By Alex M. T. Russell
Digital gaming researcher, former compliance consultant, occasional A$ loser at online pokies
I’ve spent the better part of a decade reading privacy policies so you don’t have to. Not because I enjoy legal prose – nobody does – but because I once had a dispute with an online casino over how my data was shared with third-party marketers, and it cost me three weeks of back-and-forth emails and a mild case of inbox anxiety. Since then, I treat privacy policies the way a mechanic treats oil checks: boring, essential, non-negotiable.
When I sat down with the Stellar Spins Casino privacy policy, I went in with my usual scepticism. What I found was a document that actually tries to explain things plainly, at least by industry standards. Below is my honest breakdown – what the policy covers, what it means for you as an Australian player, and where you should pay attention.
Who is collecting your data, and under what authority
Stellar Spins Casino operates under a valid gaming licence and collects personal data as a data controller – meaning they decide what is collected, why, and for how long. For Australian players, this is particularly relevant because Australia’s Privacy Act 1988 and the Australian Privacy Principles (APPs) govern how offshore gambling platforms must handle the data of Australian residents. Any operator targeting Australian players is expected to align with these standards, regardless of where the company is incorporated.
The policy names the specific legal entity responsible for your information, along with a registered address and a dedicated privacy contact. This matters because, if something goes wrong, you need to know who is accountable. A policy that buries this in footnotes is a red flag; Stellar Spins puts it upfront. The contact for privacy-related complaints and requests is accessible via the support email listed on the site, and the policy commits to responding within 30 days – a timeframe consistent with Australian APP requirements.
What data Stellar Spins Casino collects
The breadth of this list isn’t unusual for a licensed online casino – it’s largely required by law. Anti-money laundering (AML) obligations under Australia’s Anti-Money Laundering and Counter-Terrorism Financing Act 2006 mean that any platform accepting real-money deposits must collect identity and financial data. Stellar Spins doesn’t hide this; the policy explains the legal basis for each category of collection, which is exactly what it should do.
| Data category | Examples | When it’s collected |
|---|---|---|
| Identity data | Full name, date of birth, nationality | During registration |
| Contact data | Email address, phone number, postal address | During registration |
| Financial data | Bank account details, A$ transaction history, payment method | During deposit/withdrawal |
| Technical data | IP address, browser type, device identifiers | Automatically on site visit |
| Usage data | Game history, session duration, wagering patterns | During active play |
| KYC documents | Passport, driver’s licence, proof of address | During verification |
| Communication data | Support chat logs, email correspondence | During support interactions |
Why your data is used: the legal bases explained
Casinos process data for several reasons, and Stellar Spins lists each one with the corresponding legal justification. This is good practice and something I wish more operators did clearly. The main purposes are:
- Contractual necessity – to register your account, process deposits and withdrawals in A$, and deliver the gaming service you signed up for
- Legal obligation – to verify your identity (KYC), prevent fraud, comply with AML rules, and report suspicious activity to AUSTRAC
- Legitimate interest – to improve the platform, personalise your experience, detect technical issues, and conduct internal analytics
- Consent – to send you marketing emails, push notifications, or promotional offers (you can withdraw this consent at any time)
The distinction between “legitimate interest” and “consent” is one that trips up a lot of players. If you see a pre-ticked marketing box during registration, that’s not valid consent under most modern privacy frameworks. Stellar Spins states that marketing communications require your explicit opt-in – and that’s the standard you should expect.
Third-party data sharing: who else sees your information
This is the section most people skip and most often regret skipping. Stellar Spins shares your data with the following categories of third parties:
- Payment processors – to facilitate A$ deposits and withdrawals (e.g. Visa, Mastercard, bank transfer providers)
- KYC and identity verification providers – third-party services that cross-check your documents against government databases
- Game software providers – studios whose games are hosted on the platform may receive anonymised gameplay data
- Regulatory authorities – AUSTRAC and other licensing bodies as required by law
- Analytics and fraud prevention tools – services that monitor for suspicious patterns or responsible gambling indicators
What the policy does not do is sell your data to advertisers. This is a meaningful distinction. Some grey-market platforms generate revenue by monetising player data; Stellar Spins explicitly states that data is not sold to third parties for commercial purposes. If you ever see a policy that doesn’t address this point directly, treat it as a warning sign.
Data retention: how long they keep your records
These retention periods are broadly in line with what Australian law requires for financial service providers. The seven-year figure for transaction records reflects the standard required by the Australian Taxation Office for financial record-keeping. It’s not Stellar Spins being nosy – it’s them staying legal.
| Data type | Retention period | Reason |
|---|---|---|
| Account and identity data | 5 years after account closure | AML and tax compliance |
| Transaction records | 7 years | Australian financial regulations |
| KYC documents | 5–7 years depending on jurisdiction | Regulatory requirement |
| Marketing preferences | Until you withdraw consent | GDPR/APP alignment |
| Support communications | 2 years | Dispute resolution |
Your rights as an Australian player
Under the Australian Privacy Principles and, where applicable, international frameworks like GDPR (which influences how many offshore operators structure their policies), you are entitled to:
- Access – request a copy of all personal data held about you
- Correction – ask for inaccurate data to be updated
- Deletion – request erasure of your data (subject to legal retention obligations)
- Portability – receive your data in a structured, machine-readable format
- Objection – opt out of processing based on legitimate interests, particularly for profiling
- Restriction – ask that processing be limited while a complaint is investigated
- Withdraw consent – opt out of marketing at any time, without affecting your account
To exercise any of these rights, you submit a request through the casino’s support channels. The policy commits to verifying your identity before processing such requests – a necessary step that protects you from someone else accessing your data while pretending to be you.
Cookies and tracking technologies
Stellar Spins uses cookies for authentication, session management, security, and analytics. The site employs a cookie consent banner on first visit, with granular controls that let you accept only strictly necessary cookies and decline everything else. Functional and analytical cookies are opt-in, as they should be. The policy lists the specific cookie categories used:
- Strictly necessary – login sessions, security tokens (cannot be disabled)
- Functional – language preferences, UI customisation
- Analytical – page views, session duration, feature usage patterns
- Marketing – used only if you’ve opted into promotional communications
If you’re playing from a shared device, I’d recommend clearing your cookies after each session regardless of what the policy says. It’s basic hygiene that the policy won’t protect you from.
Responsible gambling and data use
One aspect of Stellar Spins’ privacy policy that stands out is the explicit mention of responsible gambling tools and how they interact with your data. Deposit limits, session timers, self-exclusion records, and wagering history are all stored and, where you’ve activated self-exclusion, shared with relevant gambling support registries. This is not a negative – it’s a feature. The platform using your data to protect you from yourself is a legitimate and, in Australia, increasingly regulated use of player information.
