Privacy Policy

Last updated: April 2026

This Privacy Policy explains how All In Casino (“we”, “us”, “our”) collects, uses, stores and protects personal data when you use allincasinolist.com and related services that link to this notice (together, the “Site”). All In Casino is an editorial listings and reviews website about UK-licensed online gambling operators. We do not operate casino games or accept wagers on this domain, but we still process limited personal data to run the Site, keep it secure, and—where permitted—measure readership and marketing.

We aim to comply with the UK General Data Protection Regulation (UK GDPR) as tailored by the Data Protection Act 2018, and with the Privacy and Electronic Communications Regulations (PECR) where they apply to cookies and similar technologies. If you are reading this from outside the United Kingdom, please note that our processing is primarily designed for a UK audience and UK legal standards.

1. Who is responsible for your information?

For the purposes of data protection law, the data controller is the organisation operating the Site, identified publicly as All In Casino. Operational contact details that relate specifically to privacy requests appear once in this policy: you may email [email protected] if you need to reach us about this Privacy Policy or to exercise the rights described below. Please do not send gambling disputes, bonus complaints, or account recovery issues related to third-party casinos to that address—we cannot access operator accounts.

2. What personal data we collect

The data we collect depends on how you use the Site. In many cases you can browse without actively telling us who you are. Typical categories include:

  • Technical and usage data: IP address (often truncated or aggregated), approximate location derived from IP, browser type and version, device category, operating system, referring URL, pages viewed, timestamps, click patterns, scroll depth where measured, error logs, and security telemetry (e.g. firewall events).
  • Communications data: if you contact us through a form or email, we process the contents of your message, the sender address, and any metadata needed to respond.
  • Optional account or marketing data: if we ever run newsletters, alerts or competitions, we would collect only the fields explicitly requested (for example email address) and would rely on a separate lawful basis and consent wording where required.
  • Aggregated or de-identified data: statistics that cannot reasonably identify you may be used for analytics and product decisions.

3. How and why we use personal data (lawful bases)

Under UK GDPR we must identify a lawful basis for each processing purpose. Depending on context, we rely on one or more of the following:

  • Legitimate interests (Article 6(1)(f)) — to operate, secure, and improve the Site; to understand aggregated readership trends; to defend legal claims; to prevent fraud, misuse, and automated abuse; and to manage commercial relationships that fund editorial work, provided we balance those interests against your rights.
  • Consent (Article 6(1)(a)) — where required for non-essential cookies or electronic direct marketing, we request your consent through our cookie controls or sign-up forms and you may withdraw it at any time without affecting the lawfulness of earlier processing.
  • Contract (Article 6(1)(b)) — if you enter into any explicit agreement with us (for example a supplier, partner, or freelancer contract), we process personal data needed to perform that agreement.
  • Legal obligation (Article 6(1)(c)) — where we must retain information to comply with accounting, tax, regulatory, or court obligations.

4. Cookies, local storage, and similar technologies

We use cookies (small text files placed on your device) and similar technologies (such as pixels, tags, SDKs, and HTML5 local storage where applicable) to:

  • remember preferences (for example cookie choices);
  • maintain security and session integrity;
  • measure traffic, referral sources, and content performance;
  • support affiliate attribution where you leave the Site to visit a third-party operator through our outbound links, in line with industry practice;
  • test design variants occasionally to improve navigation clarity.

Cookies may be first-party (set by us) or third-party (set by analytics, advertising, or tooling partners). Some third-party cookies can involve personal data processing by those partners under their own policies.

Where PECR requires consent for non-essential cookies (including many analytics or advertising technologies), we aim to block or gate them until you opt in through a clear cookie interface. Essential cookies needed to provide the service you explicitly request may be used without consent, but we will still explain them transparently.

You can control cookies through your browser settings (block, delete, or alert). Blocking certain cookies may degrade Site features such as saved preferences or accurate readership measurement.

5. Analytics, measurement, and “tracking”

We use analytics tools to understand which articles and listing pages help readers make informed decisions—and which pages confuse people. These tools may process pseudonymous identifiers rather than your real name. Depending on configuration, analytics may involve:

  • page URLs and titles;
  • events such as outbound clicks toward operator sites;
  • session duration and coarse engagement signals;
  • technical dimensions such as device class and browser language.

Where analytics partners act as independent controllers, their privacy notices apply in addition to ours. Where they process personal data strictly on our behalf as processors, we implement appropriate contracts and instructions.

We do not use covert fingerprinting, and we avoid excessive cross-site tracking beyond what is proportionate for a niche publishing business. If we materially change analytics providers or introduce new tracking layers, we will update this policy and, where required, our consent tools.

6. Affiliate links and outbound journeys

Parts of the Site describe online casinos and may contain affiliate links. When you click an outbound link, the destination operator or its marketing partners may set cookies, read existing tracking identifiers, or receive referrer data to attribute visits. That processing happens on third-party domains under their privacy policies and is outside our control once you leave the Site.

We encourage you to read each operator’s terms, privacy notice, and safer-gambling information before creating an account or depositing funds.

7. Sharing personal data with third parties

We share personal data only where there is a valid reason. Recipients may include:

  • Infrastructure and hosting providers that store or transmit Site data;
  • Security, spam-prevention, and performance vendors helping us block abuse and keep latency acceptable;
  • Analytics and tag-management providers as described above;
  • Professional advisers (lawyers, accountants) where confidential advice requires facts about incidents or contracts;
  • Public authorities when we are legally compelled or believe disclosure is necessary to prevent harm.

We do not sell your personal data in the crude “lists of individuals” sense, and we do not make automated decisions about you that produce legal or similarly significant effects solely by profiling on this Site.

8. International transfers

Our primary audience is UK-based, but hosting or tooling vendors may process data in the European Economic Area, the United Kingdom, or—occasionally—other countries with adequacy decisions or appropriate safeguards (such as UK-approved standard contractual clauses). We assess transfer mechanisms before engaging new processors where transfers outside the UK/EEA are likely.

9. Retention

We keep personal data only as long as needed for the purposes above or as law requires. Indicative periods include:

  • Server and security logs: typically short rolling retention for abuse investigation, unless longer retention is justified by incident response.
  • Correspondence: retained long enough to resolve your enquiry and manage follow-ups, then archived or deleted under our document policy.
  • Legal, tax, or regulatory records: retained for statutory limitation periods.
  • Analytics: aggregated datasets may persist while still useful; raw event retention depends on vendor configuration and minimisation settings.

10. Your rights

Subject to UK GDPR conditions, you may have the following rights:

  • Access — request a copy of personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion where applicable (not always absolute if we must retain records).
  • Restriction — ask us to limit processing in certain situations.
  • Objection — object to processing based on legitimate interests (we will balance your request against ours).
  • Portability — receive structured, machine-readable data you provided where processing is automated and contractual/consent-based.
  • Withdraw consent — where we rely on consent (cookies/marketing), withdraw without retroactive effect.
  • Complaint — lodge a concern with the Information Commissioner’s Office (ICO) at ico.org.uk.

To exercise rights, use the contact route set out in section 1. We may need reasonable evidence of identity before disclosing information.

11. Children

Gambling services are restricted to adults. The Site is not directed at anyone under 18 and we do not knowingly collect children’s personal data. If you believe a minor has submitted information to us, please notify us promptly so we can delete it where appropriate.

12. Security

We implement administrative, technical, and organisational measures appropriate to the risk—such as HTTPS encryption in transit for modern browsers, access controls on production systems, patching discipline with hosting partners, and least-privilege credentials for staff or contractors. No online platform can guarantee absolute security; if we become aware of an incident that affects your information materially, we will assess notification duties under applicable law.

13. Automated decision-making

We do not operate automated credit or eligibility systems on this Site. Analytics may use automated calculations at an aggregate level only and does not decide your legal rights as an individual reader.

14. Changes to this policy

We may update this Privacy Policy when our services, suppliers, or legal requirements evolve. Material changes will be reflected by revising the “Last updated” date above and, where appropriate, by an on-Site notice. Continued use after changes signifies acceptance where law allows; where consent is required (for example for new non-essential cookies), we will collect fresh consent separately.

15. Regulatory transparency

Because we profile gambling operators, we may reference regulatory identifiers, public enforcement actions, or licensing data that is already in the public domain. That information is editorial content and not an invitation to gamble. Always verify facts with the operator and the regulator before taking financial decisions.

Safer gambling resources & support (UK)