1win Privacy Policy

Personal data collected depends on how a user interacts with the services:

• Identity and contact details: name, date of birth, address, email, phone, PAN. Use of Aadhaar is limited to lawful purposes as per Indian rules.
• Account details: username, profile information, preferences, communication records.
• KYC and verification data: photos, documents, and checks required under anti-money laundering and counter-terrorism financing laws.
• Transaction information: deposits and withdrawals via UPI, cards, IMPS, NEFT, and similar payment methods. Card or bank details are processed by payment providers using PCI DSS controls.
• Technical data: device identifiers, IP address, browser, app version, cookies, and online usage logs.
• Usage analytics: page views, session duration, clicks, and error reports for service improvement.

Purposes of collection:

• Account creation, age verification, and responsible use of services.
• Processing transactions, preventing fraud, and dispute handling.
• Customer support and service quality.
• Compliance with Indian law and regulatory requests.

Protection measures:

• Encryption in transit using TLS and encryption at rest for sensitive records.
• Access controls, role-based permissions, and staff training.
• Regular security assessments, logging, and incident response procedures.
• Vendor due diligence and contractual confidentiality obligations.

User rights under Indian law:

• Right to access a copy of personal data and key processing information.
• Right to correction and updating of inaccurate or incomplete data.
• Right to deletion subject to legal retention duties.
• Right to withdraw consent for optional processing and to raise grievances.

Compliance framework:

• Digital Personal Data Protection Act, 2023.
• Information Technology Act, 2000 and SPDI Rules, 2011 on reasonable security practices.
• CERT-In directions on security incident reporting and logs, as applicable.

Personal data is used for the following lawful purposes:

• Account servicing: registration, verification, authentication, and account management.
• Transactions: processing payments and withdrawals, payment reconciliation, and fraud prevention.
• Service improvement: troubleshooting, analytics, and performance monitoring to maintain reliable services.
• Personalisation: remembering preferences and tailoring content in line with consent.
• Marketing: sending offers or surveys based on consent and local rules. Users can opt out at any time.
• Legal and compliance: record keeping under tax, PMLA, and other applicable laws, and responding to lawful requests.

Processing is lawful, fair, and transparent. The legal bases include consent, performance of a contract, compliance with legal obligations, and legitimate purposes such as network and information security and prevention of illegal activity.

Users can access their information and update profile details through account settings. A request for a full data copy, correction, or deletion can be made through the support channel listed on the website. Identity verification may be required. Requests are processed in a reasonable time, usually within 30 days.

Correction and deletion procedures:

• Incorrect or incomplete records are corrected upon request where verification is possible.
• Deletion is honoured where no lawful basis requires further retention. Some records must be kept for a minimum period for tax, accounting, AML, fraud prevention, or dispute resolution.

By using 1win, users consent to security checks and payment data processing carried out by third-party payment providers for authentication, screening, and settlement.

The services are intended for persons who are 18 years or older. The operator does not knowingly collect personal data from minors.

• Age cannot be confirmed without identity documents. Users may be asked to provide verification documents to prove eligibility.
• If a parent or guardian believes a minor has provided personal information, a request for deletion can be submitted through the support channel listed on the website. Such requests are prioritised after identity and relationship verification.

Personal information may be stored or processed outside India, including in countries where technology vendors, payment providers, or support partners are located. Use of the services signifies consent to such cross-border transfers.

Safeguards are applied through contracts, confidentiality obligations, encryption, restricted access, and audit rights. Partners are required to protect the confidentiality and security of user data and to use it only for the documented purposes.

This Privacy Policy governs the collection and use of personal information. A disclaimer within this document may clarify the scope or effect of certain rules to the extent permitted by law. Acceptance occurs when a user signs, clicks to accept, or continues to access the services as a form of accession.

Nothing in this policy limits non-waivable consumer rights or mandatory obligations under applicable law. In case of inconsistency between this policy and applicable law, the law prevails.

Cookies are small files placed on a device by websites or apps to store information. They help recognise a browser, remember preferences, and improve online services.

Purposes:

• Essential operation and security of the website and apps.
• Statistics and analytics to understand user behaviour and service performance.
• Personalisation of settings and content.
• Advertising measurement where consented.

Retention:

• Cookies are kept for up to 1 year, after which they expire or are refreshed upon new consent.

Control:

• Browser settings can block or delete cookies. Some features may not function without essential cookies.
• A consent manager, where available, lets users manage categories of cookies and withdraw consent.

Use of the services means full acceptance of this Privacy Policy. The current version on the website controls if there is any difference between versions. Updates take effect when posted. Last updated: 07 October 2025.

Personal data may be shared with third parties in the following cases:

• Compliance with law, court orders, or lawful requests by authorities.
• Enforcement or defence of legal claims and resolution of disputes.
• Performance of agreements such as payments, KYC verification, fraud screening, hosting, analytics, communications, and customer support.

Categories of recipients include payment gateways, banks, verification providers, anti-fraud and security vendors, cloud hosting, analytics services, communication platforms, and professional advisors. Names of key partners may be listed on the website or can be provided on request. Providing personal information for these purposes constitutes consent to such sharing. Third parties process data under their own privacy policies and contractual obligations.

The website or apps may contain links to external websites or services that have their own privacy policies. The operator is not responsible for how those websites handle personal information. Users should review the privacy policies of any external site before providing personal data.