Legal

Privacy Policy

Last updated: March 15, 2026 — Effective immediately

Table of Contents

  1. Introduction
  2. Definitions
  3. Information We Collect
  4. How We Use Your Information
  5. Legal Basis for Processing
  6. Data Sharing & Disclosure
  7. Data Retention
  8. Data Security
  9. International Data Transfers
  10. Your Rights
  11. Cookies & Tracking Technologies
  12. Third-Party Services
  13. Children's Privacy
  14. Changes to This Policy
  15. Contact Us

1. Introduction

Ular28 ("we," "our," or "us") operates a business-to-business (B2B) Software-as-a-Service (SaaS) platform that provides white-label iGaming solutions to licensed operators ("Partners"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website ular28.games, interact with our services, or engage with us as a Partner or prospective Partner.

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of our services immediately.

2. Definitions

  • "Platform" refers to the Ular28 SaaS infrastructure, including all software, APIs, dashboards, and managed services we provide.
  • "Partner" refers to a business entity that has entered into a service agreement with Ular28 to operate a white-label iGaming brand.
  • "End User" or "Player" refers to individuals who use a Partner's branded website powered by the Ular28 Platform.
  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data, whether by automated means or not.

3. Information We Collect

3.1 Information from Partners

When you apply to become a Partner or use our Platform, we may collect:

  • Business Information: Company name, registration number, business address, tax identification number, licensing documentation.
  • Contact Information: Full name, email address, phone number, Telegram handle, job title of authorized representatives.
  • Financial Information: Bank account details for settlement, payment transaction records, revenue share calculations.
  • Technical Information: Domain names, server IP addresses, API credentials, SSH public keys, deployment configurations.
  • Usage Data: Dashboard access logs, API call records, feature usage patterns, support ticket history.

3.2 Information from Website Visitors

When you browse our marketing website, we automatically collect:

  • Device Information: Browser type and version, operating system, device type, screen resolution.
  • Connection Information: IP address, internet service provider, approximate geographic location (country/city level).
  • Browsing Data: Pages visited, time spent on pages, referral source, click patterns.

3.3 Information About End Users (Data Processor Role)

As a data processor on behalf of our Partners, the Platform processes End User data including:

  • Account credentials (username, hashed passwords)
  • Player wallet balances and transaction history
  • Game session data and betting records
  • IP addresses and device fingerprints for fraud prevention
  • Communication records (live chat, support tickets)

For End User data, the Partner acts as the Data Controller and is responsible for obtaining appropriate consent from their players. Ular28 processes this data solely on the Partner's behalf and in accordance with the Data Processing Agreement (DPA) included in the Partner service agreement.

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 Service Delivery

  • Provisioning and maintaining Partner infrastructure (servers, databases, domains)
  • Processing financial settlements and revenue share calculations
  • Providing technical support and incident resolution
  • Monitoring platform health, performance, and security

4.2 Business Operations

  • Evaluating partnership applications and conducting due diligence
  • Communicating service updates, maintenance windows, and security advisories
  • Generating aggregate analytics to improve platform features
  • Fulfilling legal and regulatory obligations

4.3 Security & Fraud Prevention

  • Detecting and preventing unauthorized access, abuse, and fraud
  • Maintaining audit trails for compliance purposes
  • Enforcing rate limits and blocking malicious traffic
  • Investigating security incidents and data breaches

4.4 Marketing (with consent)

  • Sending product updates, new feature announcements, and industry insights
  • Personalizing website content based on visitor interests

You may opt out of marketing communications at any time by contacting us or using the unsubscribe link in any email.

6. Data Sharing & Disclosure

We do not sell Personal Data. We may share information with:

6.1 Service Providers

  • Cloud Infrastructure: Linode (Akamai) for server hosting; data stored in Singapore (ap-southeast) and other regions as needed.
  • DNS & CDN: Cloudflare for DNS management, DDoS protection, and content delivery.
  • Payment Processors: Third-party payment gateways as configured by each Partner for player deposit/withdrawal processing.
  • Game Providers: Licensed game content providers (e.g., GamingSoft/GSC+) for game session management and settlement.
  • Communication Tools: Email service providers for transactional and marketing communications.

6.2 Legal Requirements

We may disclose information when required by law, court order, subpoena, or governmental regulation, or when we believe disclosure is necessary to:

  • Comply with applicable laws or regulations
  • Protect the rights, property, or safety of Ular28, our Partners, or others
  • Prevent or investigate possible wrongdoing
  • Enforce our Terms of Service

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, Personal Data may be transferred to the acquiring entity. We will notify affected parties before their data becomes subject to a different privacy policy.

7. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes outlined in this policy:

Data Category Retention Period
Partner account data Duration of partnership + 5 years
Financial/transaction records 7 years (legal/tax requirement)
Server access logs 90 days
Application data (rejected) 12 months
Website analytics 26 months
Marketing consent records Duration of consent + 3 years
End User data (on behalf of Partner) As instructed by Partner / per DPA

Upon request or contract termination, Partner data and associated End User data will be securely deleted within 30 days, unless retention is required by law.

8. Data Security

We implement industry-standard technical and organizational measures to protect Personal Data:

  • Encryption: All data transmitted between clients and servers uses TLS 1.2+ encryption. Sensitive data at rest (passwords, API keys) is encrypted using AES-256 or bcrypt hashing.
  • Access Control: Role-based access control (RBAC) with principle of least privilege. Multi-factor authentication (MFA) for administrative access.
  • Infrastructure Security: Firewalled server instances with restrictive rules. Internal services are not exposed to the public internet. SSH key-only authentication.
  • Network Protection: Custom reverse proxy (Pingora) with rate limiting, GeoIP filtering, bot detection, and automatic IP blocking.
  • Data Isolation: Each Partner operates on a dedicated server with an isolated database namespace. No data co-mingling between Partners.
  • Monitoring: 24/7 automated health checks, anomaly detection, and real-time alerting for security events.
  • Backups: Automated daily database backups with point-in-time recovery. Backup retention for 30 days.
  • Incident Response: Documented incident response procedures. Partners are notified within 72 hours of any confirmed data breach affecting their data.

9. International Data Transfers

Your data may be processed in jurisdictions outside your country of residence. Our infrastructure is primarily hosted in:

  • Singapore (ap-southeast) — Primary application servers
  • France — Specialized processing services
  • United States — Cloudflare CDN edge network (DNS resolution only)

Where transfers occur to jurisdictions without adequate data protection frameworks, we rely on Standard Contractual Clauses (SCCs) or other legally approved transfer mechanisms to ensure your data remains protected.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

  • Right of Access: Request a copy of the Personal Data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your Personal Data (subject to legal retention requirements).
  • Right to Restriction: Request that we limit processing of your data in certain circumstances.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@ular28.games. We will respond within 30 days of receiving your request.

For End Users: If you are a player on a Partner's branded website and wish to exercise your data rights, please contact the Partner directly. The Partner is the Data Controller for your information. If the Partner is unable to assist, you may contact us and we will facilitate your request.

11. Cookies & Tracking Technologies

11.1 Cookies We Use

Cookie Type Purpose Duration
access_jwt Essential Authentication token for logged-in sessions 15 minutes
refresh_jwt Essential Token renewal without re-authentication 30 days
cspn Essential Content Security Policy nonce for XSS protection Session
chat_gid Functional Guest identification for live chat sessions 30 days

11.2 Third-Party Cookies

Our marketing website does not use third-party advertising or analytics cookies. We do not participate in cross-site tracking or ad networks.

11.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent the Platform from functioning correctly.

12. Third-Party Services

Our Platform integrates with the following categories of third-party services:

  • Game Content Providers: Licensed providers who supply game content via API integration. Player game session data is shared as required for gameplay.
  • Payment Gateways: Third-party processors that handle financial transactions. Each gateway has its own privacy policy governing payment data.
  • Infrastructure Providers: Cloud hosting (Linode/Akamai), DNS management (Cloudflare), and SSL certificate authorities (Let's Encrypt, ZeroSSL).

We recommend reviewing the privacy policies of these third-party services. We are not responsible for their data practices.

13. Children's Privacy

Our services are strictly intended for businesses (B2B) and are not directed at individuals under the age of 18. We do not knowingly collect Personal Data from minors. Partners are required by our Terms of Service to implement age verification measures and prevent minors from accessing their branded platforms.

If we become aware that we have inadvertently collected Personal Data from a minor, we will take immediate steps to delete such information.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last updated" date at the top of this page.
  • Active Partners will be notified via email at least 14 days before material changes take effect.
  • Continued use of our services after the effective date constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Ular28 — Data Protection

Email: privacy@ular28.games

General inquiries: partners@ular28.com

We aim to respond to all privacy-related inquiries within 30 calendar days.