Bovada
Log In Register

Privacy Policy

This Privacy Policy explains what personal data our casino collects, why we collect it, how we share it and what rights you have. It applies to bovada.lv and all related subdomains and mobile interfaces. By creating an account or placing a bet you accept this policy; if you do not, do not register. We update the policy when our practices change — the date at the bottom tells you the current version.

Information We Collect

We collect three categories of data. Account data: name, date of birth, email, phone, residential address, username, password hash, and the answer to your security question. Verification data for KYC and AML: a copy of your government-issued ID, a recent utility bill or bank statement, and a live selfie when a higher-risk threshold is crossed. Activity data: deposits, wagers, withdrawals, login times, device fingerprint, IP address, geolocation, and the pages and games you use.

How We Use Your Data

We use account data to open and run your account, to send you transaction confirmations, and to contact you about service issues. Verification data is used only for KYC, AML, fraud screening and safer-gambling checks; it is not used for marketing. Activity data drives the cashier, the bonus engine and our internal reporting, and a subset feeds the safer-gambling models that flag risky patterns. We use a small slice of activity data for personalised promotions, and you can opt out of that without affecting your account.

Legal Bases

For data tied to running your account we rely on contract necessity — without it we cannot serve you. For KYC, AML and reporting to the licensor we rely on legal obligation. For marketing and analytics we rely on your consent, asked for at sign-up and revocable any time from your account settings.

Sharing With Third Parties

We do not sell your personal data. We share it only with the following:

  • Payment processors and banks — to settle deposits and withdrawals.
  • KYC and AML vendors — to verify identity and screen against sanctions lists.
  • Game providers — limited session data so the games run; never your full account record.
  • Regulators and law enforcement — when legally compelled by a valid order from the Government of Curacao, Kahnawake Gaming Commission or a court of competent jurisdiction.
  • Analytics and security vendors — anonymised or pseudonymised data only, listed in our Cookie Policy.

CCPA and CPRA Rights for US Residents

If you live in California, the Consumer Privacy Act (CCPA) and the Privacy Rights Act (CPRA) give you the right to:

  • Know what categories of personal data we hold about you and where it came from.
  • Access a copy of your data in a portable format.
  • Correct data that is inaccurate.
  • Delete data we are not legally required to keep (KYC records have statutory retention).
  • Opt out of "sharing" of personal data for cross-context behavioural advertising.
  • Limit use of sensitive personal information.

Residents of Virginia, Colorado, Connecticut, Utah and other states with similar laws have equivalent rights. To exercise any of them, email [email protected] from the address on your account, or use the "Do Not Sell or Share My Personal Information" link in the footer. We respond within 45 days; we do not charge for requests and we honour Global Privacy Control browser signals.

Data Retention

Account and transaction data is kept for 7 years after account closure to satisfy AML obligations. KYC documents are kept for 5 years after closure for the same reason. Marketing preferences are kept until you withdraw consent. Live Chat transcripts are kept for 90 days for quality and dispute review. Server logs are kept for 90 days for security, then anonymised.

International Transfers

Some of our processors are located outside your home jurisdiction. Where we transfer data internationally we use Standard Contractual Clauses or equivalent safeguards, and we screen processors annually for security and compliance. Crypto-related vendors operate primarily inside the EU and the Americas; full vendor list is available on request.

Security

The site runs on 256-bit SSL/TLS in transit. Passwords are hashed with bcrypt. Two-factor authentication is opt-in for every account. Card data never touches our servers — we tokenise through a PCI-DSS Level 1 processor. Internal access is least-privilege, audited and limited to staff who need it for a specific task. Annual penetration testing is conducted by an independent third party.

Children's Privacy

Our service is restricted to adults 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has registered, email [email protected] and we will close the account and delete all data not required by AML law.

Updates To This Policy

We revise this page when our practices change or a new privacy law affects US players. Material changes are shown as a banner on your next login and as a notice in your account inbox. Continued use after the effective date means you accept the new version. Questions and requests go to [email protected]. Last updated: 28 June 2026.