burger icon
Yabby Review Australia

Privacy Policy

This Privacy Policy explains how Yabby, operated via yabby-au.com, collects, uses, stores, and discloses personal information of players and website visitors located in Australia. It applies to all use of our websites and related services, including when you browse, register an account, deposit or withdraw funds, or interact with our support team. By using yabby-au.com you consent to the practices described in this Privacy Policy. This Privacy Policy is effective as of 1 January 2026 and supersedes all earlier versions.

Who We Are

OBSERVE: Users must know the identity and contact details of the operator responsible for data processing.

EXPAND: Yabby is a brand of an offshore gambling operator licensed in Curaçao and targeting Australian players from abroad. Clear operator details and a dedicated privacy contact are required for transparency and complaint handling.

REFLECT: We specify the operating company, registered address, licensing references, and a contact point acting as our data protection liaison.

The Yabby service available through https://yabby-au.com (and associated mirror domains) is owned and operated by:

  • Operator: Anden Online N.V.
  • Legal entity type: Private limited liability company incorporated in Curaçao
  • Registered / legal address: Abraham de Veerstraat 9, Willemstad, Curaçao
  • Gaming licences:
    • Master Licence 365/JAZ issued by Gaming Curaçao, licence status treated as active/extended to 2026
    • Sub-licence GLH-OCCHKTW0705302017 held by Anden Online N.V.
  • Jurisdiction of incorporation and primary regulation: Curaçao

While our operational and regulatory home is Curaçao, Yabby offers online gambling services on a cross-border basis to users located in Australia, in line with applicable offshore and local rules.

Data Protection Contact (DPO-equivalent)

  • Responsible department: Privacy & Compliance Team, Anden Online N.V.
  • E-mail (primary privacy contact): [email protected]
  • E-mail (support-related privacy questions): [email protected]
  • Postal contact (for written complaints): Privacy & Compliance, Anden Online N.V., Abraham de Veerstraat 9, Willemstad, Curaçao

We do not currently appoint a statutory Data Protection Officer under EU or Australian law, but the Privacy & Compliance Team performs equivalent functions and should be contacted for all privacy-related matters.

What Personal Data We Collect

OBSERVE: Operation of an online casino requires multiple data categories: identification, contact, technical, financial, behavioural, and tracking data.

EXPAND: In addition to obvious registration details, we must explain logs, device identifiers, cookies, payment data, and data generated by gameplay and site interactions.

REFLECT: We describe each category clearly while linking them to our services and risk controls.

Account and Identity Data

  • Full name, date of birth, and gender (where provided)
  • Residential address and country of residence
  • E-mail address and telephone number
  • Username, player ID, and password (stored in hashed form)
  • Identity verification data (KYC), such as copies or details of:
    • Passport, national ID card, or driving licence
    • Proof of address (utility bills, bank statements, government correspondence)

Financial and Transaction Data

  • Payment method details (for example, partial card numbers, issuing bank or payment provider, wallet identifiers, cryptocurrency wallet references where applicable)
  • Deposit and withdrawal amounts, currencies, dates, times, and methods used
  • Bonuses claimed, wagering activity related to bonuses, and bonus abuse monitoring indicators
  • Anti-money-laundering (AML) and counter-terrorist financing (CTF) checks and records required by law or our licence conditions

Technical and Usage Data

  • IP address and approximate geolocation derived from it
  • Device information (device type, operating system, browser type and version, language, screen resolution)
  • Unique device identifiers and similar technical identifiers where available
  • Server logs relating to log-ins, failed log-ins, session starts and ends, errors, and security events
  • Referring URLs and clickstream data within yabby-au.com and associated mirrors

Gameplay and Behavioural Data

  • Game selection and gameplay history (games played, stakes, wins and losses, session durations)
  • Betting patterns, volatility preferences, and other gameplay characteristics
  • Responsible gambling controls you set (limits, self-exclusion, time-outs) and your adherence to them
  • Interaction history with customer support, including chats, e-mails, and support tickets

Marketing and Communication Data

  • Marketing preferences (subscriptions to newsletters, SMS, push notifications or similar)
  • Records of consent to marketing and to specific promotions
  • Responses to surveys, feedback forms, and review requests related to Yabby

Cookies and Similar Technologies

  • Cookies placed on your device when you visit yabby-au.com or our mirror domains
  • Web beacons, pixel tags, and scripts used for analytics, fraud prevention, and advertising, where applicable
  • Information derived from these technologies, such as session identifiers, preferences, and site usage metrics

We generally do not seek to collect sensitive data (such as health information). However, information you voluntarily provide about problem gambling or vulnerability when contacting support may be processed to offer safer gambling tools and comply with responsible gambling obligations.

Legal Basis for Processing

OBSERVE: Offshore gambling operators require multiple concurrent legal grounds for processing: contract, legal obligation, legitimate interests, and consent, depending on activity.

EXPAND: Although Yabby is operated from Curaçao and primarily targets Australia, we align our framework with internationally recognised standards such as GDPR while also considering local Australian expectations.

REFLECT: We identify the main legal bases clearly so users understand when processing is necessary, when it is optional, and when they may object.

Performance of a Contract

We process your personal data because it is necessary to enter into and perform our agreement with you, including:

  • Creating and managing your player account
  • Allowing you to deposit funds, place bets, and withdraw winnings
  • Providing access to games, promotions, and loyalty programs
  • Communicating with you about your account, transactions, and gameplay
  • Providing customer support and resolving technical issues

Compliance with Legal and Regulatory Obligations

We process specific categories of data because we are legally required to do so under Curaçao law, licence conditions, and applicable anti-money-laundering and counter-terrorism financing rules, including:

  • Verifying your identity, age, and residence (KYC)
  • Assessing and monitoring transactions for suspicious or unlawful activity
  • Maintaining records for audit, tax, and regulatory reporting purposes
  • Co-operating with law enforcement, courts, regulators, and other competent authorities

Legitimate Interests

We rely on our legitimate interests, balanced against your privacy rights, for processing that is necessary to operate and improve our business, such as:

  • Securing our systems, preventing fraud, bonus abuse, and account misuse
  • Detecting and investigating suspicious behaviour and enforcing our Terms and Conditions
  • Analysing gameplay and website usage to improve our games, features, and user experience
  • Tailoring certain non-intrusive content, offers, and recommendations to your profile
  • Defending our legal rights and handling complaints or disputes

Where we rely on legitimate interests, we implement safeguards (including access controls, pseudonymisation where possible, and retention limits) to protect your rights and freedoms.

Consent

In specific situations, we process your data based on your explicit consent, which you may withdraw at any time, including:

  • Sending direct marketing communications by e-mail, SMS, push notifications, or similar channels, where required by law
  • Using certain non-essential cookies and tracking technologies for analytics and advertising
  • Processing special categories of information you voluntarily provide (for example, health-related information in the context of problem gambling support)

If you withdraw consent, this will not affect the lawfulness of processing that took place before the withdrawal, but it may limit some features or services.

Purpose of Processing

OBSERVE: Each processing activity must correspond to a clear business and/or legal purpose.

EXPAND: For Yabby, purposes include providing gambling services, ensuring compliance and security, improving the platform, and marketing.

REFLECT: We map data uses to transparent purposes that users can understand and evaluate.

Provision and Management of Casino Services

  • Registering and authenticating player accounts
  • Providing access to games, promotions, tournaments, and loyalty schemes
  • Processing deposits, withdrawals, and internal transfers
  • Calculating bets, wins, losses, and bonus entitlements
  • Issuing account notifications and essential service communications

Compliance, Security, and Fraud Prevention

  • Performing KYC, AML, and CTF checks and maintaining mandatory records
  • Monitoring gameplay and transactions for suspicious or fraudulent activity
  • Preventing bonus abuse, multi-accounting, and misuse of promotions
  • Ensuring technical security of our websites, apps, and infrastructure
  • Assisting in investigations by regulators, payment providers, or law enforcement

Service Improvement and Analytics

  • Analysing aggregated and pseudonymised data on game popularity, performance, and player behaviour
  • Testing new features, games, and user interface changes
  • Improving website performance, responsiveness, and navigation
  • Generating internal statistical reports for business planning and risk management

Marketing and Personalisation

  • Sending newsletters, promotional offers, and bonus information where permitted
  • Customising bonuses and promotions based on your activity and preferences
  • Running surveys and feedback initiatives to gauge player satisfaction
  • Managing affiliate and advertising campaigns and measuring their effectiveness

Customer Support and Dispute Resolution

  • Responding to your queries by e-mail or other channels
  • Recording and analysing support interactions to improve training and quality
  • Managing complaints, chargebacks, and disputes and maintaining related records

Disclosure & Sharing

OBSERVE: Data may need to be shared with a range of third parties to deliver services and meet legal obligations.

EXPAND: For Yabby, this includes payment providers, game studios, IT vendors, analytics and marketing partners, corporate affiliates, and authorities.

REFLECT: We describe categories of recipients, purposes of sharing, and safeguards applied.

Payment and Financial Service Providers

We share relevant personal and transaction data with:

  • Banks, card schemes, payment processors, e-wallet providers, and cryptocurrency payment gateways used to fund or withdraw from your account
  • Fraud-prevention and risk-scoring services engaged by these providers or by us

Data shared typically includes your name, account identifier, transaction details, and device/technical data necessary to verify and process the payment.

Technology, Gaming, and Support Providers

  • Game and software providers powering the casino platform and specific titles
  • Hosting and cloud infrastructure providers
  • Customer support platforms and communication tools
  • IT security and monitoring vendors
  • Analytics and business intelligence providers (using aggregated or pseudonymised data where feasible)

These providers act as data processors on our behalf and are contractually bound to process data only under our instructions and with appropriate security measures.

Group Companies and Affiliates

  • Related brands and entities managed by the same corporate group (such as Casino Brango, Casino Extreme, and Limitless Casino) for internal administration, risk management, and, where legally permitted, cross-brand analytics
  • Marketing affiliates who refer players to Yabby, to track conversions and pay commissions, using limited identifiers and transactional data

Regulators, Authorities, and Other Third Parties

  • Gaming regulators, financial intelligence units, and supervisory authorities in Curaçao or other relevant jurisdictions
  • Law enforcement agencies, courts, and dispute resolution bodies where required by law or necessary to establish, exercise, or defend legal claims
  • Professional advisers (lawyers, auditors, accountants) bound by confidentiality obligations
  • Potential acquirers or investors in the event of a merger, acquisition, restructuring, or asset sale, subject to strict confidentiality and, where required, user notification

Advertising and Analytics Networks

Where you have provided consent, we may disclose limited data to advertising networks and analytics providers to:

  • Measure the effectiveness of our campaigns
  • Serve or optimise advertising outside our website
  • Build aggregated audience statistics

We do not sell your personal data in exchange for money. Any sharing for marketing purposes is performed under strict contractual controls and, where required, based on your consent or an opt-out mechanism.

International Transfers

OBSERVE: Yabby operates from Curaçao and targets Australian users, so data flows cross-border by design.

EXPAND: Data may be stored and processed in multiple jurisdictions (for example, EU/EEA, the United States, Asia-Pacific) depending on hosting, game providers, and payment processors.

REFLECT: We explain these transfers and the safeguards used to protect your information.

Locations of Processing

  • Curaçao: Primary place of incorporation, regulatory oversight, and some operational processing.
  • European Economic Area (EEA) / United Kingdom: Possible hosting, payment providers, game providers, and professional advisers.
  • United States and other third countries: Selected cloud services, analytics, fraud-prevention tools, or communication platforms.
  • Australia: While our infrastructure is generally offshore, some third parties or CDN nodes may operate in or near Australia to optimise latency.

Protection Measures for International Transfers

  • Contractual safeguards such as standard contractual clauses or equivalent transfer mechanisms where required by applicable law
  • Vendor due diligence to ensure appropriate technical and organisational security measures
  • Data minimisation and, where practical, pseudonymisation before transfer
  • Continuous monitoring of legal developments affecting international data flows

By using yabby-au.com, you understand that your data may be processed in countries that may have different data protection standards than your home country. However, we take all reasonable steps to ensure that your data is handled securely and in accordance with this Privacy Policy.

Data Retention

OBSERVE: Gambling and AML rules require certain data to be kept for fixed minimum periods; privacy principles require that we do not retain data longer than necessary.

EXPAND: Different categories of data must be retained for different timeframes, with clear criteria for deletion or anonymisation.

REFLECT: We provide a retention framework and highlight that legal or regulatory obligations may override deletion requests for a period.

General Retention Principles

  • We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including to satisfy legal, accounting, or reporting obligations and to resolve disputes.
  • When data is no longer required, we will either securely delete it or irreversibly anonymise it so it can no longer be associated with you.

Indicative Retention Periods

  • Account and identity data: Generally retained for the duration of your active account and for up to 5 - 7 years after account closure, to comply with AML, gaming, and record-keeping requirements and to defend legal claims.
  • Financial and transaction data: Retained for at least 5 - 7 years from the date of the last transaction, in line with anti-money-laundering and tax documentation rules.
  • Gameplay and behavioural data: Kept for the life of the account and typically for up to 5 years after closure for compliance, audit, and responsible gambling analysis, after which it may be aggregated or anonymised.
  • Marketing and communication data: Retained until you withdraw consent or opt out of marketing, and for a further 2 years to document the fact that we honoured your request.
  • Technical logs and security data: Retained typically for 6 - 24 months, unless longer retention is required for investigation of incidents or legal processes.

Deletion and Anonymisation

  • Where you request erasure, we will remove or anonymise data that is not subject to a legal or regulatory retention requirement.
  • Back-up copies may persist for a limited period until overwritten, but are subject to restricted access and eventual deletion.

Your Rights

OBSERVE: Even though Yabby is operated from Curaçao and primarily serves Australia, players expect rights similar to those under modern data protection regimes (e.g. GDPR). The prompt also refers to Mexican privacy law alignment; we address rights in a harmonised way.

EXPAND: Rights typically include access, rectification, erasure, restriction, objection, portability, and withdrawal of consent, along with complaints mechanisms and timelines.

REFLECT: We provide a rights catalogue, describe how to exercise them, specify response deadlines (normally 30 days), and clarify that we do not charge for standard requests.

Overview of Your Rights

  • Right of access: You may request confirmation whether we process your personal data and obtain a copy of such data, together with information about the processing.
  • Right to rectification: You may ask us to correct inaccurate or incomplete personal data (for example, if your address or contact details change).
  • Right to erasure: You may request deletion of your personal data where:
    • It is no longer necessary for the purposes for which it was collected;
    • You withdraw consent where consent was the sole legal basis; or
    • You have successfully objected to the processing.
    This right may be restricted where we must retain data to comply with legal or regulatory obligations, particularly in the gambling and AML context.
  • Right to restriction of processing: You may ask us to restrict processing in certain cases, for example while we verify the accuracy of data or assess an objection.
  • Right to object: You may object to processing based on our legitimate interests, including profiling, where your specific situation justifies it. You have an unconditional right to object to direct marketing at any time.
  • Right to data portability: For data you provided to us and that we process by automated means on the basis of consent or contract, you may request a structured, commonly used, and machine-readable copy, and you may ask us to transmit it to another controller where technically feasible.
  • Right to withdraw consent: Where processing is based on your consent, you can withdraw it at any time. This does not affect the lawfulness of prior processing but may impact our ability to provide certain services (for example, marketing communications or certain cookies).

Procedures, Timeframes, and Costs

  • How to submit a request: You can exercise your rights by contacting us via:
  • Verification: For your security, we may need to verify your identity before acting on a request, for example by asking you to log in, provide certain account information, or supply identification documents.
  • Response time: We aim to respond to all valid requests within 30 days of receipt. If a request is complex or numerous, we may extend this period by a further 30 days, informing you of the reasons and expected timeframe.
  • Charges: We handle rights requests free of charge. However, where requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act, in line with recognised international standards.

Our approach is informed by principles found in global privacy frameworks, including the EU General Data Protection Regulation. References in this Policy to alignment with Mexican or EU-style rights are for harmonisation and transparency; the primary applicable law is that of Curaçao and, where relevant, local laws of users' countries such as Australia.

Cookies & Tracking Technologies

OBSERVE: Cookies support core functionality, analytics, and marketing.

EXPAND: We must describe types of cookies, their purposes, and how users can control them.

REFLECT: We categorise cookies and provide practical guidance for management.

Types of Cookies We Use

  • Strictly necessary (session) cookies: These cookies are essential for the operation of yabby-au.com, enabling you to log in, maintain sessions, use the cashier, and navigate securely. They are usually session-based and expire when you close your browser.
  • Functional cookies: These remember your preferences (such as language, region, and display settings) and enhance your experience. They may be persistent for a limited period.
  • Analytics cookies: These help us understand how visitors use our site (pages visited, time spent, errors encountered) so we can improve performance and usability. We may use first-party analytics tools or trusted third parties operating under our instructions.
  • Advertising and affiliate cookies: Where implemented and permitted by law, these cookies help measure the effectiveness of marketing campaigns, track referrals from affiliates, and, in some cases, tailor promotional messages.

Managing Cookies

  • You can adjust your browser settings to block or delete cookies. Instructions are typically found in the "Help" or "Settings" section of your browser.
  • Blocking strictly necessary cookies may affect core functionality and could prevent you from logging in or playing games.
  • Where we provide an internal consent or cookie management panel, you can use it to modify your preferences for non-essential cookies at any time.
  • Some tracking technologies, such as HTML5 storage or device fingerprinting, may not be fully controlled via traditional cookie settings, but we limit their use to security and fraud-prevention where possible.

Data Security

OBSERVE: Online gambling involves sensitive financial and behavioural data and is exposed to significant fraud and cyber risk.

EXPAND: We must apply robust technical and organisational measures and explain them in a way that reassures users without revealing confidential security details.

REFLECT: We summarise our defence-in-depth approach and alignment with recognised standards.

Technical Measures

  • Encryption in transit: Data transmitted between your device and yabby-au.com is protected using industry-standard TLS (Transport Layer Security) version 1.2 or higher.
  • Encryption at rest: Sensitive information (such as passwords and selected financial identifiers) is stored in encrypted or hashed form using strong cryptographic algorithms.
  • Access controls: Access to personal data is limited to authorised personnel and service providers who require it for their duties and are bound by confidentiality obligations.
  • Network and infrastructure security: Firewalls, intrusion detection/prevention systems, and anti-malware solutions are used to protect our infrastructure.
  • Segregation and logging: Different environments are segregated where appropriate, with logging and monitoring to detect unusual activity.

Organisational Measures

  • Policies and training: Staff receive periodic training on privacy, security, and responsible handling of customer data.
  • Vendor management: Third-party processors are vetted for security practices and required to implement appropriate safeguards.
  • Incident response: We maintain procedures for identifying, assessing, and responding to data incidents. Where required by applicable law, we will notify relevant authorities and affected users of significant personal data breaches without undue delay.
  • Continuous improvement: Our security practices are regularly reviewed and updated in light of technological developments and evolving threats. While we are not formally certified under ISO 27001 or SOC 2 at the time of this Policy, we endeavour to follow principles consistent with such standards.

No system can be guaranteed 100% secure. However, we continuously work to protect your information against unauthorised access, loss, misuse, or alteration.

Complaints & Contacts

OBSERVE: Users need clear channels to raise privacy concerns and escalate unresolved complaints.

EXPAND: We provide a multi-step internal process and information on external recourse to supervisory authorities, particularly for users in jurisdictions with formal privacy regulators.

REFLECT: We describe expectations around timelines and handling.

Contacting Us

  • Primary privacy contact: [email protected]
  • Support channel (including privacy-related issues): [email protected]
  • Postal address: Privacy & Compliance, Anden Online N.V., Abraham de Veerstraat 9, Willemstad, Curaçao

Internal Complaint Procedure

  1. Submission: Send your complaint or query to one of the contact options above. Please include your name, username, contact details, and a clear description of your concern.
  2. Acknowledgement: We will normally acknowledge receipt of your complaint within 5 business days.
  3. Investigation: Your complaint will be reviewed by our Privacy & Compliance Team, who may contact you for further information or clarification.
  4. Response: We aim to provide a substantive response within 30 days. If we cannot respond within this period due to complexity or volume, we will inform you of the delay and provide a revised timeframe.
  5. Further review: If you are unsatisfied with our response, you may request that the matter be escalated to senior management for an additional review.

External Escalation

Because Yabby is operated from Curaçao, our primary regulatory contacts are Curaçao authorities. However, depending on your country of residence, you may also have the right to lodge a complaint with a local data protection or consumer authority under your national laws (for example, the Office of the Australian Information Commissioner (OAIC) for Australian residents).

  • Example (Australia - OAIC): Office of the Australian Information Commissioner, GPO Box 5288, Sydney NSW 2001, Australia, website: https://www.oaic.gov.au

If you are uncertain which authority is competent in your case, you may contact us and we will provide guidance to the extent reasonably possible.

Updates

OBSERVE: Privacy policies must be updated to reflect regulatory changes, new services, and evolving practices.

EXPAND: We must set expectations about how users will be informed of changes and what options they have.

REFLECT: We implement version control, notification methods, and advance notice for material changes where feasible.

Policy Changes and Version Control

  • This Privacy Policy may be updated from time to time to reflect changes in our services, legal requirements, or data processing practices.
  • Each version will be identified by the "Last updated" date at the bottom of the Policy.
  • Material changes that significantly affect your rights or the way we process your data will be highlighted on our website or in your account dashboard.

Notification Methods

  • Website banner or pop-up: We may display a notice on yabby-au.com drawing attention to the updated Policy.
  • E-mail notification: For significant changes, we may send an e-mail to the address associated with your account.
  • Account dashboard alerts: You may see notifications or prompts to review and accept updates when logging into your account.

Advance Notice and Your Options

  • For material changes that reduce your rights or expand our processing in a way that requires consent, we will, where practicable, provide at least 30 days' advance notice before the changes take effect.
  • If you do not agree with an updated version of this Privacy Policy, you may choose to stop using our services and request account closure.
  • Continued use of yabby-au.com after the effective date of an updated Policy will be deemed acceptance of the changes, to the extent permitted by applicable law.

Last updated: January 2026