• Home
  • Privacy & Management of Personal Data

Privacy & Management of Personal Data

Scope and purpose

This Privacy & Management of Personal Data policy governs the collection, use, storage, disclosure, and retention of personal data by 777jaya in connection with the online services and related activities provided by 777jaya (the "Services"). It applies to all individuals who interact with the Services, including customers, applicants, and other data subjects whose information is processed in connection with the Services.

Categories of personal data we collect

  • Identity and contact data: name, date of birth, gender (where provided), postal address, email address, and telephone number.
  • Account data: username, password, security questions, device identifiers, and country of residence.
  • Financial data: payment methods, transaction identifiers, bank account or card details as necessary to process payments, and payment status information. We do not retain full payment card numbers; such data is processed by regulated providers in accordance with applicable standards and is subject to PCI DSS wherever applicable.
  • Gaming and usage data: information about games played, bets, transactions, timestamps, session duration, device type, IP address, and other operational logs necessary to provide and secure the Services.
  • KYC/identity verification data: documents and information for age verification and identity confirmation, including government‑issued IDs, as required by applicable laws and regulations.
  • Communications data: correspondence with 777jaya via support channels, feedback, and surveys.

How we collect personal data

We collect data directly from you during account creation, service use, and communications. We collect data automatically through the Services and related technologies (log data, usage analytics, cookies, and similar technologies). We may obtain data from third parties for identity verification, age enforcement, and fraud prevention, subject to applicable law and with appropriate data processing agreements in place.

Purposes of processing

  • To provide and administer the Services, including processing deposits and withdrawals, game play, account management, and customer support.
  • To verify age and identity to ensure compliance with legal and regulatory requirements for adult gaming.
  • To detect and prevent fraud, money laundering, and other illegal activity; to enforce Terms & Conditions and internal policies.
  • To communicate with you about the Services, updates, and security notices, and to respond to inquiries.
  • To maintain the safety, integrity, and performance of the Services, including security monitoring and incident response.
  • To conduct data analysis and improve products, services, and user experience, based on aggregated or anonymized data where possible.
  • To fulfill legal obligations and respond to lawful requests from authorities when required.

Legal bases for processing

We rely on the following legal bases for processing personal data:

  • Performance of a contract or necessary for providing the Services and managing your account;
  • Compliance with legal and regulatory obligations (e.g., anti‑money laundering, age verification, gaming compliance);
  • Legitimate interests, including security, fraud prevention, and service improvement, provided these interests do not override your rights; and
  • Consent where required for specific activities such as marketing communications (which you may withdraw at any time).

Data security and integrity

We implement technical and organizational safeguards to protect personal data against unauthorized access, alteration, disclosure, or destruction. Specifically, we deploy layered controls including:

  • Encryption of data in transit using TLS 1.2 or higher and encryption of data at rest where feasible (e.g., AES‑256) on secured storage systems;
  • Access controls with role‑based permissions and strict authentication for personnel;
  • Regular security testing, monitoring, and anomaly detection; and
  • Secure data center environments with physical and environmental protections and periodic risk assessments.

Data retention

Personal data is retained for as long as necessary to fulfill the purposes described in this policy and to comply with applicable legal, regulatory, and contractual requirements. Examples of typical retention practices include:

  • Identity verification and KYC records: retained for the longer of seven (7) years or the period required by applicable law following last active interaction;
  • Transaction and payment records: retained for seven (7) years after the end of the financial relationship or as required by law;
  • System logs and usage data: retained for a period sufficient to detect fraud, analyze incidents, and improve security and services; thereafter, data is anonymized or deleted;

Sharing and international transfers

We may disclose personal data to service providers performing functions on our behalf (e.g., payment processing, technical services, customer support, fraud prevention) under data processing agreements that require appropriate protection of the data. We may also disclose data to law enforcement or regulatory authorities in response to valid requests or as required by applicable law. In the event of a corporate transaction, such as a merger or sale of assets, personal data may be transferred to the successor entity with notice to affected data subjects. When transfers occur across borders, we implement safeguards appropriate to the context and in compliance with applicable data protection laws.

Cookies and tracking technologies

We use cookies and similar technologies to authenticate users, maintain sessions, analyze usage, and improve security and performance. You may manage cookie preferences through your account or device settings. Some cookies are strictly necessary for the operation of the Services; disabling them may affect functionality.

Your rights and choices

  • Access, rectify, or request deletion of your personal data (subject to legal and contractual limitations).
  • Restrict or object to processing, including for marketing purposes, or request data portability where applicable.
  • Withdraw consent for processing activities that rely on consent.
  • Request a copy of your data in a structured, commonly used, and machine‑level readable format.
  • Lodge a complaint with a supervisory authority if you believe your rights have been violated.

Age verification and minor protection

Access to the Services is restricted to individuals who are at least eighteen (18) years old. We perform age verification in accordance with applicable laws. Accounts found associated with individuals under 18 will be blocked and any personal data will be restricted or deleted where permissible by law, subject to verification and regulatory requirements.

Data breach notification and incident response

We maintain an incident response plan to identify, respond to, and mitigate data breaches. We will notify affected data subjects and, where required by law, applicable supervisory authorities without undue delay and within the timeframes mandated by law (typically within seventy‑two (72) hours of becoming aware of a breach that poses risk to individuals).

Changes to this policy

We will publish material changes to this policy on the Services and communicate when required by law. Material changes take effect after a reasonable notice period, and continued use of the Services constitutes acceptance of the updated policy.

Contact us

If you have questions regarding this policy or wish to exercise your data rights, please contact the Privacy Office at 777jaya. You may reach us by email at [email protected] or at our designated postal address: 1 Corporate Plaza, City, Country. For regulatory concerns, you may contact the appropriate data protection authority in accordance with applicable law.