Privacy Policy

1. Who we are

FTDs.ai operates a managed first-time deposit campaign engine for iGaming operators. This policy explains what data we collect, why, and how we protect it.

2. Data collected by the SDK

The FTDs.ai on-site SDK captures session behaviour data only. This includes scroll depth, exit intent signals, CTA interactions, registration step changes, and deposit intent signals.

What the SDK does not collect

The SDK captures zero personally identifiable information (PII). No names, email addresses, IP addresses, payment details, or player account identifiers are collected. The session identifier is a randomly generated UUID v4 with no link to any operator player ID unless the operator explicitly maps it via a signed webhook.

3. Data collected via the dashboard

Operator account data collected through the dashboard includes organisation name, user email addresses, billing information (processed by Stripe), and campaign configuration data. This data is necessary to provide the service.

4. Data retention

Raw session event data is automatically purged after 90 days. Aggregate metrics derived from session data are retained indefinitely to support long-term reporting and optimisation. Operator account data is retained for the duration of the service agreement and deleted upon request following contract termination.

5. Data storage

Data is processed and stored in secure, enterprise-grade infrastructure. Data residency options are available based on operator requirements and discussed during onboarding.

6. GDPR compliance

FTDs.ai processes data as a data processor on behalf of operator clients (data controllers). We comply with the General Data Protection Regulation (GDPR) and implement appropriate technical and organisational measures to protect personal data.

Operators retain full control over their data and can exercise their rights under GDPR including the right to access, rectification, erasure, and data portability.

7. Data Processing Agreement

A Data Processing Agreement (DPA) is available on request and is required before any SDK installation. The DPA forms part of the Master Service Agreement between FTDs.ai and the operator.

8. Security measures

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access controls are enforced via row-level security at the database layer. Multi-factor authentication is required for all dashboard users. External penetration testing is conducted before any operator SDK installation.

9. Right to deletion

Operators can request full deletion of all their data at any time. Upon receiving a verified deletion request, all operator data including raw session events, aggregate metrics, campaign configurations, and account data will be permanently deleted within 30 days.

10. Contact

For privacy enquiries, data subject requests, or to request a DPA, contact privacy@ftds.ai.