Privacy Policy

Last Updated: November 25, 2025

This Subscription Services Privacy Policy describes how TowerRushPlay.com (being “we”, “us”, or the Website) processes data in accordance with GDPR, UK GDPR, CCPA/CPRA, PIPEDA, and other relevant privacy regulations.

By visiting or using the Website, you agree to the Privacy Policy. If you do not accept these terms, please discontinue use of this Website.

1. Data Controller

The Website is managed under the terms and conditions of Maltese (EU) Laws.

For questions related to privacy or data requests, you can reach out to:

info@towerrushdemo.com

2. Data Minimization Statement

We adhere to a concept of data minimization, and as such we process your personal data only if in needed for the following purposes:

  • Website security
  • Analytics and measurement of performance
  • Affiliate tracking cookies
  • Compliance with legal and regulatory requirements, including anti-fraud measures and responsible gaming

We’re not in the business of accounts, RMG, deposits, withdrawals, or KYC.

But some data may also be automatically gathered through cookies, pixels, and tracking technologies.

3. Information We May Process

3.1 Automatically Collected Data (may include non-PII where possible)

When you use the Website, we may gather:

  • Type and version of browser
  • Device type, OS, and language settings
  • Time zone and approximate location
  • Pages visited and navigation patterns
  • Referral/affiliate link parameters
  • IP address (in anonymized or truncated form where permitted)

3.2 Cookies and Tracking Technologies

We may use:

Cookie Type Purpose
Strictly Necessary Core website functions, security
Analytics (GA4, Clarity, Hotjar, etc.) Performance and usage measurement
Marketing/Retargeting Pixels Personalized advertising, campaign attribution
Affiliate Tracking Cookies Commission, click-ID, conversion/CPA/CPL attribution

Users can manage and customize their cookie preferences directly from their browser settings or the consent banner if required.

4. Analytics, Pixels & Affiliate Tracking Tools

We may implement, without limitation:

  • Google Analytics (GA4)
  • Google Tag Manager
  • Meta Pixel, TikTok Pixel, X/Twitter Pixel, Reddit Pixel
  • Hotjar, Microsoft Clarity, session replay
  • Affiliate tracking platforms (e.g., Income Access, HasOffers, MyAffiliates, CellXpert, etc.)

These tools help us:

  • Measure traffic and performance
  • Prevent fraud and abuse
  • Improve the relevance of content
  • Track affiliate conversions (CPA, CPL, RevShare) only where legally permitted

You can also opt out of Google Analytics here:
https://tools.google.com/dlpage/gaoptout

5. Legal Basis for Processing (GDPR)

We collect and process data on one or more legal bases as follows:

Basis Usage
Legitimate Interest Analytics, audits, affiliate operations, security
Consent Necessary cookies & marketing tracking whenever those are needed
Legal Obligation Compliance, fraud prevention, regulatory inquiries

6. Do We Sell Personal Data? (CCPA/CPRA Notice)

We do not offer for sale any personal information as defined by CCPA/CPRA.

A portion of tracking data may be classified as ”sharing for cross-context behavioural advertising”.

Send opt-out requests to California residents: info@towerrushdemo.com

7. International Data Transfers

Data could be processed and at the same time transferred to:

Some of the jurisdictions include Malta (EU), the United States, Cyprus, the United Kingdom, and Canada.

Where required, transfers rely upon:

  • SCCs (Standard Contractual Clauses)
  • Data Privacy Framework (DPF) participation (as applicable)
  • Adequacy Decisions

8. Third-Party Links & iGaming/DFS/Sweepstakes Operators

We will include links to third-party platforms such as.

  • Real-money iGaming operators (where permitted)
  • Daily Fantasy Sports (DFS) operators
  • Sweepstakes & Social Casino sites

Their privacy practices are not under our control. It is the users’ sole responsibility to read and understand all the site’s privacy policy and terms of use.

9. Data Retention

We store anonymized or pseudonymized analytics and affiliate tracking data for the shortest time possible, usually from 90 days up to 36 months, depending on legal and anti-fraud requirements.

10. Your Privacy Rights

These rights are NOT uniform and will vary depending on the applicable laws in place where you reside (i.e., EU/EEA/UK/CA/US).

  • Access their data
  • Rectify inaccuracies
  • Request deletion (“Right to be Forgotten”)
  • Limit or restrict processing / Object to processing
  • Data portability
  • Withdraw consent (where applicable)
  • Opt out of tracking / “Do Not Sell or Share”

To submit a request:

info@towerrushdemo.com

11. Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.

  • Encryption as appropriate
  • Access controls
  • Fraud and bot-detection systems

That said, no system is absolutely secure.

12. Changes to This Policy

We reserve the right to change this Privacy Policy at any time. If you continue to use the Website, you are deemed to have accepted the revised version.

13. “Do Not Sell or Share My Personal Information” (CCPA/CPRA Notice)

This Website is compliant with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Although we do not sell personal information, we may share other types of information for cross-context behavioral advertising.

Residents of California can opt out of sharing by TSM, or its designee, with third parties for direct marketing purposes at any time by following the instructions below:

info@towerrushdemo.com

Subject: Do Not Sell or Share My Personal Information request

Upon receiving it, we’ll fulfill the request within CPRA-mandated timelines and, to the extent technologically possible, restrict data flows that are characterized as selling or sharing by California law.

14. Data Processing Agreement (DPA)

Where we utilize third-party service providers with access to data processing (e.g., analytics, hosting services, affiliate tracking systems, and security), such processing takes place under a binding Data Processing Agreement (DPA) in line with:

  • Article 28 GDPR
  • UK GDPR requirements
  • Standard Contractual Clauses (SCC), where applicable
  • Participation in the Data Privacy Framework, as applicable

Companies, advertising partners, and vendors that need a signed DPA may also send the request to:

info@towerrushdemo.com

Subject: DPA Request

A standard form DPA is available on request and can be signed electronically.

15. Internal Affiliate Compliance Playbook

To have a compliant and responsible affiliate marketing eco-system in the iGaming, DFS, sweepstakes, and social casino industries, our internal Affiliate Compliance Playbook boys the principles of fair play that include:

  • Marketing standards for regulated territories
  • Anti-Money Laundering / Countering the Financing of Terrorism and fraud-prevention requirements
  • Advertising and incentives limitations (AGCO, UKGC, NJDGE, etc.)
  • Implementation of age-gating and geo-restriction
  • Responsible gaming and safer gambling messaging rules
  • Bans on targeting children or susceptible audiences
  • FTC-compliant affiliate disclosures
  • CAC/CPA attribution rules and transparency in reporting

Access to the Playbook can be made available to approved partners, auditors, and regulators upon reasonable request.
Inquiries:

info@towerrushdemo.com

Subject: Affiliate Compliance Playbook Access

16. Contact Information

For questions about privacy or to request your information:

info@towerrushdemo.com

Subject: Privacy Request