Epic Jack Privacy Policy: What We Collect, Why We Use It, and Your Choices

Q: How Do I Exercise My Privacy Rights and How Long Does It Take?

Email support@jackepic.com with your request type and details; the Notice states we aim to respond within one month and may verify your identity.

Epic Jack Privacy Policy: What We Collect, Why We Use It, and Your Choices

Play with bonus

This page is a plain-English overview of the privacy policy for your Epic Jack account, based on our Privacy & KYC/AML Notice (last updated: 3 September 2025).

It explains what personal data we collect, why we use it, how risk-based verification checks work, and what choices you have about marketing and privacy requests.

If anything on this page conflicts with the official Notice, treat the Notice as the authoritative source.

How to Read This Notice

Our privacy and KYC/AML notice is structured like a reference document. The quickest way to use it is to go straight to the section that matches your situation.

If you contact customer support about privacy, include clear details and avoid sharing sensitive data you do not need to share.

Use the “Contents” list in the Notice to jump to the right section.
When you need an official rule, copy the section heading and the key sentence.
Keep timestamps for withdrawals, verification uploads, and support messages.
Mask sensitive details in screenshots (full document numbers, full card numbers, security codes).
Never share passwords or one-time codes with anyone.
If you are unsure what to send, ask support what minimum details are required.

Who Controls Your Data and How to Contact Us

The Notice states that Akateco Limitada is the Data Controller for personal data processed in connection with the service. It also states an acting Payment Agent: ALPHYN SOFT LTD.

For privacy queries, including DPO contact, the Notice directs you to email [email protected]. If an EU/UK representative is required, the Notice indicates one may be appointed for regional queries.

Write from your registered email address where possible.
Include your username and the request type (access, deletion, objection, marketing opt-out).
Add relevant timestamps (with timezone) and the affected area (withdrawal, verification, marketing).
Attach screenshots only if needed, and mask sensitive data.
Do not send passwords, one-time codes, or full payment card details.

What Data Is Collected (Categories and Examples)

We collect data you provide, data generated by using the service, and technical data that helps secure accounts and meet compliance obligations.

What is collected can vary based on your activity (for example, withdrawals and verification checks require more information than browsing).

Data Category	Examples	Where It Comes From
Identity & contact	Name, date of birth, nationality, address, email, phone	Provided by you
Account	Username, settings, language, marketing preferences/consents, referral/affiliate info	Provided by you / account configuration
KYC/AML verification	ID images, selfie/liveness, proof of address, Source of Funds/Wealth evidence, screening results, compliance notes	Provided by you / compliance checks
Payments & transactions	Deposit/withdrawal history, ownership confirmation (e.g., last 4 digits/IBAN, issuer), chargebacks/disputes	Payment flow and account history
Gaming & usage	Gameplay logs (stakes, wins/losses, rounds), session time, bonuses used, limits and responsible gaming tool usage	Generated during play
Device & technical	IP address, browser/OS, device type, network info, geolocation indicators (including VPN/proxy signals), cookies/SDK data	Device/session signals
Support & communications	Messages to support, complaint tickets, KYC correspondence; calls/chats may be recorded where permitted	Support interactions
On-device biometrics (token)	Face ID/Touch ID stays on your device; we receive only a success/failure token from your OS	Optional login method

Why Data Is Used: Purposes and Legal Bases (High-Level)

We use personal data to run the service, secure accounts, meet compliance obligations, and provide customer support. The Notice describes legal bases such as contract performance, legal obligation, public interest, consent (where required), and legitimate interests.

When consent applies (for example, certain marketing and non-essential tracking), you can withdraw it and manage preferences.

Provide the service: account management, games delivery, payment processing, promotions, support.
KYC/AML and regulatory: identity verification, sanctions/PEP screening, fraud prevention, monitoring and recordkeeping.
Responsible gaming: applying limits, cooling-off/self-exclusion tools, and safer gambling interactions.
Security and integrity: detecting abuse, multi-accounting, and suspicious device/network signals.
Analytics and improvement: performance measurement, bug fixing, and product improvement (with consent where required).
Marketing: sending offers where permitted, with opt-out options.
Disputes and compliance: handling complaints, audits, and legal claims.

KYC/AML Processing: When Verification Happens and What Can Trigger It

We operate a risk-based verification program. The Notice states that verification can happen on the first withdrawal and whenever legal or risk thresholds require additional checks.

While checks are pending, withdrawals may be paused and some features can be restricted until the review is completed.

Trigger	What May Be Requested	What Can Happen While Pending
First withdrawal	ID, proof of address, selfie/liveness if requested	Withdrawal may be paused
Thresholds (deposit/withdrawal levels)	Additional identity or Source of Funds/Wealth evidence	Restrictions until checks conclude
PEP/sanctions screening hits	Extra verification and supporting documents	Enhanced review
High-risk geographies	Additional compliance evidence	Enhanced review
Device/VPN anomalies	Account confirmation and additional checks	Security restrictions
Chargebacks or disputes	Ownership confirmation and supporting evidence	Restrictions or limits
Unusual patterns	Transaction explanations, documents as requested	Manual review

Why Was My Withdrawal Paused for Checks?

Pauses typically happen when verification is required for your first withdrawal, when thresholds are met, or when risk signals trigger a review.

If you want the fastest resolution, submit all requested documents at once and follow the document quality rules below.

Send clear colour images or a PDF.
Show the full document (all four corners), without cropping.
Avoid glare, blur, filters, or heavy edits.
Include front and back where applicable.
Ensure details match your account profile (name, date of birth, address).
Respond to follow-up questions in the same email thread.
Keep submission timestamps and confirmation screenshots.

For what to prepare and common document quality rules, see verification checks.

Automated Processing and Profiling (What It Does and Limits)

The Notice explains that automated tools can be used to screen for risk, such as sanctions/PEP list screening, device/network signals, and transaction pattern monitoring.

These tools support compliance and security decisions, and the Notice states that significant decisions are not made solely by automation without human review.

Risk screening helps prevent fraud and meet compliance obligations.
Device and network signals can help detect suspicious access patterns.
Transaction monitoring can help identify unusual activity for review.
If you believe a decision is incorrect, contact support with dates, times, and screenshots (masked).

Retention and Security (How Long Data Is Kept and How It’s Protected)

The Notice states that KYC/AML records are retained for at least 5 years after the relationship ends, or longer where required by law or a regulator.

Security measures described include technical and organizational safeguards such as encryption in transit, access controls, monitoring, and limiting access to trained personnel and vetted processors.

Use a strong, unique password for your account and your email inbox.
Do not share one-time codes, verification links, or passwords.
Be cautious with phishing messages that ask you to “confirm” login details.
Keep your browser and device updated.
Log out on shared devices and avoid saving passwords in public environments.
If you use Face ID/Touch ID, remember biometric data stays on your device and we receive only a success/failure token.

Sharing and International Transfers (Including SCCs)

We share data with third parties only when needed to provide the service, process payments, run compliance checks, prevent fraud, and support operations. Third parties may include payment providers, verification vendors, hosting providers, analytics providers, and customer support tooling.

When personal data is transferred outside your country (including outside the EEA/UK), the Notice states that lawful mechanisms can be used, including adequacy decisions, Standard Contractual Clauses (SCCs), and additional safeguards where required.

We share the minimum necessary information for each purpose.
Vendors are expected to follow contractual security and confidentiality requirements.
International transfers use recognized legal safeguards where required.
You can request SCC copies via the support email shown in the Notice.

Your Rights and How to Make a Request

Subject to applicable law, you can request access, correction, deletion, restriction, objection, portability, and withdrawal of consent where processing is based on consent.

The Notice states we may need to verify your identity and aim to respond within one month.

Right	What It Means	How to Request
Access	Get a copy of your personal data and processing information	Email support with “Data Access Request”
Rectification	Correct inaccurate or incomplete data	Explain what is wrong and what the correct details are
Erasure	Request deletion where legally allowed	Email support with “Deletion Request” and your reason
Restriction	Limit processing in specific situations	Describe the data and the restriction you want
Objection	Object to processing based on legitimate interests (including direct marketing)	Email support with “Objection” and context
Portability	Receive certain data in a portable format (where applicable)	Email support with “Portability Request”
Withdraw consent	Stop consent-based processing	Change preferences or email support
Complain	Raise a complaint with a supervisory authority	Use your local authority channel

I Want My Data Deleted

Deletion requests can be limited by legal recordkeeping duties, especially where KYC/AML rules require retention.

If deletion is not possible for specific records, we may still be able to restrict use and retain only what is required.

To submit a privacy request or ask a question, contact support using the email shown in the Notice.

Cookies and Marketing Preferences (Opt-Out and Timing)

We use cookies and similar technologies to run the site, remember preferences, and secure accounts. The Notice also describes optional cookies/trackers used for analytics and personalization, where consent is required.

Marketing emails include an unsubscribe link, and the Notice states opt-outs are processed within 48–72 hours. Transactional emails (receipts, security alerts, and important policy updates) can still be sent.

Use the Unsubscribe link in any marketing email to opt out.
Manage channels in My Account → Notifications.
Allow up to 48–72 hours for opt-outs to take effect.
Expect service emails to continue when needed for your account.
If you keep receiving marketing after the processing window, contact support with the email headers and timestamps.
If you receive partner marketing, use their unsubscribe link as well.

For platform rules tied to withdrawals/bonuses and compliance outcomes, review terms and conditions.

Children (18+) and Responsible Gaming Data Use

The service is for adults 18+ (or higher local legal age). The Notice states we do not knowingly collect data from minors and will close underage accounts when identified, handling data and funds as required by law.

Responsible gaming tools and limits can create account records (for example, limits applied and self-exclusion requests), and these can be used to apply protections and meet compliance duties.

If an underage account is detected, the account may be closed and processed according to legal requirements.
Responsible gaming settings and limits can be stored to enforce protections.
Support can help with cooling-off and self-exclusion requests.
If you need help taking a break, use the responsible gaming options available to you.

For cooling-off and self-exclusion explained clearly, see responsible gaming tools.

FAQ

When Was the Privacy & KYC/AML Notice Last Updated?

The Notice states it was last updated on 3 September 2025.

Who Is the Data Controller and How Do I Contact the DPO?

The Notice states Akateco Limitada is the Data Controller, and privacy/DPO contact is via [email protected].

What Personal Data Do You Collect?

Examples include identity and contact details, account settings, gameplay and usage logs, payment history, device signals, support communications, and verification documents where required.

Do You Store Full Payment Card Numbers?

The Notice states full card PANs are not stored, and payments are processed via regulated providers.

Why Do You Process My Data (High-Level Reasons)?

We process data to provide the service, protect accounts, meet KYC/AML and security obligations, handle support requests, and manage marketing where permitted.

When Can KYC/AML Verification Be Required?

The Notice states verification can occur on first withdrawal and when legal or risk thresholds require checks, including screening hits or unusual patterns.

What Are “VPN/Proxy Signals” Used For?

They are used as security and risk indicators to help detect suspicious access patterns and support fraud prevention and compliance reviews.

How Long Do You Keep KYC/AML Data?

The Notice states KYC/AML records are kept for at least 5 years after the relationship ends, or longer if required.

How Do I Exercise My Privacy Rights and How Long Does It Take?

Email [email protected] with your request type and details; the Notice states we aim to respond within one month and may verify your identity.

How Do I Unsubscribe From Marketing and When Does It Take Effect?

Use the Unsubscribe link in marketing emails or manage preferences in your account; the Notice states opt-outs are processed within 48–72 hours, while service emails can still be sent.