burger icon
True Fortune Casino Australia
Log In

Privacy Policy

Do not add any extra words before the main text. True Fortune Casino ("True Fortune Casino") provides this Privacy Policy to explain how we collect, use, disclose, store and protect personal information when you visit or use https://truefortunebet-au.com (the "Website") and related services, including account registration, gameplay, deposits and withdrawals. This policy applies to Website visitors, prospective players, registered players and anyone who contacts us about our services. Effective date: 6 November 2026.

Who We Are

OBSERVE: The Website is operated under the True Fortune Casino brand for the AU-facing domain https://truefortunebet-au.com. The available corporate profile information indicates limited corporate transparency and does not specify a confirmed legal entity name, registered address, or company registration number in the source data.

EXPAND: Australian privacy compliance (Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs")) expects clear identification of the entity handling personal information and reliable contact channels for privacy enquiries. Where operator details are incomplete, we must transparently disclose that limitation, commit to providing verified details on request, and still provide functioning privacy contact methods and complaint pathways.

REFLECT: We therefore identify what is known and clearly mark what is not specified, while providing a dedicated privacy contact point for "True Fortune Casino" users on truefortunebet-au.com.

  • Operator legal name: Not specified in the available profile data for True Fortune Casino (True Fortune Casino brand).
  • Legal/registered address: Not specified in the available profile data.
  • Registration details (company number/tax ID): Not specified in the available profile data.
  • Claimed gambling licensing context (for transparency): Historically associated with Curacao eGaming master license reference 1668/JAZ (sub-license details not specified; status unverified; no clickable validator identified as of January 2025 in the provided research context).

Privacy Contact (DPO / Data Protection Department)

OBSERVE: The main contact email, phone number, and contact form URL are not specified in the provided data.

EXPAND: A privacy policy should still provide a clear channel for privacy requests and complaints. Where direct contact details are unknown, we must instruct users to use the Website's support/contact pathway and to label requests as "Privacy" so they are routed correctly, while committing to respond within defined timeframes.

REFLECT: Until specific DPO contact details are published on truefortunebet-au.com, you may submit privacy requests via the Website support/contact functionality (if available) and clearly title your message "Privacy Request - True Fortune Casino". If you cannot locate a contact form, use the privacy request process described in the "Complaints & Contacts" section and we will provide the correct channel upon first reply.

What Personal Data We Collect

OBSERVE: True Fortune Casino provides online casino services to Australian-targeted users via https://truefortunebet-au.com, including gameplay, bonuses, and withdrawals. This necessarily involves identity, account, payment, device and activity data, plus cookies and similar technologies.

EXPAND: Under the APPs and common gambling-industry controls (KYC/AML, fraud prevention, payments), we must describe categories of personal information, how it is collected (directly, automatically, and from third parties), and clarify that some information is required to provide the service (e.g., withdrawals and verification).

REFLECT: We collect the following categories of data, depending on how you interact with truefortunebet-au.com and the features you use:

  • Identity & contact data: Full name, date of birth, residential address (if provided), email address, telephone number, username, and account identifiers.
  • Verification (KYC) data: Government ID details and copies, proof of address, and other verification information required to confirm identity and eligibility; results of verification checks and notes (where lawful).
  • Financial & payment data: Deposit and withdrawal amounts, timestamps, transaction references, payment method type (e.g., card payments, prepaid vouchers such as Neosurf, or cryptocurrency such as Bitcoin), and payment processor tokens/identifiers. We do not intend to store full card numbers; where card handling occurs, it is typically processed by regulated payment partners.
  • Gameplay & behavioural data: Betting and gaming history, game interactions, session duration, bonus usage, clicks, page views, in-product events, and customer support interactions that relate to your account and play.
  • Technical & device data: IP address, approximate location derived from IP, browser type, device identifiers, operating system, language preferences, time zone, referral URLs, access timestamps, crash logs, and server logs.
  • Communications data: Messages sent to support, complaint correspondence, call records (if calls are offered), and email communications related to service and marketing preferences.
  • Cookies and similar technologies: Cookie IDs, advertising identifiers, pixels, SDK data and similar technologies used for login/session management, security, analytics and (where you consent) advertising.

Legal Basis for Processing

OBSERVE: True Fortune Casino processes personal information to operate accounts, provide gameplay, process deposits/withdrawals, prevent fraud and meet regulatory-style obligations (KYC/AML), while operating in an offshore context targeting AU users.

EXPAND: Australia's Privacy Act/APPs do not use the GDPR "lawful bases" framework verbatim, but it is still best practice to explain the grounds for processing in a way users can understand. Because the section explicitly requires bases such as consent, contract, legitimate interests, and legal obligations, we align these concepts to APP-compliant practices and clarify that some processing is necessary for service delivery and security.

REFLECT: We rely on the following grounds (as applicable) to collect and use personal information on truefortunebet-au.com:

  • Consent: Where you provide consent (e.g., optional cookies/advertising technologies, certain marketing communications), you may withdraw consent at any time (see "Your Rights").
  • Contract performance: To provide the services you request under our Terms & Conditions (e.g., creating and managing your account, providing gameplay, processing deposits, administering bonuses, and processing withdrawals).
  • Legitimate interests: To protect our business and users, including fraud prevention, account security, network and information security, internal analytics, service improvement, dispute handling, and enforcing our terms - balanced against your rights and expectations.
  • Compliance with legal obligations: To the extent applicable to our operations and partners, including identity verification (KYC), anti-money laundering (AML) checks, sanctions screening, payment processing requirements, tax/accounting record-keeping, and responding to lawful requests from authorities.

Regional compliance note (AU): We handle personal information in a manner intended to be consistent with the Australian Privacy Principles, including transparency, purpose limitation, data security, and access/correction rights. Where we operate offshore and use offshore service providers, additional cross-border considerations apply (see "International Transfers").

Purpose of Processing

OBSERVE: The service involves online casino operations (Rival Gaming platform context), marketing, analytics, and risk controls, including fraud prevention and payment processing.

EXPAND: We should connect each purpose to typical data categories and provide clear user-facing explanations, including the offshore access context (mirror domains, potential ACMA blocking) and how technical data is used for security and service continuity.

REFLECT: We use personal information for the following purposes:

  • Provide and operate the casino services: Register and administer accounts; authenticate users; enable gameplay; apply bonuses; manage deposits and withdrawals; provide customer support; and communicate important account/service notices.
  • Payments and financial operations: Facilitate transactions through third-party payment processors; manage chargebacks and reversals; apply risk checks; and reconcile transactions (note: banks may apply a separate international processing fee for offshore transactions, which is external to the casino).
  • Verification, integrity and compliance: Conduct KYC/AML checks; prevent fraud, collusion, bonus abuse and prohibited activity; and enforce our Terms & Conditions.
  • Security and technical administration: Maintain the Website, troubleshoot, monitor performance, prevent cyberattacks, and secure user accounts and sessions (including in contexts where access may rely on alternate domains).
  • Analytics and service improvement: Understand how users interact with games and pages, measure performance, and improve features, content and user experience.
  • Marketing and communications: Send marketing messages and promotional communications where permitted by law and/or where you have consented; manage your preferences and measure campaign effectiveness.

Disclosure & Sharing

OBSERVE: The profile indicates reliance on third-party payment processors, potential affiliate operations ("True Fortune Affiliates" referenced as a managing operator group), and third-party technologies for analytics/advertising. The claimed Curacao licensing reference is unverified and there is limited on-site regulatory transparency, increasing the need for clear disclosure rules.

EXPAND: Under APP 6 and cross-border disclosure expectations (APP 8), we must explain who receives data, for what reasons, and how consent applies to marketing/advertising disclosures. We also need to clarify that disclosures may occur to comply with lawful requests and to protect users and the business.

REFLECT: We may disclose personal information in the following circumstances:

  • Payment partners and financial service providers: To process deposits/withdrawals and manage fraud/chargeback risk. Depending on the method, this may include card processors, voucher processors (e.g., prepaid vouchers), cryptocurrency payment facilitators, and banking/settlement partners.
  • Service providers (processors): Hosting providers, security vendors, identity verification providers, analytics providers, customer support tools, email/SMS delivery vendors, and game/platform suppliers (including Rival Gaming platform-related service providers where applicable).
  • Affiliates and marketing partners: Where you arrive through an affiliate link or marketing campaign, we may share limited tracking and attribution data. We share advertising-network data only where required/appropriate and, where applicable, with your consent for advertising cookies/trackers.
  • Regulators and authorities: Where we are required or permitted to do so by law, court order, or lawful request, or to protect rights, safety, and security, investigate fraud, or enforce our terms.
  • Corporate transactions: If we are involved in a merger, acquisition, restructuring, or sale of assets, your information may be shared as part of that transaction subject to appropriate confidentiality and security controls.

Important: We do not sell your personal information as a standalone commercial dataset. Any sharing is limited to what is necessary for the purposes described in this policy.

International Transfers

OBSERVE: True Fortune Casino targets AU users but operates offshore and uses third-party providers. Data may therefore be processed outside Australia, including in jurisdictions where service providers are located and where the operator group is established.

EXPAND: APP 8 requires steps to ensure overseas recipients do not breach the APPs, subject to exceptions. The prompt requests examples of transfer safeguards (e.g., Standard Contractual Clauses, Privacy Shield). Privacy Shield is no longer a universal solution; for EU-US transfers, newer frameworks may exist, but we should avoid overclaiming and instead describe contractual and technical measures, plus risk-based assessments.

REFLECT: Your personal information may be transferred to, stored in, or accessed from countries outside Australia, including jurisdictions where our group companies, payment processors, cloud hosting, verification providers, analytics providers, and customer support tools operate. Transfers may occur to regions such as:

  • Service provider regions: United States, European Economic Area/United Kingdom, and other locations where our vendors operate data centres and support teams.
  • Gaming/operational regions: Offshore jurisdictions linked to online gambling operations and platform/service administration (for example, Curaçao-related service ecosystems), depending on our provider setup.

To protect your information in cross-border transfers, we apply safeguards appropriate to the context, including:

  • Contractual controls: Data processing agreements, confidentiality obligations, and (where relevant) standard contractual clauses or equivalent contractual protections.
  • Security measures: Encryption in transit (TLS) and, where appropriate, encryption at rest, access controls, and audit logging.
  • Vendor due diligence: Assessing vendors' security practices and limiting access to "need-to-know".

Regional compliance note (AU): We take reasonable steps to ensure overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles or otherwise as required by applicable law.

Data Retention

OBSERVE: Gambling services generate account, transaction, verification and gameplay records. The profile indicates KYC/AML style checks and payment processing, which typically require retention for audit, fraud prevention, and dispute handling.

EXPAND: We must define retention periods by category, link them to purposes, and set deletion/anonymisation criteria (account closure, legal obligations, dispute windows). The prompt gives an example of "no more than 5 years after account closure"; we can adopt that as a baseline while allowing longer where legally required (e.g., ongoing disputes/fraud investigations).

REFLECT: We retain personal information only for as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Account profile data (name, email, phone, account settings): Kept for the life of your account and up to 5 years after account closure, unless a longer period is necessary for dispute resolution, fraud prevention, or legal/compliance requirements.
  • KYC/verification records: Typically retained for up to 5 years after account closure (or longer where required by applicable AML/financial crime or payment partner requirements), to demonstrate verification and manage fraud risk.
  • Transaction and payment records: Typically retained for up to 7 years to meet accounting, audit, chargeback management, and financial record-keeping needs (timeframes can vary by jurisdiction and provider requirements).
  • Gameplay and behavioural logs: Typically retained for up to 5 years to support integrity investigations, responsible gambling controls, dispute handling, and product analytics; aggregated/anonymised analytics may be kept longer.
  • Technical logs and security events: Typically retained from 90 days to 24 months depending on log type and security needs; extended retention may apply for incident investigations.
  • Marketing preference records: Retained while you remain opted-in and for a reasonable period after you opt out to ensure we respect your preferences.

We will delete, de-identify, or anonymise personal information when:

  • Processing purposes end: The information is no longer needed for the stated purposes.
  • Account is closed: After applicable retention windows expire.
  • You make a valid request: Where deletion is permitted and not overridden by legal obligations or legitimate grounds (e.g., fraud prevention or ongoing disputes).

Your Rights

OBSERVE: The Website targets AU users. The prompt requires detailed GDPR and Mexican privacy law alignment (even though the page is AU-focused), including rights like portability and restriction, plus procedures, 30-day response times, and free-of-charge guarantees, and references to Mexican regulations.

EXPAND: In AU, the Privacy Act and APPs provide access and correction rights; GDPR provides a broader set (erasure, portability, restriction, objection). Mexico's framework (LFPDPPP and its Regulations) provides ARCO rights (Access, Rectification, Cancellation, Opposition). To avoid misrepresentation, we present these as rights we will facilitate as a matter of policy to the extent applicable and lawful, while anchoring AU users to APP access/correction and complaint pathways.

REFLECT: Subject to applicable law and verification of your identity, you may exercise the following rights in relation to your personal information used by True Fortune Casino on truefortunebet-au.com:

  • Access: Request confirmation of whether we hold personal information about you and obtain a copy, subject to lawful exceptions (APP 12; GDPR Art. 15; Mexico ARCO "Acceso" under the Ley Federal de Proteccion de Datos Personales en Posesion de los Particulares (LFPDPPP)).
  • Correction/Rectification: Request correction of inaccurate, incomplete, or outdated information (APP 13; GDPR Art. 16; Mexico ARCO "Rectificacion").
  • Deletion/Cancellation (where applicable): Request deletion of certain information where it is no longer necessary, where consent is withdrawn (and no other lawful basis applies), or where processing is unlawful - subject to retention obligations for KYC/AML, payments, dispute resolution and fraud prevention (GDPR Art. 17; Mexico ARCO "Cancelacion").
  • Restriction of processing (where applicable): Request that we limit processing in certain circumstances (GDPR Art. 18) while maintaining necessary storage for legal claims, compliance, or security.
  • Objection (where applicable): Object to processing based on legitimate interests, including certain profiling/analytics, unless we have compelling legitimate grounds (GDPR Art. 21; Mexico ARCO "Oposicion").
  • Data portability (where applicable): Request a machine-readable export of certain data you provided to us (GDPR Art. 20) where technically feasible and lawful.
  • Withdraw marketing consent: Opt out of marketing communications at any time using unsubscribe links (where available) or by contacting us; withdrawal does not affect the lawfulness of processing before withdrawal.

How To Exercise Your Rights

  1. Prepare your request: Describe the right you want to exercise and the information involved (e.g., "access my account data", "correct my phone number", "delete marketing profile"). Mark it clearly as "Privacy Request - True Fortune Casino".
  2. Verify identity: For your protection, we may require identity verification before responding (especially for access, deletion, or payment/KYC-related requests).
  3. Submit the request: Use the Website's support/contact channel on https://truefortunebet-au.com (if available). If a dedicated privacy email is later published, we will route requests through that channel.
  4. Response time: We aim to respond within 30 days. If a request is complex or involves multiple systems/vendors, we may need additional time; we will inform you of the reason and expected timeframe.
  5. Fees: We generally handle requests free of charge. If a request is manifestly excessive or requires substantial administrative effort, a reasonable fee may apply where permitted by law; we will inform you in advance.

Mexico-specific note (reference): Where Mexican privacy law applies, requests may be treated as ARCO requests under the LFPDPPP and its Regulations, and we may request information needed to locate data and confirm identity as permitted by that framework.

Cookies & Tracking Technologies

OBSERVE: truefortunebet-au.com uses cookies and similar technologies for account sessions, security, analytics and potentially advertising/affiliate attribution (with consent where applicable).

EXPAND: We should classify cookies (session/persistent/third-party), explain purposes (functional, analytics, advertising), and provide controls (browser settings and any internal preference tools). We must avoid claiming a cookie panel exists if not specified; we can describe "if available" and browser controls as baseline.

REFLECT: Cookies and similar technologies are small files or identifiers stored on your device that help websites function and provide insights. We may use:

  • Session cookies: Temporary cookies that expire when you close your browser; used for login sessions, navigation, and security.
  • Persistent cookies: Stored for a set period; used to remember preferences, recognise returning users, and support analytics.
  • Third-party cookies/trackers: Set by service providers (e.g., analytics, fraud prevention, affiliate attribution, or advertising partners). These may collect device and usage information across sessions.

Cookie Purposes

  • Strictly necessary / functional: Enable core features such as account login, session integrity, and security controls.
  • Performance / analytics: Measure traffic, diagnose errors, and understand how users use pages and features so we can improve services.
  • Advertising / marketing (where applicable): Support campaign measurement, affiliate attribution, and personalised marketing, typically requiring consent where mandated.

Managing Cookies

  • Browser settings: You can block or delete cookies in your browser. Note that blocking strictly necessary cookies may affect login, gameplay, or account functions.
  • Preference tools (if available): If truefortunebet-au.com provides a cookie banner or preference centre, you can use it to manage non-essential cookies.
  • Device controls: Some mobile devices allow you to reset advertising identifiers or limit ad tracking.

Data Security

OBSERVE: The service involves sensitive account, transaction and verification data and operates in an offshore online gambling context with elevated fraud and cybersecurity risk. The prompt requires explicit measures including TLS 1.2+, encryption at rest/in transit, MFA, access controls, audits, training, incident response, and alignment with ISO 27001/SOC 2 where applicable.

EXPAND: We must describe security measures accurately without guaranteeing absolute security, and we should cover organisational, technical and physical controls, plus incident response and user responsibilities (password hygiene). We can state "aligned with" or "where applicable" rather than claiming certification.

REFLECT: We implement a risk-based security program designed to protect personal information against misuse, interference, loss, unauthorised access, modification, or disclosure. Measures may include:

  • Encryption in transit: Use of TLS 1.2 or higher for data transmitted between your device and our systems.
  • Encryption at rest (where appropriate): Encryption and key management controls for sensitive datasets and backups, depending on system design and vendor capabilities.
  • Access controls: Role-based access, least-privilege principles, strong authentication controls, and segregation of duties for sensitive operations.
  • Multi-factor authentication (MFA): MFA for administrative and high-risk access paths and, where supported, additional verification steps for account security actions.
  • Monitoring and logging: Security event monitoring, audit logs, anomaly detection, and anti-fraud controls to identify suspicious activity.
  • Secure development and patching: Vulnerability management, timely security updates, and secure configuration baselines for infrastructure and applications.
  • Third-party risk management: Due diligence and contractual controls for payment processors, KYC vendors, hosting and analytics providers.
  • Staff training: Security awareness and privacy training for staff and contractors who handle personal information.
  • Incident response: Documented procedures to assess, contain, remediate and notify affected users and/or authorities where required by applicable law.

Standards note: Where applicable, we align security controls with widely recognised frameworks and standards (such as ISO/IEC 27001 and SOC 2-type controls) through internal policies and vendor selection, noting that alignment does not necessarily mean formal certification.

No guarantee: No method of transmission or storage is 100% secure. You are responsible for keeping your login credentials confidential and contacting support promptly if you suspect unauthorised access.

Complaints & Contacts

OBSERVE: The provided data does not specify an email address, phone number, contact form URL, or postal address. The prompt requires comprehensive complaint channels and escalation paths to Mexican and EU supervisory authorities with direct contact information.

EXPAND: We should not fabricate contact details. We can provide: (a) internal complaint steps using available Website channel; (b) escalation to Australia's OAIC (relevant for AU), plus Mexico's INAI and an EU supervisory authority directory link is normally used - however direct contact information is requested and we must avoid URLs other than the domain restriction? The instructions restrict brand usage to truefortunebet-au.com, but they do not forbid naming authorities. We can provide postal/phone details for OAIC/INAI in-text without adding external URLs. For EU, provide the EDPB concept and instruct users to contact their local authority; without URLs, we can name a common example (Irish DPC) with postal address and phone (publicly known), but to avoid inaccuracies, we will state that EU escalation applies "where GDPR applies" and advise users to contact their local authority; provide one concrete EU example with clear caveat.

REFLECT: If you have a privacy question or complaint about True Fortune Casino on truefortunebet-au.com, follow this process:

  1. Step 1 (informal): Contact our privacy function via the Website support/contact channel (if available) and title your message "Privacy Complaint - True Fortune Casino". Provide your account identifier (if any), the issue, relevant dates, and what outcome you seek.
  2. Step 2 (acknowledgement): We aim to acknowledge receipt within 7 days and may request additional information to investigate.
  3. Step 3 (investigation and outcome): We aim to provide a substantive response within 30 days. If more time is required due to complexity or third-party involvement, we will explain why and provide an updated timeline.
  4. Step 4 (resolution options): We may propose corrective actions such as updating records, restricting processing, improving security controls, or clarifying our practices.

External Escalation (Supervisory Authorities)

You may also escalate a privacy complaint to a relevant authority, depending on where you are located and which privacy laws apply to your situation:

  • Australia (OAIC): Office of the Australian Information Commissioner. Phone: 1300 363 992 (Australia). Postal: GPO Box 5218, Sydney NSW 2001, Australia. You can ask the OAIC about making a privacy complaint under the Privacy Act 1988 (Cth).
  • Mexico (INAI): Instituto Nacional de Transparencia, Acceso a la Informacion y Proteccion de Datos Personales (INAI). Postal: Insurgentes Sur 3211, Col. Insurgentes Cuicuilco, Alcaldia Coyoacan, C.P. 04530, Ciudad de Mexico, Mexico. This authority oversees the LFPDPPP framework.
  • European Union/EEA (where applicable): If the GDPR applies to your circumstances, you may contact your local data protection authority. If you are unsure which authority is competent, you can contact the authority in your country of habitual residence or workplace.

Contact channel note: Because the operator's email/phone/postal address is not specified in the available profile data, we rely on the truefortunebet-au.com support/contact pathway for intake and will direct you to the correct privacy contact upon first response.

Updates

OBSERVE: The prompt requires notification procedures, versioning with "Last updated: " and a changelog of material changes, plus a minimum 30-day advance notice for significant changes and user options to object or close accounts. The critical data includes a "last_updated" date (2025-11-06) that must be extended to 2026.

EXPAND: We must include: last updated (month year), mechanisms (email, banner, dashboard), what counts as material, 30-day notice, and options. Also keep consistency with effective date already stated (6 November 2026).

REFLECT: We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or service offerings on truefortunebet-au.com.

  • Notification methods: For material changes, we may notify you by email (if we have a verified address), by a prominent Website banner, and/or via an alert in your account dashboard (where available).
  • Advance notice: For significant/material changes that affect your rights or how we use personal information, we will aim to provide at least 30 days' notice before the changes take effect, unless a shorter period is required to address urgent security or legal issues.
  • Your options: If you object to material changes, you may contact us to discuss alternatives, adjust your preferences (e.g., marketing/cookies where available), or close your account (subject to completing withdrawals and any required verification and retention obligations).

Last updated: November 2026

Changelog (Material Changes)

  • November 2026: Published AU-focused Privacy Policy for True Fortune Casino on truefortunebet-au.com; added detailed rights handling (including GDPR and Mexico ARCO alignment), cross-border transfer safeguards, and security controls disclosure (TLS 1.2+, encryption, access controls, incident response).