Privacy Policy

1. Data We Collect

Lotus365 collects personal data in three categories when you register and use the Platform:

Registration Data: Full name, date of birth, mobile number, email address, and residential address. This information is required to create and verify your account, confirm legal eligibility (18+), and enable KYC compliance.

Financial Data: UPI IDs, bank account details (for withdrawals), transaction history, deposit and withdrawal amounts. Financial data is collected to process payments securely, prevent fraud, and comply with anti-money laundering (AML) regulations. Your full payment card or bank credentials are never stored on Lotus365 servers — they are processed by our PCI-DSS compliant payment gateways.

Usage Data: IP address, device type, browser information, betting history, game play logs, session duration, and pages visited. Usage data helps us improve the Platform, detect fraud and unusual patterns, personalise your experience, and comply with our gaming licence obligations.

2. How We Use Your Data

Your personal data is used exclusively for the following purposes:

• Account Management: Creating, managing and securing your Lotus365 account
• Payment Processing: Facilitating deposits and withdrawals via your chosen payment method
• Identity Verification (KYC): Confirming your identity and age as required by our gaming licence
• Fraud Prevention & Security: Detecting and preventing fraudulent activity, multiple accounts, and financial crime
• Service Improvement: Analysing usage patterns to improve the Platform and personalise your experience
• Communications: Sending account-related notifications, promotional offers (with consent), and responsible gambling messages
• Legal Compliance: Meeting obligations under our Curacao gaming licence and applicable anti-money laundering regulations

We do not use your data for any automated decision-making that produces significant legal effects without human oversight.

3. Data Sharing

Lotus365 does not sell, rent, or trade your personal data to any third party. Data may be shared in limited circumstances:

• Payment Processors: UPI providers, banking partners — only transaction data necessary to complete payments
• Identity Verification: KYC service providers for age and identity verification
• Legal Requirements: Where required by a valid court order, law enforcement request, or regulatory authority
• Fraud Prevention: Industry-shared fraud databases to prevent known bad actors from accessing the Platform

All third-party service providers are bound by data processing agreements that restrict their use of your data to the specific purposes for which it was shared.

4. Data Security

Lotus365 implements industry-leading security measures to protect your personal data:

• 256-bit SSL Encryption: All data transmitted between your device and Lotus365 is encrypted using TLS 1.3 — the same standard used by leading banks
• Secure Servers: Data stored on firewalled servers with restricted access protocols and regular security audits
• Two-Factor Authentication: OTP verification available for all account access and high-value transactions
• PCI-DSS Compliance: Payment card data processed exclusively through compliant payment gateways — never stored on Lotus365 servers
• Regular Security Audits: Third-party penetration testing and vulnerability assessments conducted regularly

In the event of a data breach that is likely to result in high risk to your rights, Lotus365 will notify affected users within 72 hours of becoming aware of the breach.

5. Cookies

Lotus365 uses cookies and similar tracking technologies to improve your experience. Cookies we use include: essential session cookies (required for login and security), functional cookies (remembering preferences), analytics cookies (understanding usage patterns), and marketing cookies (with your consent only).

You can control cookie settings through your browser. Disabling essential cookies will affect your ability to use the Platform. You may withdraw consent for non-essential cookies at any time through your account settings or browser controls.

6. Data Retention

We retain your personal data for as long as your account is active and as required by law. Specifically: account data is retained for a minimum of 5 years after account closure (AML compliance requirement); transaction data is retained for 7 years (tax and financial regulatory requirement); marketing data is retained until you withdraw consent or close your account. After the applicable retention period, your data is securely deleted or anonymised.

7. Your Rights

Under applicable data protection law, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data where it is no longer necessary or you withdraw consent (subject to legal retention requirements)
• Right to Restriction: Request that we limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for direct marketing purposes

To exercise any of these rights, contact our Data Protection team via WhatsApp support or email. We will respond within 30 days.

8. Contact Us — Data Protection

For privacy-related enquiries, data requests, or to report a concern, contact the Lotus365 Data Protection team via: WhatsApp support available 24/7 from in.lotus365com.com, or visit our Contact page. We are committed to resolving data concerns within 30 days of receipt.