Vibrobet Privacy Policy: How We Protect Your Data

Vibrobet Privacy Policy

This privacy policy explains what personal information Vibrobet collects, why we collect it, how we use and protect it, and what rights you have over your data under UK GDPR and equivalent international rules.

What information does Vibrobet collect about you?

When you register an account, Vibrobet collects your name, date of birth, email address, phone number, country of residence and the username and password you choose. We also collect the payment details you use for deposits and withdrawals, although card numbers are tokenised by our payment processor and never stored on Vibrobet servers in plain text.

During verification we collect a copy of a government issued ID, a proof of address document and where required by the regulator a proof of source of funds. These documents are encrypted at rest and accessible only to the verification team. They are deleted once the regulator's retention requirement expires.

When you use the site, we also collect technical data such as your IP address, browser type, device type, the pages you visit and the time you spend on each. The cookie based portion of this collection is described in full on the Vibrobet Cookie Policy.

Why does Vibrobet use my data?

We use your data to operate the account, verify your identity, process deposits and withdrawals, calculate bonuses and cashback, run the loyalty programme and keep the platform secure. Anti money laundering, anti fraud and responsible gambling monitoring all rely on a basic baseline of personal data.

Marketing data is used only where you have opted in. That includes email, SMS, push and on site notifications about new games, tournaments and promotional offers. You can opt out of any marketing channel at any time from the account settings, and the opt out applies immediately across our systems.

Analytics data is used in aggregated form to improve the product. We track which slots load fastest, which payment methods drop off most often at checkout and which pages perform best on mobile. Aggregated analytics is not tied to individual identifiable players.

Who does Vibrobet share my data with?

We share your data with vetted third parties only where it is necessary to operate the platform. Payment processors handle your deposits and withdrawals, identity verification providers process your KYC documents, game studios receive a hashed player identifier so they can settle your bets, and cloud infrastructure providers host the platform itself.

We share data with regulators where the regulator requires it. That includes the offshore licensing authority and, where legally required, anti money laundering authorities in the jurisdictions we operate in. The contractual basis for these arrangements sits within the broader Vibrobet Terms and Conditions.

If you opt in to marketing, the marketing service providers we work with receive only the email address and the marketing preferences they need to send the relevant campaigns. They are bound by data processing agreements that align with UK GDPR.

What are your rights over your data?

Under UK GDPR and equivalent rules you have the right to access the data we hold on you, the right to correct inaccurate data, the right to erasure where there is no overriding legal requirement to keep it, the right to restrict processing, the right to data portability and the right to object to processing.

To exercise any of these rights, contact privacy@vibrobet.online and we will respond within 30 days. If you need help framing the request, the team at Vibrobet Get Help can talk you through it.

If you are unhappy with how we have handled your data, you have the right to complain to the regulator in your jurisdiction. UK residents can contact the Information Commissioner's Office at ico.org.uk.

How long does Vibrobet keep my data?

Account and transaction data is retained for the period required by the offshore regulator and by anti money laundering rules, which is typically five years from the closure of the account. Verification documents are kept for the same period and then securely deleted on a scheduled job that runs monthly.

Marketing data is retained only as long as you have an active opt in. If you opt out, the marketing record is suppressed within twenty four hours and deleted within thirty days unless we are required to retain a suppression record for compliance purposes.

Technical logs such as server access logs and security event logs are kept for ninety days for operational purposes, with a subset retained longer where they are needed for an open security investigation. Aggregated analytics is retained indefinitely because it is no longer tied to individual players.

How does Vibrobet keep my data secure?

All connections to Vibrobet use TLS encryption with modern cipher suites and HSTS enforced. Personal data is encrypted at rest in the production database using industry standard AES encryption, and verification documents sit in a separate encrypted store with its own access controls.

Access to personal data inside Vibrobet is restricted by role. Verification, support, payments and engineering each have the access they need to do their job and no more. Every access event is logged and the logs are reviewed on a rolling schedule by the security team.

Penetration testing is carried out by an independent firm at least annually and after any significant infrastructure change. Findings are tracked to remediation and reported to the regulator in the licence renewal cycle. Bug bounty submissions are welcomed at security@vibrobet.online.

How long does Vibrobet retain my personal data?

Account, transaction and verification data is retained for the period required by anti money laundering rules and by the offshore regulator, typically five years from account closure. Marketing data is suppressed immediately on opt out and deleted within thirty days unless a compliance suppression record needs to be kept.

Support correspondence is retained for two years from the last interaction so that any follow up can be handled with full context. Game round histories are retained for the period the licence requires for audit, which is generally two years for the round detail and the financial summary for the full retention period above.

You can request a data export or erasure at privacy@vibrobet.online at any time. The team responds within thirty days in line with UK GDPR, and erasure is honoured for everything that sits outside the mandatory retention rules. Subject access requests are free of charge for the first request in any twelve month period.