Exercise your privacy rights β access, deletion, correction, or objection. We will respond within 30 days.
π Privacy Policy
Lotus365 (lotus365-co.com) is an online sports betting and casino platform operated by a company licensed under Curacao EGAMING License 8048/JAZ. We are the data controller for all personal data collected through our website, mobile app, and related services.
When this Privacy Policy says "Lotus365," "we," "us," or "our," it refers to the operating entity behind lotus365-co.com. When it says "you" or "your," it refers to any person who uses our platform, registers an account, or visits our website.
This Privacy Policy applies to all personal data we collect through:
- The Lotus365 website at lotus365-co.com
- The Lotus365 mobile app (Android APK and iOS web app)
- Our customer support communications (WhatsApp, email, live chat)
- Our marketing communications (email, push notifications, SMS)
- Third-party platforms that display our advertising
We collect personal data in several ways β information you provide directly, information generated by your use of our platform, and information from third parties. Here is a comprehensive breakdown:
| Category | Data Collected | How Collected |
|---|---|---|
| Account Data | First name, last name, username, email address, mobile number, date of birth, password (hashed) | Registration form |
| Identity Verification | Government-issued ID (Aadhaar, PAN, passport), selfie/photo for KYC, proof of address | KYC verification process |
| Financial Data | UPI ID, transaction history, deposit amounts, withdrawal requests, account balance | Payment transactions |
| Betting Activity | Bets placed, markets selected, odds accepted, bet outcomes, wagering history | Platform usage |
| Technical Data | IP address, device type, OS version, browser, session tokens, app version | Automatic β platform access |
| Usage Data | Pages visited, features used, time on site, click patterns, search queries | Automatic β analytics cookies |
| Communications | Support chat transcripts, email content, complaint details, feedback | Customer support interactions |
| Location Data | Country and approximate region (derived from IP address). We do not collect GPS location. | Automatic β IP geolocation |
| Marketing Preferences | Email opt-in/out status, push notification preferences, SMS consent | Account settings / consent forms |
We use your personal data only for the purposes described below. We do not use your data for any purpose incompatible with those listed:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation & management | Account data, identity verification | Contract performance |
| Processing bets & payouts | Betting activity, financial data, account data | Contract performance |
| Identity verification (KYC) | Identity docs, date of birth, photo | Legal obligation |
| Fraud prevention & security | Technical data, financial data, betting activity | Legitimate interests |
| Age verification (18+) | Date of birth, identity documents | Legal obligation |
| Responsible gambling monitoring | Betting activity, financial data, account data | Legal obligation + legitimate interests |
| Customer support | Communications, account data, transaction data | Contract performance |
| Platform improvement | Usage data, technical data (anonymised) | Legitimate interests |
| Marketing communications | Email, marketing preferences | Consent |
| Legal compliance & reporting | All data categories | Legal obligation |
Every time we process your personal data, we do so on one of the following legal bases:
Contract performance: When processing is necessary to deliver the service you signed up for β creating your account, processing your bets, paying your withdrawals. Without this processing, we cannot provide the Lotus365 service.
Legal obligation: When processing is required by law β age verification (we are legally required to verify you are 18+), KYC/AML compliance, responsible gambling monitoring, and reporting obligations under our Curacao gaming licence.
Legitimate interests: When processing serves our genuine business interests and does not override your privacy rights β fraud detection, security monitoring, platform analytics, and abuse prevention. We conduct a Legitimate Interests Assessment (LIA) for each such processing activity.
Consent: When processing requires your explicit opt-in β marketing emails, push notifications, SMS communications, and non-essential cookies. You can withdraw consent at any time without penalty by updating your account settings or contacting us.
We never sell your personal data. We only share your data with third parties in the limited circumstances described below, and only to the extent necessary for each purpose:
Payment processors: Your UPI transaction data is shared with our payment processing partners solely to process your deposits and withdrawals. These partners are contractually bound to process data only for payment purposes and are prohibited from using it for any other purpose.
Identity verification providers: If KYC verification is required, your identity documents may be shared with a licensed identity verification service. This data is used only for verification and is not retained by the provider beyond the verification period.
Analytics providers: Anonymised usage data is shared with Google Analytics. No personally identifiable information is included in analytics data shared with Google.
Responsible gambling partners: Where required by our operating licence, we may share limited account data with responsible gambling monitoring services or self-exclusion registries.
Legal authorities: We may disclose personal data to law enforcement, regulators, or courts where required by applicable law, a valid legal order, or where necessary to protect the safety of our users or the public.
Business transfers: In the event of a merger, acquisition, or sale of our business, your personal data may be transferred as part of that transaction. You will be notified before any such transfer and given the opportunity to delete your account.
We retain your personal data only for as long as necessary for the purpose it was collected, or as required by law. The following retention periods apply:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data | Duration of account + 5 years after closure | Legal / regulatory requirement |
| Financial transaction records | 7 years from transaction date | Financial regulation compliance |
| KYC / identity documents | 5 years after account closure | AML regulatory obligation |
| Betting history | 5 years from bet date | Dispute resolution + regulatory |
| Support communications | 3 years from conversation date | Complaint resolution reference |
| Analytics data (anonymised) | 24 months (Google Analytics default) | Platform improvement |
| Marketing consent records | 3 years from last interaction | Consent audit trail |
| Session / security logs | 12 months | Fraud detection & security |
When data is no longer required and no legal obligation requires us to retain it, we securely delete or anonymise it. You may request earlier deletion by submitting a data deletion request through our .
We take data security seriously and have implemented industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:
- SSL/TLS encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- Password hashing: Passwords are never stored in plain text. We use bcrypt with appropriate salt rounds to hash all passwords before storage.
- Access controls: Personal data is accessible only to Lotus365 staff who require it for their specific role. All access is logged and regularly audited.
- Segregated accounts: Player funds are held in segregated accounts separate from our operational funds.
- Session security: Sessions time out after a period of inactivity. CSRF tokens protect all form submissions. Rate limiting prevents brute-force attacks.
- Regular security audits: We conduct penetration testing and vulnerability assessments on a regular schedule. Critical vulnerabilities are patched within 24 hours of discovery.
- Staff training: All Lotus365 staff with access to personal data receive regular data protection training.
Data breach notification: In the unlikely event of a data breach that affects your personal data, we will notify you via email and on-site notification within 72 hours of becoming aware of the breach, as required by applicable data protection law.
You have the following rights with respect to your personal data. You can exercise any of these rights by submitting a request using our data request form or by emailing privacy@lotus365-co.com. We will respond within 30 days.
Request a copy of all personal data we hold about you. We will provide this in a clear, readable format within 30 days.
Request correction of any inaccurate or incomplete personal data. Update most account data directly in your account settings.
Request deletion of your personal data ("right to be forgotten"). Subject to legal retention obligations we may not be able to delete all data immediately.
Request that we restrict processing of your data β for example, while you dispute its accuracy or object to processing.
Request your personal data in a structured, machine-readable format (JSON/CSV) so you can transfer it to another service.
Object to processing based on legitimate interests, including profiling for marketing. We will stop unless we have compelling grounds.
Opt out of marketing emails, push notifications, or SMS at any time via account settings or by clicking "Unsubscribe" in any email.
Lodge a complaint with your local data protection authority if you believe we have mishandled your data. Contact us first and we will try to resolve it directly.
Lotus365 is strictly an adult platform. We do not knowingly collect personal data from anyone under the age of 18. Our registration process requires users to confirm they are 18 or older, and we conduct age verification checks as part of our KYC process.
If you are a parent or guardian and believe your child has registered on Lotus365, please contact us immediately at privacy@lotus365-co.com or via our contact page. We will:
- Immediately suspend the account pending investigation
- Delete all personal data associated with the account
- Refund any deposited funds to the original payment source
- Provide you with confirmation that all data has been deleted
We take underage access extremely seriously and will act on any report within 2 hours of receipt.
Lotus365 is operated by a Curacao-licensed entity. Your personal data may be stored and processed on servers located outside India. Where we transfer data internationally, we ensure appropriate safeguards are in place:
- We use standard contractual clauses (SCCs) approved by relevant data protection authorities when transferring data to processors outside the EEA.
- All third-party processors (payment providers, analytics providers, identity verification services) are contractually required to apply data protection standards equivalent to those described in this policy.
- Anonymised analytics data shared with Google Analytics is processed in accordance with Google's data processing terms and Privacy Policy.
If you would like details of the specific safeguards in place for any international data transfer, please contact our Data Protection Officer at dpo@lotus365-co.com.
We review and update this Privacy Policy at least annually, and whenever there are significant changes to how we process personal data. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Send an email notification to all registered users summarising the key changes
- Display a prominent notice on the Lotus365 homepage for 30 days
- Where required by law, seek fresh consent before processing under the new terms
We encourage you to review this policy periodically. Previous versions are available on request by emailing privacy@lotus365-co.com.
Your continued use of Lotus365 after any policy update constitutes acceptance of the revised terms. If you do not agree with any update, you may close your account at any time and request deletion of your data.
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us through any of the following channels:
| Contact Method | Details | Response Time |
|---|---|---|
| Privacy / DPO Email | privacy@lotus365-co.com | Within 3 business days |
| Data Request Form | Within 30 days | |
| General Support (WhatsApp) | +91 2349111861647 Β· 24/7 | Under 3 minutes |
| Contact Form | lotus365-co.com/contact | Within 4 hours |
We have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection practices and ensuring compliance with applicable privacy law. The DPO can be reached directly at dpo@lotus365-co.com.
If you are not satisfied with our response to any privacy concern, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.