The platform collects personal data only for defined purposes and limited to what is necessary to operate services lawfully in India.

Collected personal data

• Identity and verification: name, date of birth, address, government ID copies, selfie for KYC.
• Contact details: email, mobile number, language preferences.
• Account information: username, settings, responsible gaming selections, communication history.
• Transaction and payment information: payment method tokens, UPI ID, limited card details stored by PCI DSS compliant processors, withdrawal records.
• Technical and usage information: IP address, device identifiers, log files, cookies, gameplay and betting activity for service integrity.

Why this information is collected

• To create and manage user accounts and provide requested services.
• To verify identity, prevent fraud, ensure platform security, and support responsible gaming.
• To process deposits and withdrawals through payment providers.
• To comply with applicable law and regulatory reporting.
• To improve site functionality, performance, and user experience.

Protection measures

• Encryption in transit and at rest for sensitive data.
• Strict access controls, role-based permissions, and audit logs.
• Regular security testing, vulnerability management, and incident response procedures.
• Vendor due diligence and contractual confidentiality obligations.
• Staff training and need-to-know handling of personal information.

User rights

• Access: request a copy of personal data held.
• Correction: ask to update or rectify inaccurate information.
• Deletion: request erasure subject to legal and regulatory retention.
• Consent management: withdraw consent for optional processing at any time.
• Grievance redressal: raise a concern through support and seek escalation if unresolved.

Compliance in India

• The platform aligns its practices to the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the SPDI Rules on reasonable security practices.
• Payment processing uses PCI DSS compliant providers. International best practice principles such as purpose limitation, data minimisation, and transparency are followed.

Personal data is used only for lawful, fair, and transparent purposes.

Main uses

• Account setup and service delivery, including verification and support.
• Processing transactions, payouts, and reconciliations through payment partners.
• Security, fraud prevention, anti-money laundering checks, and risk management.
• Improving websites, apps, and user experience through analytics and testing.
• Personalisation of content and settings based on user preferences.
• Marketing communications based on consent, with options to opt out at any time.
• Compliance reporting, dispute resolution, and enforcement of terms.

Processing principles

• Only the minimum information needed is collected and used for specified purposes.
• Processing is based on user consent or another lawful ground such as contract performance or legal obligation.
• Retention is limited to the period required for services, legal duties, and security.

Users can exercise their rights using in-account settings or by contacting support.

How to access data

• Submit an access request through the help centre. Identity verification may be required to protect the account.

How to update or correct data

• Edit fields in profile settings where available or submit a correction request. The platform may request supporting documents for KYC-related changes.

How to delete data

• Request account closure and deletion of personal information. Certain records must be retained for fraud prevention and legal compliance. Confirmation is provided once deletion is completed.

Timelines and responses

• The platform aims to respond within 30 days or as permitted by law. Complex requests may take longer and the user will be informed of the reason and expected timeline.

Security checks and payments

• By using Parimatch, the user consents to security checks, identity verification, and processing of payment data by authorised payment service providers for deposits and withdrawals.

The services are intended for persons aged 18 years and above. Registration by minors is not permitted.

• The operator cannot confirm age without identity documents and verification checks.
• If a parent or legal guardian believes a minor has provided personal data, a request can be made to remove the account and delete associated information.
• Evidence of guardianship and the minor’s identity will be requested before action.
• Any detected underage account will be suspended and information erased subject to legal retention requirements.

Personal information may be processed in other countries where technology, verification, payment, or support partners are located.

• Using the site constitutes consent to such cross-border transfers, subject to safeguards.
• Confidentiality and security obligations apply to all partners handling personal data.
• Contractual protections, encryption, and access controls are used to maintain appropriate protection regardless of location.
• Data transfers are limited to what is necessary for services, compliance, and security.

This disclaimer may limit, clarify, or otherwise affect how certain rules in this policy operate. It applies when the user accepts the policy by signature, affirmative acceptance, or accession through account actions.

• The policy does not confer rights beyond applicable law or the platform’s terms of service.
• If a provision is unlawful or unenforceable, the remaining terms continue to apply.
• In case of conflict, mandatory law takes precedence over this policy.

Cookies are small text files stored on a device by websites to remember a user and improve online services.

Purposes

• Essential operation and security of the site.
• Statistics and analytics to understand usage and performance.
• Behaviour analysis to detect fraud and maintain integrity.
• Personalisation of content, language, and preferences.

Retention and control

• Cookie data is typically retained for up to 1 year unless a shorter or longer period is required for security or law.
• Users can manage or block cookies in browser settings. Blocking certain cookies may affect functionality.
• Third-party cookies used for analytics or advertising are subject to the providers’ privacy terms.

Use of the site constitutes full acceptance of this Privacy Policy. Continued use after updates means agreement to the revised terms.

• The current version of this policy prevails over earlier versions.
• Users who do not agree should discontinue use and request account closure.

Personal data may be shared with third parties where required by law, to resolve disputes, to enforce agreements, or to provide requested services.

Categories of recipients

• Payment processors, banks, and UPI facilitators.
• Identity verification and anti-fraud providers.
• Analytics, cloud hosting, and customer support tools.
• Regulatory, tax, or law enforcement authorities when legally required.

Transparency and consent

• A list of key service providers and purposes is maintained on the site or provided upon request.
• If a new category of sharing is introduced, users will be informed of its purpose and scope when feasible.
• Providing data for these purposes constitutes consent to the required sharing, subject to contractual confidentiality and security obligations.

The site may contain links to third-party websites or apps that operate under their own privacy policies.

• The platform is not responsible for how external sites collect, use, or protect information.
• Users should review the privacy terms of each external service before providing personal data.
• Any activity on third-party services is governed by their policies and not this document.