Last Updated: January 2025

We get it. You're sharing sensitive business information with us - financial projections, ownership structures, compliance histories. This policy explains exactly what we do with that data. No legal jargon gymnastics.

What Information We Collect

When you reach out for licensing consultation, we collect:

  • Contact details: Name, email, phone number, company name
  • Business information: Jurisdiction interests, current licensing status, operational timeline
  • Technical data: IP address, browser type, pages visited (standard analytics stuff)
  • Application materials: Documents you submit during our engagement - financial statements, corporate registry files, compliance records

We don't collect payment card details directly. All transactions go through encrypted third-party processors who handle that data under their own PCI-compliant systems.

How We Use Your Information

Your data serves three purposes:

  1. Delivering our service: Preparing applications, communicating with regulatory bodies, managing your licensing timeline
  2. Improving our process: Understanding which jurisdictions clients target most, common application pain points, success rate patterns
  3. Legal compliance: Some regulators require us to maintain client records for audit trails. We keep only what's mandated.

We never sell your information to lead brokers, marketing databases, or competitors. Period.

Who Sees Your Data

Three categories of access:

  • Our team: Licensed consultants working directly on your application
  • Regulatory authorities: Gaming commissions and licensing bodies receiving your application materials
  • Service providers: Cloud hosting (AWS), email infrastructure (secure servers), document management systems - all under strict confidentiality agreements

If you're applying for a Malta or Isle of Man license, those jurisdictions have specific data protection requirements. We'll walk you through their rules separately.

How Long We Keep Your Information

Active client files: Duration of engagement plus 7 years (standard for financial services compliance).

Prospects who didn't move forward: Contact details for 2 years, then deleted unless you opt into our newsletter.

Website analytics: Aggregated and anonymized after 26 months.

Your Rights

You can request access to your data, corrections to inaccuracies, or deletion (where legally permissible). Email us at [email protected] with "Data Request" in the subject line.

Response time: 72 hours for acknowledgment, 14 business days for full resolution.

Security Measures

We use AES-256 encryption for stored files, TLS 1.3 for data transmission, and role-based access controls. Our infrastructure gets audited quarterly by independent security firms.

That said - no system is 100% breach-proof. If something happens, you'll know within 48 hours.

Changes to This Policy

When regulations shift (looking at you, GDPR amendments), we update this page and notify active clients via email. Material changes get flagged in bold at the top.

Questions? Our compliance team responds faster than most regulators. Hit us at [email protected].