1. Introduction & Scope
Betwiga ("we", "our", "us") is a licensed cross-border online sports betting and gaming platform. This Privacy Policy explains how Betwiga collects, uses, shares, and protects personal data of users who access our website, mobile application, and related services (collectively, the "Platform").
This Policy applies to all individuals globally who interact with Betwiga, regardless of jurisdiction. By registering an account or using our Platform, you acknowledge that you have read, understood, and consent to this Privacy Policy.
| Company | Betwiga Limited |
| Website | www.betwiga.com |
| Effective Date | 9 May 2025 |
| Last Updated | 9 May 2025 |
| Applies To | All users globally |
2. Data Controller Information
Betwiga operates as the Data Controller for personal data collected through the Platform. Our designated Data Protection Officer (DPO) can be contacted at:
| DPO | Data Protection Officer, Betwiga Legal |
| [email protected] | |
| Jurisdiction | Cross-border |
3. Data We Collect
3.1 Identity & Account Data
- Full legal name and date of birth
- Government-issued identification number (passport, national ID, or driver's licence)
- Nationality and country of residence
- Profile username and password (hashed and encrypted)
- Profile photograph (where required for KYC verification)
3.2 Contact Information
- Email address
- Mobile phone number (for 2FA and verification)
- Physical address (for regulatory compliance and correspondence)
3.3 Financial & Payment Data
- Bank account details, card numbers (tokenised — never stored in full)
- Mobile money identifiers (M-Pesa, Airtel Money, etc.)
- Transaction history, deposit and withdrawal records
- Source of funds documentation (as required by AML regulations)
3.4 Betting & Gaming Activity
- Bets placed, stakes, odds, and outcomes
- Game session data, wager history, and bonus usage
- Responsible gambling limits and self-exclusion records
3.5 Technical & Device Data
- IP address and geolocation data
- Device identifiers, browser type, and operating system
- Log files, session duration, and clickstream data
- Cookies and similar tracking technologies
3.6 Third-Party Data
We may receive data from identity verification providers, payment processors, fraud detection agencies, and publicly available sources, as permitted by law.
4. Legal Basis for Processing
| Contractual Necessity | Processing bets, managing accounts, processing payments |
| Legal Obligation | KYC/AML compliance, reporting to regulators, tax obligations |
| Legitimate Interest | Fraud prevention, security monitoring, service improvement |
| Consent | Marketing communications, analytics cookies, optional profiling |
| Vital Interests | Problem gambling detection and intervention |
5. How We Use Your Data
Primary Purposes
- Account registration, verification, and ongoing management
- Processing deposits, bets, withdrawals, and related transactions
- Complying with KYC and Anti-Money Laundering (AML) requirements
- Preventing and detecting fraud, money laundering, and other illegal activities
- Communicating with you regarding your account, bets, and platform updates
- Providing responsible gambling tools and mandatory intervention measures
Secondary Purposes
- Sending promotional offers and bonuses (with your consent)
- Conducting analytics to improve our Platform and services
- Complying with applicable gaming regulations in each jurisdiction
- Resolving disputes and enforcing our Terms and Conditions
- Sharing aggregated, anonymised data for research purposes
6. Data Sharing & Disclosure
We do not sell your personal data. We may share it only in the following circumstances:
Regulatory & Legal Authorities
We are required to share data with gaming regulators, financial intelligence units, law enforcement, and tax authorities in jurisdictions where we operate, including suspicious transaction reporting under AML legislation.
Service Providers
- KYC/identity verification providers (e.g. Onfido, Jumio, or equivalent)
- Payment processors and banking partners
- Cloud hosting providers (with data residency controls)
- Fraud detection and cybersecurity vendors
- Customer support platforms
Cross-Border Transfers
International transfers comply with applicable law through Standard Contractual Clauses (SCCs), Binding Corporate Rules, and adequacy decisions for approved jurisdictions.
7. Data Retention
| Account & Identity Data | Min. 5 years after account closure |
| Transaction & Betting Records | Min. 7 years |
| KYC Documents | 5–10 years (jurisdiction-dependent) |
| Marketing Consent Records | Until withdrawn + 3 years |
| Technical / Log Data | 13 months rolling |
| Responsible Gambling Records | Exclusion period + 5 years |
8. Your Data Rights
- Right of Access — Request a copy of the data we hold about you
- Right to Rectification — Correct inaccurate or incomplete data
- Right to Erasure — Request deletion (subject to legal retention obligations)
- Right to Restriction — Restrict processing in certain circumstances
- Right to Portability — Receive your data in a structured, machine-readable format
- Right to Object — Object to processing based on legitimate interests
- Right to Withdraw Consent — Where processing is consent-based
Note: Certain rights are limited by AML/KYC and gaming regulations. We cannot delete data we are legally required to retain.
9. Cookies & Tracking
| Strictly Necessary | Essential platform operation — no consent required |
| Functional | Preferences and personalisation — consent required |
| Analytics | Usage statistics and performance — consent required |
| Marketing | Targeted advertising — consent required |
| Responsible Gambling | Session monitoring for player protection — necessary |
You can manage cookie preferences via our Cookie Consent Manager. Withdrawing consent for non-essential cookies will not affect your account functionality.
10. Responsible Gambling & Special Data
Data relating to problem gambling behaviour, self-exclusion, and intervention measures is treated as sensitive data. Such data is:
- Accessible only by trained Responsible Gambling and Compliance staff
- Shared with national self-exclusion registers where legally required
- Never used for marketing purposes
- Retained for the duration of any exclusion period plus 5 years minimum
11. Children's Privacy
Betwiga does not knowingly collect data from individuals under 18 years of age (or the legal gambling age in their jurisdiction, whichever is higher). If we discover a minor has registered, we will immediately suspend the account, void all activity, delete the minor's data, and report to relevant authorities where required by law.
12. Security Measures
- AES-256 encryption for data at rest; TLS 1.3 for data in transit
- Multi-factor authentication (MFA) on all administrative access
- Regular penetration testing and vulnerability assessments
- Role-based access controls with principle of least privilege
- 24/7 security monitoring and intrusion detection systems
- Annual third-party security audits and ISO 27001 alignment
13. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email and/or in-platform notification at least 30 days before taking effect. Continued use of the Platform after the effective date constitutes acceptance of the revised Policy.
14. Complaints & Supervisory Authority
If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. For EU/EEA users, this is your national Data Protection Authority.
You may also contact our DPO directly at [email protected] before escalating to a regulator.