Privacy Policy
Last Updated: March 20, 2026
This Privacy Policy describes how Casino-in-a-Box ("we," "us," "our") collects, uses, and protects information when you use our Software and Services.
1. Information We Collect
1.1 Information Provided by Operators
- Casino name, branding preferences, and configuration settings
- Cryptocurrency wallet addresses for deposit/withdrawal
- Contact information (email, messaging handles)
- Payment transaction records
1.2 Information Collected from Players (on behalf of Operators)
- Anonymous user identifiers (randomly generated, not linked to real identity)
- Device information (platform, screen size)
- Browser information (user agent string)
- Language and timezone preferences
- Gameplay data (bets placed, games played, amounts, timestamps, results)
- Provably fair seed data (client seeds, nonces, server seed hashes)
- Session duration and frequency
- Referring URL
What We Do NOT Collect: We do not collect real names, email addresses, phone numbers, government IDs, social security numbers, physical addresses, or any personally identifiable information (PII) from Players unless the Operator has implemented KYC procedures independently.
2. How We Use Information
- Software Operation: To operate, maintain, and improve the Software.
- Analytics: To provide Operators with gameplay statistics, player behavior data, and revenue reports.
- Provably Fair Verification: To enable cryptographic verification of game results.
- Security: To detect and prevent fraud, abuse, and unauthorized access.
- Revenue Calculation: To calculate GGR revenue share obligations.
- Support: To provide technical support to Operators.
3. Data Storage
- Player gameplay data is stored locally on the Player's device (localStorage) and optionally in Firebase Realtime Database when configured by the Operator.
- We do not operate centralized servers that store Player data.
- Operators are responsible for the security and privacy of any data they collect.
- Firebase data is protected by Google Cloud security infrastructure and Firebase Security Rules.
4. Data Sharing
We do not sell, rent, or share personal information with third parties except:
- With Operators who deploy our Software (they receive their Players' gameplay data).
- When required by law, subpoena, or court order.
- To protect our rights, property, or safety.
- Aggregated, anonymized data may be used for industry research and product improvement.
5. Cookies and Tracking
- The Software uses localStorage (not cookies) to store user preferences, balances, and session data.
- No third-party tracking pixels, advertising cookies, or cross-site trackers are included in the base Software.
- Operators who add third-party analytics tools are responsible for disclosing those to their Players.
6. Data Retention
- Gameplay data is retained for as long as the Operator's casino is active.
- Upon license termination, Operators may request deletion of their data.
- Players may clear their local data at any time by clearing browser storage.
7. Security
- All data in transit is encrypted via HTTPS/TLS 1.3.
- Firebase data is protected by Google Cloud security and configurable Security Rules.
- No sensitive credentials (private keys, API secrets) are stored in client-side code.
- Provably fair seeds use cryptographically secure random number generation (Web Crypto API).
8. Children
Our Services are not intended for persons under 18 years of age (or the legal gambling age in the applicable jurisdiction). We do not knowingly collect information from minors. Operators are responsible for implementing age verification.
9. International Users
Our Services are operated from the United States. If you access our Services from outside the US, you consent to the transfer and processing of your information in the US. We do not make representations that the Services are appropriate or available in any particular jurisdiction.
10. Your Rights
- Access: Players may request a copy of their gameplay data from the Operator.
- Deletion: Players may clear local data anytime. Operators may request deletion of their account data.
- Correction: Contact the Operator to correct inaccurate data.
- Opt-Out: Players may stop using the Service at any time.
11. Changes to This Policy
We may update this Privacy Policy periodically. Changes take effect upon posting. Continued use constitutes acceptance.
12. Contact
Privacy inquiries: contact via secure vault at 13.money.