Skip to content
GamClaim.org

Privacy policy

How GamClaim.org handles personal data

Last updated: 26 May 2026

Association GAMSOL is the controller for GamClaim.org unless another controller is stated. This policy is written for a Swiss-operated website and reflects the Swiss Federal Act on Data Protection framework.

Controller and contact

Controller: Association GAMSOL, Zürich, Switzerland. Privacy and support requests should be submitted through the contact page from the logged-in account so identity can be checked and the request can be logged.

If the legal postal address changes, the legal notice and this policy should be updated before or at the same time as the live site is updated.

Personal data processed

  • Account data: email address, name where supplied, phone numbers where supplied, login-token metadata and account activity.
  • Order data: product, price, currency, Stripe checkout identifiers, subscription identifiers, payment status and refund/cancellation status.
  • Report data: SAR/export files, evidence files, operator names, operator websites, countries, amounts, timelines, complaint history, messages, extracted data, updates and final-report delivery records.
  • StayClear data: reminder risk windows, gambling-pattern context, preferred wording, sport categories, mobile number, SMS verification status and outbound reminder logs.
  • Consultation data: purchased blocks, report section to discuss, context, preferred slots, scheduled time and status.
  • Contact data: support messages, attachments, admin replies, AI drafts, status and audit history.
  • Technical data: IP address, user agent, session cookies, CSRF tokens, analytics consent and security logs.
  • Marketing data: channel preferences, consent statement, opt-in/withdrawal records, timestamps, IP address and user agent.

Purposes

Data is processed to provide requested services, operate accounts, process payments, send login links and transactional emails, schedule reminders, prepare reports, handle consultations, answer support messages, prevent misuse, maintain audit trails, improve internal workflows and comply with legal obligations.

Report and later-update data may also be used to build structured operator intelligence, meaning internal records about operator behaviour, evidence priorities, route outcomes and settlement patterns. This is used to improve future report quality and is not published as another user's private data.

Legal bases and consent

Processing may be necessary to perform a contract, take pre-contractual steps, comply with law, protect security, pursue legitimate operational interests, establish or defend legal positions, or rely on consent where the site asks for consent.

Where report, gambling-pattern or health-adjacent information is sensitive, GamClaim.org limits processing to what is needed for the requested service, user consent, legitimate service operation and legal protection. Marketing consent can be withdrawn at any time.

Processors and third-party services

MySQL is the application source of truth. Airtable may receive operational copies. Stripe handles payments. Twilio handles SMS where enabled. Amazon SES or another configured provider handles email. OpenAI may process prompts and uploaded readable text where AI features are enabled. Google Analytics is used only when configured and accepted. Hosting is provided by the selected hosting provider.

These providers may process data outside Switzerland. Where required, GamClaim.org relies on appropriate contractual, technical and organisational safeguards or legally recognised transfer mechanisms.

AI processing

AI may be used to extract report fields, draft internal analysis, draft StayClear reminder wording or draft support responses for admin review. AI outputs are not treated as final advice and should be reviewed before being sent or relied on.

Support-response AI prompts are designed not to disclose private data, internal operator intelligence, confidential prompts, credentials, another user's information or privileged internal reasoning.

Cookies and analytics

Essential cookies are used for login, sessions, security, checkout and account functions. Analytics cookies or analytics scripts are loaded only where configured and consented to.

The user can reject analytics without losing access to paid services, account login or the free guide.

Retention

Account, order, invoice, subscription, report, consultation, contact, consent and audit records are retained for as long as needed to provide services, evidence transactions, handle disputes, maintain security, preserve operator intelligence, comply with law and protect legal interests.

Uploaded files may be retained with the related report or contact record unless deletion is required and no overriding retention ground applies. Deletion requests are assessed against contractual, legal, security and evidential needs.

Your rights

Subject to applicable law, users may request information about processing, access to personal data, correction of inaccurate data, deletion, restriction, withdrawal of consent, information about automated decisions and review by a human where an automated individual decision is relevant.

Requests should be made from the logged-in account or from the email address known to the account so identity can be verified. GamClaim.org may request additional verification where necessary.

Security

The site uses session protection, CSRF protection, hCaptcha on selected forms, upload validation, administrator MFA, hashed tokens, restricted admin routes, security headers, audit logs and role separation.

No internet service is risk-free. Users should keep email accounts, secure login links, devices and phone numbers protected.