Privacy Policy

Last updated: 2026-01-15

This Privacy Policy describes how the Mostbet India download hub (operated by Venson Ltd) collects, processes, and protects personal information of Indian users who download the Android APK, iOS app, Windows desktop client, or use any mirror URL distributed via this portal.

1. Data Collected at Download

The download portal itself collects minimal data:

• IP address (anonymized after 30 days)
• User agent (device type, OS, browser)
• Referring URL (which mirror or external site directed you here)
• Download timestamp and file picked (APK / iOS / desktop)

This data is used for fraud prevention, mirror health monitoring, and aggregate download statistics. It does not identify you personally before account creation.

2. Data Collected at Registration

When you sign up via any download channel:

• Full name, date of birth, gender
• Email and phone number
• Aadhaar Card (KYC identity verification, before withdrawal)
• PAN Card (tax ID verification)
• UPI VPA, bank account, e-wallet IDs (for deposits/withdrawals)
• Selfie + document photos (KYC liveness check)

3. Data Collected by Each Download

Android APK

• Device model, Android version, app version, build hash
• Crash logs (anonymized stack traces)
• Push notification token (revocable)
• Biometric ID hash (Android Keystore — never leaves device)
• Network type (Wi-Fi/cellular) and approximate IP region
• Game session events for analytics and fraud detection

iOS App

• Same as Android plus iOS version + device IDFV (vendor-scoped)
• App Tracking Transparency declined by default — we do not request IDFA
• Apple ID region (used for region-switch onboarding hints; not stored long-term)

Windows Desktop

• Windows version, hardware fingerprint hash
• Crash dumps (with personal info filtered)
• App-specific telemetry only — no system-wide tracking

PWA / Mirror URLs

• Browser fingerprint (low-entropy: viewport, platform, language)
• Session cookies for login state
• Mirror routing token (which mirror you arrived through, for load balancing)

4. How Data Is Used

• Account management — login, KYC, support tickets
• Payment processing via UPI / PhonePe / Paytm / crypto rails
• AML compliance under Curacao eGaming license terms
• Fraud and bonus-abuse detection
• Mirror routing — when one URL becomes unreachable, route you to a working mirror
• Push notifications — match alerts, bonus drops (opt-in)
• App stability — anonymized crash logs drive bug fixes in next build
• Aggregate analytics — improving the platform; no individual identification

5. Data Sharing

We share data only with parties needed to deliver the service:

• Payment processors (UPI, banks, crypto exchanges)
• KYC verification services (Aadhaar/PAN authenticity check)
• Game providers (Spribe, Pragmatic Play, Evolution etc. — receive in-game session data)
• Crash analytics (anonymized)
• Regulators and law enforcement (only on lawful order)

We do not sell personal data. Mirror visit data is not shared with third parties at all.

6. Data Security

• 256-bit SSL/TLS on every endpoint, including all mirrors
• AES-256 encrypted KYC document storage
• APK signed with Venson Ltd certificate — Android verifies signature on install
• Biometric data stays on device (iOS Secure Enclave / Android Keystore)
• Role-based access controls for staff handling player data
• Independent penetration testing twice yearly
• PCI DSS compliance for card data

7. Your Rights

• Access — request all data we hold about you
• Correction — fix inaccurate information
• Deletion — request account closure (subject to AML retention period)
• Portability — receive your data in JSON
• Marketing opt-out — anytime via Account → Notifications

Email [email protected] to exercise rights. Response within 30 days.

8. Cookies, Tracking, and Mirror Telemetry

Strictly necessary cookies — login session, security tokens. Performance cookies — anonymized analytics. Functional cookies — language and odds-format preferences. Affiliate cookies — referral attribution. Mirror telemetry — which mirror routed you, used for load balancing only. All non-essential cookies require your consent on first visit.

9. Age Verification

18+ only. KYC validates age via Aadhaar before any withdrawal. Underage accounts are closed, bets voided, deposits refunded minus winnings.

10. Data Retention

Account data retained for the lifetime of the account plus 5 years post-closure (AML requirement). Financial transaction logs retained 7 years (accounting requirement). Crash logs and download analytics retained 90 days. After retention windows, data is deleted or irreversibly anonymized.

11. Cross-Border Transfers

Primary servers are in the European Union. Some processors operate from other jurisdictions. All cross-border transfers are covered by Standard Contractual Clauses or adequacy decisions.

12. Policy Changes

Material changes are emailed to registered users and posted on this page. Continued use after notice constitutes acceptance.

13. Contact

• Data Protection Officer: [email protected]
• General support: [email protected]
• In-app live chat: 24/7
• Operator: Venson Ltd, Curacao eGaming Authority registered address