Boho Casino

Your Data

Boho Casino Privacy Policy

Plain language explanation of what we collect, why we use it, who we share it with and the rights you keep over your information.

What we collect

When you open an account we collect your name, date of birth, email address, phone number, residential address and a copy of identity documents needed to verify your age and identity. While you are playing we record the games you open, the bets you place, the deposits and withdrawals you make and the support conversations you have with our team. Some of this is for your protection, some is required by our licence and some helps us improve the product.

Technical information is collected automatically when you visit the site. That includes your device type, browser version, operating system, IP address, the pages you view and the time you spend on each. This data sits behind anonymised analytics that help us understand which parts of the site are working well and which need attention.

Why we use it

The legal basis depends on the data. Account details are processed to fulfil our contract with you, namely running an account that lets you deposit, play and withdraw. Identity documents are processed to meet anti-money-laundering rules and the responsible gaming obligations attached to our licence. Marketing communications run on consent that you can withdraw at any time. Analytics and fraud prevention run on a legitimate interest basis, which we balance against your right to privacy.

Who we share it with

A short list of trusted partners helps us run the casino. Payment processors handle deposits and withdrawals. Identity verification providers check the documents you upload. Game studios provide the titles in the lobby and need limited information to credit wins. Customer support tools store conversation transcripts so you can look back at them later.

We share data with regulators and law enforcement when required by law, for example if we receive a formal request under anti-money-laundering rules or a court order. We never sell your personal information to advertisers or data brokers.

How long we keep it

Active account records are kept for the lifetime of your account. After closure we are required by law to retain financial transaction records for five to seven years for anti-money-laundering compliance. Marketing data is deleted within a month of you withdrawing consent. Support transcripts sit on file for three years.

Your rights

You can request a copy of the data we hold about you, ask us to correct anything that looks wrong, request deletion where the law allows and object to certain types of processing. To exercise any right, email the privacy team at support@boho1.net. We respond within the legal window, which is usually well under a month.

Security

Connections to the site are encrypted with TLS. Passwords are hashed using industry-standard algorithms. Sensitive payment information is tokenised by our payment partners and never stored on our servers in plain text. Staff access to your data is restricted to the people who genuinely need it for their job, and every access is logged.

Children

The casino is strictly for people aged 20 and over, in line with New Zealand law. We verify age at sign-up and again at first withdrawal. If we discover an account has been opened by someone under 20 we close it immediately, refund any deposits and report the matter where required.

International transfers

Some of our partners are based outside New Zealand. Where data crosses borders we rely on standard contractual clauses or equivalent safeguards to make sure your information is protected to the same standard.

Changes to this policy

If we make a material change we will give you a heads-up by email and through a notice on the site. Smaller updates are reflected by the date below.

Last updated: May 2026

Need to reach the privacy team?

Email support@boho1.net with the words "privacy request" in the subject line. We will route it straight to the right desk and reply inside a few business days.

Good to know

Does Boho Casino sell or share your personal data with advertisers?

No personal data is ever sold to advertisers, list brokers or other casino brands. The casino has no commercial relationship that involves trading your information, and that policy is hard-coded into the contracts we hold with every supplier. Internal use of your data is limited to the operational purposes spelled out in the privacy policy, namely running your account, processing payments, meeting our responsible gaming obligations and supporting you when something goes wrong.

Data is shared only with the providers needed to run the casino. Payment processors handle deposits and withdrawals. Identity verification providers check the documents you upload. Game studios receive limited transaction information needed to credit wins. Customer support tools store conversation transcripts. Regulators and law enforcement receive data only when required by a formal legal request.

How do you request a copy of the data Boho Casino holds about you?

Email the privacy team at support@boho1.net with the words privacy request in the subject line. Include the email address linked to your account and a short description of what you are asking for, whether that is a full data export, a correction to a specific record or deletion of optional data. The team replies inside the legal window, which is usually well under a month, and the export itself arrives in a standard machine-readable format that any spreadsheet or database tool can open.

You can also raise the same request through live chat for anything urgent. The chat agent will route it to the privacy desk on your behalf and confirm by email once the request is in the queue. There is no fee for a standard data request.

How long does Boho Casino keep your records after you close your account?

Active account records sit on file for the full lifetime of the account. After closure, financial transaction records are kept for the period required by the anti-money-laundering rules our licence operates under, which is typically five to seven years. This retention period is not optional. It exists so regulators and law enforcement can investigate suspicious activity that often only becomes visible years after the fact.

Marketing data is deleted within a month of you withdrawing consent. Support transcripts sit on file for three years to allow the team to refer back during follow-up conversations. Optional analytics records are deleted on a rolling basis once they pass their stated retention period. The full retention schedule is published in the privacy policy and updated whenever the underlying rules change.