Stakeworks

Legal

Privacy Policy

Last updated: May 24, 2026

This policy is written for a B2B platform that supports casino game software, operator dashboards, API integrations, wallet callbacks, renewals, and reporting.

The policy reflects practical privacy and data-security principles, but it should be reviewed by counsel for your jurisdictions, vendors, hosting, payment flows, and operator agreements before production launch.

01

Scope

This Privacy Policy explains how Stakeworks handles information when visitors use the public website, operators use the platform, admins manage licenses, operators integrate games and wallet callbacks, and users contact us. It applies to Stakeworks controlled websites, dashboards, APIs, renewal pages, and support workflows.

Operators may separately control player data, wallet data, KYC information, payment records, and player communications. When an operator controls that data, the operator is responsible for its own privacy notices, lawful basis, consent, retention, security, and data subject request handling.

02

Information We Collect

  • Account information, such as name, email address, role, operator assignment, authentication records, login events, and session metadata.
  • Business information, such as company name, operator name, contact details, billing details, license records, renewal status, support requests, and commercial communications.
  • Integration information, such as operator IDs, API public keys, hashed API secrets, callback configuration, game configuration, enabled modes, wallet mode, and technical settings.
  • Gameplay and reporting information processed through the platform, such as game sessions, game rounds, wager amounts, payout amounts, currencies, timestamps, external player IDs, idempotency keys, wallet transaction records, and audit trails.
  • Renewal and cashier information, such as selected payment method, transaction hash, receipt reference, payer note, destination snapshot, review status, reviewer, and payment timestamps.
  • Contact form information, such as name, email, company, message, IP-derived rate-limit data, and delivery metadata.
  • Technical information, such as IP address, user agent, device and browser details, route accessed, request timestamps, security headers, error logs, diagnostic events, and uptime or monitoring logs where those tools are enabled.
03

Sensitive And Regulated Data

Stakeworks is not designed to collect consumer KYC files, government IDs, bank statements, full payment card numbers, seed phrases, private keys, player passwords from operator systems, or unnecessary sensitive personal information. Operators must not send those items to Stakeworks unless a signed agreement specifically authorizes it and appropriate controls are in place.

External player IDs should be stable identifiers from the operator platform. Operators should avoid sending direct personal identifiers in external_player_id when a pseudonymous identifier will work.

04

How We Use Information

  • Provide, secure, maintain, troubleshoot, and improve the platform.
  • Authenticate users, enforce roles, protect admin/operator dashboards, and manage sessions.
  • Launch games, settle sessions, process wallet actions, enforce operator limits, and generate reports.
  • Manage licenses, renewals, payment review, cashier settings, billing records, and operator status.
  • Send operational emails, renewal reminders, support responses, security notices, and account-related messages.
  • Detect abuse, fraud, credential exposure, replay attempts, suspicious wallet behavior, abnormal payout activity, failed authentication bursts, and misuse of the platform.
  • Maintain audit logs, legal records, dispute records, backup records, and compliance evidence.
  • Comply with legal obligations, enforce agreements, respond to lawful requests, and protect Stakeworks, operators, players, and third parties.
05

Legal Bases And Operator Instructions

Depending on the jurisdiction and context, Stakeworks may process information to perform a contract, pursue legitimate business and security interests, comply with legal obligations, protect vital platform interests, or follow documented operator instructions. Where an operator is the controller of player-related data, Stakeworks acts according to the applicable agreement and platform configuration.

06

Cookies And Similar Technologies

Stakeworks may use cookies, local storage, and similar technologies for authentication, locale selection, security, session management, dashboard operation, and user preferences. Some cookies are necessary for the platform to work. If analytics or advertising tools are added later, this policy should be updated before those tools are enabled.

07

How We Share Information

  • With service providers that help operate hosting, database, email, logging, security, monitoring, analytics, support, payments, or infrastructure, subject to appropriate contractual restrictions.
  • With operators and their authorized users for their own account, license, game, wallet, report, and audit activity.
  • With payment, bank, blockchain, or verification providers when needed to verify renewal payments or investigate payment issues.
  • With professional advisors, insurers, auditors, compliance consultants, and legal counsel.
  • With regulators, law enforcement, courts, payment networks, or other authorities when required or when Stakeworks believes disclosure is necessary to protect rights, safety, security, or legal interests.
  • In connection with a merger, acquisition, financing, restructuring, sale of assets, or similar business transaction, subject to appropriate safeguards.
08

Security

Stakeworks uses technical and organizational safeguards designed to protect information, including hashed secrets where appropriate, server-side credential checks, security headers, audit logs, restricted admin/operator routes, wallet callback signatures, idempotency controls, and production environment checks. No system can guarantee perfect security.

Operators must secure their own systems, API secrets, callback secrets, admin accounts, wallet endpoints, payment destinations, DNS, email, and hosting environments. A weakness in an operator integration can affect player balances and disputes even if the Stakeworks platform is operating correctly.

09

Wallet Callback And Transaction Records

Wallet callback records may include external player IDs, operator IDs, action type, amount, currency, session ID, round ID, idempotency key, request payload, response payload, status, and timestamps. These records are kept for reconciliation, security, troubleshooting, operator reporting, responsible gaming controls, and disputes.

Hand-history and claim exports may include filtered records for a specific external player ID, date/time window, round ID, wallet action, promotion action, and game configuration evidence needed to investigate a dispute.

10

Payment And Renewal Records

Stakeworks may keep payment method selections, transaction hashes, receipts, bank references, payer notes, destination snapshots, review decisions, reviewer IDs, and timestamps. These records help verify renewals, prevent mistaken approvals, handle disputes, and maintain license history.

11

Retention

Stakeworks keeps information for as long as needed to provide the platform, maintain security, support operators, comply with legal or contractual obligations, resolve disputes, preserve audit trails, and enforce agreements. Retention periods can vary based on data type, jurisdiction, operator agreement, regulatory expectations, and business need.

Operators are responsible for their own player-facing retention schedules and for telling Stakeworks when data should be deleted or exported if the operator controls that data and deletion is legally permitted.

12

International Processing

Stakeworks, operators, service providers, and infrastructure may process information in countries other than where users or operators are located. Operators are responsible for determining whether cross-border transfer rules apply to their player data and for implementing required transfer mechanisms in their own notices and agreements.

13

Your Choices And Requests

  • Operators can request access, correction, export, or deletion of their business account information by contacting Stakeworks.
  • Operator staff can contact their operator admin for role, access, and account changes.
  • Players of an operator should contact the operator first because the operator controls the player relationship, wallet, KYC, and player account.
  • Stakeworks may need to verify identity, authority, operator assignment, and legal permissibility before fulfilling a request.
  • Some information may be retained where needed for security, fraud prevention, legal compliance, audit logs, disputes, backups, or legitimate business records.
14

Children And Underage Users

Stakeworks is not directed to children or underage users. Operators must prevent underage access to gambling, prize, sweepstakes, or age-restricted activity and must implement legally required age-gating and verification. Stakeworks does not knowingly seek personal information from children.

15

Marketing

Stakeworks may send business-to-business communications about platform updates, licensing, security, renewals, integrations, or related services. You may opt out of nonessential marketing, but operational, billing, legal, security, and account messages may still be sent.

16

Do Not Track And Global Privacy Signals

The platform currently does not use third-party advertising behavior tracking. If advertising or cross-site analytics are added later, Stakeworks should update this policy and implement any required consent, opt-out, or signal handling.

17

Changes

Stakeworks may update this Privacy Policy from time to time. Updates are effective when posted unless the page states otherwise. Material changes may be communicated through the website, dashboard, email, or other reasonable means.

18

Contact

Privacy questions, data requests, and security concerns can be sent to partners@stakeworks.online.