LEGIANO
Claim Bonus

Legal · Last updated 5 May 2026

Privacy Policy.

This is the part where we tell you what we do with your data, what we don't do with it, and what control you have over it. We've done our best to write this in plain English rather than legalese — if anything still reads as impenetrable, email us and we'll fix it.

In short: we collect what we need to run a licensed casino safely (your account details, payment info, gameplay records), we keep it secure with industry-standard encryption, we don't sell it to third parties, and you can request a copy or have it deleted at any time. The full detail follows.

On this page

  1. 1. Introduction
  2. 2. What information we collect
  3. 3. How we use your information
  4. 4. Legal basis for processing
  5. 5. Who we share your data with
  6. 6. International data transfers
  7. 7. How long we keep your data
  8. 8. Your rights and how to use them
  9. 9. Cookies and tracking
  10. 10. How we protect your information
  11. 11. Minors and underage protection
  12. 12. Changes to this policy
  13. 13. Contact us

1. Introduction

Legiano Casino (“Legiano”, “we”, “us”, or “our”) operates the website at aulegiano.com under a Curaçao eGaming licence. We're committed to protecting the privacy of every player who visits our site — whether you sign up, deposit, or just browse.

This Privacy Policy explains what data we collect, why we collect it, how we use it, who we share it with, and what rights you have over it. It applies to all visitors of aulegiano.com and to all registered Legiano account holders.

We process personal data in line with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and, where applicable to non-Australian players, with the principles set out in the EU General Data Protection Regulation (GDPR). Our Curaçao licensing framework also imposes specific obligations around player verification, anti-money-laundering checks, and dispute resolution — these are flagged where relevant below.

2. What information we collect

We collect information in three broad ways:

a) Information you give us directly

When you register an account, deposit funds, contact support, or claim a bonus, you provide us with:

  • Identity data — full name, date of birth, gender (optional), nationality, country of residence.
  • Contact data — email address, mobile phone number, postal address.
  • Account credentials — username, password (stored as a salted hash, never in plain text), security questions.
  • KYC documents — copies of government-issued photo ID (driver's licence, passport), proof of address (utility bill, bank statement), and source-of-funds documents where required by AML rules.
  • Financial data — payment method type, last four digits of card numbers, crypto wallet addresses, transaction history. Full card numbers are never stored on our servers — they're tokenised by our PCI-DSS-compliant payment partners.
  • Communications — emails, live-chat transcripts, and any documents you send to support.

b) Information we collect automatically

  • Device data — browser type and version, operating system, screen resolution, language settings, timezone.
  • Network data — IP address, internet service provider, approximate geolocation derived from IP.
  • Usage data — pages visited, games played, bet sizes, session length, click patterns, deposit and withdrawal history.
  • Cookies and similar technologies — see Section 9 below for the full breakdown.

c) Information from third parties

We sometimes receive data from external sources to verify your identity, process payments, or detect fraud:

  • Identity verification providers (such as iDenfy, Sumsub or Onfido) confirm the authenticity of the documents you upload.
  • Payment processors (Visa, Mastercard, our crypto gateway, local methods like PayID and BPAY) provide transaction metadata.
  • Anti-fraud and AML screening tools check whether you appear on sanctions lists or politically-exposed-persons (PEP) registers.
  • Game studios and live-dealer operators share gameplay records associated with your account.

3. How we use your information

We use your data to do six things, in order of priority:

  1. Run your account. Register you, log you in, process deposits and withdrawals, credit bonuses, and show you your transaction history.
  2. Verify your identity. Confirm you're who you say you are, that you're of legal gambling age (18+), and that you're not on any self-exclusion or sanctions register. This is required by our licence and by anti-money-laundering law.
  3. Keep the platform secure. Detect and prevent fraud, multi-accounting, bot activity, payment chargebacks, and unauthorised access to your account.
  4. Provide customer support. Respond to your live-chat messages, emails, and any complaints you raise.
  5. Improve the product. Understand which games and features players actually use, where the website breaks, and how the experience can be made smoother. This is aggregated, never used to single you out.
  6. Send you communications. Account notifications (password resets, withdrawal confirmations, KYC requests) are always sent. Marketing emails (new game releases, bonuses, tournaments) are only sent if you opted in — and you can unsubscribe with one click at any time.

5. Who we share your data with

We do not sell your personal data. Full stop. We do share specific information with specific parties for specific reasons:

  • Payment processors — to move money into and out of your account. They see your payment-method details, the amount, and a transaction reference.
  • Identity verification providers — to confirm your KYC documents are genuine. They see your ID images and return a pass/fail result.
  • Game studios and live-dealer operators — to deliver the games you play. They see your account ID and gameplay events, but not your personal details.
  • Cloud and hosting providers — Amazon Web Services and Cloudflare, who store our data and serve our website. They're bound by data-processing agreements and don't access your data unless we instruct them to.
  • Customer-support tools — Intercom or similar for live-chat history. Only your conversations and account ID are visible.
  • Regulators and law enforcement — Curaçao gaming authorities, AML/CTF reporting bodies, courts, and law-enforcement agencies, where we're legally required to disclose information.
  • Professional advisers — auditors, lawyers, and accountants, under strict confidentiality.

All third parties are required by contract to handle your data only for the purpose we share it for, to keep it secure, and to delete it when their role ends.

6. International data transfers

Legiano operates internationally, and your data may be transferred to, stored, or processed in countries outside your home jurisdiction — including Curaçao (where our licensing authority is based), the European Union, the United Kingdom, and the United States (where some of our cloud and payment partners are based).

Where data leaves the European Economic Area or Australia, we use approved transfer mechanisms — Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent safeguards — to make sure your data continues to be protected to a standard comparable to your home country's.

7. How long we keep your data

We don't keep data forever. Different categories have different retention periods, set by either licensing obligations or what's reasonable for the purpose:

  • Account and transaction records — kept for at least five years after your last activity or account closure, as required by AML/CTF regulations under our Curaçao licence.
  • KYC documents — kept for the same five-year period after account closure.
  • Customer-support transcripts — kept for two years from the date of the conversation.
  • Marketing preferences and unsubscribe records — kept indefinitely so we don't accidentally email you again after you opted out.
  • Self-exclusion records — kept indefinitely. These exist to protect you, and we treat them as non-deletable.
  • Cookies — see Section 9 for the per-cookie breakdown. Most expire within a year.

After the retention period, your data is either fully deleted or anonymised so it can no longer be linked back to you.

8. Your rights and how to use them

Depending on where you live, you have some or all of the following rights over your personal data. Under the Australian Privacy Principles and the GDPR these rights are broad and largely overlap:

  • Right of access — ask for a copy of all personal data we hold about you.
  • Right to rectification — correct any data that's wrong or out of date.
  • Right to erasure — ask us to delete your data, subject to our retention obligations (we can't delete records we're legally required to keep).
  • Right to restrict processing — ask us to limit what we do with your data while we resolve a query.
  • Right to data portability — receive your data in a structured, machine-readable format and have it transferred to another service.
  • Right to object — object to specific types of processing, especially marketing.
  • Right to withdraw consent — for any processing that's based on consent, you can withdraw it at any time.
  • Right to complain — to a data-protection authority. In Australia that's the Office of the Australian Information Commissioner (OAIC); in the EU it's your local national authority.

To exercise any of these rights, email [email protected] from the email address linked to your account. We respond within 30 days. There's no charge for reasonable requests.

9. Cookies and tracking

Cookies are small text files stored on your device when you visit a website. We use them for four purposes — three of which are essential, one of which is optional:

  • Strictly necessary cookies — keep you logged in, remember your language and currency preferences, and protect against CSRF attacks. These can't be turned off because the site won't work without them.
  • Functional cookies — remember your recently-played games, your last-used payment method, and your accessibility preferences.
  • Analytics cookies — anonymous traffic measurement (Google Analytics 4 with IP anonymisation enabled, or a privacy-focused alternative). We see how many people visited which pages, never who.
  • Marketing cookies (optional) — set only if you opt in. Used to show relevant ads on other sites and to measure how well our campaigns work.

You can manage cookie preferences from the cookie banner shown on your first visit, or at any time via the Cookie Policy page. You can also block or delete cookies through your browser settings, but doing so may break parts of the site.

10. How we protect your information

We use industry-standard technical and organisational measures to keep your data safe:

  • Encryption in transit — every page on aulegiano.com is served over HTTPS with TLS 1.3 and forward-secrecy enabled.
  • Encryption at rest — sensitive data (passwords, KYC documents, payment tokens) is encrypted on our servers using AES-256.
  • Access controls — only a small number of authorised staff can access player records, and every access is logged. Two-factor authentication is mandatory for all internal accounts.
  • Network security — firewalls, intrusion detection, and DDoS protection via Cloudflare.
  • Regular audits — independent penetration testing and SOC-2 controls reviewed annually.
  • Player-side controls — strong password requirements, optional two-factor authentication, and session-timeout protection on every account.

No system is unbreakable, and no website can guarantee absolute security. If we ever discover a data breach that affects you, we'll notify you and the relevant authorities within 72 hours, as required by law.

11. Minors and underage protection

Legiano is strictly an over-18 service. We do not knowingly collect or process personal data from anyone under 18. If we discover that an account has been opened by a minor, we close it immediately, return any deposited funds to the original payment source, and void all winnings.

If you're a parent or guardian and you believe a minor has accessed our service or shared their data with us, please email [email protected] right away so we can investigate.

We strongly recommend installing parental-control software such as Net Nanny or CyberPatrol on devices that minors have access to.

12. Changes to this policy

We update this Privacy Policy from time to time — usually because we've added a new feature, changed a service provider, or because a law has changed. The version date at the top of the page tells you when the current version took effect.

For minor edits (typo fixes, clarifications), we update the page silently. For substantive changes (new categories of data, new sharing partners, changes to your rights), we notify all registered players by email at least 30 days before the change takes effect.

If you keep using Legiano after the change takes effect, that counts as your acceptance of the updated policy. If you don't agree, you can close your account at any time — see Section 8 for how.

13. Contact us

For any privacy-related questions — including data-access requests, deletion requests, or complaints — the fastest way to reach us is email:

[email protected]

For general account help (login issues, deposits, withdrawals), please use the 24/7 live chat instead — it's much faster.

If you have a complaint about how we've handled your data and we haven't resolved it to your satisfaction, you can escalate to the data-protection authority in your country (see Section 8).