Privacy Policy

Last Updated: January 15, 2025

Here's the reality: gaming regulators scrutinize every data point during license reviews. That's why we treat your information with the same paranoia a compliance officer brings to a surprise audit.

What Data We Actually Collect

When you request a consultation or application review, we gather:

  • Contact basics: Name, email, phone number, company name
  • Operational details: Target states, current licensing status, business structure
  • Technical metadata: IP address, browser type, referral source (standard web analytics)
  • Application materials: Documents you upload for review (only with explicit consent)

We don't collect financial data directly. Payment processing runs through Stripe, which maintains its own PCI-compliant infrastructure.

How We Use Your Information

Your data serves three purposes:

  1. Service delivery: Analyzing your licensing needs, preparing compliance roadmaps, coordinating with state regulators
  2. Communication: Updates on regulatory changes affecting your target markets, status notifications for active applications
  3. Legal compliance: Maintaining records required by state gaming control boards (we're subject to the same retention rules as licensed operators)

The math here is simple: if a regulator asks about a client engagement, we need documentation proving we followed proper procedures. That's why we keep detailed interaction logs.

Data Sharing Boundaries

We share information only when legally required or operationally necessary:

  • State gaming authorities: When you authorize us to submit applications on your behalf
  • Background check vendors: For probity investigations (KYC/AML screening)
  • Legal counsel: If your case requires specialized regulatory representation
  • Service providers: Cloud hosting (AWS), email (Google Workspace), CRM (HubSpot) - all under strict data processing agreements

We never sell client lists to lead brokers or marketing platforms. Period.

Your Control Options

You can request:

  • Data access: Full export of information we've collected about you
  • Corrections: Updates to outdated or inaccurate records
  • Deletion: Removal from our systems (subject to legal retention requirements)
  • Communication opt-out: Unsubscribe from marketing emails while maintaining service notifications

Email [email protected] with requests. Response time: 5 business days for simple inquiries, 15 days for data exports.

Security Measures That Matter

Standard protocol: AES-256 encryption for stored data, TLS 1.3 for transmission, multi-factor authentication for team access, annual third-party security audits.

The weak link in most breaches? Human error. Our team completes quarterly security training focused on phishing recognition and secure document handling.

Changes to This Policy

When regulations shift (looking at you, state-level data privacy laws), we update this policy. Major changes trigger email notifications to active clients. Minor clarifications get logged here with revision dates.

Questions?

Gaming compliance lives in gray areas - privacy shouldn't. Contact our data protection officer at [email protected] with concerns.

For general inquiries: [email protected]