Your privacy.

01Who we are

Gold Coins Palace is a free-to-play social casino operated at goldcoinspalace.com. We offer virtual slot, bingo, and jackpot games played with Gold Coins (GC) — a virtual currency with no cash value that cannot be exchanged, redeemed, or withdrawn for real money or prizes.

In this policy, "we," "us," and "our" refer to Gold Coins Palace. "You" and "your" refer to anyone who visits the site or registers an account.

02What we collect

We collect the minimum information needed to operate the site. Specifically:

Information you give us

• Account details: first name, last name, email address, username, date of birth, password (stored as a salted bcrypt hash, never plaintext)
• Optional profile information you may add later (avatar, display preferences, and so on)
• Communications: messages you send us via email or support channels

Information we collect automatically

• Game activity: games played, time spent, virtual coin balances, daily wheel spin history, favourites
• Technical data: IP address, browser type, device type, operating system, referring website, pages viewed, timestamps
• Session data: cookies necessary to keep you logged in (see Section 06)

What we do not collect

• Government-issued ID numbers (Social Security, driver's license, passport, and so on)
• Financial account information (bank account, credit card numbers) — we don't currently process any payments
• Precise geolocation data (we don't request GPS access)
• Biometric data (face scans, fingerprints, voice recordings)
• Information from your other apps, contacts, or device files

03How we use it

We use the information we collect to:

• Operate the service — maintain your account, save your progress, deliver gameplay features, and process the daily wheel and game outcomes
• Verify your age — confirm you're 21 or older as required to register
• Communicate with you — respond to your support requests, send account-related notifications (like approval status or security alerts), and occasionally send product updates (you can opt out of non-essential emails)
• Improve the site — understand which games are popular, find bugs, measure performance, and make decisions about new features
• Prevent abuse — detect bot signups, abuse of the daily wheel, spam, fraud, and violations of our Terms of Service
• Comply with the law — respond to valid legal process (subpoenas, court orders) and meet our regulatory obligations

We do not use your information to make automated decisions that have legal or similarly significant effects on you. Account approval is performed by a human reviewer.

04Who we share with

We share information narrowly. Specifically:

Service providers

We use third-party services to operate parts of our infrastructure — web hosting, email delivery, analytics, fraud prevention, and so on. These providers have access only to the information they need to perform their function, and they're contractually required to protect it and use it only for our purposes.

Aggregated, anonymized analytics

We share aggregated, anonymized statistics with research firms and industry partners. Examples of what this looks like:

• "60% of players prefer slot games over bingo"
• "Average session length is 12 minutes"
• "Egyptian-themed games are trending this quarter"

We do not share data that identifies you individually. Aggregated statistics are computed across at least 5 users at a time, with no fields that could reasonably be used to re-identify a specific person. Your name, email, username, IP address, account history, and individual play patterns stay private to us.

If you'd rather not have your activity counted in aggregate datasets at all, email us at the address in Section 13 and we'll exclude your account from analytics.

Legal compliance

We will share information when required by law — for example, in response to a valid subpoena, court order, or government request. We push back on overbroad requests and notify users when legally permitted to do so.

Business transfers

If Gold Coins Palace is acquired, merged with another company, or sells substantially all of its assets, user information may transfer to the acquiring entity. You'll be notified of any such change and given the option to delete your account.

What we do not do

• We do not sell, rent, or trade personal information that identifies you to anyone, for any purpose, including advertising or marketing
• We do not share user data with gambling operators, real-money casinos, or sports-betting companies
• We do not run referral or "growth partner" programs that quietly send your contact details to third parties
• We do not exchange your information for affiliate commissions

05Advertising

Gold Coins Palace is supported primarily by advertising. Ads appear in the following places:

• Banners on the lobby page and between game sessions
• Short video ads displayed between gameplay sessions
• Optional "watch a 30-second ad for bonus coins" prompts that you can ignore

We work with ad networks that may use cookies and similar technologies to deliver, measure, and improve advertising. These networks generally use:

• Contextual targeting (showing ads relevant to the page you're on)
• Frequency capping (so you don't see the same ad 50 times)
• Anonymized device-level signals (like browser type and time of day)

You can generally opt out of personalized advertising via:

• The Digital Advertising Alliance's WebChoices tool at optout.aboutads.info
• The Network Advertising Initiative's opt-out at optout.networkadvertising.org
• Browser-level controls (most modern browsers support "Do Not Track" signals, which we honor, and a "Global Privacy Control" signal, which we also honor)

We never show ads disguised as game elements, autoplay video with audio, or pop-ups that block you from playing. If you see a deceptive or broken ad, email us and we'll get it pulled.

06Cookies & tracking

We use a small number of cookies and similar technologies. They fall into three categories:

Strictly necessary

These keep you logged in and let the site function. The main one is GCP_SESSION, an HTTP-only session cookie that identifies your account to our server. Without it, you can't stay logged in. These cookies cannot be disabled.

Analytics

We use first-party analytics to count visits and understand which games and pages are used most. We do not currently use Google Analytics or other third-party analytics services.

Advertising

Our ad networks may set their own cookies to deliver and measure ads. See Section 05 for opt-out information.

You can clear or block cookies in your browser settings. Note that doing so will log you out and may break parts of the site.

07Your rights

Depending on where you live, you may have specific legal rights regarding your personal information. We extend the following rights to all users regardless of location:

• Right to access: request a copy of the information we have about you
• Right to correct: update or correct inaccurate information
• Right to delete: request that we delete your account and personal information
• Right to opt out of analytics: ask us to exclude your account from aggregated research datasets
• Right to opt out of marketing emails: unsubscribe from any non-essential email we send (transactional emails like account approval cannot be opted out of while your account is active)

UK and EU residents

If you live in the UK or EU, you have rights under UK GDPR (and EU GDPR for EU residents):

• Right to be informed about how we use your data (that's what this policy is for)
• Right of access — ask us for a copy of the personal data we hold about you
• Right to rectification — ask us to correct inaccurate data
• Right to erasure — ask us to delete your account and data
• Right to restrict processing — ask us to stop using your data in certain ways
• Right to object — object to processing for direct marketing or for our legitimate interests
• Right to data portability — receive your data in a structured, machine-readable format
• Right to complain to the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, email us at the address in Section 13. We'll verify your identity (typically by confirming you can access the email address associated with your account) and respond within one month, as required by UK GDPR.

US state residents (California, Virginia, Colorado, Connecticut, Utah, and others)

If you live in a US state with a comprehensive consumer privacy law (such as the CCPA/CPRA in California, VCDPA in Virginia, CPA in Colorado, CTDPA in Connecticut, UCPA in Utah, or similar laws in other states), you have rights including:

• Right to know: what personal information we collect, use, and disclose about you
• Right to delete: personal information we hold (with limited exceptions for legal compliance and fraud prevention)
• Right to correct: inaccurate personal information
• Right to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising any of these rights

We do not "sell" personal information as defined by US state privacy laws, and we do not "share" personal information for cross-context behavioral advertising in a way that requires opt-out under those laws. Our aggregated analytics sharing does not qualify as either, because the data shared does not identify individuals. If our practices change, we will update this policy and provide a "Do Not Sell or Share My Personal Information" link.

To exercise your rights under US state laws, email us at the address in Section 13. We'll verify your identity and respond within 45 days, as required by CCPA/CPRA (or the timeframe required by your state's law if different).

Everyone else

If you live somewhere with different data protection laws, contact us and we'll work with you to understand and honor any local rights you have.

How to delete your account

Email us with "Delete my account" in the subject line, from the email address associated with your account. We'll delete your account and all associated personal information within 30 days. Aggregated, anonymized data already shared with research partners cannot be retroactively pulled back, but it doesn't identify you in the first place.

08Security

We take reasonable measures to protect your information:

• HTTPS encryption for all traffic between your browser and our servers
• Passwords stored as salted bcrypt hashes — we never see or store your plaintext password
• Session cookies marked HTTP-only and Secure to prevent client-side script access and unencrypted transmission
• SQL injection protection via parameterized queries
• Restricted server access — only authorized personnel can access account data
• Rate limiting on login and registration to slow brute-force attempts

No security system is perfect. We cannot guarantee absolute security of your information. If we detect a breach that affects you, we'll notify you as required by applicable law and explain what happened, what we're doing about it, and what you should do.

If you suspect your account has been compromised, change your password immediately and email us so we can investigate.

09Data retention

We keep your account information for as long as your account is active, plus a reasonable period after closure to handle disputes, fraud investigations, and legal obligations.

• Active accounts: indefinitely, until you delete the account or it becomes inactive
• Closed accounts: we typically retain account records for 6 months after closure to handle chargeback windows, disputes, and abuse investigations, then delete
• Inactive accounts: accounts inactive for 24 consecutive months may be deleted along with all associated data
• Logs and technical records: retained for 90 days for debugging and security purposes
• Records required by law: retained for the period required by applicable law (typically 3-7 years for tax and regulatory records)

10Children and minors

Gold Coins Palace is intended for adults aged 21 and older. We don't knowingly collect personal information from anyone under 21. Our registration form requires a date of birth and rejects anyone under 21.

If you believe a minor has registered an account, email us immediately and we'll delete the account and all associated information.

Parents and guardians: if you discover your child has used our service, contact us and we'll help.

11International users

Gold Coins Palace is operated from the United Kingdom by a UK-based business, but our service is accessed by users globally — including in the United States, EU, and elsewhere.

UK and EU users: Your data is processed in the UK, which the European Commission recognizes as providing an adequate level of data protection, so transfers from the EU to the UK don't require additional safeguards.

US users: By using our service, you understand that your information is transferred to and processed in the UK. The UK has data protection laws (UK GDPR) that are generally stricter than US federal law. Where required, we use appropriate safeguards for international transfers, such as Standard Contractual Clauses with our service providers.

Users elsewhere: By using the site, you consent to your information being transferred to and processed in the UK. The UK may have different (typically more protective) data protection laws than your home country.

If you have specific questions about international data transfers or want to understand how transfers from your country are protected, email us.

12Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll:

• Update the "Last updated" date at the top of this page
• Post a notice on the site for at least 30 days before significant changes take effect
• Email you if changes materially affect how we use your personal information

If you don't agree with a change, you can delete your account before the change takes effect. Continuing to use the site after a change becomes effective means you accept the updated policy.

13Contact us

For any privacy-related questions or to exercise your rights, contact us at:

We aim to respond to all privacy requests within 7 business days, and to formal rights requests (like deletion or access) within one month, as required by UK GDPR.