Privacy policy: short on collection, long on clarity

This policy covers duelbetting.com — an independent affiliate publication, as described on the about page — and only this site. It does not cover the Duel platform itself or any other site our links lead to: the moment you leave for an operator, exchange or resource, their privacy policy governs, and the operator's own policy in particular deserves reading given the nature of gambling data (our privacy-practices guide covers what to look for). «We» in this document means the site's operating publisher; «you» means any visitor. The policy's promise structure is simple: the sections below enumerate every category of data this site touches — exhaustively, because the list is short — followed by your rights and how to exercise them.

This site's own pages set no tracking cookies. The complete honest picture has two further parts. Functional third-party assets: pages load fonts and framework files from content-delivery networks (the standard Bootstrap and font CDNs); these providers may log requests per their own policies — a standard web dependency we disclose rather than hide, and the only third-party requests the site's pages make. The affiliate boundary: clicking an outbound registration link takes you to the operator, whose site sets its own cookies under its own policy for attribution and its own functioning — that attribution is how this publication earns, as disclosed in every footer and on the about page. Within this site itself, there is no consent banner because there is nothing requiring consent: no analytics cookies, no advertising identifiers, no cross-site tracking. The absence is the policy.

European GDPR-style frameworks grant rights of access, rectification, erasure, restriction, portability and objection; this site honours their substance for every visitor regardless of jurisdiction, which costs little given how little is held. In practice: access and erasure apply meaningfully only to correspondence you've sent us — ask via the contact page and threads are produced or deleted; server logs rotate out automatically and are not retrievable per-person by design. Objection to the affiliate model is exercised by simply not using our links — the operator is reachable directly, and nothing on this site gates content behind clicks. Complaints can go to your local data-protection authority, though we'd ask for the chance to fix things first — a correction-priority promise the methodology page makes about content and this page extends to data. Requests are answered within the month GDPR-style frameworks expect, usually far faster.

Proportionate measures for a minimal estate: the site serves over HTTPS exclusively; hosting follows standard server-hardening practice with access limited to the publishing operation; correspondence lives in standard mail infrastructure protected by the provider's controls and our own access discipline. International transfers, where they occur, are the mundane kind — hosting and email infrastructure operating across borders under their providers' standard contractual safeguards — rather than any data-trading kind, which this site does not do. The honest limit of every security section, stated plainly: no internet system is breach-proof, and our mitigation is the architecture itself — the less held, the less at stake. In the unlikely event a breach touches identifiable correspondence, affected senders are notified directly and promptly, with the facts rather than the lawyer's minimum.

Since this page will be read by people about to read an operator's policy next, the auditing checklist this site applies travels well. Find the inventory: a trustworthy policy enumerates data categories concretely (as the table above does); vague «we may collect information you provide» phrasing is collection hiding in grammar. Follow the sharing clause: «trusted partners» without names, purposes and categories is the industry's euphemism for resale — count the named recipients. Check retention against reasons: data kept «as long as necessary» without saying necessary-for-what is kept forever. Locate the rights mechanics: rights listed without a working request route are decoration. And for gambling platforms specifically: how AML verification data is stored and for how long, whether behavioural data feeds marketing, and what happens to your history after account closure — the questions our privacy-practices guide expands into a full framework. Ten minutes with that checklist tells you more about an operator's culture than any review score.