Mazal

Legal

Privacy Policy

Last updated: 2026-05-21

What we collect

  • Email + hashed password for sign-in.
  • Wallet address(es) you link or use for deposits/withdrawals.
  • Game activity — every bet, every outcome, every settled round.
  • Operational logs — IP, user-agent, request paths (kept ≤30 days).
  • Cookies — one session cookie, one age-gate flag. No third-party trackers.

What we don't collect

Government ID. Phone number. Selfie. Bank info. Location beyond country-level IP. We do not run analytics SDKs that profile you across the web. Our entire compliance posture is "less data is less liability."

How we use it

To run the site: authenticate you, credit deposits, settle games, process withdrawals, send transactional email (signup, deposit, withdrawal status), and detect abuse (multi- account, bot play, sanctioned wallets).

Who we share with

Our infrastructure providers strictly on a need-to-process basis: Vercel (hosting), Neon (database), Resend (email), Cloudflare (DNS + DDoS), the blockchain itself (transaction data is public by design). We do not sell data to advertisers.

Retention

Ledger and game-round data: retained indefinitely for fairness verification and regulatory compliance. Account data: retained while your account is active and for 12 months after deletion or final withdrawal, after which it's anonymized. Operational logs: ≤30 days.

Your rights

Request a copy or deletion of your account data by emailing hello@mazal.gg. We'll honor it within 30 days. Ledger entries underlying balance correctness can't be deleted while your account is funded.

Security

Passwords hashed with scrypt. Sessions are HMAC-signed cookies. Operator keys for withdrawal signing are kept off the web tier. Live deposit/withdrawal infrastructure runs on isolated workers.

Contact

Privacy questions: hello@mazal.gg.