Privacy Policy
This page describes what personal information Instaspin collects from visitors, why, where it is stored, who it is shared with, and how to exercise your rights under UK privacy law. The technical companion — cookies, analytics, browser storage — is on the Cookie Policy page; this page is the human-readable version of the same arrangement.
Instaspin is operated as an independent informational platform; the wider context is on the About page. This privacy policy applies to the Instaspin website only. Once a reader clicks through to an operator's site, that operator's own privacy policy applies; Instaspin does not share data with operators except in the limited form described below.
1. What Instaspin is
Instaspin publishes reviews and guides about online casinos available to UK players. The flagship operator review is the Instaspin Casino homepage. The site does not host games, run player accounts, accept deposits, retain funds or process withdrawals. There is no signup. There is no login. The default visit involves no data exchange beyond standard web traffic. Where Instaspin does collect personal data — for instance, when you write to us through the contact channels — this page describes exactly what happens to it.
2. UK privacy law context
Instaspin handles personal information in accordance with the UK GDPR and Data Protection Act 2018 and the thirteen UK GDPR principles administered by the Information Commissioner's Office (ICO). For European visitors, GDPR rights are also honoured. For Californian visitors, CCPA rights are honoured to the extent they apply. Where a stricter rule applies under any of these frameworks, the stricter rule wins.
3. What data Instaspin collects
Three categories. Technical traffic data, voluntarily submitted contact data, and aggregated analytics.
| Category | What is collected | Why | Legal basis |
|---|---|---|---|
| Technical traffic data | IP address (anonymised after 24h), browser type, device type, page URL requested, timestamp, referrer. | Serve pages, prevent abuse, debug performance issues. | Legitimate interest under UK GDPR Article 6 legitimate interest. |
| Voluntary contact data | Name, email address, message content, supporting documents you choose to attach. Submitted only if you write to us. | Reply to your enquiry. | Consent under UK GDPR consent basis (you provide the data; we use it for the stated purpose). |
| Aggregated analytics | Pseudonymous traffic statistics generated by Google Analytics 4 with IP anonymisation enabled. | Understand which pages are useful and which are not. | Consent (you can decline analytics cookies on first visit). |
Instaspin does not collect: financial data (no payment processing happens on this domain), gambling-account credentials (we do not run accounts), biometric data, location beyond country level (derived from anonymised IP), or special-category data (race, religion, health, sexual orientation, political opinion). Targeted advertising and remarketing are not used; the funding model that supports the site is on the Affiliate Disclosure page.
4. Cookies and similar technologies
The cookies Instaspin uses, the third-party services that set them, and how to control them are described in detail on the Cookie Policy page. The short version: strictly required cookies (page loading, consent banner state and abuse prevention) are always set; analytics and affiliate-tracking cookies are set only with your consent through the cookie banner; you can alter your selection at any time using the link in the footer.
5. Affiliate links and operator-side tracking
When you click an outbound operator link on Instaspin, three things take place. First, an internal redirect hosted at /go records the click for our analytics (whether or not you proceed). Second, your browser is forwarded to the operator's platform. Third, the operator may set its own cookies and treat the visit as a referral attribution. Instaspin does not pass your name, email, or any other identifying personal data to the operator. The operator simply learns that "a visitor arrived from Instaspin". If you go on to register an account on the operator's platform, that registration is governed by the operator's own privacy notice, not by this one.
6. How long data is retained
- IP addresses: raw IPs are kept for up to 24 hours for abuse prevention, then anonymised by truncating the final octet (IPv4) or last 80 bits (IPv6). Anonymised IPs are kept up to 14 months for traffic statistics.
- Contact correspondence: messages and any attached files are retained for 24 months for follow-up and audit reasons, after which they are removed unless still part of an active conversation.
- Analytics events: data captured through Google Analytics 4 is held for 14 months under our current configuration, after which it is automatically purged.
- Cookie-consent record: the consent record itself lives locally inside your browser for 12 months, after which the consent banner is shown again.
Where statutory rules call for longer retention — for example, tax records under HMRC bookkeeping obligations tied to affiliate accounting — the relevant data sits in storage solely for the legally mandated window and is not repurposed for anything else.
7. Who Instaspin shares data with
Three controlled categories of third-party recipient. Service providers handling components of the Instaspin infrastructure — web hosting, content delivery, email — each bound by a written data-processing agreement that confines their use of the data to delivering the service. Analytics providers (Google Analytics 4): IP-anonymised traffic data only, no personally identifying information. Law-enforcement bodies and regulators: only in response to a valid legal demand, and only the data covered by the demand. Instaspin does not sell, rent or trade personal data to anyone, ever.
8. Where data is stored
Instaspin infrastructure is hosted by cloud providers in the UK and the European Economic Area. Certain service providers — notably Google Analytics 4 in particular — process data within the United States. When data leaves the UK, the recipient is bound either through Standard Contractual Clauses or by an equivalent regime that the ICO has assessed as providing protection at least as strong as UK law.
9. Your rights
Under the UK GDPR, and the equivalent rules in other jurisdictions, you have the rights set out below in relation to any personal data Instaspin retains about you.
- Access: ask what we hold and receive a copy.
- Correction: ask for inaccurate data to be corrected.
- Deletion: request that your data be erased, subject to any legal retention obligations that may apply.
- Consent withdrawal: where processing relies on your consent, you may withdraw that consent at any point, without invalidating any processing carried out earlier under lawful basis.
- Complaint: if you think Instaspin has mishandled your data, the complaints route is the ICO via ico.org.uk. British readers should typically reach out to us first so that we have an opportunity to resolve the matter directly.
To exercise any of these rights, email the privacy address listed on the Contact page. Instaspin will reply inside the 30-day window required by the UK GDPR.
10. Children's privacy
Instaspin content is directed at adult UK readers. The site is not directed at, and not intended for, anyone below the age of 18. We do not knowingly collect personal data from under-18s. If we become aware that data has been provided by someone under 18, that data is deleted and (where applicable) the parent or guardian is notified.
11. Security
Instaspin runs industry-standard security controls: TLS 1.2 or higher for all data moving across the network; access management and least-privilege rules across internal systems; periodic checks of who has access to what; complete logging of administrative actions; scheduled third-party penetration testing of the public-facing site. No system is unbreakable; in the event of a personal-data breach that is likely to result in serious harm, the affected individuals will be notified directly and the ICO will be informed in accordance with the ICO breach notification regime under the UK GDPR.
12. Changes to this policy
Whenever this policy is amended, the "Last updated" date at the top is refreshed. Material amendments — fresh categories of data being collected, additional third-party processors, revised retention periods — come with a banner displayed on the home page for at least 30 days. Minor housekeeping edits (rewording or link updates) do not trigger a banner.
13. Contact
Privacy enquiries are best routed to the privacy address listed on the Contact page. Editorial enquiries concerning Instaspin content move through the editorial channel; correction requests are dealt with under the workflow on the Editorial Policy page. Player-safety guidance applicable to anyone reading this site is on the Responsible Gambling page.