Personal data collected

• Identification data: full name, date of birth, national ID or passport, proof of address, verification photos or videos.
• Contact details: email address, mobile number, postal address.
• Account data: username, settings, responsible gaming preferences, security logs, communication history.
• Financial and transaction data: mobile money references, masked card details, deposits, withdrawals, bets, and winnings.
• Technical data: IP address, device identifiers, browser type, operating system, cookies and similar technologies.
• Usage data: pages viewed, time on websites, game play metrics, fraud indicators.

Why this data is collected

• To provide and support the services, including account creation, login, and customer support.
• To verify age and identity, prevent fraud, and promote responsible gaming.
• To process payments, handle withdrawals, and keep accurate records.
• To meet legal obligations under Kenyan law and applicable international standards.

Protection measures

• Encryption in transit and at rest, strict access controls, multi‑factor authentication, and audit logging.
• Independent security testing, secure development practices, and incident response procedures.
• Vendor due diligence and contractual safeguards, including confidentiality and data processing terms.
• Payment card information handled according to recognised security standards such as PCI DSS by certified providers.

User rights under the Kenya Data Protection Act, 2019

• Right to be informed about collection and use of data.
• Right of access to personal information.
• Right to correction if data is inaccurate or incomplete.
• Right to deletion where applicable, and right to restrict or object to certain processing.
• Right to data portability where technically feasible.
• Right to withdraw consent at any time, without affecting prior lawful processing.
• Right to complain to the Office of the Data Protection Commissioner (ODPC).

Compliance statement

• Processing follows the Kenya Data Protection Act, 2019 and its Regulations, the Betting, Lotteries and Gaming Act (Cap. 131), and anti‑money laundering requirements under Kenyan law. When relevant, international good practice principles comparable to GDPR are applied.

Personal information is used for the following purposes, based on lawful and transparent processing:

• Account set‑up and service delivery: registration, authentication, preferences, and support.
• Transactions: deposits, bets, withdrawals, chargebacks, and reconciliations.
• Responsible gaming: limits, self‑exclusion, affordability and activity reviews.
• Security: fraud detection, risk scoring, sanctions screening, and system monitoring.
• Service improvement: quality assurance, feature development, and fixing issues.
• Analytics and statistics: measuring performance and usage on websites and apps.
• Marketing: consent‑based messages about services and updates, with opt‑out options at any time.
• Compliance: meeting obligations under tax, AML/CFT, betting regulations, and lawful requests.

Legal bases include consent, performance of a contract, legal obligation, and legitimate interests such as safeguarding users and ensuring network security.

How to access and update

• Users can view and edit certain account and contact details in profile settings.
• For copies of personal information or detailed records, submit a request through the Help Centre or the contact channels listed on the website. Identity verification will be required.

Corrections and deletions

• Incorrect or incomplete data can be corrected upon request.
• Deletion requests are honoured when permitted by law. Records may be retained where required for AML, taxation, dispute resolution, or regulatory reporting. Customer due diligence and transaction records may be kept for at least seven years after account closure, in line with Kenyan AML rules.

Timelines and outcomes

• Requests are processed as soon as possible and within statutory time frames, generally within 30 days. If an extension is needed, users will be informed.

Security checks and payments

• By using MegaPari, users consent to security and identity checks, and to the processing of payment information by independent payment service providers such as banks and mobile money operators (for example, M‑Pesa or Airtel Money), subject to their own privacy notices.

• Services are for persons aged 18 years and above only. Registration by minors is not permitted.
• The operator cannot confirm age without appropriate documents. Age verification may require official identification.
• If a minor’s data is discovered, the account will be closed and information will be deleted where lawful. A parent or legal guardian may contact the website’s support channels to request deletion and provide proof of guardianship.

• Personal data may be processed outside Kenya where technology vendors, payment partners, or group companies operate.
• By using the online services, users consent to international transfers subject to appropriate safeguards.
• Safeguards include contracts incorporating ODPC‑recognised clauses, standard data protection clauses, binding corporate rules, encryption, and strict access controls.
• All partners are required to protect confidentiality and use information only for agreed purposes.

• This document sets terms that govern the collection and processing of personal information. A disclaimer within this policy may clarify, limit, or expand how specific rules apply to particular services or jurisdictions.
• The disclaimer applies when the user accepts the policy, including by signature, ticking an acceptance box, or acceding through continued use of the services.
• Nothing in this policy limits rights granted under Kenyan law. If any term conflicts with mandatory law, the law prevails.

• Cookies are small text files saved on a device to store information about a user’s session on websites and apps.
• Cookies are used for statistics, behaviour analysis, personalisation, and improving the quality and reliability of services.
• Cookie information is retained for up to 1 year, after which it is deleted or anonymised.
• Users can manage preferences in the cookie banner or browser settings. Blocking certain cookies may affect some features.

• Use of the services constitutes full acceptance of this Privacy Policy.
• The current version published on the website is the version that applies.
• The policy may be updated to reflect changes in law, technology, or services. The effective date will be shown on the page.
• Users who do not agree should discontinue use of the services.

• Personal information may be shared with third parties where necessary to perform agreements, comply with law, handle disputes, prevent fraud, or deliver services.
• Typical recipients include payment processors and mobile money operators, identity verification providers, analytics and hosting services, customer support tools, auditors, regulators, and law enforcement when legally required.
• Third parties listed on the website are used for defined purposes. If a specific party is not listed, users will be informed of the purpose and scope before sharing when required by law.
• Providing information for these purposes indicates consent to such sharing, subject to contracts and each third party’s privacy policy.

• The website may contain links to external websites and services that have their own privacy policies.
• The operator is not responsible for how those websites collect or use information.
• Users should review the privacy document on each external site and exercise caution before providing any personal information.