Goldex Privacy Policy

Last updated: June 2, 2026

This Privacy Policy explains how NovaForge LTD collects, uses, shares and protects personal data when users access or interact with the NaoBet platform. It applies to all services offered through the casino, sportsbook, live betting and promotional features available to Australian players aged 18 and over.

The policy covers data processing activities that occur during registration, account management, gameplay, payments and customer support. By using the platform, users acknowledge that their personal information is handled in accordance with this document and applicable legislation governing offshore online gambling services.

Key Terms and Definitions

Understanding the language used in this policy helps users see how data collection and processing connect to real activities on the platform. Terms are defined here to clarify their meaning within the context of account usage and service delivery.

Account and Service Definitions

An account refers to the registered user profile created by submitting an email address, password and personal details during the signup process. The service includes all pokies, live casino games, table games, jackpots, sportsbook markets, live betting, virtual sports and promotional features offered through the NaoBet platform operated by NovaForge LTD under Anjouan licence ALSI-152406028-FI2.

Data and Device Definitions

Personal data means any information that identifies or relates to a user, including name, date of birth, email address, payment details and activity records. A device refers to the hardware used to access the platform, such as a smartphone, tablet or desktop computer, along with associated technical identifiers like IP address and browser type.

Types of Personal Data Collected

Data collection happens at different stages of platform interaction, from initial registration to ongoing gameplay and account management. The types of information gathered support account operation, payment processing, security checks and compliance with the regulatory framework.

Identity and Contact Data

During registration, users provide their full name, date of birth, residential address, email address and phone number. This information is required to create an account, verify age, confirm eligibility and enable communication regarding account activity, security alerts and promotional offers. Additional identity documents may be requested during KYC checks, including scanned copies of a driver's licence, passport or proof of address issued within 30 days of the document request.

Payment and Financial Data

Payment data includes card numbers, account holder names, transaction amounts and payment method ownership proof. This information is collected when users deposit or withdraw funds through Visa, Mastercard or Interac e-Transfer options available in the AUD cashier. Payment details are used to process transactions, prevent fraud and comply with anti-money laundering procedures that may require enhanced financial documentation during risk reviews.

Technical and Usage Data

Technical data is automatically captured when users access the platform, including IP address, browser type, operating system, device identifiers and session timestamps. Usage data tracks activity such as games played, bets placed, bonus claims, withdrawal requests and support interactions. This information helps maintain platform security, detect irregular betting patterns and improve service reliability across Android and iOS browser access.

Purposes of Data Processing

Personal information is processed to deliver the core functions of the casino and sportsbook, manage user accounts and meet legal obligations. Each processing activity is tied to a specific operational need or regulatory requirement.

Service Provision and Account Management

Data is used to create and maintain user accounts, process deposits and withdrawals, track bonus wagering progress and deliver promotional rewards such as the 120% welcome package up to AUD 750 plus 240 free spins and 1 Bonus Crab. Account management includes handling self-exclusion requests, updating profile details and enforcing the one-account-per-player rule to prevent duplicate registrations across the same household, address, phone number, email or IP address.

Security and Fraud Prevention

Processing supports security measures like encryption, access control and fraud detection systems that monitor for VPN or proxy use, unusual payment patterns and bonus abuse signals. Identity verification checks are triggered at withdrawal requests, high-risk deposits and account mismatches to confirm payment ownership and reduce the risk of unauthorized access or money laundering.

Analytics and Service Improvement

Usage data is analysed to understand player preferences, measure game performance and optimize platform features. Technical data helps identify browsing issues, assess device compatibility and monitor response times across live chat and help centre support channels. This information is not used for automated decision-making but informs manual adjustments to layout, navigation and content delivery.

Marketing and Promotional Communication

Contact details are used to send newsletters, bonus offers, reload promotions and updates about new games or sportsbook markets. Users can opt out of marketing messages through account settings or by contacting support. Communication related to account security, payment processing and regulatory compliance is not considered marketing and cannot be disabled.

Legal Basis for Processing

Data processing relies on legal grounds that justify the collection and use of personal information. These grounds connect to real actions users take and the obligations the platform must meet.

Consent and Voluntary Participation

Users provide consent by accepting the terms during registration and opting in to marketing preferences. Consent can be withdrawn at any time, though doing so may limit access to certain promotional features or result in account closure if essential processing cannot continue.

Contractual Necessity

Processing is necessary to fulfill the agreement between the user and NovaForge LTD, including account creation, payment handling, bonus activation and withdrawal processing. Without this data, the platform cannot deliver core services like pokies, live casino games or sportsbook betting.

Legal Obligation and Regulatory Compliance

The operator must process data to comply with licensing conditions under the Gaming Board of Anjouan, anti-money laundering legislation and age verification requirements. This includes identity checks, transaction history reviews and cooperation with regulatory inquiries or legal disclosures when required by law.

Legitimate Interests

Processing supports legitimate business interests such as fraud prevention, platform security, customer support and service improvement. These interests are balanced against user privacy rights, and data is only used when the impact on users is minimal and justified by operational needs.

Data Sharing and Third-Party Disclosure

Personal information is shared with external parties only when necessary to operate the platform, process payments or meet legal requirements. Data is not sold to third parties or used for purposes unrelated to service delivery.

Service Providers and Technical Partners

The platform relies on third-party providers for hosting, payment processing, game delivery and analytics. These partners include payment gateways that handle Visa and Mastercard transactions, game suppliers such as Pragmatic Play, Red Tiger, Microgaming, Evoplay, OnAir, Hacksaw, Spinomenal, Amusnet, Yggdrasil, BGaming, Betsoft and Playson, and analytics tools that track session data and usage patterns. All service providers are contractually bound to protect data and use it only for specified purposes.

Affiliates and Associated Entities

Data may be shared within the NovaForge LTD operator cluster and the NaoBet brand platform to manage accounts, coordinate promotions and enforce terms across verticals. This includes sharing account history, bonus activity and payment records to prevent multi-account abuse and ensure consistent application of wagering requirements and withdrawal limits.

Regulators and Legal Authorities

Information is disclosed to the Gaming Board of Anjouan and other authorities when required by law, court order or regulatory investigation. This includes identity documents, transaction history and account activity records used in anti-money laundering checks, fraud investigations and compliance audits.

Data Retention and Storage Periods

Personal data is stored for as long as necessary to fulfill the purposes outlined in this policy and meet legal retention requirements. Storage periods vary based on the type of information and regulatory obligations.

Account and Transaction Data

Account details, payment records and transaction history are retained for up to 10 years after account closure to comply with anti-money laundering legislation and facilitate dispute resolution. This includes identity documents submitted during KYC checks, proof of address provided within the 30-day window and payment ownership proof used for withdrawal verification.

Marketing and Communication Data

Contact preferences and marketing consent records are stored until users withdraw consent or request deletion. Once removed, email addresses and phone numbers are suppressed to prevent future marketing messages, though transactional communication related to account security and compliance may continue if the account remains active.

Technical and Usage Data

Session logs, IP addresses and device identifiers are retained for up to 12 months to support security monitoring, fraud detection and technical troubleshooting. After this period, data is anonymized or deleted unless extended retention is required for ongoing investigations or legal proceedings.

User Rights and Data Control

Users have rights over their personal information and can take actions to access, correct, restrict or delete data held by the platform. These rights are exercised through support channels and are subject to certain limitations based on legal obligations.

Access and Data Portability

Users can request a copy of their personal data, including account details, transaction history and communication records. Requests are processed within 30 days, and data is provided in a structured, commonly used format such as PDF or CSV. Data portability allows users to transfer information to another service, though compatibility depends on the receiving platform.

Rectification and Correction

Users can update or correct inaccurate information through account settings or by contacting support. Changes to name, address or payment details may trigger additional verification checks to confirm identity and prevent unauthorized account modifications. Some fields, such as date of birth, cannot be changed once verified without submitting updated identity documents.

Erasure and Deletion

Users can request deletion of their personal data after account closure, subject to legal retention obligations. Data required for anti-money laundering compliance, dispute resolution or regulatory audits must be retained for the full legal period, even after an erasure request. Once the retention period ends, data is permanently deleted or anonymized.

Restriction and Objection

Users can restrict processing for specific purposes, such as marketing communication or analytics, without closing their account. Objection rights apply to processing based on legitimate interests, though the platform may continue processing if it can demonstrate compelling grounds that override user privacy concerns. VPN or proxy use can trigger account review even if general data processing is restricted.

Security Measures and Data Protection

The platform employs technical and organizational safeguards to protect personal data from unauthorized access, loss or misuse. Security measures are designed to reduce risks but cannot eliminate all threats.

Encryption and Secure Storage

All payment transactions and account communications are encrypted using industry-standard protocols. Passwords are hashed and stored in secure databases with restricted access. Credit card numbers and payment details are tokenized and processed through PCI-compliant gateways, reducing exposure during Visa, Mastercard and Interac e-Transfer transactions.

Access Control and Internal Procedures

Access to personal data is limited to authorized personnel who require it for account management, customer support or compliance functions. Staff are trained in data protection procedures and subject to confidentiality agreements. Two-factor authentication is available for user accounts to reduce the risk of unauthorized login attempts.

Monitoring and Incident Response

The platform monitors for suspicious activity, including irregular betting patterns, duplicate account signals and payment mismatches. Security incidents are logged and reviewed by the KYC team, which can complete verification within up to 10 days after full document submission. If a data breach occurs, affected users are notified in accordance with applicable legislation and regulatory guidance.

Cookies and Tracking Technologies

The platform uses cookies and similar technologies to enable core functionality, track usage and deliver personalized content. Users have some control over cookie settings, though disabling certain types may affect platform performance.

Types of Cookies Used

Essential cookies are required for account login, session management and payment processing. These cannot be disabled without preventing access to the platform. Analytics cookies track page views, session duration and navigation patterns to measure user engagement and identify technical issues. Marketing cookies support targeted promotions and retargeting campaigns based on browsing behavior.

User Control and Deactivation

Users can manage cookie preferences through browser settings, blocking or deleting cookies at any time. Disabling analytics or marketing cookies does not affect core functionality but may result in less relevant promotional offers. Mobile browser access on Android and iOS devices supports cookie controls through device settings and browser options.

Third-Party Cookies and Tracking

Some cookies are set by third-party providers, including game suppliers and analytics platforms. These partners operate under their own privacy policies, and users should review those documents to understand how data is collected and used beyond the NaoBet platform. Tracking technologies such as pixel tags and web beacons may also be used to measure campaign performance and monitor user interactions.

Third-Party Links and External Websites

The platform may include links to external websites, including payment gateways, affiliate partners and regulatory authorities. The operator is not responsible for the privacy practices or content of these third parties.

External Link Disclaimer

Users who click on external links leave the NaoBet platform and enter websites governed by separate privacy policies. The operator does not control how third parties collect, use or share personal data and recommends reviewing their policies before submitting any information.

Responsibility and Liability

NovaForge LTD is not liable for data breaches, unauthorized access or privacy violations that occur on third-party websites. Users should exercise caution when providing personal or financial information to external services, even if linked from the platform.

Children and Age Restrictions

The platform is strictly for users aged 18 and over. Underage gambling is prohibited, and the operator takes steps to prevent minors from accessing the service.

Age Verification and Enforcement

All users must confirm they are at least 18 years old during registration. The platform may request identity documents at any stage to verify age and prevent underage access. Accounts created by users under 18 are closed immediately, and any winnings or deposits are voided or returned in accordance with regulatory guidance.

Data Collection from Minors

The platform does not knowingly collect personal data from individuals under 18. If it is discovered that a minor has registered an account, the data is deleted as soon as possible, subject to legal retention requirements. Parents or guardians who believe a minor has accessed the platform should contact support immediately.

Policy Updates and Changes

This policy is reviewed and updated periodically to reflect changes in platform features, legal requirements or data processing practices. Users are notified of material changes and encouraged to review the updated document.

Update Frequency and Notification

The policy is updated as needed, with the effective date displayed at the top of the document. Users are notified of significant changes through email, account notifications or pop-up messages upon login. Continued use of the platform after an update constitutes acceptance of the revised policy.

Review and Acceptance

Users are responsible for reviewing the policy regularly to stay informed about how their data is processed. If a user does not agree with the updated terms, they should stop using the platform and request account closure before the new policy takes effect.

Contact and Data Protection Inquiries

Users can submit privacy-related questions, exercise their data rights or request clarification on processing activities by contacting the support team. Responses are provided within a reasonable timeframe based on the complexity of the request.

Support Channels and Response Times

Privacy inquiries can be submitted through live chat or the help centre. Requests related to data access, deletion or restriction are reviewed by the KYC team and processed within 30 days. Complex requests involving legal obligations or regulatory compliance may require additional time and documentation.

Data Protection Requests

Users can request details about the personal data held, ask for corrections or deletions, or object to specific processing activities. All requests must include sufficient information to verify the user's identity, such as account details, registered email address or a copy of the identity document used during KYC verification. The operator reserves the right to refuse requests that cannot be authenticated or that conflict with legal retention obligations.