Submit a Data Request

Exercise your privacy rights β€” access, deletion, correction, or objection. We will respond within 30 days.

Lotus365β€ΊPrivacy Policy
Legal Β· Privacy Policy

πŸ”’ Privacy Policy

πŸ“… Last updated: 1 June 2026
🌐 Applies to: lotus365-co.com & Lotus365 App
πŸ”’ Version: 4.0
πŸ”’
Your Data Is Secure
SSL encryption on all data transmissions. Secure servers, restricted access.
🚫
Never Sold
Your personal data is never sold to third parties. Ever.
βœ‹
Your Rights
Access, correct, delete or export your data at any time.
πŸ“§
30-Day Response
We respond to all data requests within 30 days of receipt.
πŸ“… This Privacy Policy was last reviewed on 1 June 2026
ℹ️
This policy is written in plain English. We have tried to make it clear, complete, and easy to understand. If you have any questions after reading it, please contact us and we will be happy to explain anything further.
Section 01
Who We Are

Lotus365 (lotus365-co.com) is an online sports betting and casino platform operated by a company licensed under Curacao EGAMING License 8048/JAZ. We are the data controller for all personal data collected through our website, mobile app, and related services.

When this Privacy Policy says "Lotus365," "we," "us," or "our," it refers to the operating entity behind lotus365-co.com. When it says "you" or "your," it refers to any person who uses our platform, registers an account, or visits our website.

This Privacy Policy applies to all personal data we collect through:

  • The Lotus365 website at lotus365-co.com
  • The Lotus365 mobile app (Android APK and iOS web app)
  • Our customer support communications (WhatsApp, email, live chat)
  • Our marketing communications (email, push notifications, SMS)
  • Third-party platforms that display our advertising
Section 02
Data We Collect

We collect personal data in several ways β€” information you provide directly, information generated by your use of our platform, and information from third parties. Here is a comprehensive breakdown:

CategoryData CollectedHow Collected
Account DataFirst name, last name, username, email address, mobile number, date of birth, password (hashed)Registration form
Identity VerificationGovernment-issued ID (Aadhaar, PAN, passport), selfie/photo for KYC, proof of addressKYC verification process
Financial DataUPI ID, transaction history, deposit amounts, withdrawal requests, account balancePayment transactions
Betting ActivityBets placed, markets selected, odds accepted, bet outcomes, wagering historyPlatform usage
Technical DataIP address, device type, OS version, browser, session tokens, app versionAutomatic β€” platform access
Usage DataPages visited, features used, time on site, click patterns, search queriesAutomatic β€” analytics cookies
CommunicationsSupport chat transcripts, email content, complaint details, feedbackCustomer support interactions
Location DataCountry and approximate region (derived from IP address). We do not collect GPS location.Automatic β€” IP geolocation
Marketing PreferencesEmail opt-in/out status, push notification preferences, SMS consentAccount settings / consent forms
βœ…
Sensitive data: We do not intentionally collect sensitive personal data such as religious beliefs, political opinions, or health information. If you voluntarily share such information in support communications, we will handle it with extra care and delete it once your issue is resolved.
Section 03
How We Use Your Data

We use your personal data only for the purposes described below. We do not use your data for any purpose incompatible with those listed:

PurposeData UsedLegal Basis
Account creation & managementAccount data, identity verificationContract performance
Processing bets & payoutsBetting activity, financial data, account dataContract performance
Identity verification (KYC)Identity docs, date of birth, photoLegal obligation
Fraud prevention & securityTechnical data, financial data, betting activityLegitimate interests
Age verification (18+)Date of birth, identity documentsLegal obligation
Responsible gambling monitoringBetting activity, financial data, account dataLegal obligation + legitimate interests
Customer supportCommunications, account data, transaction dataContract performance
Platform improvementUsage data, technical data (anonymised)Legitimate interests
Marketing communicationsEmail, marketing preferencesConsent
Legal compliance & reportingAll data categoriesLegal obligation
Section 04
Legal Basis for Processing

Every time we process your personal data, we do so on one of the following legal bases:

Contract performance: When processing is necessary to deliver the service you signed up for β€” creating your account, processing your bets, paying your withdrawals. Without this processing, we cannot provide the Lotus365 service.

Legal obligation: When processing is required by law β€” age verification (we are legally required to verify you are 18+), KYC/AML compliance, responsible gambling monitoring, and reporting obligations under our Curacao gaming licence.

Legitimate interests: When processing serves our genuine business interests and does not override your privacy rights β€” fraud detection, security monitoring, platform analytics, and abuse prevention. We conduct a Legitimate Interests Assessment (LIA) for each such processing activity.

Consent: When processing requires your explicit opt-in β€” marketing emails, push notifications, SMS communications, and non-essential cookies. You can withdraw consent at any time without penalty by updating your account settings or contacting us.

⚠️
Where we rely on consent, withdrawal of that consent does not affect the lawfulness of processing carried out before the withdrawal. It also does not affect your ability to use Lotus365 β€” withdrawing marketing consent will not affect your account or betting access.
Section 05
Data Sharing & Third Parties

We never sell your personal data. We only share your data with third parties in the limited circumstances described below, and only to the extent necessary for each purpose:

Payment processors: Your UPI transaction data is shared with our payment processing partners solely to process your deposits and withdrawals. These partners are contractually bound to process data only for payment purposes and are prohibited from using it for any other purpose.

Identity verification providers: If KYC verification is required, your identity documents may be shared with a licensed identity verification service. This data is used only for verification and is not retained by the provider beyond the verification period.

Analytics providers: Anonymised usage data is shared with Google Analytics. No personally identifiable information is included in analytics data shared with Google.

Responsible gambling partners: Where required by our operating licence, we may share limited account data with responsible gambling monitoring services or self-exclusion registries.

Legal authorities: We may disclose personal data to law enforcement, regulators, or courts where required by applicable law, a valid legal order, or where necessary to protect the safety of our users or the public.

Business transfers: In the event of a merger, acquisition, or sale of our business, your personal data may be transferred as part of that transaction. You will be notified before any such transfer and given the opportunity to delete your account.

🚫
We will never: sell your data to advertisers, share your betting history with employers or insurers, provide your data to other betting platforms, or use your data for purposes beyond those stated in this policy.
Section 06
Data Retention

We retain your personal data only for as long as necessary for the purpose it was collected, or as required by law. The following retention periods apply:

Data CategoryRetention PeriodReason
Account dataDuration of account + 5 years after closureLegal / regulatory requirement
Financial transaction records7 years from transaction dateFinancial regulation compliance
KYC / identity documents5 years after account closureAML regulatory obligation
Betting history5 years from bet dateDispute resolution + regulatory
Support communications3 years from conversation dateComplaint resolution reference
Analytics data (anonymised)24 months (Google Analytics default)Platform improvement
Marketing consent records3 years from last interactionConsent audit trail
Session / security logs12 monthsFraud detection & security

When data is no longer required and no legal obligation requires us to retain it, we securely delete or anonymise it. You may request earlier deletion by submitting a data deletion request through our .

Section 07
How We Protect Your Data

We take data security seriously and have implemented industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • SSL/TLS encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Password hashing: Passwords are never stored in plain text. We use bcrypt with appropriate salt rounds to hash all passwords before storage.
  • Access controls: Personal data is accessible only to Lotus365 staff who require it for their specific role. All access is logged and regularly audited.
  • Segregated accounts: Player funds are held in segregated accounts separate from our operational funds.
  • Session security: Sessions time out after a period of inactivity. CSRF tokens protect all form submissions. Rate limiting prevents brute-force attacks.
  • Regular security audits: We conduct penetration testing and vulnerability assessments on a regular schedule. Critical vulnerabilities are patched within 24 hours of discovery.
  • Staff training: All Lotus365 staff with access to personal data receive regular data protection training.
⚠️
While we take every reasonable measure to protect your data, no internet transmission is 100% secure. If you suspect your account has been compromised, please contact our support team immediately. We will lock your account and investigate within 2 hours.

Data breach notification: In the unlikely event of a data breach that affects your personal data, we will notify you via email and on-site notification within 72 hours of becoming aware of the breach, as required by applicable data protection law.

Section 08
Your Privacy Rights

You have the following rights with respect to your personal data. You can exercise any of these rights by submitting a request using our data request form or by emailing privacy@lotus365-co.com. We will respond within 30 days.

πŸ“‹
Right of Access

Request a copy of all personal data we hold about you. We will provide this in a clear, readable format within 30 days.

✏️
Right to Rectification

Request correction of any inaccurate or incomplete personal data. Update most account data directly in your account settings.

πŸ—‘οΈ
Right to Erasure

Request deletion of your personal data ("right to be forgotten"). Subject to legal retention obligations we may not be able to delete all data immediately.

⏸️
Right to Restriction

Request that we restrict processing of your data β€” for example, while you dispute its accuracy or object to processing.

πŸ“¦
Right to Portability

Request your personal data in a structured, machine-readable format (JSON/CSV) so you can transfer it to another service.

βœ‹
Right to Object

Object to processing based on legitimate interests, including profiling for marketing. We will stop unless we have compelling grounds.

πŸ”•
Withdraw Marketing Consent

Opt out of marketing emails, push notifications, or SMS at any time via account settings or by clicking "Unsubscribe" in any email.

βš–οΈ
Right to Complain

Lodge a complaint with your local data protection authority if you believe we have mishandled your data. Contact us first and we will try to resolve it directly.

Section 09
Children's Privacy

Lotus365 is strictly an adult platform. We do not knowingly collect personal data from anyone under the age of 18. Our registration process requires users to confirm they are 18 or older, and we conduct age verification checks as part of our KYC process.

If you are a parent or guardian and believe your child has registered on Lotus365, please contact us immediately at privacy@lotus365-co.com or via our contact page. We will:

  • Immediately suspend the account pending investigation
  • Delete all personal data associated with the account
  • Refund any deposited funds to the original payment source
  • Provide you with confirmation that all data has been deleted

We take underage access extremely seriously and will act on any report within 2 hours of receipt.

Section 10
International Data Transfers

Lotus365 is operated by a Curacao-licensed entity. Your personal data may be stored and processed on servers located outside India. Where we transfer data internationally, we ensure appropriate safeguards are in place:

  • We use standard contractual clauses (SCCs) approved by relevant data protection authorities when transferring data to processors outside the EEA.
  • All third-party processors (payment providers, analytics providers, identity verification services) are contractually required to apply data protection standards equivalent to those described in this policy.
  • Anonymised analytics data shared with Google Analytics is processed in accordance with Google's data processing terms and Privacy Policy.

If you would like details of the specific safeguards in place for any international data transfer, please contact our Data Protection Officer at dpo@lotus365-co.com.

Section 11
Changes to This Privacy Policy

We review and update this Privacy Policy at least annually, and whenever there are significant changes to how we process personal data. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Send an email notification to all registered users summarising the key changes
  • Display a prominent notice on the Lotus365 homepage for 30 days
  • Where required by law, seek fresh consent before processing under the new terms

We encourage you to review this policy periodically. Previous versions are available on request by emailing privacy@lotus365-co.com.

Your continued use of Lotus365 after any policy update constitutes acceptance of the revised terms. If you do not agree with any update, you may close your account at any time and request deletion of your data.

Section 12
Contact Us & Data Protection Officer

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us through any of the following channels:

Contact MethodDetailsResponse Time
Privacy / DPO Emailprivacy@lotus365-co.comWithin 3 business days
Data Request FormWithin 30 days
General Support (WhatsApp)+91 2349111861647 Β· 24/7Under 3 minutes
Contact Formlotus365-co.com/contactWithin 4 hours

We have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection practices and ensuring compliance with applicable privacy law. The DPO can be reached directly at dpo@lotus365-co.com.

If you are not satisfied with our response to any privacy concern, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.