Privacy Policy | AffConnect360

1.Who we are

AffConnect360 (“AffConnect360”, “we”, “us”, “our”) is operated by [REGISTERED_COMPANY_NAME], a company registered in [JURISDICTION] under registration number [REG_NUMBER], with registered address at [REGISTERED_ADDRESS]. We provide affiliate management software to iGaming operators through the website https://affconnect360.site and the application hosted at https://affconnect360.site.

For all privacy-related enquiries, contact us at marketing@affconnect360.com.

2.Scope of this policy

This policy describes how we handle personal data in two distinct roles:

As a controller — for personal data about visitors to our website, prospective customers, and individual users of our platform (operator account holders).
As a processor — for personal data that operator customers upload to or push through the platform (affiliate records, tracked player events). In this case our customer is the controller; how we process that data is governed by the Data Processing Addendum (DPA) signed between us.

3.Data we collect

Category	Examples	Source
Account data	Name, business email, password (hashed), role, brand assignments, 2FA secret	Provided by you when signing up or by your account admin
Operator usage data	Logins, IP address, browser, pages viewed, actions taken in the dashboard, audit log entries	Collected automatically when you use the application
Affiliate records	Affiliate name, contact email, payout details, traffic source, commission plan	Uploaded by the operator customer (we act as processor)
Tracking events	Click ID, timestamp, IP, country, referrer; registration, FTD, deposit and custom events	Pushed via API or postback by the operator customer (we act as processor)
Player identifiers	Pseudonymous player ID, currency, deposit amount	Pushed by the operator customer. We do not request or store names, addresses, KYC documents or payment card data of players.
Marketing & sales	Name, business email, company, message content from contact / demo forms	Provided by you
Cookies & similar	Session cookies, CSRF tokens, preference cookies. See §11.	Set by us

We do not intentionally collect special-category data (health, religion, biometrics, etc.). We do not collect or store player names, addresses, government-issued IDs, KYC documents, or payment card data.

4.How we use data

To operate the platform — authenticate users, calculate commissions, render dashboards, send postbacks.
To support customers — respond to enquiries, troubleshoot issues, provide onboarding assistance.
To improve the product — analyse aggregated usage, fix bugs, build new features.
To secure the service — detect fraud, abuse, brute-force attempts; maintain audit logs; investigate incidents.
To send service communications — account notifications, security alerts, billing, material policy changes.
To send marketing — only to business contacts who have opted in or have a legitimate-interest relationship with us. You can unsubscribe at any time.
To comply with law — tax, accounting, AML obligations, and lawful requests from authorities.

5.Legal bases (GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

Performance of a contract — to provide the platform to operator customers and their authorised users.
Legitimate interests — for product improvement, security, fraud prevention, and limited B2B marketing. We balance these interests against your rights.
Consent — for non-essential cookies and opt-in marketing emails. You can withdraw consent at any time.
Legal obligation — to retain billing records, respond to lawful authority requests, etc.

We share personal data only with:

Sub-processors we use to run the service: hosting ([HOSTING_PROVIDER]), email delivery ([EMAIL_PROVIDER]), error monitoring ([MONITORING_PROVIDER]), payment processor for our own subscription billing ([BILLING_PROVIDER]). A current list is available on request.
Operator customers — when you log into a specific operator’s portal, your activity is visible to that operator’s administrators.
Professional advisors — lawyers, accountants, auditors under confidentiality.
Authorities — where compelled by valid legal process, and after reviewing the request for legitimacy and scope.
An acquirer — in the event of a merger, acquisition or asset sale, subject to equivalent privacy commitments.

We do not sell personal data. We do not share personal data with advertising networks for cross-site profiling.

7.Retention

We keep personal data only as long as needed for the purposes set out above:

Account data: for the life of your account, plus up to 12 months after closure for accounting and dispute purposes.
Audit logs: 24 months by default.
Tracking events: for the duration the operator customer requires, per the DPA. Default 36 months unless instructed otherwise.
Marketing contacts: until you unsubscribe or 24 months of inactivity, whichever is sooner.
Backups: rolling encrypted backups expire within [N] days.

8.Security

We use TLS 1.3 in transit, AES-256 at rest, scoped API keys, role-based access, audit logging, and isolated production environments. The full description of our security practices is on our Security page.

9.International transfers

Personal data is hosted in [HOSTING_REGION]. Where we transfer personal data outside the EEA / UK / your jurisdiction (for example to a sub-processor in the United States), we use European Commission Standard Contractual Clauses (SCCs) or equivalent legal mechanisms, and we apply appropriate technical measures.

10.Your rights

Depending on where you live, you may have rights to: access the personal data we hold about you, correct it if inaccurate, delete it, restrict or object to processing, port it to another provider, and withdraw consent. EU/UK residents have the right to complain to a supervisory authority — for [JURISDICTION], that is [SUPERVISORY_AUTHORITY].

To exercise any of these rights, email marketing@affconnect360.com. We respond within 30 days. If your data was uploaded to AffConnect360 by an operator customer (e.g. you are an affiliate of a casino brand), please contact that operator directly — they are the controller and we’ll forward the request if needed.

11.Cookies & analytics

We use a small set of cookies:

Strictly necessary — session, authentication, CSRF protection. Cannot be disabled.
Preference — theme (light/dark), language. Set only when you change a preference.
Analytics — aggregate usage measurement (e.g. Google Analytics or a privacy-respecting alternative). Set only after you accept on the cookie banner.

You can clear cookies at any time in your browser settings. Disabling strictly necessary cookies will break parts of the service.

12.Children

AffConnect360 is a B2B platform and is not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently done so, contact us and we will delete the data.

13.Changes

We may update this policy from time to time. Material changes will be communicated by email to operator customers and announced at the top of this page. The “Last updated” date at the top reflects the most recent revision.

14.Contact

Questions, requests, complaints — email marketing@affconnect360.com. Postal mail can be sent to [REGISTERED_COMPANY_NAME], [REGISTERED_ADDRESS].

Contents