Privacy Policy

1) Who This Policy Applies To

This Policy applies to:

• Website visitors
• Account holders and authorised users ("Users") of the Service
• People who contact us (e.g., support, sales, partnerships)
• Community/competition participants (where applicable)

The Service is intended for business/professional users (iGaming affiliates and teams) and is not directed at children.

2) Controller / Processor Roles (Important)

2.1 When we act as a "controller"

We act as a data controller for personal data relating to:

• Your account registration and profile
• Billing and subscription administration
• Website analytics and marketing preferences
• Security logs and fraud prevention
• Customer support communications

2.2 When we may act as a "processor"

The Service lets you connect affiliate programs and upload/sync performance data via API or CSV ("Affiliate Program Data"). This data is typically aggregated performance information (e.g., clicks, registrations, FTDs, conversion rates, deposit value) and normally does not require player identity details.

However, if you upload or sync Affiliate Program Data that includes personal data (for example: a unique identifier that could relate to an individual), then:

• You are the controller of that personal data; and
• We act as a processor for that personal data to provide the Service to you.

If you require a Data Processing Agreement (DPA), please contact us at roigambler@gmail.com.

3) Personal Data We Collect

We collect different categories of personal data depending on how you interact with the Service.

3.1 Information you provide directly

• Account & profile data: name, email address, password (stored in hashed form), organisation/company name, role, timezone and similar profile settings.
• Team/seat data: names/emails of invited team members and role-based permissions.
• Communications: information you provide when you contact us (support tickets, emails, chat messages), feedback, and survey responses.
• Community content: handle/username, posts, comments, messages, and any content you submit in community/forum areas (if enabled).
• Competition/leaderboard participation: handle and related participation details (and, if you win a prize, we may request details needed to deliver it and comply with legal requirements).

3.2 Billing and subscription data

If you subscribe to paid plans, we collect:

• Billing contact data and invoicing details (e.g., billing email, company name, address, VAT number if provided).
• Transaction metadata (e.g., payment status, timestamps, plan level).

We do not intentionally store full payment card details on our systems; payments are handled by payment processors.

3.3 Affiliate Program Data you connect or upload

Depending on what you connect/import, we may process:

• Program/network identifiers (program names, account IDs, connection status)
• Performance metrics such as clicks, REGs, FTDs, CVR, CPA/RevShare, deposits/deposit value, GEO performance, traffic source tags, and subIDs
• Deal terms you input for simulations (e.g., CPA amount, RevShare %, hybrid terms, CPC/CPM estimates)

Note: You are responsible for ensuring you have the right to share and process any Affiliate Program Data you connect or upload and that doing so complies with your agreements with the relevant affiliate networks/operators.

3.4 Usage, device, and technical data (automatically collected)

When you visit or use the Service, we may collect:

• IP address, approximate location derived from IP, device identifiers
• Browser type/version, operating system, language, device type
• Log data (access times, pages/screens viewed, error logs, diagnostic logs)
• Cookie identifiers and similar tracking technologies (see Section 9)

3.5 Information from third parties

• Payment processors (payment status and transaction metadata)
• Analytics providers (aggregate website/app usage)
• Communication tools (delivery status of emails/notifications)
• Affiliate Programs you connect (data made available through their APIs/exports)

4) How We Use Personal Data

We use personal data for the following purposes:

4.1 Provide and operate the Service

• Create and manage Accounts and team seats
• Authenticate Users and maintain sessions
• Provide dashboards, normalisation, exports, alerts, and reporting features
• Provide community features and participation features where enabled
• Provide customer support and respond to enquiries

4.2 Generate aggregated/anonymised benchmarks and insights

• Process Affiliate Program Data to produce aggregated outputs (e.g., network benchmarks, heatmaps, rankings, toplist suggestions)
• Improve benchmark accuracy and recommendations as the network grows

We do not publish your raw account-level performance as "yours" to other Users.

4.3 Improve, maintain, and secure the Service

• Debug, monitor performance, and improve usability
• Maintain backups and disaster recovery
• Prevent abuse, fraud, unauthorised access, and security incidents

4.4 Communications and marketing

• Send service messages (e.g., security notices, product updates, operational alerts)
• Send marketing communications where you have opted in (you can opt out at any time)

4.5 Legal and compliance

• Meet legal obligations (e.g., accounting and tax compliance, responding to lawful requests)
• Enforce our Terms & Conditions and protect our rights

5) Legal Bases for Processing (GDPR)

Where the GDPR applies, we rely on the following legal bases:

• Contract: processing is necessary to provide the Service (account management, dashboards, support).
• Legitimate interests: to secure, improve, and operate the Service; prevent fraud; and develop aggregated/anonymised benchmarks and product insights. We balance these interests against your rights.
• Consent: for certain marketing communications and for non-essential cookies/tracking technologies where required.
• Legal obligation: to comply with applicable laws (e.g., tax, accounting, and regulatory requirements).

You can withdraw consent at any time (this does not affect processing already carried out before withdrawal).

6) How We Share Personal Data

We do not sell personal data.

We may share personal data with:

6.1 Service providers (sub-processors)

We use trusted providers to run and support the Service (e.g., hosting, analytics, email delivery, customer support tools, payment processors, messaging/notification providers). These providers are authorised to process personal data only as needed to provide services to us and are contractually required to protect it.

6.2 Third-party integrations you enable

If you choose to connect third-party services (e.g., affiliate networks, notification channels like Slack/Telegram/WhatsApp), we will share data with those services only as necessary to deliver the integration/feature you request.

6.3 Legal requirements and protection

We may disclose personal data if required by law or if we believe disclosure is necessary to:

• comply with legal process or lawful requests,
• investigate or prevent wrongdoing,
• protect the rights, safety, and security of ROI Gambler, our Users, or others.

6.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganisation, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

7) International Transfers

We are based in Malta (EU). Some of our service providers or connected services may process data outside the European Economic Area (EEA).

Where personal data is transferred outside the EEA, we use appropriate safeguards such as:

• the European Commission's Standard Contractual Clauses (SCCs), and/or
• other lawful transfer mechanisms recognised under GDPR.

8) Data Retention

We keep personal data only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Key retention principles:

• Account and Service data: retained while your Account is active to provide the Service.
• Export window after cancellation: after cancellation/termination, you will have 30 days to export your data (where export functionality is available). After that period, we may delete or permanently de-identify your Account data, subject to backups and legal requirements.
• Backups: data may remain in backups for a limited time after deletion.
• Billing and tax records: we retain billing/invoice records for the period required by applicable tax/accounting laws.
• Aggregated/anonymised data: we may retain aggregated/anonymised benchmark datasets for product improvement and benchmarking because they are not intended to identify you.

9) Cookies and Tracking Technologies

We use cookies and similar technologies to operate the website and Service.

9.1 Types of cookies

• Strictly necessary cookies: required for site functionality, security, and login/session management.
• Analytics cookies: help us understand usage and improve the Service (e.g., measuring traffic and feature performance).
• Preference cookies: remember settings and improve user experience.
• Marketing cookies (if used): help measure marketing effectiveness and deliver relevant content.

9.2 Cookie choices and consent

Where required by law, we use a cookie consent banner to let you control non-essential cookies. You can update your preferences at any time using the cookie settings available on the site (where provided) and/or through your browser settings.

Disabling cookies may affect certain features or functionality.

10) Security

We implement appropriate technical and organisational measures to protect personal data, which may include:

• encryption in transit (e.g., HTTPS/TLS),
• access controls and least-privilege permissions,
• monitoring and logging,
• secure development and operational practices.

No system can be guaranteed 100% secure. You are responsible for keeping your credentials secure and using strong passwords.

11) CHILDREN'S PRIVACY

The Service is not intended for individuals under 18, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will take appropriate steps to delete it.

12) Your Rights (GDPR / EU)

If you are in the EU/EEA (and in certain other jurisdictions), you may have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Request erasure (deletion), in certain circumstances
• Restrict processing, in certain circumstances
• Data portability, where applicable
• Object to processing based on legitimate interests, in certain circumstances
• Withdraw consent, where processing is based on consent
• Lodge a complaint with a supervisory authority

To exercise your rights, contact us at roigambler@gmail.com.

We may ask you to verify your identity before responding.

13) Supervisory Authority (Malta)

If you are in Malta or you want to lodge a complaint with a supervisory authority, you may contact the Office of the Information and Data Protection Commissioner (IDPC):

14) Third-Party Links

The Service may contain links to third-party sites (including affiliate networks/operators). We are not responsible for the privacy practices of third parties. Please review their privacy policies before providing them with personal data.

15) Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and change the "Last updated" date. If changes are material, we may also provide additional notice through the Service or by email.

16) Contact Us