burger icon
Vegastars Australia
Log In

Privacy Policy

Effective date: 1 January 2026

This Privacy Policy explains how the online gambling platform operated at vegastarsbet-au.com and related mirror domains that display or link to this Privacy Policy (together, the "Website" and referred to as "Vegastars", "Vegastars", "we", "us") collects, uses, discloses and protects your personal data.

It applies to all visitors to the Website, players who register an account, users who contact our customer support (including via live chat or email), and any other individual whose personal data we process in connection with the Website and our gambling services. By using the Website, you acknowledge that you have read and understood this Privacy Policy.

Who We Are

Vegastars operates an offshore online gambling platform targeting, among others, players located in Australia. The Website is currently accessible via https://vegastarsbet-au.com and may, from time to time, also be accessible via alternative or "mirror" domains due to ISP-level blocking or similar measures (including actions by the Australian Communications and Media Authority (ACMA)). When a mirror domain links to or displays this Privacy Policy, this Policy applies to that domain.

As at the "Last updated" date stated below, the operator of Vegastars has not publicly disclosed a verified full legal company name, registered office address, company registration number, or tax identification number. References in this Privacy Policy to the "operator", "we", "us" or "our" therefore mean the entity or entities that own and/or operate the Website and provide services through it.

For the purposes of data protection laws such as the EU/UK General Data Protection Regulation ("GDPR") and the Mexican Federal Law on Protection of Personal Data Held by Private Parties ("LFPDPPP"), the operator of the Website acts as the data controller for personal data processed in connection with the Website.

Data protection contact point. Because no dedicated email address or telephone number is disclosed in the information available to us, you may contact our privacy / data protection contact point as follows:

  • Live chat: via the 24/7 live chat tool available on the Website (initially handled by a chatbot, with escalation to human agents).
  • Support channels: via any support email or contact form listed in the "Contact Us" or equivalent section of the Website. Where the Website publishes a specific privacy or "data protection" contact email, that address shall be treated as the Data Protection Officer ("DPO") or privacy contact for this Policy.

For gambling-related harm support (not privacy complaints), Australian users can contact Gambling Help Online at https://gamblinghelponline.org.au or 1800 858 858. This service is independent from Vegastars.

What Personal Data We Collect

Identification and contact data

  • Registration data: full name, username, password, email address, country of residence, date of birth, gender (if requested), phone number and preferred currency (e.g., AUD).
  • Verification (KYC) data: copies or details of identification documents (such as passport, national ID or driver licence), proof of address (utility bills, bank statements), selfies or live video checks, and any other KYC/AML information required to confirm your identity and age (18+), and your eligibility to use our services.

Technical and device data

  • Technical identifiers: IP address, device identifiers, operating system, browser type and version, language settings, connection type, approximate location derived from IP, and device characteristics.
  • Usage and log data: login and logout timestamps, pages visited, navigation paths, in-session actions (such as clicks, scrolling, and errors), session duration, and referral URLs (including affiliate links or Telegram promotions where applicable).

Payment and financial data

  • Payment method details: information about the methods you use to deposit and withdraw, such as PayID/Osko identifiers, credit/debit card details (cardholder name, truncated card number, expiry date), Neosurf voucher codes, and cryptocurrency wallet addresses and transaction hashes (for BTC, USDT-TRC20, LTC, or other supported assets).
  • Transaction history: records of deposits, withdrawals, bonus credits, chargebacks, failed payment attempts, payment limits and related communications with payment providers.

Gaming and behavioural data

  • Gaming activity: game selections (e.g., slot titles such as Book of Dead and others), bet sizes, wagers, wins and losses, session durations, features used, bonus participation, jackpots, and tournaments.
  • Behavioural and profile data: play patterns, risk indicators (e.g., very frequent deposits, chasing losses), self-exclusion flags, responsible gambling limits, and communication preferences.

Communications and support data

  • Support interactions: transcripts and recordings of live chat sessions (including initial chatbot conversations and escalated human support), email correspondence, complaint submissions, and feedback forms.
  • Marketing interactions: records of whether you open, read, or click on our marketing emails or push notifications (where used).

Cookies and similar technologies

  • Cookies: small files stored on your device that can be "session" (deleted when you close your browser) or "persistent" (stored for a defined period) and may be set by us or third parties (e.g., analytics, advertising partners).
  • Similar technologies: web beacons, pixels, SDKs, tracking URLs and local storage used to measure traffic, prevent fraud, and help us understand how users interact with the Website.

We do not intentionally collect data from persons under 18 and will delete such data when we become aware of it.

Legal Basis for Processing

Our processing of personal data is grounded in a combination of contractual necessity, legal obligations, legitimate interests and, where required, your consent. Depending on your location, different legal frameworks may apply (for example, the GDPR for EEA/UK users or the LFPDPPP for users in Mexico). In general, we process data on the following bases:

  • Performance of a contract: We process your data where it is necessary to:
    • create and manage your player account;
    • process deposits and withdrawals via PayID/Osko, cards, Neosurf, cryptocurrencies or other methods;
    • provide access to games and features;
    • administer bonuses, loyalty rewards and promotions you participate in; and
    • provide customer support and handle your requests and complaints.
  • Compliance with legal obligations: We process data as required to comply with:
    • anti-money laundering and counter-terrorism financing (AML/CTF) rules and "know your customer" (KYC) requirements;
    • record-keeping and reporting duties under applicable tax, financial, gambling and consumer protection laws in relevant jurisdictions (e.g., Curaçao, the EU, Cyprus and others, as applicable); and
    • orders or requests from courts, regulators, or law enforcement.
  • Legitimate interests: We rely on our legitimate interests, balanced against your rights and freedoms, to:
    • maintain, secure and improve the Website and our services;
    • prevent, detect and investigate fraud, payment abuse, bonus misuse, chargebacks and other unlawful activities;
    • manage business operations, including analytics, risk management, and internal reporting (e.g., monitoring Australian market performance and grey-market risks);
    • enforce our Terms & Conditions and protect our rights, property, staff and users.
  • Consent: Where required by law, we obtain your consent before:
    • sending direct marketing communications by email, SMS or push notification;
    • using non-essential cookies (such as advertising cookies and certain analytics cookies); and
    • processing certain sensitive personal data, where applicable.
    You may withdraw your consent at any time using the methods described in this Policy, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Protection of vital interests and legal claims: In rare cases, we may process data to protect your vital interests or those of others, or to establish, exercise or defend legal claims.

Purpose of Processing

We use your personal data for specific, explicit and legitimate purposes, and we do not process it in ways that are incompatible with those purposes.

  • Provision of gambling services: To:
    • register and manage your account and profile;
    • authenticate you on login and secure your account;
    • process deposits, wagers, wins, withdrawals and bonuses;
    • operate games, tournaments and promotions; and
    • provide user support via live chat and other channels.
  • Regulatory and legal compliance: To:
    • conduct KYC checks, age verification (18+ for Australian players) and ongoing monitoring;
    • comply with AML/CTF, sanctions, fraud prevention and risk assessment requirements;
    • enforce geographical restrictions (e.g., preventing access from the USA, UK, France, Netherlands and other restricted countries); and
    • respond to lawful requests from regulators and law enforcement (such as ACMA and other authorities).
  • Service improvement and analytics: To:
    • analyse aggregated usage and gaming behaviour to improve site performance, game selection and user experience;
    • test new features and optimize the Website (including for Australian players and other grey-market regions); and
    • compile statistics for internal reporting, forecasting and regulatory outlook assessment (e.g., impact of Curaçao reforms).
  • Marketing and personalisation: Subject to your consent where required, to:
    • send promotional offers, newsletters and bonus information;
    • personalise content, promotions and recommendations based on your profile and behaviour; and
    • measure the effectiveness of marketing campaigns, including affiliate promotions.
  • Fraud prevention, security and dispute handling: To:
    • monitor transactions and gameplay for signs of fraud, collusion, abuse or money laundering;
    • protect the integrity and security of our systems, users and games;
    • investigate and resolve disputes, chargebacks, complaints and regulatory inquiries; and
    • enforce our Terms & Conditions and other applicable rules.

Disclosure & Sharing

We do not sell your personal data. We may share your data with carefully selected third parties where necessary for the purposes described above, subject to appropriate safeguards.

  • Group entities and operational partners: Other companies that are under common ownership or control with the Website operator (including entities possibly registered in Curaçao, Cyprus or other offshore jurisdictions) that support the provision of our services, internal administration and compliance.
  • Payment service providers and financial institutions: Banks, PayID/Osko facilitators, card schemes (e.g., Visa, Mastercard), Neosurf, cryptocurrency payment processors, and other payment intermediaries that:
    • process deposits and withdrawals;
    • perform fraud, AML and sanctions screening; and
    • handle chargebacks or disputes.
    We share only the data necessary to perform these functions (e.g., transaction identifiers, payment account details, name and contact data where required).
  • Technology and service providers: Hosting providers, data centre operators, content delivery networks, analytics providers, customer support tools (including live chat providers), email delivery services and security/monitoring providers that process data under our instructions as data processors.
  • Regulators, authorities and dispute bodies: Where required or permitted by law, we may share data with:
    • regulatory and law-enforcement authorities in relevant jurisdictions, such as the Curaçao Gaming Control Board (for gambling-related issues) or other competent bodies;
    • the Australian Communications and Media Authority (ACMA) and similar regulators, where we are required to respond to inquiries or blocking orders; and
    • data protection authorities (e.g., the Office of the Australian Information Commissioner (OAIC), EU supervisory authorities or Mexico's INAI) in connection with privacy complaints.
  • Professional advisers: Lawyers, auditors, consultants and other professional advisers, where necessary to protect our legal rights, obtain advice or comply with obligations.
  • Affiliates and advertising networks: With your consent where required, we may share limited data (such as anonymous IDs or cookie-based identifiers) with marketing partners and affiliate networks to track referrals, measure campaign effectiveness and prevent bonus abuse.
  • Business transfers: In the event of a merger, acquisition, reorganisation, sale of assets or insolvency, your data may be transferred to a new operator or owner, subject to applicable laws and continued protection consistent with this Policy.

Whenever we share your data with third parties acting as our processors, we require them to use the data only in accordance with our instructions and this Privacy Policy, and to implement appropriate security measures.

International Transfers

Vegastars is an offshore operator and your data may be processed and stored in countries outside your country of residence, including outside Australia, the European Economic Area (EEA) and Mexico. These locations may include, for example, Curaçao, Cyprus, other EU/EEA countries, and countries where our hosting, payment or support providers operate (which may include the United States or other jurisdictions).

  • Transfers within our group and to processors: We may transfer personal data between group entities and to third-party service providers located in various jurisdictions. These entities process your data to provide hosting, payment processing, support, analytics, security and other services.
  • Safeguards for international transfers (GDPR/EEA/UK users): Where we transfer personal data from the EEA or UK to countries that do not provide an "adequate" level of protection according to the European Commission or UK authorities, we implement appropriate safeguards, such as:
    • standard contractual clauses (SCCs) approved by the European Commission or UK authorities, as applicable;
    • contractual obligations requiring recipients to protect data to standards substantially similar to those required in the EEA/UK; and
    • technical and organisational measures (e.g., encryption, access controls) to mitigate risks.
  • Transfers for Mexican users (LFPDPPP): For users in Mexico, cross-border transfers of personal data will be handled in accordance with the LFPDPPP and its Regulations, including informing you about the transfer and, where necessary, obtaining your consent and ensuring that recipients assume comparable obligations.

By using the Website, you understand that your data may be transferred to and processed in countries with different privacy laws; however, we will take reasonable steps to ensure that your data remains protected in line with this Policy and applicable law.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, to comply with legal and regulatory requirements, and to resolve disputes. Retention periods may vary based on the type of data, the jurisdiction and specific legal obligations (including AML/CTF rules and gambling regulations).

  • Account and identification data: Core account information (name, contact details, KYC documentation, transaction history) is typically retained for up to 5 - 7 years after your account is closed or becomes inactive, to comply with AML/CTF and record-keeping obligations and to defend legal claims.
  • Gaming and behavioural data: Gameplay records and logs may be retained for the same period as account data, or longer where required by applicable gambling regulations or to resolve disputes.
  • Payment and financial data: Transaction records are stored for the periods required by financial and tax laws (generally 5 - 7 years), including records of chargebacks and fraud investigations.
  • Marketing data: Data used for direct marketing is retained until you opt out or withdraw consent, or until we determine it is no longer necessary. We may keep a limited record of your opt-out request to ensure we respect your choice.
  • Support and complaint records: Customer support logs, chat transcripts and complaint files are generally kept for 3 - 5 years, or longer if needed to resolve ongoing disputes or regulatory matters.
  • Cookies and similar technologies: Cookie lifetimes vary. Session cookies are deleted when you close your browser. Persistent cookies are typically retained for periods ranging from a few days up to 24 months, depending on their purpose and your preferences.

When personal data is no longer necessary for the purposes for which it was collected and we are not legally required to keep it, we will delete, anonymise or securely de-identify it. Where deletion is not immediately possible (for example, because data is stored in backup archives), we will securely store it and isolate it from further processing until deletion is feasible.

Your Rights

Your privacy rights depend on your location and the laws that apply to our processing of your personal data. Regardless of location, we aim to handle requests within 30 days and generally free of charge, subject to lawful limitations (for example, if a request is manifestly unfounded or excessive).

General rights (all users)

  • Access: You can request information about whether we process your personal data and obtain a copy of such data, subject to applicable legal restrictions (e.g., protection of others' privacy, our trade secrets or security considerations).
  • Rectification: You can request that we correct inaccurate or incomplete personal data. In many cases you can update certain details directly through your account settings.
  • Deletion: You can request deletion of your personal data, particularly where it is no longer necessary for the purposes for which it was collected or where you withdraw consent (where consent was the basis). We may retain data where required by law (e.g., AML/CTF rules) or to establish, exercise or defend legal claims.
  • Restriction: You can request that we restrict processing of your data (for example, while we verify its accuracy, or where you contest our legitimate interests).
  • Objection: You can object to certain types of processing, including profiling based on our legitimate interests. We will honour such objections unless we have compelling legitimate grounds overriding your interests or the processing is necessary for legal claims.
  • Marketing opt-out: You can opt out of direct marketing at any time by using the unsubscribe link in emails, adjusting your account preferences (where available) or contacting support. We will stop sending marketing messages but may still send service-related communications.

GDPR rights (EEA/UK users)

If you are located in the EEA or UK and the GDPR/UK GDPR applies, you may have additional rights, including:

  • Data portability: The right to receive certain personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller, where technically feasible.
  • Withdrawal of consent: Where processing is based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Right to lodge a complaint: The right to complain to your local data protection authority if you consider that our processing infringes the GDPR.

Mexican ARCO rights (users in Mexico)

If you are located in Mexico, the LFPDPPP grants you "ARCO" rights (Access, Rectification, Cancellation and Opposition) and related protections:

  • Access: To know which personal data we hold about you, how we obtained it, and for what purposes we use it.
  • Rectification: To request correction of inaccurate or incomplete data.
  • Cancellation: To request that we delete or cancel your data where it is no longer necessary, is being used contrary to the LFPDPPP, or you withdraw consent, subject to legal retention obligations (for example, AML/CTF requirements).
  • Opposition: To object to the processing of your data for specific purposes, such as marketing or profiling, in accordance with the LFPDPPP.

We will respond to ARCO requests within the timeframes established by the LFPDPPP and its Regulations, generally within 30 days, and will inform you of the result and, where applicable, the implementation of the requested measures.

Australian users

Although Vegastars is an offshore operator and may not be subject to all provisions of the Australian Privacy Act 1988 (Cth), we aim to handle personal information in a manner consistent with the Australian Privacy Principles (APPs) to the extent reasonably practicable. Australian users can:

  • request access to their personal information and correction of inaccuracies;
  • complain about interference with their privacy to us and, if unresolved, to the Office of the Australian Information Commissioner (OAIC), as described below.

How to exercise your rights

  1. Submit a request: Contact us via the live chat on the Website or through any email/contact form indicated in the "Contact Us" section, clearly stating that your request relates to privacy or data protection (e.g., "GDPR access request", "ARCO rectification request").
  2. Identity verification: We may ask you for additional information to verify your identity and ensure that we do not disclose data to an unauthorised person (for example, by asking you to confirm account details or provide supporting documentation).
  3. Processing your request: We aim to respond within 30 days of receiving a complete request. If we need more time due to complexity or volume, we will inform you and provide an updated timeframe.
  4. Fees: We generally handle requests free of charge. We may charge a reasonable fee or refuse to act on a request where permitted by law (for example, if a request is repetitive or manifestly unfounded).

Cookies & Tracking Technologies

We use cookies and similar technologies to ensure the Website functions correctly, to improve performance, and to support marketing and analytics activities.

Types of cookies we use

  • Strictly necessary cookies: Essential for the operation of the Website and for enabling basic functions, such as logging into your account, maintaining your session, processing payments and ensuring security. These cookies cannot be switched off via our systems and are usually set in response to your actions (e.g., setting privacy preferences, logging in).
  • Functional cookies: Enable enhanced personalisation features, such as remembering your language, region (e.g., Australia), previously selected games, and your preferences on the Website.
  • Analytics and performance cookies: Help us understand how visitors use the Website, which pages are most and least popular, and how users navigate. This information is typically aggregated and used to improve our services and detect technical issues.
  • Advertising and affiliate cookies: Used to deliver and measure advertising campaigns, track affiliate referrals, and understand how users interact with our promotional content. These cookies may be placed by third-party advertising networks or affiliate platforms and can be used to build a profile of your interests.

Managing cookies

  • Browser settings: Most web browsers allow you to control cookies through their settings, including blocking or deleting cookies. Please note that disabling certain cookies may affect the functionality and performance of the Website.
  • Cookie preferences: Where available, you can manage your cookie choices using our cookie banner or a cookie preference centre accessible from the Website's footer. Non-essential cookies (such as advertising or certain analytics cookies) will only be placed on your device with your consent, where required by law.
  • Do Not Track: At present, the Website does not respond to "Do Not Track" signals, as there is no common industry standard for compliance.

Data Security

We implement appropriate technical and organisational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

  • Encryption: We use up-to-date transport layer security (TLS 1.2+ or equivalent) to encrypt data in transit between your device and our servers. Where feasible and appropriate, we also encrypt certain categories of data at rest, such as passwords (hashed and salted), payment tokens and other sensitive information.
  • Access controls: Access to personal data is restricted to authorised personnel and service providers who require it to perform their duties. We use role-based access controls, authentication mechanisms (including multi-factor authentication for administrative accounts where practicable) and logging of access to critical systems.
  • Infrastructure and monitoring: We host data with reputable providers and use firewalls, intrusion detection/prevention systems, anti-malware tools and other security technologies to monitor and protect our infrastructure.
  • Organisational measures: We maintain internal policies and procedures covering data protection, information security and incident response. Staff and contractors who handle personal data are subject to confidentiality obligations and are trained regarding their responsibilities.
  • Security assessments: We conduct periodic internal reviews and may engage external specialists to test and evaluate the security of our systems. We aim to align our practices with recognised frameworks and standards (such as ISO 27001 or SOC 2) where appropriate, although Vegastars is not currently certified under these standards.
  • Incident response: In case of a suspected or actual data breach, we will investigate promptly, take appropriate remedial measures and, where required by law, notify affected users and relevant authorities (for example, in line with GDPR or Australian Notifiable Data Breaches scheme requirements, to the extent applicable).

No system can guarantee absolute security. However, we seek to mitigate risks using industry-appropriate safeguards and encourage you to keep your account credentials confidential and to notify us promptly if you suspect unauthorised access.

Complaints & Contacts

If you have questions, concerns or complaints about how we handle your personal data, we encourage you to contact us first so we can attempt to resolve the issue directly.

How to contact us

  • Live chat: Use the 24/7 live chat function available on the Website. For privacy matters, clearly state that your query relates to "privacy" or "data protection" so it can be escalated beyond the chatbot to a human agent.
  • Support forms / email: Use any contact form or support email address indicated in the "Contact Us" or similar section of the Website. Where an address is specifically designated for privacy or data protection issues, please use that address.
  • Postal address: As at the Last Updated date of this Policy, no verified legal or mailing address has been disclosed publicly for the operator of Vegastars. If a postal address is later published on the Website, you may use it for written privacy communications.

Internal complaint procedure

  1. Step 1 - Submit your complaint: Provide a detailed description of your concern (including relevant dates, account details and any supporting evidence) via live chat or the published support channels.
  2. Step 2 - Acknowledgement: We will endeavour to acknowledge receipt of your complaint without undue delay and, in any event, within 7 days of receiving it.
  3. Step 3 - Investigation: We will investigate your complaint and may request additional information if necessary. We aim to provide a substantive response within 30 days. Complex matters may require more time, in which case we will inform you and provide an updated timeframe.
  4. Step 4 - Outcome: We will inform you of the outcome, any steps taken or proposed to resolve the issue, and any options for further escalation.

Escalation to supervisory authorities

If you are not satisfied with our response or believe that we are processing your personal data in violation of applicable law, you may have the right to lodge a complaint with a competent data protection authority.

  • Australia - Office of the Australian Information Commissioner (OAIC):
    • Website: https://www.oaic.gov.au
    • Contact details: see "Contact us" section of the OAIC website for current email and postal addresses.
  • Mexico - Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI):
    • Website: https://home.inai.org.mx
    • INAI provides guidance on how to exercise ARCO rights and lodge complaints under the LFPDPPP.
  • EEA/UK - Data protection authorities under the GDPR/UK GDPR:

For gambling-related complaints (service quality, fairness, etc.) rather than privacy issues, you may also consider contacting the Curaçao Gaming Control Board via https://gamingcontrolcuracao.org/complaints or reviewing information provided by ACMA at https://acma.gov.au/publications. Outcomes may vary, particularly given the offshore and effectively unlicensed status reported for some operators targeting Australia.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, technologies or business operations (including regulatory developments in Australia, Curaçao, the EU or other jurisdictions where we operate or target users).

  • Last updated: 15 February 2026
  • Notification of changes: When we make material changes, we will take appropriate steps to inform you in advance, which may include:
    • posting a prominent notice on the Website (e.g., a banner or pop-up);
    • displaying an alert in your account dashboard; and/or
    • sending an email or other direct communication to the address associated with your account.
  • Advance notice: Where the changes are material and reduce your rights or significantly affect how we process your data, we will, where reasonably practicable, provide at least 30 days' notice before the changes take effect.
  • Version control: We may indicate the version number and effective date at the beginning or end of this Policy. We encourage you to review the Policy periodically to stay informed of how we protect your data.
  • Your options: If you do not agree with the updated Policy, you may choose to stop using the Website and request account closure. Continued use of the Website after the effective date of any changes will constitute your acknowledgment of the updated Policy.

If you have any questions about this Privacy Policy, please contact us using the methods described in the "Complaints & Contacts" section above.