Privacy Policy

• Legal entity: Enigma Digital Solutions Limitada
• Company number: 3‑102‑196990
• Registered address: San José, Montes de Oca, Barrio Dent, From Centro Cultural Costarricense Norteamericano, 200 meters North and 50 meters East, Ofident Building, Office No. 3, Costa Rica.
• Email (privacy requests): [email protected]
• Data Protection Officer (DPO): [email protected]

If you prefer, you may also contact the Costa Rican supervisory authority PRODHAB – Agencia de Protección de Datos de los Habitantes regarding your data‑protection rights.

Unless stated otherwise, terms such as Personal Data, Sensitive Data, Processing, Database, Controller, and Processor have the meanings given by the Costa Rican Data Protection Law. "Personal Data" means any information that identifies or can be used to identify you, directly or indirectly.

We process the following categories of data, as required to operate a lawful, secure, and responsible betting platform:

We do not intentionally collect data from persons under 18 years of age (see Section 13).

We process personal data only when a lawful basis applies under Costa Rican law:

We do not sell personal data.

We use cookies, SDKs, pixels, and similar technologies to: keep you logged in; remember preferences; measure performance; combat fraud; and deliver/measure marketing—where permitted. Non‑essential cookies are used only with your consent. You can manage preferences in our cookie banner or your browser/device settings. Disabling certain cookies may affect the functionality of the Services.

We use automated systems to help: (a) verify identity and detect suspicious activity; (b) assess risk, prevent fraud, and ensure geo‑compliance; and (c) uphold responsible‑gaming measures. Where decisions that may produce legal or similarly significant effects are made using automation, you may request human review, express your point of view, and contest the decision.

We disclose personal data only as necessary and under appropriate safeguards:

• Processors and vendors (cloud hosting, IT and security providers, KYC/AML vendors, payment and cash‑out processors, game/platform suppliers, analytics and anti‑fraud tools, customer‑support systems, marketing technology, and auditors).
• Affiliates within our corporate group, for centralized operations, risk management, and internal reporting.
• Business partners involved in co‑branded or promotional programs you choose to join.
• Professional advisers (lawyers, accountants, compliance consultants).
• Authorities and regulators, courts, or law‑enforcement agencies, when we are required or permitted by law.
• Business transfers, in connection with mergers, acquisitions, or corporate reorganization, subject to continuity of protections.

We require recipients to protect your data and use it only for the purposes disclosed.

Your data may be stored or processed outside Costa Rica. When we transfer personal data internationally, we implement measures consistent with Costa Rican law—for example, obtaining your consent where needed; using contractual protections that ensure an equivalent level of protection; or transferring to jurisdictions recognized for adequate protections. We maintain records of such transfers and the applicable safeguards.

We keep personal data only for as long as necessary to fulfill the purposes described above, to comply with legal and regulatory requirements (including AML/CTF and tax obligations), to resolve disputes, and to enforce agreements. In general, key account, transactional, and KYC records are retained for a minimum of five (5) years after account closure or the last relevant transaction, unless a longer period is required by law or needed for the establishment, exercise, or defense of legal claims. Non‑essential data processed on the basis of consent is deleted or anonymized when consent is withdrawn and no other legal basis applies.

We apply administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, accidental loss, alteration, or disclosure, including: encryption in transit and at rest where appropriate; access controls and multi‑factor authentication; network segregation and monitoring; secure development and change‑management practices; staff training and confidentiality obligations; and regular risk assessments, audits, and incident‑response procedures.

Under Costa Rican Data Protection Law, you have the following rights, subject to legal limits:

• Access: to know whether your personal data is being processed and obtain a copy.
• Rectification: to correct inaccurate or incomplete data.
• Cancellation/Deletion: to request deletion when data is excessive or unnecessary for the stated purposes, or when processing is unlawful.
• Opposition: to object to processing in justified cases and to withdraw your consent at any time, without affecting prior lawful processing.
• Portability: where applicable and technically feasible, to receive certain data in a structured, commonly used format.
• Restriction and objection to marketing: you may opt out of direct marketing at any time.

To exercise your rights, contact our DPO (see Section 1). We may request information to verify your identity and will respond within the timeframes required by law. If you believe your rights have been infringed, you can lodge a complaint with PRODHAB.

Where we rely on your consent (for example, for marketing emails or non‑essential cookies), you can withdraw it at any time through your account settings, the unsubscribe link in our emails, the cookie banner, or by contacting us. If you withdraw consent or object to certain processing, some features of the Services may not be available.

The Services are intended only for persons 18 years or older (or the legal age of majority in your jurisdiction, if higher). We do not knowingly collect data from minors. If we learn that a minor has provided personal data, we will delete it and may take steps to disable the account. We may also process data to prevent use from prohibited locations.

Our Services may link to third‑party websites or services. Their privacy practices are governed by their own policies. We are not responsible for the privacy or security practices of those third parties.

We may update this Privacy Policy from time to time. Material changes will be notified through the Services (and, where legally required, we will seek your renewed consent). The "Effective date" at the top indicates the latest version.

Acceptance of this Privacy Policy may be required to register and use our Services. If you do not agree with this Policy, please do not use the Services or provide personal data. You may close your account at any time by contacting Support.

For any questions about this Policy, or to exercise your data‑protection rights:

• Cloud hosting and content‑delivery networks; database and backup providers (which may store data outside Costa Rica with contractual safeguards).
• KYC/AML identity‑verification and biometric vendors.
• Payment processors, banking and payout partners; anti‑fraud and chargeback management tools.
• Game and platform suppliers; geolocation and security vendors.
• Customer‑support platforms (ticketing, live chat, call recording where lawful).
• Analytics, A/B testing, and marketing‑technology providers (for which consent is gathered where required).
• Professional advisers and auditors.