Legal
Privacy & Cookies Policy
Last updated / Effective: 23 June 2026
This Privacy Policy explains how 3-102-943085 Sociedad de Responsabilidad Limitada ("3-102-943085 S.R.L.", "Raize", "we", "us"), which operates the Raize online poker platform at raize.poker, collects, uses, shares and protects your personal data, and your rights over it.
We are committed to processing your personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the UK GDPR and Data Protection Act 2018, and the data-protection requirements of our Anjouan gaming licence.
1. Who is responsible for your data (controller)
The data controller is 3-102-943085 S.R.L., registered office San José, Escazú, San Rafael, Guachipelín, 400 m north of Construplaza, Latitud Norte Building, 3rd Floor, c/o Quatro Legal, Costa Rica. For any privacy matter, contact us at admin@raize.poker.
We do not offer the Service to residents of the European Union, the European Economic Area or the United Kingdom (see our Terms, Restricted Territories). We nonetheless apply the data-protection standards set out in this Policy as a matter of good practice and to meet the data-protection conditions of our Anjouan licence.
2. The personal data we collect
- Identity & verification data — name, date of birth, nationality, gender, government-issued ID document images, and the biometric facial-verification data described in §6.
- Contact data — email, phone, address, country of residence.
- Account & financial data — username, password (hashed), cryptocurrency wallet addresses, transaction history, deposits, withdrawals, balances, and source-of-funds/wealth information.
- Gameplay data — hands played, bets, results, table chat, session times, and live-dealer video/audio recordings of your play.
- Technical & usage data — IP address, approximate location/geolocation, device and browser data, cookies and similar identifiers (§9), and logs.
- Responsible-gaming & compliance data — limits you set, self-exclusion status, self-assessment responses, AML risk scoring, PEP/sanctions screening results, and correspondence with us.
We collect this from you directly, automatically as you use the Service, and from third parties (identity-verification, sanctions/PEP, fraud-prevention, blockchain-analytics and payment providers).
3. How we use your data and our lawful bases
| Purpose | Lawful basis (GDPR/UK GDPR) |
|---|---|
| Create and operate your Account; provide games | Contract (Art 6(1)(b)) |
| Notify your introducing/managing agent that your Account is linked to them, and share limited account details so they can help manage and support your Account | Legitimate interests (Art 6(1)(f)) — operating our agent/introducer programme and supporting account management; this is the basis for all agent-linked Accounts (including where your Account was created by, or later assigned to, an agent), and you may object (§8). Contract (Art 6(1)(b)) may additionally apply where you registered through an agent. |
| Identity verification / KYC (incl. biometric facial check) | Legal obligation (Art 6(1)(c)) + legitimate interests (Art 6(1)(f)); plus Art 9 condition for biometric data — see §6 |
| AML/CFT, sanctions screening, fraud prevention, source-of-funds | Legal obligation (Art 6(1)(c)); legitimate interests (Art 6(1)(f)); substantial public interest (Art 9(2)(g)) for any special-category data |
| Process crypto deposits/withdrawals | Contract (Art 6(1)(b)); legal obligation (Art 6(1)(c)) |
| Game integrity, anti-collusion/anti-bot, dispute resolution, live-dealer recording | Legitimate interests (Art 6(1)(f)); legal obligation (Art 6(1)(c)) |
| Responsible-gaming monitoring and tools | Legal obligation (Art 6(1)(c)); legitimate interests; substantial public interest / explicit consent for any health-related inference |
| Marketing (where permitted / where you consented) | Consent (Art 6(1)(a)) or legitimate interests, per local law |
| Improve and secure the Service; analytics | Legitimate interests (Art 6(1)(f)) |
| Comply with regulators, courts and law | Legal obligation (Art 6(1)(c)) |
Where we rely on legitimate interests, we have balanced them against your rights; you may object (§8).
4. Marketing
We will only send you gambling marketing in line with applicable law and your preferences. You can opt out at any time via your Account settings or the unsubscribe link in any message. We do not market to minors, self-excluded players, or persons who have asked us to stop, and we never present gambling as a solution to financial problems.
5. Who we share your data with
- Identity-verification and biometric KYC providers — including Youverse (YooniK – Privacy and Authentication Systems, S.A., Portugal; facial verification, liveness and age estimation — see §6), and other identity, document-verification, sanctions/PEP and fraud-prevention vendors.
- Payment and blockchain providers — cryptocurrency payment processors and blockchain-analytics / AML screening providers used to assess transaction risk.
- Service providers (processors) — hosting, live-streaming, customer support, communications, security and analytics providers acting on our instructions under data-processing agreements.
- Your introducing / managing agent — if you registered through an agent, your Account was created by an agent, or your Account has been assigned to an agent (an affiliate or partner who introduces players to Raize and helps manage their accounts), we share with that agent your username and the contact detail(s) you provided — your email address and/or phone number, so the agent can be notified that your Account is linked to them and can assist with account management and support. For this purpose we share only your username and these contact details — not your password, financial, gameplay, identity-document or biometric data.
- Regulators, auditors and authorities — Anjouan Licensing Services Inc., financial intelligence units, independent game-testing/auditing bodies, law enforcement and courts, where required.
- Corporate transactions — a buyer/successor in a merger, acquisition or reorganisation, subject to this Policy.
We do not sell your personal data.
6. Biometric data & facial verification (Youverse) — sensitive data
6.1 What we collect and why
To meet our legal and licensing obligations (age verification, KYC and anti-money-laundering) and to prevent fraud and underage gambling, we require you to complete a facial verification check during onboarding (and sometimes again later). Using your device camera, you provide a selfie or short video, which is processed through our verification provider Youverse. This processes biometric data, including:
- facial geometry / a facial template (a mathematical representation of your face, used to confirm it is you);
- "liveness" data (checks that confirm you are a real, live person physically present, and not a photo, mask or deepfake); and
- facial age-estimation data (an estimate of your age from your facial image, to help confirm you are over 18).
Where we also verify a government-issued identity document, your selfie may be compared with the photo on that document.
6.2 This is "special category" data
Because this data is used to uniquely identify you, it is "special category" biometric data under Article 9 GDPR / UK GDPR. The law requires us to have both a general lawful basis (Article 6) and a separate Article 9 condition before we process it.
6.3 Our lawful bases
- Article 6(1)(c) (legal obligation) and 6(1)(f) (legitimate interests in fraud prevention and platform integrity); and
- Article 9(2)(a) — your explicit consent, which we ask for separately and which you give by the dedicated consent action at verification (not merely by accepting our Terms); and/or
- Article 9(2)(g) — substantial public interest (the prevention of money laundering, terrorist financing and fraud, as provided by applicable law), which we may also rely on so that verification can remain a condition of using a regulated gambling service.
6.4 Your explicit consent, and your right to withdraw it
We ask for your explicit, separate consent to the biometric processing before the check, with clear information about what is processed and why. You can withdraw your consent at any time by contacting admin@raize.poker. Withdrawing consent (or declining the check) means we cannot complete the verification the law requires, so we will not be able to open or maintain your Account or allow real-money play, and we may close your Account and return any undisputed Player Funds after our checks. Withdrawal does not affect processing carried out before withdrawal, or processing we must continue for AML record-keeping.
6.5 Youverse's role and where your data is processed
The facial-verification service is provided by Youverse (YooniK – Privacy and Authentication Systems, S.A., a company incorporated in Portugal, EU). Under our agreement, Youverse acts solely as our data processor and processes your data only to provide the verification service to us; it does not use your biometric data for its own purposes. Any data Youverse uses to improve its own services is anonymised so that it no longer identifies you.
Your biometric data is processed within the European Union (on cloud infrastructure located in Ireland), where strong data-protection law applies. Youverse uses a privacy-protective, decentralised design: where a facial template is retained, it is hashed and split into parts stored separately, so there is no central database that could expose your biometric information. Youverse maintains information-security safeguards aligned with the ISO/IEC 27001 standard, and its liveness technology is independently tested to the ISO/IEC 30107 presentation-attack standard.
6.6 Retention and deletion of biometric data
Your biometric data is kept only for as long as necessary. For document/identity checks, Youverse does not persist or store your identity-verification data on its servers after a verification is completed. Where a facial template is retained to support facial log-in/authentication, it is held only in the hashed, split form described above for as long as your Account uses that feature, and is deleted when you stop using it or close your Account. Raize itself retains only the verification result (pass/fail) and a record that verification took place, for the five-year period required by anti-money-laundering law (§7).
6.7 International transfer of biometric data
Where Youverse or its infrastructure processes your data outside your country, we protect that transfer with appropriate contractual and security safeguards — see §10.
7. How long we keep your data (retention)
- KYC, AML, transaction and source-of-funds records: at least five (5) years after the end of our relationship (licence/AML requirement).
- Account and gameplay data: for the life of your Account and a reasonable period afterwards for legal, dispute, audit and regulatory purposes.
- Biometric templates/media: as in §6.6 (short retention; only the result kept for the AML period).
- Self-exclusion records: for as long as needed to honour the exclusion and meet our obligations.
- Marketing data: until you opt out, then suppression-list only.
When data is no longer needed, we delete or anonymise it.
8. Your data-protection rights
Subject to law, you have the right to: access your data; rectify inaccurate data; request erasure; restrict or object to processing; data portability; withdraw consent at any time (including biometric consent, §6.4); and not be subject to solely automated decisions with legal/significant effects without safeguards. To exercise any right, contact admin@raize.poker. We respond within one month (extendable for complex requests). Some rights are limited where we must keep data to meet AML, licensing or other legal obligations.
You also have the right to complain to a data-protection authority in your country of residence, where one exists. Please raise any concern with us first at admin@raize.poker; you may also contact our licensing authority, Anjouan Licensing Services Inc.
9. Cookies and tracking
We use cookies and similar technologies to operate the Service (essential cookies), remember preferences, provide security, and measure and improve performance. Non-essential cookies (analytics, marketing) are used only with your consent through our cookie banner, which you can change at any time.
10. International data transfers
We may transfer personal data to recipients (including Youverse and other providers) in other countries. Where we do, we put in place appropriate contractual and security safeguards — such as data-processing agreements and recognised standard contractual clauses — so that your data continues to receive a high standard of protection, and we assess the risks of each transfer. Copies of the safeguards we use are available on request at admin@raize.poker.
11. Data security
We use technical and organisational measures to protect your data, including TLS/SSL encryption in transit, encryption of sensitive data at rest, access controls, two-factor authentication, firewalls and intrusion detection, and regular testing. No system is completely secure; please protect your own credentials.
12. Personal data breaches
If a personal-data breach is likely to result in a risk to your rights, we will notify the competent supervisory authority within 72 hours where required, and affected individuals where the risk is high. We will also notify Anjouan Licensing Services Inc. within 24 hours of a major incident such as a data breach, as required by our licence.
13. Children
The Service is strictly for adults aged 18+. We do not knowingly collect data from anyone under 18; if we learn we have, we delete it and close the Account.
14. Changes to this Policy
We may update this Policy. We will post the revised version with a new "Effective" date and, for material changes (including to biometric processing), give prominent notice and, where required, seek fresh consent.
15. Contact
Data controller: 3-102-943085 S.R.L. (trading as Raize). Privacy contact: admin@raize.poker. Licensing authority: Anjouan Licensing Services Inc., 15619 Hamchako, Mutsamudu, Autonomous Island of Anjouan, Union of the Comoros.