burger icon
Limitless Casino Australia
Log In

Privacy Policy

This Privacy Policy explains how Limitless Casino, operating the website limitless-au.com for players in Australia under the project name Limitless Casino, collects, uses, stores, shares and protects your personal information. It applies to all visitors to our websites, registered players, and users of any related services or communication channels provided by us. By using our services, you acknowledge that you have read and understood this Policy. This Privacy Policy is effective from 1 January 2026 and replaces any previous versions published on our websites.

Who We Are

OBSERVE: You need to know who is responsible for your data and how to contact us. Our corporate structure and licensing are offshore, while we target Australian players.

EXPAND: Public records and licensing disclosures indicate that Limitless Casino is operated from Curaçao under a Gaming Curaçao framework, with group connections to Anden Online N.V. or a related corporate entity. Exact corporate details can change over time and may be updated in our Terms & Conditions.

REFLECT: We state our current operator information, emphasise our offshore status (not licensed in Australia), and provide clear contact channels including a dedicated privacy contact.

Operator and Controller

  • Trading / Brand Name: Limitless Casino (Limitless Casino project)
  • Service Domain: https://limitless-au.com
  • Original Domain: https://limitlesscasino.com
  • Operator Company: Anden Online N.V. (or an affiliated group entity operating under a Gaming Curaçao master licence framework). The exact legal entity name and registration number will always be specified in the latest version of our Terms & Conditions on our website.
  • Registered / Legal Address: Curaçao (precise address and chamber of commerce registration details as published in our Terms & Conditions). We operate as an offshore online casino and are not licensed by Australian authorities or the Australian Communications and Media Authority (ACMA).
  • Licensing Jurisdiction: Government of Curaçao, under a Gaming Curaçao (GC) master licence framework (sub-licence). Licence status is reported as active at least through 2026.

Data Protection Contact

  • Data Protection Contact / DPO-equivalent: Data Protection Officer, Limitless Casino
  • Email: [email protected] (please include "Privacy" or "Data Protection" in the subject line)
  • Contact Form / Live Chat: 24/7 live chat support available via the casino site interface
  • Postal Contact: Data Protection Officer, Limitless Casino, Operator Postal Address in Curaçao (as published on the website and in the Terms & Conditions). If you require the current postal address, you may request it via email.

All requests, questions and complaints relating to privacy or data protection should be addressed to the contact details above.

What Personal Data We Collect

OBSERVE: We must inform you what personal data we handle in order to provide gambling services, operate an online platform, and comply with KYC/AML and security obligations.

EXPAND: As a crypto-focused offshore casino serving Australian and other international players, we collect standard registration and transactional data, device and behavioural data, and identifiers from cookies and similar technologies.

REFLECT: We categorise the data sources and provide examples so you can understand what is collected and why.

Categories of Personal Data

  • Identification and Contact Data
    Includes:
    • Full name, username, date of birth, gender (where provided)
    • Email address (for example, the address you use to register or contact [email protected])
    • Telephone number (if provided)
    • Residential address and country of residence (when requested during KYC)
    • Identity verification data (copies of ID documents, selfies, proof of address, payment ownership proof) collected for KYC/AML and fraud prevention
  • Account and Usage Data
    Includes:
    • Account credentials (username, encrypted password, security settings)
    • Account status, verification status, responsible gambling settings, self-exclusion or cool-off information
    • Customer support communications (emails, live chat transcripts, internal notes kept for dispute handling and quality control)
  • Gaming and Behavioural Data
    Includes:
    • Game sessions and betting history (stakes, wins/losses, game type, timestamps)
    • Bonuses and promotions used, wagering progress, bonus balances
    • Clickstream data, navigation paths, time spent on pages, and interactions with site features (e.g. cashier, promotions, responsible gaming tools)
  • Payment and Financial Data
    Includes:
    • Deposits and withdrawals history (date, time, amount, currency, method)
    • Payment instrument details to the extent needed (e.g. partial card details, e-wallet ID, crypto wallet address, transaction hashes)
    • Information about the owner of the payment method to verify that it belongs to you

    We do not store full payment card details when this is handled directly by a PCI-DSS compliant payment provider. For crypto transactions, we may store wallet identifiers and on-chain transaction references.

  • Technical and Log Data
    Includes:
    • IP address and approximate location inferred from IP
    • Device identifiers, browser type and version, operating system, language settings
    • Access timestamps, referral URLs, pages viewed, login and logout activity
    • Security logs related to failed logins, suspicious activity, and system performance
  • Cookies and Similar Technologies
    Includes:
    • Cookies (session and persistent), web beacons, tracking pixels and local storage objects used to recognise your browser or device
    • Unique identifiers assigned to your device or browser for analytics, security, and advertising (where permitted)

    More detail is provided in the "Cookies & Tracking Technologies" section.

  • Marketing and Communication Data
    Includes:
    • Preferences regarding newsletters, SMS or push notifications
    • Records of marketing communications sent to you and your interactions with them (e.g. open and click rates)
    • Opt-in and opt-out records, consent logs and time stamps

Legal Basis for Processing

OBSERVE: As an offshore casino serving users from multiple regions, we follow principles aligned with international data protection standards such as the EU GDPR and leading global privacy frameworks.

EXPAND: Our processing of personal data rests on several legal grounds, including contract performance, legitimate interests, compliance with legal obligations (especially KYC/AML requirements under Curaçao and applicable financial laws), and consent for certain marketing/cookies uses.

REFLECT: By clarifying these grounds, we help you understand why we can lawfully process your information and how you can exercise your rights in relation to each basis.

Contractual Necessity

  • To create and manage your player account, verify your eligibility to play, and provide access to games and services.
  • To process deposits and withdrawals, credit bonuses, settle bets, calculate and pay winnings.
  • To provide customer support, handle complaints and disputes, and communicate with you regarding service-related issues (e.g. changes in terms, technical issues, account restrictions).

Without this data, we cannot enter into or perform the contract for gambling services with you.

Compliance with Legal and Regulatory Obligations

  • To carry out identity verification and age checks (KYC) and ongoing due diligence as required by AML/CTF and other financial crime laws in our licensing jurisdiction.
  • To monitor transactions and gameplay for suspicious activities, report certain transactions or behaviours to competent authorities when required, and keep appropriate records.
  • To comply with any court orders, regulatory requests, taxation or record-keeping obligations that apply to the operator.

Legitimate Interests

  • Fraud Prevention and Security: Protecting our platform, users and business against fraud, misuse, unauthorised access, and technical threats; maintaining backups and logs.
  • Service Improvement and Analytics: Analysing aggregated and pseudonymised use of our services to improve game offerings, site performance, user experience, and responsible gambling tools.
  • Business Operations: Internal reporting, risk management, ensuring network and information security, and enforcing our Terms & Conditions.

Where we rely on legitimate interests, we balance our interests against your privacy rights and take measures such as pseudonymisation and access restrictions.

Consent

  • For certain types of direct marketing communications (e.g. email newsletters, SMS offers) where this is required under applicable law.
  • For certain categories of cookies and tracking technologies (particularly advertising and some analytics cookies), depending on your browser/device settings and any consent tools available on our site.
  • For processing of any optional information you choose to provide (for example, marketing preferences or surveys) that is not strictly necessary for the contract or legal obligations.

You may withdraw your consent at any time, as described in the "Your Rights" section, without affecting the lawfulness of processing based on consent before its withdrawal.

Purpose of Processing

OBSERVE: We must clearly state why we use your data and how this supports the operation of Limitless Casino via limitless-au.com.

EXPAND: The purposes range from essential service delivery to security, compliance and marketing.

REFLECT: We map the purposes to typical user expectations and international privacy standards.

Primary Purposes

  • Providing Casino Services:
    • Creating and managing accounts for players from Australia and other accepted jurisdictions.
    • Enabling access to games, tournaments, bonuses and promotions.
    • Processing deposits, wagers and withdrawals, including cryptocurrency transactions.
  • Account Management and Customer Support:
    • Assisting you via email and 24/7 live chat support.
    • Handling complaints, disputes and queries about payments, bonuses or gameplay.
    • Administering responsible gambling controls, including self-exclusion requests sent to [email protected].
  • Legal, Regulatory and Risk Management:
    • Performing identity and age checks, transaction monitoring, and other AML/CTF measures.
    • Keeping mandatory records to demonstrate compliance with licensing and financial regulations.
    • Managing chargebacks, fraud cases and security incidents.
  • Service Improvement and Analytics:
    • Analysing gameplay patterns and user behaviour (in aggregated or pseudonymised form) to improve site layout, games, promotions and overall user experience.
    • Testing new features, measuring performance and troubleshooting technical issues.
  • Marketing and Promotions:
    • Sending service-related communications, such as updates about your account or material changes to this Privacy Policy or other terms.
    • Sending promotional messages (where permitted), such as special offers, bonuses, tournaments and loyalty rewards, via email or other channels you have consented to.
    • Customising content, offers and recommendations based on your interactions with the site, where legally permitted.
  • Security and Abuse Prevention:
    • Monitoring usage to detect and prevent fraud, collusion, money laundering, bonus abuse and other prohibited behaviour.
    • Protecting the integrity of our games, systems and user accounts.

Disclosure & Sharing

OBSERVE: We sometimes share data with third parties to deliver services, meet regulatory duties, and manage our business.

EXPAND: These recipients may be located in or outside Australia and the EU, and include payment providers, technical and marketing service providers, corporate affiliates, and regulators.

REFLECT: We describe who may receive your data, for what reasons, and under what safeguards.

Categories of Recipients

  • Payment and Financial Service Providers
    We share necessary payment-related data with:
    • Banks, card processors and payment gateways.
    • Cryptocurrency payment processors and wallet service providers, to facilitate deposits and withdrawals, verify transaction origin, and comply with AML/CTF checks.
  • Technical and Operational Service Providers
    We use third-party suppliers who act as data processors under our instructions, including:
    • Hosting and infrastructure providers, content delivery networks (CDNs), and data storage providers.
    • Game software and platform providers (e.g. RTG and similar suppliers) that deliver games and gaming-related services.
    • Customer support platforms for managing live chat and email communication.
    • Analytics, performance monitoring and security service providers.
  • Marketing and Affiliate Partners
    Subject to applicable law and consent requirements, we may share limited data with:
    • Affiliate partners who refer players to limitless-au.com and require aggregated or pseudonymised statistics for performance tracking.
    • Marketing platforms and advertising networks for delivering and measuring campaigns, where permitted and subject to cookie/consent settings.
  • Corporate Affiliates and Group Companies
    Where Limitless Casino is part of a wider corporate group, we may share data with related entities (e.g. entities associated with the "Yabby/Brango" group and Anden Online N.V.) for:
    • Consolidated reporting, risk management and compliance.
    • Shared customer support, KYC verification and fraud prevention resources.
  • Regulators, Authorities and Legal Recipients
    We may disclose your data to:
    • Licensing and regulatory bodies in Curaçao or other relevant jurisdictions.
    • Law enforcement agencies, courts, governmental or quasi-governmental authorities, where we believe disclosure is required by law or necessary to protect our rights, your safety or the safety of others.
    • External advisers (lawyers, auditors, consultants) under appropriate confidentiality obligations.
  • Business Transfers
    In the event of a merger, acquisition, restructuring, sale of business or assets, or insolvency event, your personal data may be transferred to one or more third parties involved in the transaction (or their advisers), subject to appropriate confidentiality and data protection safeguards.

We do not sell your personal data as that term is commonly understood, but we may share data for advertising or analytics in ways that could be considered a "sale" or "sharing" under some jurisdictions' laws. Where such laws apply, we will honour additional rights and opt-out mechanisms provided there.

International Transfers

OBSERVE: Our operations, infrastructure and partners are distributed internationally, while we accept players from Australia and other regions.

EXPAND: Personal data may be processed in Curaçao, the European Economic Area (EEA), North America, and other countries where our technical providers or group entities are located.

REFLECT: We explain these transfers and the safeguards we aim to use to protect your information.

Locations of Processing

  • Curaçao: Primary licensing and corporate jurisdiction for the operator.
  • European Economic Area (EEA) and United Kingdom: Hosting, game providers, payment, analytics, and security services may be based or process data there.
  • North America and Other Regions: Certain support, infrastructure or analytics providers may operate from, or process data in, these regions.

Safeguards for International Transfers

  • Where we transfer data from the EEA/UK or other regions with export restrictions, we aim to rely on:
    • Standard Contractual Clauses (SCCs) or equivalent contractual mechanisms approved by relevant authorities.
    • Technical and organisational measures such as encryption, access controls and data minimisation.
    • Service provider due diligence and contractual obligations regarding confidentiality, security and data protection.
  • Because Limitless Casino is operated from Curaçao and targets multiple markets, some laws (such as EU GDPR) may not apply directly to all users; nonetheless, we endeavour to maintain safeguards consistent with widely accepted international standards.

By using our services, you understand that your personal data may be transferred to, stored in, or processed in countries that may have different data protection laws than your country, including countries that may not provide the same level of protection.

Data Retention

OBSERVE: We must not retain data longer than necessary for the purposes for which it was collected.

EXPAND: Retention periods vary depending on the type of data, regulatory requirements (especially AML/CTF and gaming laws), and potential legal claims.

REFLECT: We outline typical retention periods and criteria for deletion or anonymisation.

General Principles

  • We retain personal data only for as long as necessary to:
    • Provide our services and operate your account.
    • Comply with legal and regulatory obligations.
    • Resolve disputes and enforce our agreements.
  • After the applicable retention period elapses, we will either securely delete or irreversibly anonymise the data so that it can no longer be associated with you.

Indicative Retention Periods

  • Account and Identification Data: Typically retained for the duration of your active account and for up to five (5) years after account closure, or longer if required by law (e.g. AML/CTF record-keeping obligations in the licensing jurisdiction) or for the duration of any legal dispute.
  • Transaction and Gaming History: Normally retained for at least five (5) years after the relevant transaction or account closure to comply with regulatory and accounting obligations and to defend potential legal claims.
  • Customer Support Communications: Retained for up to five (5) years after the last interaction, or as required to resolve ongoing disputes or regulatory investigations.
  • Marketing Data: Retained for as long as you remain opted in and, in any event, no longer than necessary to demonstrate compliance with consent requirements and marketing law. Opt-out records may be kept longer to ensure your preferences are respected.
  • Technical Logs and Security Data: Typically retained for a shorter period (e.g. 6 - 24 months) except where longer retention is required for investigation of security incidents, fraud or abuse.

Deletion and Anonymisation Criteria

  • We will delete or anonymise your data:
    • Upon expiry of the applicable retention period.
    • When data is no longer required for any purpose, including legal or regulatory purposes.
    • Upon your justified request, where applicable rights (such as erasure) apply and no overriding obligations or legitimate interests require further retention.

Your Rights

OBSERVE: Users have rights regarding their personal data under various privacy frameworks, including principles similar to those found in the EU General Data Protection Regulation (GDPR) and other international regimes.

EXPAND: While Limitless Casino is operated from Curaçao and is not an Australian-licensed operator, we aim to respect core privacy rights: access, rectification, deletion, restriction, objection, portability, and withdrawal of consent, subject to legal and contractual limitations.

REFLECT: We explain each right, how it applies in our context, and how to exercise it, including response timeframes and cost.

List of Rights

  • Right of Access: You can request confirmation whether we process your personal data and obtain a copy of your data, together with information about how we use it.
  • Right to Rectification: You may request correction of inaccurate or incomplete personal data (e.g. incorrect contact details or outdated address).
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent and there is no other legal ground for processing. We may not be able to delete information that we must keep for AML, gaming or legal reasons.
  • Right to Restrict Processing: You can request that we suspend processing of certain data under specific conditions (e.g. while we verify its accuracy or assess an objection).
  • Right to Object: You may object to processing based on our legitimate interests, including direct marketing. We will then stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is required for legal claims.
  • Right to Data Portability: Where technically feasible and required by applicable laws, you may request a copy of certain personal data in a structured, commonly used and machine-readable format and ask that we transmit it to another controller.
  • Right to Withdraw Consent: Where processing is based on your consent (for example, marketing emails or optional profiling), you can withdraw consent at any time. This will not affect the lawfulness of processing already carried out.
  • Right Not to be Subject to Solely Automated Decisions: If we apply automated decision-making that has legal or similarly significant effects, you may have the right to request human review and to express your point of view.

How to Exercise Your Rights

  1. Submit a Request: You may exercise your rights by:
    • Emailing [email protected] with "Data Subject Request" or "Privacy Request" in the subject line; or
    • Using our 24/7 live chat and specifying that your request concerns your personal data and privacy rights.
  2. Verification: For your security, we may need to verify your identity before acting on your request (e.g. by confirming account details or requesting supporting documentation).
  3. Response Time: We aim to respond to all valid requests without undue delay and, in any case, within thirty (30) days of receipt. If your request is complex or we receive numerous requests, we may extend this deadline by a further sixty (60) days, but we will inform you of any extension and reasons.
  4. Fees: We generally handle requests free of charge. However, where permitted by law, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, repetitive, or excessive.
  5. Limitations: Certain rights may not apply or may be restricted in order to:
    • Comply with legal obligations (e.g. AML/CTF or gaming regulations requiring retention of certain records).
    • Protect the rights and freedoms of others.
    • Preserve evidence for ongoing or potential legal proceedings.

Cookies & Tracking Technologies

OBSERVE: Cookies and similar technologies are essential for operating an online casino and for analytics and marketing.

EXPAND: We differentiate among functional, analytics and advertising cookies, and explain your options to control them via browser settings or internal tools.

REFLECT: We aim to provide transparent information so you can make an informed choice about your cookie preferences.

Types of Cookies We Use

  • Strictly Necessary / Functional Cookies:
    • Session cookies that keep you logged in and maintain your session as you move between pages.
    • Cookies that remember your language settings, game preferences, and responsible gambling options.
    • Without these cookies, services you have requested (e.g. logging in, placing bets, accessing the cashier) cannot function properly.
  • Performance and Analytics Cookies:
    • Cookies used to collect anonymous or pseudonymised statistics about site usage, such as number of visitors, pages visited, and error logs.
    • Used to improve website performance, game offerings, and user experience, often through third-party analytics tools.
  • Advertising and Marketing Cookies:
    • Cookies or similar technologies used to deliver, personalise and measure advertising campaigns, sometimes in cooperation with affiliate or advertising networks.
    • May track your browsing behaviour across sites to build a profile of your interests, where allowed by law and your consent settings.
  • Third-Party Cookies:
    • Set by service providers offering embedded content, analytics, games, or marketing services.
    • These providers have their own privacy and cookie policies, which we recommend you review.

Managing Cookies

  • You can manage or disable cookies by:
    • Adjusting the settings in your web browser (e.g. blocking all cookies, blocking third-party cookies, or deleting cookies when closing the browser).
    • Using any cookie management tools, banners or settings we provide on our site, where available.
  • Please note that:
    • Blocking or deleting strictly necessary cookies may impact your ability to use core functions of the casino, including logging in and playing games.
    • Changes in browser or device settings may not automatically apply to other browsers or devices you use to access limitless-au.com.

Data Security

OBSERVE: Operating an online casino requires robust security due to financial transactions, sensitive personal data and high risk of fraud.

EXPAND: We adopt technical and organisational measures such as encryption, strong access controls, training and incident response procedures, seeking alignment with recognised security practices.

REFLECT: While no system is perfectly secure, we aim to reduce risks and act promptly when incidents occur.

Technical and Organisational Measures

  • Encryption:
    • Data transmitted between your browser and our servers is protected using industry-standard TLS (Transport Layer Security) 1.2 or higher.
    • Where feasible, sensitive data is encrypted at rest within our systems or stored in encrypted databases.
  • Access Controls and Authentication:
    • Access to personal data is limited to authorised personnel who require it to perform their duties.
    • Role-based access control is implemented to minimise unnecessary access.
    • We encourage the use of strong passwords and may offer or require additional authentication measures for high-risk actions.
  • Network and System Security:
    • Use of firewalls, intrusion detection/prevention measures, and anti-malware tools to protect systems and data.
    • Regular security monitoring, logging, and vulnerability assessments.
  • Staff Training and Confidentiality:
    • Employees and contractors with access to personal data are subject to confidentiality obligations.
    • Relevant staff receive training on data protection, security awareness, and responsible handling of personal data.
  • Incident Response:
    • We maintain procedures to detect, investigate and respond to suspected data breaches or security incidents.
    • Where required by applicable law, we will notify relevant authorities and affected users of a data breach without undue delay.

We seek to align our security controls with recognised international standards (such as ISO/IEC 27001-type practices and SOC 2-type controls) where appropriate for our size and risk profile, although we may not be formally certified under specific frameworks.

Complaints & Contacts

OBSERVE: You may wish to contact us or lodge a complaint if you believe your privacy rights have been infringed or if you have concerns about our practices.

EXPAND: We provide multiple channels and a clear procedure for handling privacy-related complaints, as well as information about supervisory or external bodies you can approach, subject to jurisdictional competence.

REFLECT: Clear escalation paths help ensure that issues are addressed promptly and transparently.

Contact Channels

  • Email (Primary): [email protected]
  • Live Chat: 24/7 live chat support on the casino site for immediate assistance and to initiate privacy-related requests.
  • Postal Address: Data Protection Officer, Limitless Casino, Operator Postal Address in Curaçao (as shown on our website). You may request the current address via email.

Internal Complaint Procedure

  1. Initial Submission: Send us a detailed description of your concern or complaint, including:
    • Your full name, username and contact details.
    • A clear description of the issue, including relevant dates and any supporting documentation.
  2. Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably possible, typically within five (5) business days.
  3. Investigation: Your complaint will be reviewed by appropriate personnel, which may include our data protection contact, compliance, and support teams.
  4. Response: We aim to provide a substantive response within thirty (30) days of receiving your complaint. If more time is needed due to complexity, we will inform you of the delay and an estimated timeframe.
  5. Escalation: If you are not satisfied with the outcome, you may request that the matter be escalated internally for further review.

External Recourse

Because Limitless Casino is operated from Curaçao under an offshore licence and is not authorised by Australian regulators, the options for external supervisory review may be more limited than with locally licensed operators. Depending on your location and circumstances, you may be able to raise concerns with:

  • Data Protection or Consumer Authorities in Your Country of Residence: You may have the right to lodge a complaint with a data protection authority or consumer protection body in your country if you believe your rights have been infringed, subject to the scope of their jurisdiction.
  • Regulators in the Operator's Jurisdiction: You may contact relevant authorities in Curaçao in relation to regulatory matters concerning the operator. Contact details for such bodies may be found on official governmental or regulatory websites.

We will cooperate in good faith with competent authorities, subject to applicable law and jurisdictional limitations.

Updates

OBSERVE: Our services, legal environment and technical infrastructure may change over time.

EXPAND: We need to update this Privacy Policy periodically and inform users about significant changes in a transparent manner.

REFLECT: We describe how you will be notified, how we record changes, and what choices you have.

Policy Changes and Version Control

  • This Privacy Policy may be updated from time to time to reflect:
    • Changes in our services, technologies or business practices.
    • Changes in applicable laws, regulations or regulatory guidance.
    • Feedback from users, authorities or other stakeholders.
  • The "Last updated" date at the end of this Policy indicates the latest revision.
  • We may maintain a brief changelog highlighting material changes (e.g. new categories of data, new purposes, or changes in recipients or international transfers), available on request or posted on our website.

Notification of Material Changes

  • Where we make material changes that significantly affect how we process your personal data, we will, where feasible:
    • Notify you by email sent to the address associated with your account, and/or
    • Display a prominent notice or banner on the website or within your account dashboard.
  • Unless immediate implementation is required by law or to address an urgent risk, we will aim to provide at least thirty (30) days' advance notice of significant changes, so you can review them.

Your Options in Case of Changes

  • By continuing to use our services after the effective date of updated terms, you are deemed to have accepted the revised Privacy Policy.
  • If you do not agree with the changes, you may:
    • Contact us with questions or concerns, and/or
    • Close your account and request any applicable rights (such as data access or deletion, subject to legal retention requirements).

Last updated: January 2026