Claim Bonus
Last updated · April 2026Effective from · 1 April 2026

Privacy Policy.

This is the bit of the website nobody enjoys reading and almost nobody actually reads. We've still tried to write it like a person rather than a contract template, because if you're trusting us with your driver's licence and your bank details, you deserve to know what happens to that information in language you can understand on the first read.

This policy explains what personal information Kingmaker Casino collects from Australian players, why we collect it, how long we keep it, who we share it with, and what you can do about all of that. It applies to everyone who visits this website, registers an account, or contacts our support team. It's governed by Australian privacy law — primarily the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles.

Who we are and how to contact us

Kingmaker Casino is an online gaming platform licensed by the Northern Territory Racing Commission. When you read 'we', 'us', or 'our' in this document, that's the entity collecting and processing your data. The website you're reading this on is aukingmaker.com.

If you have a question about anything in this policy, or you want to ask us to do something with your data — see your information, correct it, delete it, or stop us using it for marketing — you can reach our privacy team at the contact details at the bottom of this page. We aim to respond within 30 days, which is the timeframe most Australian privacy regulators expect.

What we collect, and why

We collect different types of information at different stages of your relationship with us. Some of it you give us directly (your name, your email). Some of it is generated automatically when you use the site (your IP address, what games you play). Some of it comes from third parties (results from identity verification, fraud-prevention checks).

Here's the full list, broken down by what it's for:

  • Account information you provide at registration — full legal name, date of birth, email address, mobile phone number, residential address, and a password (we store the password hashed, never as plain text).
  • Identity verification documents you submit during KYC — photo ID (driver's licence or passport), proof of address (utility bill or bank statement no older than three months), and in some cases a selfie video for biometric matching against the ID document.
  • Financial information related to deposits and withdrawals — payment method, the last four digits of card numbers, transaction amounts, transaction timestamps. We do not store full card numbers; that's handled by our PCI-DSS-compliant payment processors.
  • Gameplay data — which games you played, when, for how long, what you wagered and won or lost, the running balance of your account.
  • Technical data automatically generated by your visit — IP address, device type, operating system, browser type, the pages you visited, the time you spent on each, the referrer URL that brought you here.
  • Communications — copies of emails you send our support team, transcripts of live chat sessions, recordings of any phone calls (if you ever call us, you'll be told the call is recorded before the conversation starts).
  • Marketing preferences — whether you've opted in or out of email newsletters, SMS promotions, and push notifications.

Why we're allowed to use this information

Australian privacy law requires us to have a lawful basis for collecting and processing personal information. We rely on the following bases, depending on the type of data and what we're doing with it:

  • Performance of our contract with you — we cannot run your account, process your deposits, or pay your withdrawals without certain information. That's not optional, and refusing to provide it means we cannot offer you service.
  • Legal obligations — anti-money-laundering law (AML/CTF Act 2006), the Interactive Gambling Act 2001, our Northern Territory licence conditions, and tax reporting obligations all require us to collect and retain specific information whether you'd prefer us to or not.
  • Legitimate interests — fraud prevention, account security, business analytics, and improving the platform. Where we rely on this, we balance our interests against your privacy interests, and you can object if you think we've got the balance wrong.
  • Your consent — for marketing communications and optional analytics cookies. You can withdraw consent at any time through your account settings, and doing so does not affect the lawfulness of any processing we did before you withdrew.

Who we share your information with

We do not sell your data to advertisers, data brokers, or anyone else. We're not in the data business; we're in the gaming business. The only times we share your information are when it's necessary to run the platform, when the law requires it, or when you've explicitly told us to.

Specifically, we share data with:

  • Payment processors — to process deposits and withdrawals. They see the financial details necessary to move money but not your gameplay history.
  • Identity verification providers — when you submit KYC documents, they're checked through specialist firms (currently Jumio and SumSub) that are bound by their own privacy obligations.
  • Game providers — when you load a game, the relevant studio receives a session token and play data so the game can run. They do not receive your name, email, or KYC documents.
  • Cloud hosting and infrastructure providers — primarily AWS (Sydney region for Australian customer data) and Cloudflare for content delivery and DDoS protection.
  • Customer support tools — Zendesk for ticket management and Intercom for live chat. Conversations with support are stored on their systems under data-processing agreements.
  • Regulators and law enforcement — when we receive a lawful request from the Northern Territory Racing Commission, AUSTRAC, the Australian Federal Police, or a court. We comply with valid orders, push back on overreaching ones, and notify you where lawfully permitted.
  • Professional advisers — lawyers, accountants, and auditors bound by their own confidentiality obligations.

Where your data is stored, and for how long

Australian player data is hosted primarily in AWS Sydney (ap-southeast-2). Some technical processing happens through Cloudflare's global network, which means data may transit through servers outside Australia briefly during delivery, but no Australian player data is stored at rest outside Australia without your specific knowledge.

How long we keep things depends on what they are and what the law requires. Account data and KYC documents are retained for seven years after account closure — that's the minimum AML record-keeping period under Australian law, and shortening it isn't something we can choose. Gameplay data is retained for the same seven-year period for the same reason. Marketing communications history is kept for two years after the last contact. Live chat transcripts are kept for two years. Technical logs (IP addresses, error logs) are rotated every 90 days unless they're flagged as part of a security investigation.

After the retention period expires, data is either deleted entirely or anonymised (stripped of any information that could identify you personally) and kept for statistical purposes only.

Your rights, and how to use them

Under the Privacy Act 1988 and the Australian Privacy Principles, you have specific rights over the personal information we hold about you. We list them here in plain English; the legislation itself uses more technical language, but the underlying rights are the same.

  • Access — you can ask for a copy of all the personal information we hold about you. We'll provide it within 30 days, in a common format. There's no fee unless the request is excessive or repetitive.
  • Correction — if any of the information we hold is wrong or out of date, you can ask us to correct it. We'll do so within a reasonable time, usually under 30 days.
  • Deletion — you can ask us to delete your personal information. We'll do so where it's not legally required to keep it. Anti-money-laundering law overrides deletion requests for the seven-year retention period; we'll tell you if that's the case for your specific request.
  • Restriction — you can ask us to limit how we use certain information. If you object to a specific use (say, behavioural analytics), we'll review the request and either honour it or explain why we can't.
  • Marketing opt-out — you can stop receiving marketing emails by clicking the unsubscribe link in any email, or by changing your preferences in your account settings. SMS marketing can be stopped by replying STOP to any message.
  • Complaint — if you think we've mishandled your personal information, you can complain directly to us first; if we don't resolve it to your satisfaction, you can escalate to the Office of the Australian Information Commissioner (oaic.gov.au or 1300 363 992).

Cookies and similar technologies

Cookies are small text files that the browser stores on your device. They serve a range of purposes — keeping you logged in across page loads, remembering language preferences, measuring how the site is used, and serving ads (we don't do the last one on Kingmaker, but most of the internet does).

We use four categories of cookies, and you can control three of them:

  • Strictly necessary cookies — these keep you logged in, maintain your session, secure the form-submission process, and remember your locale choice. They cannot be turned off because the site genuinely will not work without them. They expire when you log out or close the browser.
  • Functional cookies — these remember your preferences (currency display, dark mode, language) so you don't have to set them on every visit. You can disable these in your browser settings; the site will still work, just less conveniently.
  • Analytics cookies — we use Google Analytics 4 with IP anonymisation enabled. We never combine analytics data with your account information. You can opt out at any time through the cookie banner that appeared when you first visited.
  • Performance cookies — these measure page load times, JavaScript errors, and user journeys to help us identify problems. They're anonymous and aggregated. You can opt out through the same cookie banner.

How we protect your data

Security is the part of privacy where promises are cheap and details matter. Here's what we actually do, in concrete terms.

All traffic between your device and our servers is encrypted with TLS 1.3 / 256-bit SSL. Cardholder data is processed by PCI-DSS-compliant payment gateways; we never see or store full card numbers on our servers. Passwords are hashed with bcrypt at cost factor 12 — even we cannot read your password. Database backups are encrypted at rest with AES-256.

Access to production systems is limited to a small group of senior engineers, restricted by IP allowlist and hardware MFA. All access is logged and reviewed quarterly. We run external penetration tests twice a year, with reports available to regulators on request.

Despite all of this, no system is invulnerable. If we ever suffer a data breach that's likely to cause you serious harm, we'll notify you and the OAIC within 72 hours, which is the timeframe required by the Notifiable Data Breaches scheme. We'll tell you what happened, what data was involved, and what steps to take next.

Children's data

Kingmaker Casino is strictly for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. KYC verification is designed to detect underage users, and we reject any account where age verification fails.

If you're a parent or guardian and you believe your child has somehow created an account with us, contact our privacy team immediately. We will investigate, close the account, and securely delete any personal information collected.

Changes to this policy

We update this policy when the law changes, when we change how we handle data, or when we realise we could explain something more clearly. The 'last updated' and 'effective from' dates at the top of this page tell you the current version.

Material changes — anything that reduces your privacy or expands our use of your data — will be communicated to registered users by email at least 14 days before they take effect. Smaller changes (clarifications, typo fixes) are made silently. The full version history is available on request.