Privacy Policy

Last Updated: November 26, 2025

Introduction

EmpireDrop Ltd (registration number HE452989), a company registered in the Republic of Cyprus with its registered office at 1 Souliou Street, Strovolos, Nicosia 2018, Cyprus (“EmpireDrop”, “we”, “us”, or “our”), is committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal data. This Privacy Policy explains how we collect, process, and share information when you use our website at https://www.empiredrop.com (the “Website”), access or use any of our online services, or otherwise interact with us.

This Privacy Policy applies to all personal data collected through the Website, our services and any related communications or interactions, whether you are a visitor, registered user, customer, or other user (“user”, “you”, or “your”). It also outlines your rights regarding your personal data and how you can exercise them in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”)  and other relevant data protection regulations.

For applicable data protection law, EmpireDrop acts as the data controller of the personal data that we collect about Users. “Data controller” means the person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

By using our Website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices as described here, you should refrain from using the Website and our services.

This Privacy Policy does not apply to third-party websites, applications or services that may be linked to or from our Website. We are not responsible for the privacy practices of such third parties, and we encourage you to review the privacy policies of any third-party services you interact with.

If you have any questions about this Privacy Policy or our handling of your personal data, you can contact us at [email protected]. 

Data Collected

We collect various categories of personal data to provide and improve our services. This includes:

• Contact Information: Email address, full name, and physical address (collected when you register an account or provide shipping details for rewards).
• Identity Verification Data: Government-issued ID documents and KYC photos (collected when you undergo Know Your Customer verification or age verification).
• Technical Information: IP address, device identifiers or device fingerprint, browser User-Agent, and locale/language settings (collected automatically when you use our website).
• Usage Data: Information about how you interact with our platform, such as pages visited, features used, clicks, and support inquiries (collected during your use of the Website or when you contact support).
• Transaction and Financial Data: Information about your deposits, withdrawals, in-platform purchases, winnings, and related payment details (such as transaction identifiers, payment method type, wallet addresses or limited card details, depending on the method used). We do not store full card numbers, but our payment processors may process card or account details as necessary to complete transactions.

When data is collected: You provide much of this data directly during account registration, identity verification (KYC), or when contacting us for support. Other data (like IP, device, and usage info) is collected automatically as you navigate and use the Website. We only collect personal data that is necessary for the purposes described in this policy.

Use of Personal Data

We use your personal data for the following purposes:

• Identity Verification & Compliance: To verify your identity and age, and to comply with legal obligations such as anti-fraud and Anti-Money Laundering (AML) requirements. This includes using KYC data to prevent identity theft and fraud.
• Providing Services: To create and manage your account, process transactions (e.g. mystery box purchases, deposits, and withdrawals of prizes or other eligible funds), ship physical items you win, and provide the features of our platform.
• Communication: To communicate with you about your account, transactions, customer support inquiries, and important updates or changes to our terms and policies. We may also send service-related announcements or security alerts as needed.
• Analytics and Improvement: To analyze usage of our website and features (via analytics tools) to improve platform performance, user experience, and troubleshoot technical issues.
• Marketing (with Consent): Only if you have given us your consent, we may send you marketing or promotional communications (such as newsletters, special offers, or updates about new features). You can opt out of marketing emails at any time. If you do not opt in, we will not send you marketing materials.
• Security, Fraud Prevention and Enforcement: To monitor for and prevent fraud, abuse, multi-accounting, money laundering, chargebacks, and other prohibited activities, and to enforce our Terms of Service (for example, by investigating suspicious behaviour, suspending or closing accounts, and adjusting balances or rewards where necessary).

We do not sell your personal data to third parties. We use it solely for the purposes above and in accordance with this Policy.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: Processing is necessary to provide our services and fulfill our contract with you. For example, we need your email to create your account and your KYC information to allow withdrawals.
• Legal Obligations: We must process certain data to comply with laws and regulations, such as AML laws requiring identity verification and record-keeping.
• Legitimate Interests: We may process data for our legitimate business interests, such as improving platform functionality, preventing fraud, ensuring IT security, and providing customer support – but only where these interests are not overridden by your data protection rights.
• Consent: We rely on your consent for specific processing activities when required. For instance, we will ask for your consent before using non-essential cookies or sending marketing emails. Where we rely on consent, you have the right to withdraw it at any time.

We rely on legitimate interests in particular for security, fraud prevention, customer support and basic analytics, and we rely on your consent for non-essential cookies and direct marketing communications.

We will always ensure that we have an appropriate lawful basis before processing your personal information.

Third-Party Service Providers

We share some of your information with trusted third-party service providers who help us run the Website. These providers process data only for the purposes we specify, in line with this Policy, and we ensure appropriate safeguards are in place. 

Our key service providers include and may change over time:

• Hosting Providers: for website hosting and data storage infrastructure.
• Content Delivery & Security: Cloudflare – for content delivery network (CDN) services, DDoS protection, and security (which may involve processing IP addresses for traffic management).
• Identity Verification: Sumsub – to conduct KYC checks and document verification for compliance purposes.
• Payment Processing: ZEN.COM, AlphaPo, Kinguin, G2A, SkinsBack, and Coinflow – to facilitate deposits, payments, and withdrawals (these providers handle payment details and transaction information as needed).
• Analytics: to collect website usage data and provide insights that help us improve our services. (These analytics services may use cookies or similar technologies as described in our Cookie Policy.)
• Email Services: to send transactional emails (like verification codes, receipts) and any marketing emails you agreed to receive. Your email address and name may be processed by these services for delivering messages.
• Affiliate and Marketing Partners: to manage our affiliate program and partnerships (e.g. tracking referrals and influencer campaigns).
• Customer Support: LiveChat – to provide live customer support chat on our Website, which may process data such as your chat name, email, and chat transcripts when you use support.
• Advertising and Retargeting: to deliver and measure advertising or retargeting campaigns, which may involve setting cookies or similar identifiers as described in our Cookie Policy.
• Security and Anti-Bot Services: Cloudflare Turnstile and hCaptcha – to protect our Website from bots and automated abuse by validating genuine user interactions. These services may collect information such as your IP address and browser/device details as part of the security checks.

Each of these third parties only receives the information necessary for their function (for example, our payment processors receive transaction-related data but not your ID documents). We do not allow our service providers to use your data for their own unrelated purposes.

International Data Transfers

Some of our service providers and partners are located outside the European Union / European Economic Area, or may store data in other countries. This means that your personal data may be transferred to and processed in jurisdictions that may not provide the same level of data protection as your home country. 

Where we transfer personal data outside the EU/EEA, we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses approved by the European Commission or transfers to countries for which the Commission has adopted an adequacy decision. You can contact us if you would like more information about these safeguards.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy, and to meet our legal and regulatory obligations. This means:

• Account information and profile data are kept for the duration of your account being active. If you close your account, we will delete or anonymize your personal data within a reasonable period, except where we are required to keep it.
• KYC data and transaction records may be retained for a minimum period as required by AML laws or other regulations. Even after you delete your account, we might be obligated to keep certain data for a set number of years to comply with legal record-keeping requirements.
• Usage data (analytics logs, cookies) is retained according to its purpose – for example, analytics data may be kept for internal analysis. Cookies have varying lifespans (see Cookie Policy for details), and you can clear them from your browser at any time.

Once the retention period expires or the data is no longer needed, we will securely erase or anonymize your personal data. We continuously review what data we have and delete or anonymize information that is no longer required.

User Rights

Your rights regarding personal data: We respect your rights to control your personal information. Depending on your jurisdiction, you have certain rights under data protection laws:

EU/EEA (GDPR) – Rights of Data Subjects

If you are in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: You can request a copy of the personal data we hold about you, and information about how we process it.
• Right to Rectification: You can ask us to correct or update inaccurate or incomplete personal information.
• Right to Erasure: You have the right to request deletion of your personal data (“right to be forgotten”) in certain circumstances – for example, if the data is no longer necessary or you withdraw consent.
• Right to Restrict Processing: You can request that we limit processing of your data (e.g., while we verify an accuracy claim or objection).
• Right to Object: You may object to our processing of your data when we process it based on legitimate interests, including any profiling. You also have the absolute right to object to your personal data being used for direct marketing purposes.
• Right to Data Portability: You can request a copy of your data in a common machine-readable format to transfer to another service provider, where applicable (this applies to data you provided to us and which we process by automated means based on your consent or contract).
• Right to Lodge a Complaint: If you believe we have infringed your data protection rights, you have the right to file a complaint with your national Data Protection Authority or the authority in the state where we are registered.

California Residents (CCPA)

If you are a resident of California, you are protected by the California Consumer Privacy Act (CCPA). Your rights under CCPA include:

• Right to Know: You can request to know what personal information we collect, how we use it, and the categories of third parties with whom we share it.
• Right to Delete: You can request that we delete personal information we have collected from you, subject to certain exceptions (for example, we may need to retain data to comply with legal obligations or complete transactions you’ve initiated).
• Right to Opt-Out of Sale: You have the right to direct us not to sell your personal information to third parties. At present, we do not sell personal data. If this ever changes, we will update this Policy and provide a clear way for you to opt out.
• Right to Non-Discrimination: We will not deny services, charge different prices, or provide a different level of service just because you exercised your privacy rights under CCPA.

Exercising Your Rights: You can exercise your rights by contacting us using the details in the Contact section below. We will respond to valid requests within the timeframe required by law. For security, we may need to verify your identity before fulfilling certain requests (for example, by asking you to provide information associated with your account). Exercising your privacy rights is free of charge.

Security

We take security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption: We use encryption (such as HTTPS/TLS) to protect data transmitted between your device and our servers. Sensitive information (like passwords) is stored in encrypted form.
• Access Controls: Personal data is accessible only by authorized personnel who require it to perform their duties. We employ role-based access controls to ensure staff members only access the data necessary for their role.
• Secure Infrastructure: Our servers are hosted in secure facilities (located in Germany) with robust physical and network security. We use firewalls, intrusion detection systems, and continuous monitoring to safeguard our systems.
• Audit and Training: We regularly review our data handling practices and provide training to our team on data security and privacy best practices.

While we strive to protect all information, no system can be 100% secure. However, we continuously update our security practices to meet or exceed industry standards. If we identify any data breach affecting your personal data, we will notify you and the appropriate authorities as required by law.

Children

Our services are not intended for individuals under 18 years of age. We do not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18, please do not use the Website or send us any personal data. In the event we learn that we have collected personal information from a minor under 18, we will take steps to delete such information promptly. Parents or guardians who believe that we might have any information from or about a child under 18 can contact us to request removal of that data.

Changes to the Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify users by posting a prominent notice on our website or via other communication (for example, via email or an in-site notification). The "Last Updated" date at the top of the policy will always indicate when the latest changes were made. We encourage you to review this Policy periodically to stay informed about how we protect your personal data.

Contact

If you have any questions about this Privacy Policy or your personal information, please contact our customer support via:

• Email: [email protected] 
• Mail: EmpireDrop Ltd, 1 Souliou Street, Strovolos, Nicosia 2018, Cyprus

You can also reach out to us through the support channels listed on our website. 

For privacy-specific concerns or requests (such as data access or deletion requests), contacting us via email is recommended so we can assist you promptly.