Last updated: 30 May 2026
This Privacy Policy describes how {{COMPANY_NAME}} ("we", "us", "Lucky Rule"), company number {{REG_NUMBER}}, registered in {{JURISDICTION}} at {{REGISTERED_ADDRESS}}, collects and uses personal data when you visit or use lucky-rule.r-one.dev (the "Site"). We are the data controller for the personal data we collect from you. For privacy questions or to exercise the rights below, contact {{PRIVACY_EMAIL}}.
1. Personal data we collect
| Category | Examples | Source |
|---|---|---|
| Account data | email address, hashed password, date of birth, account status | Provided by you at registration |
| Usage data | login timestamps, IP address, approximate city/country, browser, operating system | Collected automatically on login and registration |
| Game data | game logs (which game, bet amount in Virtual Coins, outcome) | Generated by your use of the Site |
| Purchase data | purchase amount, currency, masked transaction reference, status | Returned by our payment service providers when you buy Virtual Coins. We do not store full card numbers, CVV or PINs |
| Support data | messages and attachments you send to support, any reply | Provided by you when you open a ticket |
| Cookie data | the choice you made on the cookie banner | Set by us in your browser — see the Cookie Policy |
We do not knowingly collect personal data from anyone under 18. If we learn that we hold data about a minor we will delete it and close the account.
2. Why we use your data, and on what legal basis
| Purpose | Legal basis (UK GDPR / EU GDPR) |
|---|---|
| To operate your account, deliver Virtual Coins, run the games | Performance of a contract (the Terms of Service) |
| To verify your age and prevent under-age use | Compliance with a legal obligation; our legitimate interest in operating a lawful service |
| To detect fraud, abuse, multi-accounting, money laundering | Our legitimate interest in protecting the service and other users |
| To respond to support requests | Performance of a contract; our legitimate interest in supporting users |
| To send service emails (security, billing, material policy changes) | Performance of a contract |
| To improve the Site (aggregate analytics) | Our legitimate interest in improving the product. If we add cookie-based analytics in future, we will rely on consent. |
| To comply with court orders, tax, anti-fraud and similar legal obligations | Compliance with a legal obligation |
3. Sharing your data
We share personal data only with the categories of recipient strictly necessary to run the service:
- Payment service providers ({{PSP_LIST}}) — to process coin purchases. They are independent controllers for the card data they collect directly; we receive only the transaction status and a reference.
- Hosting and infrastructure providers that store the database and serve the Site.
- Customer support tools (e.g. the embedded live-chat extension, where enabled).
- Professional advisers (auditors, lawyers) under duties of confidentiality.
- Authorities and courts where we are legally required to disclose.
We do not sell your personal data and we do not share it for third-party advertising.
4. International transfers
Some of our providers may process data outside {{JURISDICTION}}. Where they do, transfers are protected by an appropriate safeguard (such as the EU/UK Standard Contractual Clauses or an adequacy decision). You may request a copy of the safeguard in place by emailing {{PRIVACY_EMAIL}}.
5. How long we keep your data
| Data | Retention |
|---|---|
| Account data | While your account is open, plus up to 6 years after closure to comply with tax, accounting and dispute-handling obligations |
| Login / IP / usage logs | 12 months from collection |
| Purchase records | At least 7 years (tax / accounting) |
| Support tickets | 24 months from closure |
| Cookie consent record | 30 days, then prompted again |
When the retention period ends we delete or anonymise the data.
6. Your rights
Under UK GDPR / EU GDPR you have the right to:
- Access — get a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — ask us to delete your data ("right to be forgotten"), subject to our retention obligations.
- Restriction — ask us to stop or limit processing.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — at any time, where processing relies on consent (e.g. cookie-based analytics if enabled).
- Complain to a supervisory authority — in {{JURISDICTION}} (for example, the Information Commissioner's Office in the UK).
To exercise any of these rights, contact {{PRIVACY_EMAIL}}. We will respond within one month.
7. Security
We protect your data with industry-standard measures: TLS for all traffic; salted-and-hashed passwords; access controls on the database; encrypted backups; segregated production and development environments. Card data never reaches our servers — it is collected directly by our payment providers (see PCI Statement).
8. Cookies and similar technologies
See the Cookie Policy for the full list of cookies and how to control them.
9. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top shows when it was last changed. Material changes will be notified by email or by a banner on the Site.
10. Contact
For any privacy matter: {{PRIVACY_EMAIL}} or by post to {{COMPANY_NAME}}, {{REGISTERED_ADDRESS}}.
