Privacy Policy

Raffair (“we”, “us”) is the data controller for the personal data described here. For any privacy question or to exercise your rights, contact us at support@raffair.co.uk.

We collect the following categories of personal data:

• Account data — your name, email address, date of birth (to confirm you are 18+), and password (stored only as a secure hash).
• Social login data — if you sign in with Facebook, Google, or Apple, we receive a unique account identifier and, where you allow it, your name and email address. We use this only to create or sign you into your Raffair account. We do not post to your social accounts or access your contacts or friends.
• Payment data — card payments are processed by Stripe. We do not store full card numbers; we hold a record of your transactions and payout details.
• Identity verification — for prize payouts and regulatory compliance we may verify your identity via Stripe Identity.
• Usage and device data — IP address, browser/device information, and activity logs used for security, fraud prevention, and improving the service.

We use your data to:

• create and secure your account and sign you in;
• process ticket purchases, run draws, and pay winners;
• verify age and identity and meet legal and anti-fraud obligations;
• support responsible-play tools such as limits and self-exclusion;
• communicate with you about your account and entries; and
• maintain, secure, and improve the platform.

Our lawful bases under UK GDPR are: performance of our contract with you, compliance with legal obligations, our legitimate interests in running a secure platform, and your consent where required (for example optional marketing).

We share data only as needed to run the service: with Stripe (payments and identity), our hosting and infrastructure providers, email delivery providers, and analytics/error- monitoring tools, and with authorities where the law requires. We do not sell your personal data.

We keep personal data only as long as necessary for the purposes above. Some records — completed transactions, payouts, identity checks, and self-exclusion requests — are retained for the periods required by law and regulation even after you close your account.

Under UK GDPR you can access, correct, or delete your data, object to or restrict certain processing, withdraw consent, and request portability. To exercise any right, email support@raffair.co.uk. You also have the right to complain to the Information Commissioner's Office (ICO).

You can request deletion of your account and personal data at any time, including data obtained via Facebook Login. See our data deletion instructions for how to do this.

We use cookies to keep you signed in and to understand usage. See our Cookie Policy for detail.