What data is collected

• Identity and contact: name, date of birth, address, email, phone.
• Account and verification: username, security credentials, KYC details, copies of a government-issued identity document.
• Payments: method, masked card details, transaction identifiers, UPI or wallet references processed by payment providers.
• Usage and device: IP address, device identifiers, app and browser data, log files, language, time zone, approximate location.
• Support and responsible play: chat or call records, self-exclusion preferences, responsible gaming settings.

Why data is collected

• To create and manage the user account and provide services.
• To verify identity, prevent fraud, and meet anti-money laundering obligations.
• To process deposits, withdrawals, and refunds via authorised payment partners.
• To provide support, resolve disputes, and improve online services.
• To maintain security, monitor system integrity, and comply with legal requirements in India.

Protection measures

• Technical: TLS encryption in transit, encryption at rest for sensitive information, tokenisation for payment data, firewalls, anti-malware, and rate limiting.
• Organisational: need-to-know access, role-based controls, staff training, vendor due diligence, incident response procedures, and regular audits.
• Data lifecycle: collection minimisation, retention schedules, and secure deletion.

User rights

• Access: request a copy of personal information.
• Correction: update inaccurate or incomplete data.
• Deletion: request erasure where permitted by law and contracts.
• Consent choices: withdraw consent for processing that is based on consent, without affecting earlier lawful processing.
• Grievance: raise a complaint through in-account support or the Contact Us page.

Compliance

• Processing is carried out in line with the Digital Personal Data Protection Act, 2023, and reasonable security practices under the Information Technology Act, 2000 and the SPDI Rules, as applicable. International norms such as privacy-by-design and accountability principles guide operations for users and services.

Personal data is used for the following purposes:

• Account servicing: registration, login, preferences, and responsible gaming tools.
• Transactions: deposits, withdrawals, refunds, and chargeback handling through payment providers.
• Service improvement: troubleshooting, performance analytics, and feature development for the websites and apps.
• Marketing: sending updates and personalised content where the user has consented; users can opt out at any time.
• Security and fraud control: verifying identity, detecting misuse, and conducting risk assessments.
• Legal compliance: KYC/AML checks, regulatory reporting, and responding to lawful requests.

Processing is lawful, fair, and transparent, limited to the purposes explained in this document and compatible purposes allowed by law.

How to exercise rights

• Access or update: use the account settings or raise a request through in-account support.
• Correction: submit corrected information or documents; the team may verify authenticity before updating records.
• Deletion: request erasure; certain records may be retained where required for legal, tax, fraud prevention, or dispute purposes.

Procedure

• Submit a request through the account or the Contact Us page.
• Verify identity by responding to security checks.
• Receive a response within a reasonable time, typically within 30 days, subject to legal and operational constraints.

By using Melbet, users consent to identity verification, security checks, and processing of payment information by authorised payment service providers for transactions and compliance checks.

The services are intended for persons aged 18 years and above. Registration by minors is not permitted. The operator cannot confirm a user’s age without appropriate documents during verification. If a parent or guardian believes a minor has provided personal data, they can request deletion through in-account support or the Contact Us page. Upon valid proof and verification, related information will be removed and the account will be closed.

Personal data may be transferred to and processed in countries where service partners, payment processors, verification agencies, or infrastructure providers operate. By using the websites or services, users consent to cross-border transfer, storage, and processing, as permitted by Indian law. Confidentiality and security are ensured through contracts, technical safeguards, and vendor assessments aligned with the Digital Personal Data Protection Act, 2023, and reasonable security practices.

This disclaimer may limit, clarify, or otherwise affect how certain rules in this Privacy Policy apply, to the extent permitted by law. It becomes effective when the user accepts this policy by click-acceptance, signature, or accession during account actions. Nothing in this document limits statutory rights available under Indian law. If any provision is held invalid, the remaining provisions continue to operate to the fullest extent allowed.

Cookies are small text files saved on a device by a browser. They help remember user preferences and improve online services.

How cookies are used

• Statistics and analytics to understand usage and improve performance.
• Behaviour analysis and personalisation for relevant content and settings.
• Security and site improvement to prevent abuse and maintain availability.

Retention and choices

• Standard retention for non-essential cookies is up to 1 year.
• Users can manage or disable cookies through browser or device settings; essential cookies are necessary for core functions and may not be disabled within the service.
• Where consent is required for certain cookies, it can be withdrawn at any time through settings or support.

Use of the services constitutes full acceptance of this Privacy Policy. If there is any inconsistency among versions, the current version published on the websites prevails. Continued access after updates indicates agreement to the revised policy, subject to user rights under applicable law.

Personal information may be shared with third parties in the following situations:

• Legal and regulatory: compliance with law, lawful requests, and regulatory reporting.
• Disputes and enforcement: investigating breaches, fraud prevention, chargebacks, and debt recovery.
• Services under agreements: payment processors, KYC/AML providers, risk and fraud tools, analytics, cloud hosting, communications, and customer support vendors.

Where a list of key processors is published on the websites, that list applies; if not, users will be informed of the purpose and scope before sharing when feasible. Providing data for these purposes constitutes consent, and each third party is required to protect confidentiality and process data only as permitted by law and contract.

The websites may contain links to external sites that are not operated by the operator. Those websites have their own privacy practices and policies. Responsibility for how those sites collect, use, or disclose information rests with their operators. Users should review the privacy statements on any external site before providing personal data.