Your data
Privacy Policy
Last updated July 2026
This Privacy Policy explains how Belote Pro (the "Service", at belotepro.com) handles your personal data. The Service is operated by Monti Games, ABN 52 253 846 298, a business registered in Australia ("we", "us", "our"), which is the data controller for the purposes of the EU General Data Protection Regulation (GDPR), the equivalent UK GDPR, and is responsible under the Australian Privacy Act 1988 (Cth). By using the Service you acknowledge the practices described here. Most of our players are in Europe, so this policy is written to meet the GDPR as well as Australian law; where your local law gives you stronger rights, those stronger rights apply.
The short version
We collect the minimum needed to run your account, your games and — if you buy coins — your purchases. We rely on trusted processors such as Stripe (payments) and Supabase (sign-in), never sell your personal data, and let you access, correct or delete it at any time. Because we operate from Australia, your data may be processed outside the EEA under appropriate safeguards.
1. What we collect
- Account & profile: your guest handle or linked account, display name and avatar, and — if you sign in with Google, Facebook, Apple or email — the identifier and email address that provider shares with us.
- Gameplay: match history, coin balance, bets, statistics, rank, friends, club membership and leaderboard position, plus in-game chat and emotes you send.
- Purchases: a record of the coin bundles you buy, with amount, currency and time. Payments are handled by Stripe — we never receive or store your full card number.
- Technical & usage data: a secure session identifier, IP address, device/browser type and basic request logs, used for security, rate-limiting, fraud prevention and diagnostics.
- Approximate country: inferred from your IP address to show a flag on your profile and for compliance. You can turn this off and clear it at any time.
- Support & correspondence: the messages and details you send when you contact us.
2. How we collect it
We collect data directly from you (when you play, buy coins, chat or contact us), automatically (technical and usage data as you use the Service), and from third parties you choose to connect — such as Google, Facebook or Apple when you sign in with them, and Stripe when you pay.
3. Our legal bases (GDPR)
Where the GDPR or UK GDPR applies, we process your personal data on these legal bases:
- Performance of a contract (Art. 6(1)(b)) — to create your account, run matches and matchmaking, operate the coin economy, and process the purchases you request.
- Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, prevent fraud, cheating and abuse, run leaderboards and social features, and improve the game. You can object at any time (see your rights).
- Consent (Art. 6(1)(a)) — for non-essential/advertising cookies and any optional marketing. You can withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)) — to meet accounting, tax, consumer-protection and other legal requirements.
4. How we use your data
- Run your account, matches, matchmaking, leaderboards, friends, clubs and the coin economy.
- Process coin purchases and keep the transaction records we are required to keep.
- Keep play fair and safe — prevent fraud, cheating, abuse and prohibited conduct.
- Respond to your questions and provide support.
- Understand how the Service is used (first-party, aggregated analytics) and improve it.
- Comply with our legal obligations and enforce our Terms.
5. Cookies & similar technologies
We use a strictly-necessary session cookie to keep you signed in — an httpOnly cookie set by the browser, never readable by page scripts and never stored in local storage. With your consent we may set advertising cookies; you can accept or decline them in the cookie banner and change your mind at any time. Declining non-essential cookies does not stop you playing.
6. Who we share it with
We share personal data only with service providers (processors) that help us run the Service, each bound to protect it and use it only on our instructions:
- Supabase — authentication and sign-in.
- Stripe — payment processing. Stripe acts as an independent controller of your payment data under its own privacy policy; we never see your full card details.
- Hosting & CDN providers (including Cloudflare) — to serve and protect the Service.
- First-party analytics — aggregated usage measurement run on our own infrastructure.
- Advertising provider — only if you consent to advertising cookies.
- Authorities or professional advisers — where required by law, to enforce our Terms, or to protect our rights, our users or the public.
We do not sell your personal data, and we do not share it for third-party marketing without your consent. A current list of our sub-processors is available on request.
7. International data transfers
We operate from Australia, and our providers may process data in Australia, the EU/EEA, the United Kingdom, the United States and elsewhere. Australia is not covered by an EU "adequacy" decision, so when we transfer personal data of EEA or UK users outside their region we rely on appropriate safeguards — principally the European Commission's Standard Contractual Clauses (with the UK Addendum) together with supplementary measures. You can request a copy of the safeguards we use.
8. How long we keep it
We keep your personal data only as long as needed for the purposes above: for the life of your account, and for a limited period afterwards where we must retain records — for example, purchase and tax records for the period required by Australian law, and security logs for a short window. When data is no longer needed we delete or anonymise it. You can delete your account at any time (see below).
9. Your rights & choices
Depending on where you live you have some or all of these rights over your personal data. Under the GDPR and UK GDPR you can:
- Access — obtain a copy of the personal data we hold about you.
- Rectify — correct data that is inaccurate or incomplete.
- Erase — have your data deleted (the "right to be forgotten"), subject to records we must keep.
- Restrict or object — limit or object to certain processing, including processing based on our legitimate interests.
- Portability — receive your data in a structured, portable format.
- Withdraw consent — for anything based on consent (e.g. advertising cookies) at any time, without affecting earlier processing.
- Complain — lodge a complaint with your local data-protection authority in the EEA, the UK Information Commissioner's Office (ICO), or the Australian Office of the Australian Information Commissioner (OAIC).
You can delete your account and data and turn off the country flag yourself from Account & privacy on your profile, manage advertising cookies from the consent banner, or exercise any right by emailing [email protected]. We respond within the time limits set by law (usually within one month) and will not charge you or treat you differently for exercising a right.
10. Security
We protect your data with measures appropriate to the risk: encrypted connections (HTTPS), an httpOnly session cookie, credentials hashed and handled by our authentication provider, an append-only ledger for coins, access controls and rate-limiting. No system is perfectly secure, but we work to protect your data and will notify you and the relevant authority of a personal-data breach where the law requires.
11. Children
The Service is intended for adults and is not directed at anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we will delete it.
12. Automated decisions & profiling
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Our opponent bots are for gameplay only and never use your personal data to make such decisions.
13. Marketing
We only send marketing where you have chosen to receive it or where the law allows, and every marketing message lets you opt out. Essential service messages — for example about your account, purchases or security — are not marketing and may still be sent.
14. Changes to this policy
We may update this policy from time to time; the "last updated" date above shows the current version, and we will tell you about material changes where the law requires. Continuing to use the Service after an update means you accept the revised policy.
15. Contact & complaints
Questions about privacy? Email [email protected] or visit our contact page.
EEA and UK users: our representative under Article 27 GDPR is [EU/UK representative — to be appointed], and you may also contact your local supervisory authority. Australian users may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
See also our Terms & Conditions.