How we handle your personal information under the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles. Last updated 19 June 2026.
| Data type | Purpose | Retention | Shared with |
|---|---|---|---|
| Name, DOB, address | Identity verification, age check, residency | 7 years post-closure | KYC partner (Sumsub) |
| Email, phone | Login, OTP, support, RG check-ins | 7 years post-closure | SMS gateway (Twilio AU) |
| Bank/PayID/crypto address | Deposits & withdrawals | 7 years post-closure (AML) | Payment processors only |
| Gameplay logs | Audit, RG monitoring, dispute resolution | 7 years | Curaçao licensor on request |
| Device fingerprint / IP | Fraud prevention, multi-account detection | 3 years | iovation / Seon |
| Marketing preferences | Promo emails, push notifications | Until opt-out | Marketing partner (Customer.io) |
| Cookies / analytics | Site performance, attribution | 13 months | Google Analytics, Hotjar |
RoboCat N.V., the operating company behind RoboCat Australia, is the data controller for personal information collected via robo-cat-australia.com. The data protection officer can be reached at [email protected]. For Australian players we additionally comply with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs), and have appointed an Australian-resident privacy representative reachable at the same address.
We collect three categories of personal data. The first is identity data you provide directly: full name, date of birth, residential address, postcode, contact email, optional phone number, and the personal identification document(s) you upload during KYC. The second is financial data necessary to fund and pay out your account: bank account or PayID handle, card details (tokenised – we never store full PAN numbers), crypto wallet addresses, and transaction history. The third is behavioural data generated by your use of the service: login timestamps, IP addresses, device fingerprints, game play logs, deposit and withdrawal records, customer support transcripts, and marketing engagement metrics.
We process personal data to perform the contract between you and us (open and operate your account, process deposits and withdrawals, deliver bonuses, resolve disputes), to comply with legal obligations (anti-money laundering, age verification, responsible gambling, financial crime reporting), to protect our legitimate interests (fraud prevention, fair-play enforcement, debt recovery), and where applicable with your consent (marketing communications, optional profiling for personalised promotions).
Our primary database is hosted in Amsterdam, with a hot-standby replica in Frankfurt. Backups are encrypted at rest with AES-256 and replicated to two geographic zones. Australian players' data is mirrored to a read-only AU node hosted in Sydney to reduce latency for support requests. KYC documents are stored separately in our verification partner's encrypted vault (Sumsub, ISO 27001 certified) and are not accessible from the live gaming environment.
We share data only with the third parties strictly necessary to deliver the service: KYC verification (Sumsub), payment processors (PayID, Mastercard, Visa, BPAY, crypto custodians), risk engines (Seon, iovation), email and SMS delivery (Customer.io, Twilio AU), customer support tooling (Zendesk), and our regulators (Curaçao Gaming Authority, AUSTRAC in the case of mandatory threshold transaction reports). We never sell personal information to advertisers, data brokers or marketing aggregators.
Because our primary infrastructure sits in the EU, Australian players' personal information is subject to transfer outside Australia. We rely on Standard Contractual Clauses for these transfers and confirm that the receiving jurisdictions provide a level of protection substantially similar to the Australian Privacy Principles. For Australian residents, you may request a copy of the relevant transfer impact assessment by emailing [email protected].
We retain account, identity and transaction data for seven years from the date of account closure, in line with Australian AML/CTF record-keeping rules and Curaçao licence conditions. Gameplay logs are retained for the same seven-year window for dispute resolution. Marketing data is retained until you opt out, after which it's deleted within 30 days. Device fingerprint and IP logs are retained for three years for fraud prevention purposes.
You have the right to: (a) access the personal information we hold about you (free of charge, within 30 days); (b) request correction of inaccurate or outdated information; (c) withdraw consent for marketing communications at any time; (d) lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we've mishandled your data; (e) request anonymisation or deletion of information not subject to mandatory retention. To exercise any of these rights, email [email protected].
We use first-party cookies for essential session management (login state, balance display, cashier persistence) and third-party cookies for analytics and marketing attribution. The cookie banner on first visit lets you accept or reject each category. Rejecting analytics and marketing cookies has no impact on access to the service. The full cookie inventory is published at /cookies.json.
We protect personal data with: TLS 1.3 encryption in transit; AES-256 encryption at rest; mandatory two-factor authentication for all internal staff with database access; quarterly third-party penetration testing; ISO 27001 certified hosting; segregated KYC vaults inaccessible from production systems; least-privilege access controls reviewed monthly. We have never experienced a confirmed personal-data breach affecting Australian players. In the event of one, we would notify affected players within 72 hours and report to the OAIC under the Notifiable Data Breaches scheme.
Our service is strictly for adults aged 18 and over. We do not knowingly collect personal information from minors. If a parent or guardian discovers that a minor has registered, please contact us immediately at [email protected] and we will close the account, refund any deposits, and purge all associated personal data.
Data collected via our responsible gambling tools (deposit limits, reality checks, self-exclusions) is treated with extra care. Self-exclusion records are retained for the full exclusion period plus an additional five years, and are shared with the BetStop national register only with your explicit consent or where required by law.
We may update this policy from time to time. Material changes are notified by email at least 14 days before they take effect. The "last updated" date at the top of this page is the source of truth. Continued use of the service after the effective date constitutes acceptance.