles or monetising behaviour for advertising purposes.

Data use purpose Data type involved Legal basis
Creating and managing player accountsName, email, date of birth, addressContract performance
Identity and age verification (KYC)Photo ID, proof of addressLegal obligation (AML/CGA licence)
Processing deposits and withdrawalsPayment method details, account balanceContract performance
Fraud detection and security monitoringSession data, IP address, device infoLegitimate interest
AML and transaction monitoringFinancial transaction historyLegal obligation
Customer support communicationAccount details, query historyContract performance
Bonus and promotion administrationAccount activity, deposit historyContract performance
Responsible gambling monitoringGameplay patterns, session lengthLegitimate interest / legal obligation
Platform performance improvementAnonymised technical and usage dataLegitimate interest
Marketing communications (opt-in only)Email address, communication preferencesConsent

Financial data: how payments are handled

Payment information at PokieSurf is processed through secure third-party payment gateways. PokieSurf uses secure payment processing systems designed to protect financial data. Payment information is handled through secure technology and may also involve trusted payment service providers. We do not store sensitive payment information in a way that allows it to be accessed or misused.

In practice, this means PokieSurf does not store full card numbers on its own servers. Payment processors receive and handle the sensitive financial data, while PokieSurf retains only the transaction records needed for account management, withdrawal history, and AML compliance. All financial transactions are monitored to help prevent fraud and ensure compliance with security standards.

Cryptocurrency transactions

Bitcoin, Ethereum, and Tether transactions at PokieSurf are processed through the cashier without storing the full wallet credentials. Transaction hashes and amounts are recorded for AML purposes – this is a regulatory requirement for all offshore operators handling crypto, not a practice specific to PokieSurf.

KYC documents: what happens to your ID

KYC is the process most players are cautious about – handing over a passport photo or driver licence to an online casino understandably raises questions. At PokieSurf, KYC documents are collected for a single purpose: verifying that the account holder is who they say they are and is of legal age to play.

Players may be asked to provide documents such as government-issued identification or proof of address. These documents are used solely for verification purposes and are handled securely. Access to submitted documents is restricted to authorised personnel involved in the verification process – these are not accessible to customer support agents handling general queries.

When KYC is triggered

KYC verification runs before the first withdrawal is processed. Uploading documents at registration rather than waiting removes the delay when a cashout request is submitted. Standard documents required are a government-issued photo ID with all four corners visible, and a proof of address dated within the last three months – a utility bill or bank statement works for both.

Third-party data sharing: who else sees your information

Reputable online casinos typically do not sell or rent your personal information to third parties. However, your data may be shared with third-party vendors who provide specific services on behalf of the casino, such as payment processors and identity verification services. These vendors are contractually obligated to uphold the same privacy standards and are only permitted to use your data for specified purposes.

At PokieSurf, third-party sharing falls into defined categories: payment processors who handle deposit and withdrawal transactions, identity verification service providers used in the KYC process, game software providers who supply the casino titles, and regulatory or law enforcement bodies if legally required. Data is not sold to advertisers or shared for marketing purposes outside the operator relationship.

When disclosure is legally required

If a regulatory body, law enforcement agency, or court order requires PokieSurf to produce player records, the operator is legally obligated to comply. This applies to all licenced online casino operators globally and is not a policy choice – it is a condition of holding any gaming licence, including the Curaçao CGA B2C licence under which PokieSurf operates.

Cookies and tracking technology

PokieSurf uses cookies and similar tracking tools to improve how the platform functions across sessions. Cookies serve three main functions: keeping you logged in between pages, remembering display and language preferences, and collecting anonymised usage data that helps the platform identify performance issues.

Cookies are small files stored on a user’s device that allow the website to remember certain preferences and settings. Two categories of cookies operate on the platform: essential cookies that are required for the site to function (login sessions, cashier operations, security tokens), and non-essential cookies that collect anonymised usage analytics. Non-essential cookies can be declined or cleared through your browser settings without affecting core platform functionality.

Cookies and the mobile platform

On the iOS home screen shortcut (PWA), Safari must be set to allow cookies for the PokieSurf domain or your session will not persist between visits. If the site logs you out immediately after login, clearing the browser cache and enabling cookies for the domain in Safari settings resolves the issue in most cases.

How long PokieSurf retains your data

Data retention at online casinos is governed by a combination of regulatory requirements and operational need. PokieSurf retains personal information only for as long as necessary to operate the platform and meet legal or regulatory obligations. In some cases, information may need to be kept for a period of time after an account is closed. This may be required to meet financial, security, or fraud prevention requirements.

AML regulations in most jurisdictions, including those applicable to Curaçao-licenced operators, require that transaction records and identity documents be retained for a minimum of five years after an account is closed. This is a legal obligation, not a discretionary policy. General account data is retained for the operational life of the account.

Data category Typical retention period Reason
Account registration dataDuration of account + post-closure periodOperational and regulatory
KYC identity documentsMinimum 5 years post account closureAML/CTF legal obligation
Financial transaction recordsMinimum 5 years post transactionAML/CTF legal obligation
Customer support communicationsDuration of account + reasonable periodDispute resolution
Session and technical dataShorter rolling windowSecurity monitoring
Marketing preferencesUntil opt-out or account closureConsent-based

Security measures protecting your data

Security is constant. Encryption, firewalls, daily audits, and strict internal protocols are in place. Access to sensitive data is restricted to trained personnel, and independent reviews verify security measures. TLS encryption covers all data in transit between your device and the platform – this applies to login, deposits, withdrawals, and all account management actions. Two-factor authentication (2FA) is available and provides an additional layer of protection for account access.

Sensitive payment data is never stored in plain text on PokieSurf servers. KYC documents are stored in a restricted environment separate from standard account data. Biometric login options (Face ID, Touch ID, fingerprint) are available on compatible mobile devices as an alternative to password entry.

What you can do to protect your own account

Server-side security covers the platform’s end of the connection. Player-side habits determine how well the account is protected at your end. Using a unique, strong password not shared with other accounts, enabling 2FA, and logging out manually on shared devices removes the most common account compromise risks. Never share login credentials with anyone – account security and bonus eligibility both depend on single-account ownership.

Your rights over your personal data

Players have defined rights over the personal data held on their account. These rights can be exercised by contacting PokieSurf support directly.

Players have rights regarding their personal data, including the right to access, amend, or delete their information. The casino’s privacy policy should detail how players can exercise these rights. Moreover, users can opt out of marketing communications at any time, ensuring they only receive information they deem relevant or beneficial.

Right What it means in practice
Right to accessRequest a copy of all personal data held on your account
Right to rectificationRequest correction of inaccurate personal data
Right to erasureRequest deletion of data no longer required for operational or legal purposes
Right to restrict processingRequest that certain data is held but not actively processed
Right to data portabilityRequest your data in a readable digital format
Right to objectObject to processing for marketing or non-essential purposes
Right to withdraw marketing consentOpt out of promotional communications at any time

Marketing communications and opt-out

PokieSurf sends promotional communications – bonus announcements, promo code drops, tournament notifications – via email and SMS. These communications require opt-in consent at registration and can be opted out of at any time through the account settings or by contacting support directly. Opting out of marketing communications does not affect account access, bonus eligibility, or any other feature of the platform.

Email and SMS marketing consent is managed separately. Unsubscribing from email does not automatically remove SMS alerts, and vice versa. Both preferences can be managed independently through the communication settings in the account area.

Policy updates and notification

PokieSurf updates its privacy policy when operational practices, regulatory requirements, or platform features change in ways that affect how player data is handled. As regulations, technology, and user expectations evolve, the privacy approach adapts. Significant updates are communicated clearly via your account and on the website to maintain transparency.

Checking the privacy policy before a significant deposit or before completing KYC verification for the first time is a practical habit – it confirms that the terms you agreed to at registration remain current. The policy page on the official site displays a last-updated date.

Responsible gambling and privacy: where they connect

Responsible gambling tools at PokieSurf – deposit limits, session cool-offs, and self-exclusion – require the platform to monitor gameplay patterns to function correctly. This is one area where data collection and player protection overlap directly. Game activity is collected to support responsible play. Session length, betting frequency, and deposit patterns are monitored as part of the platform’s responsible gambling obligations under the CGA licence framework.

Players can set deposit limits, loss limits, and self-exclusion periods directly from the account settings. These tools apply immediately after being activated. For external support, the National Gambling Helpline is available on 1800 858 858 at any time – free and confidential.

FAQ

What personal data does PokieSurf Casino collect at registration?

PokieSurf collects your full name, date of birth, residential address, phone number, and email address during the account registration process.

Does PokieSurf sell my personal data to third parties?

No - player data is not sold or rented to advertisers or external marketing companies; it is shared only with payment processors, KYC providers, and regulatory bodies as required.

How is my payment information protected at PokieSurf?

Payment transactions are processed through third-party secure gateways, so PokieSurf does not store full card numbers or sensitive financial credentials on its own servers.

Why does PokieSurf need my ID documents?

KYC identity verification is required by the Curaçao Gaming Authority licence to confirm player age and identity before any withdrawal is processed.

Can I request a copy of all data PokieSurf holds on me?

Yes - you have the right to request access to your personal data by contacting PokieSurf support directly via live chat or email.

How long does PokieSurf keep my data after I close my account?

AML regulatory obligations require that transaction records and KYC documents be retained for a minimum of five years after account closure.

Can I opt out of marketing emails from PokieSurf?

Yes - marketing communications can be opted out of at any time through the account communication settings or by contacting support, without affecting access to the platform.

Are my KYC documents accessible to all PokieSurf staff?

No - identity documents are stored in a restricted access environment and are only accessible to authorised personnel involved in the verification process.

What encryption does PokieSurf use to protect data?

TLS encryption is applied to all data in transit between your device and the PokieSurf platform, covering login, payments, game sessions, and all account management actions.