Legal Document · Privacy

Privacy policy

Version: 2026-05-18  ·  Editor: Karssen Avelara  ·  Scope: casino-originals.com

This page explains what data casino-originals.com collects from readers, why each item is collected, how long it stays in our systems, and what your rights are. We are an editorial review site for original casino games. We are not a casino. We do not run user accounts, take deposits, or hold any wallet data. The data flow is narrow on purpose.

Who controls the data

The site is run by Karssen Avelara and a small editorial team. For readers in the EEA and the United Kingdom we are the data controller under GDPR and UK GDPR. For California residents we are the "business" under CCPA. For all privacy questions, write to editor@casino-originals.com. We answer within 30 calendar days for GDPR / UK GDPR and within 45 for CCPA.

What we collect

There is no login on the site. There is no profile to register. There is no email field. The site is publicly readable. The only data that exists on our side is what every web server keeps and one analytics cookie.

Server access logs. Standard nginx logs: source IP, request URL, HTTP status, response size, user-agent, referrer, and a UTC timestamp. We keep these lines for 30 days for security and abuse defence (rate limiting, scraper blocking, bot pattern detection). After 7 days the IP is anonymised to /24 for IPv4 or /48 for IPv6. We do not look at logs page-by-page; the typical use is automated.

Analytics cookie. One first-party cookie called _co_analytics with a random token, six-month lifetime. It counts page views and basic referrer source in aggregate. It does not carry your name, email, or wallet. If your browser sends DNT=1 or Global Privacy Control, we do not set this cookie at all.

Affiliate-click cookie. When you click one of the brand buttons on the site we set a 24-hour first-party cookie called _co_aff with a random token. Its only job is to attribute the click to the brand we sent you to so the affiliate commission can be paid. We do not see your registration or deposit at the brand.

That is the entire list. We do not run Google Analytics, Meta Pixel, TikTok Pixel, or any other third-party tracker.

What we do not collect

We do not collect account data, payment data, KYC documents, or anything that ties a session to your real identity. We do not run a newsletter list, so we do not have your email unless you wrote to us yourself. We do not buy data from third parties. We do not sell or share data.

Cookies

Two cookies, both first-party, both functional:

  • _co_analytics - six-month lifetime, aggregate page-view counting. Suppressed when DNT or GPC is on.
  • _co_aff - 24-hour lifetime, set only when you click an operator button.

You can block either at the browser level without affecting how the site reads.

Your rights

Under GDPR, UK GDPR, and CCPA you have the right to ask for access, deletion, restriction, portability, and (in CCPA terms) the right to know. Because we hold very little data tied to identity, most requests resolve quickly:

  • Access - we can confirm whether we hold any data tied to your browser session and export it.
  • Deletion - we can delete the analytics cookie identifier and any affiliate-click record. Server logs cycle out within 30 days anyway.
  • Objection - set DNT or GPC in your browser; we honour both.
  • Opt-out of sale - we do not sell data. The right is satisfied by design.

To make a request, email editor@casino-originals.com. Verification means matching the request to the cookie identifier you control or the IP range you operate from.

Third parties

Three external services touch traffic to the site:

  • A CDN / hosting provider, which serves static assets and runs the PHP backend.
  • An authoritative DNS provider.
  • the brand affiliate networks, which receive the click when you press one of our buttons.

We do not pass user data to any of them beyond what the redirect itself includes. Each runs under its own privacy notice.

Children

The site is for adults. We do not knowingly collect data from anyone under 18. If you believe a person under 18 has accessed the site or contacted us, write to editor@casino-originals.com and we will remove anything tied to that contact.

Cross-border transfers

Hosting and CDN routing may pass data through servers in the United States, the European Union, or other regions. Where that crosses the EEA / UK boundary we rely on Standard Contractual Clauses with the provider, and the 7-day IP anonymisation step limits any cross-border exposure to a short window.

Security

We use TLS 1.2+ on every endpoint, HSTS on the main domain, and standard patch cycles on the PHP and nginx stack. Log access is restricted to the editorial team. We do not run a public bug-bounty programme but accept good-faith vulnerability reports at editor@casino-originals.com.

Changes

We update this policy when the data flow changes (a new processor, a new cookie, a different retention window). The revised version appears at this URL with a new "Last updated" date. Material changes are flagged at the top of the page for thirty days.

Contact

Email: editor@casino-originals.com

Related editorial trust pages: terms of use, methodology, responsible gambling, about the editorial team.