Overview of How We Handle Personal Data

• Personal data we collect:
  • Identification and contact details: name, date of birth, address, email, phone number, identity documents for KYC.
  • Account and service information: username, preferences, responsible gaming settings, communications.
  • Transaction data: deposits, withdrawals, payment method details (tokenised where possible), currency, timestamps.
  • Technical data: IP address, device identifiers, browser type, app version, log files, cookies.
  • Compliance data: results of verification checks, sanctions and PEP screening, self-exclusion status.
• Why we collect this information:
  • To provide and maintain online services, process payments, and support the user account.
  • To meet legal duties under Nigeria’s gambling and anti-money laundering laws.
  • To prevent fraud, ensure security, and enforce terms.
  • To improve performance, reliability, and user experience.
• Security measures:
  • Encryption in transit and at rest for sensitive data.
  • Role-based access controls and staff training.
  • Segregated environments, firewalls, and monitoring.
  • Vendor due diligence and confidentiality obligations.
• User rights under Nigerian law (NDPA 2023 and NDPR):
  • Access a copy of personal data.
  • Correct inaccurate information.
  • Delete data where no longer needed or where consent is withdrawn, subject to legal retention.
  • Restrict or object to certain processing and request portability where applicable.
  • Complain to the Nigeria Data Protection Commission if unresolved.
• Compliance: The platform operates in line with the Nigeria Data Protection Act 2023, NDPR 2019, National Lottery Regulatory Commission rules, state gaming guidelines, and anti-money laundering requirements.

• Account servicing and operations:
  • Create and manage the user profile, verify identity, provide customer support.
• Transactions and payments:
  • Process deposits and withdrawals through authorised payment providers and banks.
• Service improvement and analytics:
  • Monitor performance, fix issues, and analyse usage for better functionality.
• Responsible gaming and security:
  • Apply limits, self-exclusion, fraud detection, and risk controls.
• Communications:
  • Send service notices, transactional messages, and regulatory updates. Marketing messages are sent based on consent and can be withdrawn at any time.
• Legal and regulatory compliance:
  • Satisfy AML/CFT checks, dispute handling, and reporting duties.

Processing is lawful, fair, and transparent, limited to the stated purposes and proportionate to the services provided.

• Access and update:
  • Users can view and edit account details in the profile area. Requests for a copy of personal information can be made through the Help Centre or the privacy request channel shown in account settings.
• Correction:
  • If any information is inaccurate, a request for correction can be submitted along with supporting documents where required.
• Deletion:
  • A request to delete personal data can be made when it is no longer needed for the services or legal obligations. Some records must be kept for anti-money laundering, tax, and regulatory reasons.
• Verification and payments:
  • By using Pin-Up, the user consents to security checks, identity verification, sanctions screening, and payment data processing by approved providers, card schemes, and banks.

Responses to verified requests are provided within the timelines required by Nigerian data protection law.

This service is for persons aged 18 and above. The operator cannot confirm age without identity documents during verification checks. If personal data of a minor has been provided, a parent or legal guardian may contact support to request deletion and account closure. Any funds will be handled according to applicable law after verification of the requester’s authority.

Personal data may be stored and processed in Nigeria and in other countries where service partners operate. Using the site and services confirms consent to such transfers, subject to safeguards. Cross-border transfers follow Nigeria’s data protection rules, including adequacy decisions, standard contractual clauses, or other lawful mechanisms. All partners handling information must keep it confidential and implement appropriate security measures.

This section explains limits that may affect how the rules are interpreted or applied. The policy does not grant rights beyond those set by applicable law, and legal obligations prevail where there is any conflict. The disclaimer applies once the user accepts this policy by signature, acceptance during registration, or accession through continued use of the services. If a clause is found invalid by law, the remaining parts of the policy continue to operate.

Cookies are small text files saved on a device by websites or apps. They help remember preferences and improve online performance. Cookies are used for statistics, behaviour analysis, personalisation, security, and service improvement. Cookie data is normally retained for up to 1 year, after which it is deleted or anonymised. Users can manage or block cookies in browser or device settings, though some features may not function fully.

Use of the services means full acceptance of this Privacy Policy. The current version published on the websites and apps takes precedence over any previous version. Continued use after changes indicates acceptance of the updated terms to the extent permitted by law.

Personal data may be shared when required by law, to resolve disputes, or to perform agreements. Typical recipients include payment processors, banks, identity verification providers, fraud prevention services, hosting and cloud vendors, analytics tools, regulators, and law enforcement. The categories or specific partners are listed on the site or will be communicated, including purpose and scope of disclosure. Providing personal information signifies consent to such disclosures where consent is the lawful basis.

The site may include links to other websites or apps that have their own privacy policies. The operator is not responsible for how those third parties collect, use, or protect information. Users should review the privacy notices of any external service before providing personal data.