1. Scope & phase

FortuneX is currently a play-money social casino. There is no real-money wagering, no account creation, no payment processing, and no server-side identity. Your wallet, history, seeds, and stats live in your browser's localStorage on your device.

A future crypto-money tier will launch under a Curaçao or Anjouan license. When that goes live, additional data collection is mandatory under the licence. We will update this policy and email/notify users before the change.

2. Play-money tier (today)

2.1 What stays on your device

• Your username, FX-Coin balance, and game history
• Your client seed, current server seed (and its hash), and current nonce
• Lifetime stats: wagered, won, biggest multiplier, biggest win, win streak
• Settings: sound, animations, hide-balance, tutorials-seen, responsible-play limits
• Achievements unlocked, login-streak progress, daily-faucet claim timestamp

2.2 What we collect server-side

In the play-money phase, our static-page CDN logs (operated by Cloudflare) record standard web access metadata: IP address, user agent, requested path, timestamp. These are used only for security and abuse prevention and are not joined to your in-browser identity. Cloudflare's privacy policy applies to those records.

3. Crypto tier (at license launch)

When the crypto tier opens, sign-up will require:

• An email address (sign-in + transactional notices)
• A wallet address per supported network (BTC, ETH, USDT to start)
• KYC documents (government ID, proof of address, selfie) verified through our compliance vendor (Sumsub or Veriff)
• Chain-analysis screening of incoming deposits (Chainalysis)
• Geo-confirmation (IP + selected jurisdiction) so we can block restricted regions

All of the above is required by the licensing authority and is not optional for real-money play. KYC verification is performed by our vendor; FortuneX receives a verification result, not the underlying documents.

4. What we collect

Across both tiers, where applicable: identifiers (email, account ID, wallet address), KYC data (only at the crypto tier), bet and transaction history, device and network metadata, IP-derived approximate location, and any messages you send through in-app chat. We do not collect sensitive categories such as health data, biometric data outside KYC, or political/religious affiliation.

5. How we use your data

• Operate the casino: run bets, settle outcomes, credit winnings, deliver the daily faucet
• Meet legal/regulatory obligations (AML/KYC, sanctions screening, responsible-gambling reporting)
• Prevent fraud, abuse, and bot activity
• Improve the product: aggregate, anonymized usage analytics (no profiling against individual users)
• Communicate with you about your account (transactional emails only; we do not run promotional campaigns at this phase)

6. Sharing

We share data only with:

• Service providers we contract: Cloudflare (CDN), Sumsub/Veriff (KYC, crypto tier only), Chainalysis (AML, crypto tier only), our regulator (under licence reporting requirements)
• Law enforcement or courts, when required by valid legal process

We do not sell your personal data, ever. We do not share data with advertisers.

7. Retention

Play-money data lives only on your device and is deleted when you clear browser storage. When the crypto tier launches, KYC and transaction records will be retained for the minimum required by the licensing regime (typically 5–10 years, depending on jurisdiction).

8. Your rights

Under GDPR (EU/UK), CCPA (California), and similar regimes you may have rights to: access your data, correct inaccurate data, delete it (subject to legal retention obligations), restrict or object to certain processing, and port your data to another service. To exercise any right, email privacy@fortunex.casino.

9. Security

All connections to FortuneX use TLS. Static assets are served with strict security headers (HSTS, X-Frame-Options DENY, Content-Security-Policy, Referrer-Policy strict-origin-when-cross-origin). Crypto custody (when live) will split funds between hot and cold wallets; the cold wallet is multi-sig and not connected to operational servers. No security model is unbreakable — please report vulnerabilities at security@fortunex.casino.

10. Cookies

FortuneX does not use third-party tracking cookies. We use localStorage for the play-money wallet and settings. At the crypto tier we'll use a first-party session cookie for sign-in. See the Cookie Notice for details.

11. Changes & contact

Material changes will be announced at least 14 days before they take effect, via the landing page and (if your tier requires it) by email. Questions: privacy@fortunex.casino.