1. Data Harvesting Scope
LottoWinse treats the telemetry and personal data of its Operators with the same architectural seriousness as financial transactions. This Charter details precisely what data we extract, why it is necessary for terminal operations, and how it is fortified against breach. We collect data strictly across three primary vectors:
1.1 Identity and Verification Telemetry
To comply with non-negotiable anti-money laundering (AML) and jurisdictional mandates, we collect highly sensitive identity metrics. This includes legal name, date of birth, cryptographic proof of address, and digitized copies of government identification. This data is harvested solely during the profile initialization phase and is required to unlock full node access.
1.2 Financial and Transactional Ledgers
Every capital injection, withdrawal request, and syndicate entry is permanently recorded. We store partial credit card hashes, banking routing numbers, and complete transaction histories. This ensures a mathematical paper trail for audits and guarantees structural liquidity transparency.
1.3 Behavioral and Network Node Data
Our security algorithms continuously harvest your IP address, device fingerprints, browser configurations, and interaction timestamps. This is not for marketing; it is a defensive posture. Anomalous behavior triggers immediate automated lockouts to protect the broader syndicate network.
2. Vault Security Measures
Harvesting data creates a responsibility to protect it. LottoWinse utilizes military-grade cryptographic standards to ensure your information remains structurally secure within our architecture.
2.1 Encryption Protocols
All data at rest is encrypted using Advanced Encryption Standard (AES) 256-bit keys. Data in transit between your terminal and our core servers is secured via TLS 1.3 protocol, rendering interception mathematically impossible under current technological constraints.
2.2 Access Control Logic
Internally, data access operates on a rigid 'Zero Trust' model. No single handler has access to unencrypted PII (Personally Identifiable Information) without multi-signature cryptographic authorization. Even then, access is restricted to compliance and audit handlers strictly for verification purposes.
3. Third-Party Auditor Access and Sharing
LottoWinse does not sell, rent, or voluntarily lease your data to external marketing networks. We operate a closed loop, with external sharing strictly limited to functional necessity and legal compliance.
- Regulatory Bodies: We are legally bound to share specific transaction volumes and identity verifications with Australian gaming commissions and financial intelligence agencies (e.g., AUSTRAC) upon lawful request.
- Payment Gateways: Necessary financial telemetry is routed through certified Tier-1 payment processors to facilitate capital movement. These entities are independently bound by PCI-DSS compliance.
- Security Auditors: Anonymized hash logs are periodically reviewed by external cybersecurity firms to validate the ongoing integrity of our protective algorithms.
4. User Deletion Rights and Data Retention
Operators retain structural rights over their personal data, though these rights are bounded by overarching legal compliance requirements.
4.1 The Right to Erasure
You may request the permanent deletion of your profile and associated telemetry via the Contact Dispatch node. Upon receipt, our systems will initiate a hard wipe of your operational data, severing your connection to the terminal.
4.2 Retention Overrides
Please note that the 'Right to Erasure' is not absolute. Financial transaction histories and core identity verification documents must be retained in deep, encrypted cold-storage for a mandatory period of seven (7) years to comply with international tax and AML directives. During this period, the data is entirely disconnected from active networks and accessible only via legal subpoena.