Privacy Policy

Introduction

‍

This Privacy Policy (“Policy”) explains how GambleID LLC (“GambleID,” “we,” “us,” or “our”) collects, processes, uses, and safeguards personal data related to individual end users (“you” or “End User”) who engage with services provided through our platform. Our services are typically accessed when you interact with a third-party business - such as an online gaming operator, financial services provider, or other regulated or unregulated organization (“Operator”) - that relies on GambleID to support compliance, identity verification, fraud prevention, and data security.

‍

At GambleID, we take your privacy seriously. We are committed to ensuring that your personal information is handled with care, transparency, and respect. Our goal is not only to meet our legal obligations but to go beyond them - by applying best practices in data protection, encryption, and responsible use of information to support safe, compliant, and user-friendly experiences across the platforms we serve.

‍

We believe that privacy and innovation can work together. That’s why we use the data we collect to help Operators create smoother onboarding processes, prevent fraud and misuse, and tailor their services to your needs - all while minimizing risks and maximizing trust.

‍
By continuing with your transaction, registration, or account activity through an Operator that utilizes GambleID Services, you acknowledge and agree to the practices outlined in this Policy. We encourage you to read this Policy carefully, along with any applicable GambleID Terms of Service, so you can better understand how your data is used to protect and enhance your online experience.

‍

‍

I. Overview of GambleID Services

‍

GambleID provides advanced compliance, identity, and data intelligence solutions to both regulated and unregulated Operators across sectors such as online gaming, financial services, and other high-risk or verification-intensive industries.

‍

Our core offerings include:

‍

• Identity Verification (KYC): Matching user-submitted identity data against authoritative sources.
• Location Validation: Verifying geolocation using GPS, IP, Wi-Fi, and cellular triangulation to ensure jurisdictional compliance.
• Sanctions and Watchlist Screening: Performing OFAC and global sanctions checks against government and third-party databases.
• Payment Authentication: Validating ownership and legitimacy of financial instruments such as bank accounts, cards, and alternative payment methods.
• Device and Network Intelligence: Fingerprinting device attributes, assessing browser and OS configurations, and detecting emulation or bot activity.
• Compliance Workflow Automation: Enforcing regulatory or policy-based rules in real-time across user interactions and transactions.

‍

In addition to these core services, GambleID also provides:

‍

• Data Library & Analytics: Access to normalized datasets across Operators and jurisdictions for benchmarking, model training, and comparative risk evaluation.
• Financial Behavior, Value, and Risk Scoring: Deriving insights about user risk, spending patterns, transaction velocity, and lifetime value estimations to support underwriting and fraud models.
• Marketing and Audience Data: Identifying behavioral patterns, audience segmentation, and predictive metrics that can assist Operators with campaign targeting, promotional compliance, and user journey optimization.‍
• Regulatory & Legal Signal Mapping: Providing structured outputs on jurisdictional eligibility, trigger thresholds, and transaction-level anomalies.

‍

GambleID does not offer gaming or entertainment services directly to consumers. Instead, our platform supports Operators by:

‍

• Validating the identity, location, and legitimacy of their customers;
• Detecting and preventing fraud, manipulation, and regulatory violations;
• Enabling real-time decisioning on transactions, promotions, and onboarding workflows;
• Supplying data that supports internal and third-party modeling of risk, customer value, and compliance integrity.

‍

Through these services, GambleID helps Operators make informed decisions, reduce exposure, meet regulatory obligations, and enhance overall system integrity.

‍

‍

II. Types of Data We Collect

‍

The following types of data, as well as other data named or not named below, may be collected either directly from you, your device, your actions, the Operator, or third-party data providers:

‍

• Contact Data: Name, phone number, email address, mailing address
• Identity Data: Date of birth, SSN, government-issued IDs
• Biometric Data: Facial scan geometry, liveness checks, ID match scores
• Device & Network Data: IP address, browser type, operating system, device fingerprinting
• Geolocation Data: GPS, Wi-Fi, and cellular signals
• Transaction Metadata: Amounts, timestamps, velocity, pattern
• Behavioral Data: Login frequency, usage thresholds, clickstream, interaction history, etc
• Session Analytics: Scroll depth, mouse movement, clicks, error behavior, and screen recordings

‍

III. Full Site Usage Analytics

‍

To safeguard the integrity of our Services and provide enhanced fraud prevention, GambleID captures and analyzes detailed behavioral data during End User interactions with Operator-integrated environments. This may include:

‍

• Cursor movement, scrolling, and hover activity
• Form entry behavior, autofill patterns, and input timing
• Session replay, clickstream sequencing, and navigation paths
• Device motion events, tab switching, and screen recording analytics
• Error frequency, UI engagement depth, and abandonment timing

‍

This data is used for purposes including, but not limited to:

‍

• Real-time fraud detection and bot mitigation
• Regulatory audit readiness
• Internal testing and product performance tuning
• Behavioral model development and synthetic data generation
• Downstream licensing to Operators and authorized partners

‍

By engaging with a platform or Operator that utilizes GambleID Services, you explicitly consent to the collection and use of session analytics data as outlined herein. GambleID asserts full ownership over all behavioral, interactional, and derived usage datasets, including aggregated or anonymized outputs that may be used for commercial purposes, benchmarking, and algorithmic model training. These rights are retained indefinitely unless restricted by applicable law.

‍

IV. Biometric and Facial Data

‍

When permitted by law and requested by an Operator, GambleID may collect and process biometric identifiers and related facial geometry data, including but not limited to:

‍

• Selfie-to-ID photo comparison and document verification
• Liveness detection and identity match confidence scoring
• Facial geometry extraction for anti-fraud and duplication detection

‍

Biometric data is transmitted using end-to-end encryption and processed only within secure, access-controlled environments. GambleID retains biometric data solely as long as needed to complete the requested verification or to fulfill legal or contractual retention obligations - up to three (3) years, unless otherwise required by regulation, legal hold, or dispute resolution.

‍

GambleID reserves the right to use biometric data and related outputs for purposes including, but not limited to:

• Use biometric-derived metadata (e.g., confidence scores, liveness outcomes, image vectorizations) in model training and risk calibration
• Create and retain anonymized or synthetic representations of biometric patterns
• Commercially exploit anonymized derivatives for anti-fraud, AI development, and behavioral analytics

‍

All biometric processing is conducted in accordance with applicable privacy statutes, including but not limited to BIPA, CPRA, and GDPR, and is subject to Operator-approved contractual terms.

‍

V. How We Use Your Data

‍

We may use your personal data for purposes including, but not limited to:

‍

• Fulfill services requested by the Operator
• Perform identity, location, and compliance checks
• Authenticate transactions and validate payment instruments
• Monitor activity and enforce operator-defined rules
• Develop, improve, and expand our core technology and service models
• Comply with legal obligations and regulatory requirements
• Support internal research and commercial modeling initiatives
• Build and maintain data driven libraries for use by third parties to enhance GambleID services and the services of authorized partners

‍

GambleID retains sole and exclusive rights to all data derived, enriched, or generated through the processing, analysis, or modeling of End User information, even when such processing is initiated by an Operator. This includes metadata, analytical insights, predictive risk scores, anonymized behavioral datasets, and synthetic outputs used for internal or commercial purposes.

‍

VI. Data Licensing and Use in Financial Services

‍

GambleID may aggregate, analyze, and license data derived from End User activity to authorized third parties under strict controls. All such licensing falls into one of two categories:

‍

Anonymized or Aggregated Data Use

‍

GambleID may share or license anonymized or aggregated datasets - where direct identifiers have been removed. For clarity, GambleID defines ‘anonymized’ data as any dataset from which direct and indirect identifiers (such as name, government ID, device ID, or location trails) have been removed or transformed such that the individual cannot be reidentified through reasonable means in compliance with GDPR Recital 26 and NIST guidelines. This data may be for use by the following:

‍

• Financial institutions, including banks, lenders, and underwriters
• Hedge funds and quantitative analysts
• Insurance and risk modeling firms
• Commercial research organizations
• Artificial intelligence model developers
• Academic or regulatory institutions conducting market analysis

‍

These datasets may reflect, but are not limited to, behavioral trends, jurisdictional risk scoring, payment validation performance, geolocation accuracy, and other systemic metrics. No personally identifiable information (PII) will be present. 

‍

Non-Anonymized Data Use (Restricted Purpose)

‍

GambleID may license non-anonymized data only to Operators who originally submitted that data, or to contracted service providers operating under direct instruction from GambleID or the Operator. All such access is governed by legal agreements, data protection terms, and use limitations consistent with the Operator’s compliance framework.

‍

Operators who submit End User data to GambleID acknowledge and agree that such data, and any derivatives thereof, shall not be subject to exclusive licensing rights. GambleID reserves the right to analyze, license, or repurpose aggregated or anonymized datasets to any number of third parties for lawful business and commercial use.

‍

GambleID does not grant any third party exclusive access to its datasets, nor do we sell individual user profiles to external direct advertisers or brokers.

‍

VII. Use for AI & Machine Learning

‍

GambleID may use anonymized or behavioral data - including clickstream activity, cursor movements, device attributes, and verification outcomes - to train machine learning and artificial intelligence (AI) models. These models may be used for purposes including, but not limited to:

‍

• Improve fraud detection, transaction orchestration, and value scoring
• Enhance biometric recognition and match accuracy
• Identify emerging behavioral threats and compliance anomalies
• Generate predictive patterns for sanctioned behavior or jurisdictional violations

‍

When AI models are shared or licensed to external partners (e.g., fraud consortiums or technology vendors), GambleID ensures that all underlying data is anonymized and de-identified prior to use. Any commercialization of trained models does not include access to original raw End User data.

‍

GambleID prohibits the use of personally identifiable data in third-party AI training unless explicitly authorized by law or regulation and subject to appropriate contract terms.

‍

Synthetic Data and Statistical Derivatives

‍

GambleID may use raw or anonymized data to produce synthetic data sets and behavioral models using generative or statistical methods. These synthetic data sets do not directly correspond to real-world individuals but preserve key behavioral or compliance patterns for use in training, benchmarking, commercialization, or other lawful business, technical, or analytical purposes, including but not limited to fraud mitigation, regulatory modeling, product optimization, and third-party licensing. GambleID claims full intellectual property ownership of these outputs, and they may be licensed or distributed without restriction under applicable law.

‍

VIII. Wireless Carrier Authorization

‍

You expressly authorize your mobile wireless carrier (including but not limited to AT&T, Verizon, T-Mobile, and any other branded or affiliate provider) to disclose certain account, device, and subscriber information to GambleID, its service providers, and/or its Operator partners for the purpose of identity verification, fraud prevention, and compliance screening.

‍

This information may include, but is not limited to:

• Mobile phone number
• Account status (active/inactive, postpaid/prepaid, etc.)
• Account type (individual/business)
• Billing name and address
• Mobile device identifiers (IMEI, IMSI, etc.)
• Network signal data and IP address
• SIM card or line status (ported, reassigned, or recently changed)

‍

This data may be used to, but is not limited, to use for:

• Validate identity and account ownership during sign-up or transaction flows
• Detect synthetic identities, number spoofing, or account takeover risks
• Determine phone number risk scoring and mobile payment eligibility
• Fulfill regulatory obligations tied to Know Your Customer (KYC) requirements

‍

You acknowledge and agree that this authorization:

• Is granted as a condition of using GambleID Services through any Operator
• Remains valid for the duration of your session and any subsequent fraud review period
• May be revoked at any time by contacting your carrier, but doing so may impact your ability to access GambleID-powered verification services

‍

All data shared under this authorization is handled securely in accordance with GambleID’s internal data protection policies and applicable law. GambleID does not use carrier data for marketing purposes and does not resell it to unrelated third parties.

‍

For questions about how your carrier shares data or to manage carrier-based privacy preferences, please contact your mobile provider directly.

‍

IX. Disclosures to Third Parties

‍

GambleID may disclose your data under the following circumstances:

• To the Operator or its authorized agents who initiated the service request
• To data processors that support GambleID infrastructure (e.g., hosting, location services, ID scanning)
• To legal and regulatory authorities if required by subpoena, court order, or law
• To acquirers or successors in the event of a business merger, restructuring, or acquisition
• To authorized partners for the use of trend modeling and other analytical operations
• To authorized marketing firms for use in direct and indirect marketing operations

‍

We do not disclose your data for reasons unrelated to GambleID’s commercial operations agreements with authorized groups. The disclosure categories outlined herein are illustrative and do not limit GambleID’s lawful ability to use or share data under existing agreements, legal exceptions, or future business models, provided such use complies with applicable law. For the purposes of laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), GambleID does not ‘sell’ personal information as defined by those statutes. Any disclosures made for commercial analytics or fraud prevention are conducted under service provider or de-identified data exemptions.

‍

X. International Data Transfers & Regional Laws

‍

When End User data is transferred internationally, GambleID adheres to applicable cross-border data protection regulations. Transfers of personal data from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland to the United States or other jurisdictions occur under the following frameworks:

‍

• Standard Contractual Clauses (SCCs) issued by the European Commission
• UK International Data Transfer Addendum
• Swiss Addendum to the SCCs
• Additional technical and contractual safeguards, including encryption and access control

‍

In accordance with applicable jurisdictional requirements, GambleID acts as the independent data controller for data it collects, derives, or generates through its own platform, and as either a data processor, joint controller, or service provider for data submitted by Operators, depending on the nature of the service, the contractual framework in place, and local data protection laws. When processing Operator-submitted data, GambleID may act as a service provider or joint controller, depending on the nature of the service and jurisdictional requirements.

‍

You may have additional rights under GDPR, CPRA, LGPD, PIPEDA, or other national laws. These rights may include:

• Access to your personal data
• Rectification or deletion of inaccurate records
• Objection to certain processing or profiling
• Request for data portability
• Restriction of processing for specific purposes

‍

To exercise these rights, contact privacy@gambleid.com. We will respond to all verifiable requests within the timelines required by applicable law. Please note that data subject rights may be limited where enforcement mechanisms are not supported in the jurisdiction where GambleID operates. In such cases, GambleID will make a reasonable effort to honor requests consistent with the intent of the originating regulation but does not guarantee enforceability beyond applicable legal obligations.

‍

XI. Marketing Preferences and Opt-Out Controls

‍

GambleID, its Operators, or authorized marketing affiliates may use certain user information for promotional or informational communications, such as product announcements, regulatory reminders, or compliance education. Marketing outreach may occur via:

• Email
• SMS/text messaging
• Voice or phone outreach

‍

You have the right to opt out of such communications at any time. Opt-out mechanisms may include:

• Unsubscribe links in email messages
• STOP replies for SMS communications
• Contacting privacy@gambleid.com or the associated privacy email address of the Operator that holds your account with a removal request
• Global privacy controls or browser-based privacy signals (where supported by law)

‍

GambleID will honor all verified opt-out requests promptly. Opting out to marketing communications may affect your access to core services provided via an Operator.

‍

XII. Third-Party Data Brokers and API Providers

‍

To deliver, enhance, and expand GambleID’s Services, we maintain integrations and commercial relationships with authorized data suppliers and service providers, which may include:

• Identity bureaus and KYC providers
• Geolocation and Wi-Fi triangulation vendors
• Biometric match and ID scanning engines
• Device fingerprinting and emulator detection platforms
• Watchlist and sanctions screening databases
• Analytics and marketing data enrichment partners
• AI/ML training consortiums and fraud signal exchanges
• Payment method validation and ownership verification services

‍

GambleID carefully vets all third-party providers for regulatory alignment, data protection standards, and service scope. These third parties may receive raw or enriched data, subject to:

• Non-disclosure and confidentiality agreements
• Regulatory limitations applicable to their jurisdiction
• GambleID’s ongoing oversight and compliance audits

‍

GambleID maintains exclusive rights to any derivative data, enriched signals, or aggregated outputs generated from interactions with such providers, unless prohibited by governing law or specific contract. We reserve the right to update our vendor list at any time without notice, as permitted by law.

‍

XIII. Internal Systems, Encryption & Infrastructure

‍

GambleID operates on a secure, multi-region cloud architecture with industry-leading data protection standards. Our infrastructure includes:

• AES-256 encryption for data at rest and TLS 1.2+ encryption for data in transit
• SOC 2, ISO 27001, and PCI-DSS aligned access and security controls
• Automated key rotation, session token revocation, and audit log retention
• AI-based intrusion detection and zero-trust network segmentation
• Annual penetration testing by independent third-party security firms

‍

All system components and databases are hosted in secure zones within the United States unless required by law to be hosted within a specific jurisdiction.

‍

GambleID retains exclusive control and IP ownership over its systems, processes, and any derivative datasets generated from user interactions, verification outcomes, or transaction workflows. We expressly reserve the right to store, process, replicate, and license derived data models and synthetic datasets, provided they comply with the principles outlined in this Policy and governing law.

‍

XIV. Data Retention

‍

GambleID retains personal data based on the following principles:

• Contractual Obligations: Data is retained as long as required by our agreement with the Operator.
• Legal Requirements: Certain data may be held up to 7 years for compliance audits, fraud investigations, and regulatory reporting.
• Biometric Data: Retained no longer than 3 years unless required by law or an ongoing legal/regulatory matter.
• Data Analysis: We secure and reengage with data held in historical databases in order to identify trends and build predictive models
• Data Minimization: We regularly review datasets to remove records no longer needed for service delivery or lawful business operations.

‍

We do not repurpose collected data in ways that conflict with the original scope of consent. GambleID does not use your data for unrelated purposes unless allowed by law or explicitly disclosed in this Policy.

‍

XV. Your Rights and Choices

‍

You may have the following rights under applicable laws:

• Access a copy of your personal data
• Request correction, deletion, or export of your data
• Limit certain uses or sharing of your information
• Withdraw biometric or wireless carrier consent (where applicable)

‍

To exercise your rights, email: privacy@gambleid.com. We may verify your identity before fulfilling the request. Note: any request may result in the blocking of your ability to access any GambleID services directly or as they may be attached to an Operator.

‍

XVI. Class Action Waiver (U.S. Residents)

‍

By using GambleID Services - whether directly or through an Operator - you expressly agree that any disputes, claims, or controversies arising out of or related to GambleID’s handling of your personal data shall be resolved on an individual basis only.

You hereby irrevocably waive any right to participate in, join, or bring:

• Class actions
• Representative actions
• Private attorney general actions
• Collective proceedings or arbitrations

‍

This waiver applies to all legal claims under U.S. law, including those arising under state or federal privacy statutes. If any portion of this provision is found unenforceable, the remainder shall remain in full force and effect. For more information, see the GambleID Terms of Service.

‍

‍

XVII. Changes to This Privacy Policy

‍

GambleID reserves the right to amend or update this Privacy Policy at any time to reflect evolving Services, regulatory changes, or business operations. This right to change is retroactive and applies to all previous and future versions of this Policy, including changes made prior to your current or past use of any GambleID Services. You may be notified of material changes via:

• Updates posted on the GambleID website
• Affirmative activity via a GambleID Service by an Operator
• Notifications via associated Operators or platforms
• Direct email or SMS notice (if contact details are available)

‍

Your continued use of GambleID Services following any posted updates constitutes binding acceptance of those changes. You are encouraged to review this Policy periodically to stay informed of your rights, our practices, and how we manage and license personal and derived data.

All changes are effective immediately unless otherwise stated. For more information, see the GambleID Terms of Service.

‍

Notice of Future Changes

‍

By agreeing to this Privacy Policy, you also agree in advance to any future modifications made by GambleID over its lifetime, or as otherwise permitted by law. Your acceptance is ongoing and applies to all future updates, regardless of whether explicit notice is provided at the time of change. Your continued use of GambleID-powered services - either directly or through an Operator - constitutes full acceptance of any amended version of this Policy for as long as you maintain a profile or your data remains active in our systems. This clause is binding to the fullest extent permitted under applicable law.

‍

‍

XVIII. Contact Information

‍

When contacting GambleID regarding a privacy-related matter or data request, you will be required to verify your identity before we can disclose, discuss, or modify any information related to a specific individual profile. This verification may include confirming your name, contact details, device history, or submitting identification documentation consistent with the original data submitted to the associated Operator.

‍

Via Mail:

GambleID LLC

1121 Delano Street, Suite 101

Houston, TX 77003

‍

Phone: +1 (832) 701-0202

Email: privacy@gambleid.com

‍

Hours of Operation: Monday through Friday, 10:00 AM to 4:00 PM Central Time (excluding U.S. banking holidays)

‍

To help us process your request efficiently, please also provide:

• Your full name and date of birth in an email from the address on file with your profile
• The name of the Operator or platform you interacted with
• A description of the issue, request, or inquiry you are submitting
• An estimated date that your profile information was supplied to GambleID by the Operator.

Incomplete requests may result in delays, and GambleID reserves the right to deny or defer responses if identity verification fails or if the request is outside the scope of data subject rights permitted by applicable law.

‍

XIX. In Conclusion

‍

GambleID is committed to maintaining the highest standards of data integrity, security, and lawful usage in every jurisdiction in which we operate. Our technology is designed to protect both our Operator partners and the End Users whose data we process. We believe in transparency, accountability, and the responsible application of data for compliance, security, intelligence, and innovation.

‍

This Privacy Policy outlines how we collect, use, retain, and share data in alignment with regulatory expectations and our contractual obligations. It also affirms our rights to generate, license, and commercialize data - anonymized, synthetic, or derived - within the bounds of applicable law and ethical data stewardship.

By continuing to engage with any service or Operator platform powered by GambleID, you acknowledge and agree to the practices detailed in this Policy. We encourage you to revisit this Privacy Policy regularly, as it may evolve alongside our services, our technology, and the legal landscape.

‍

If you have any questions, concerns, or requests, please contact us directly using the information provided above.

‍

‍