Privacy Policy

**Our Firm Commitment:** At Lotiwon, we respect your privacy and are committed to protecting your personal data with the highest security standards. This Privacy Policy explains how we collect, use, protect, and share your information when you use our platform. **Policy Scope:** This policy applies to: • Lotiwon website (lotiwon.com) • Lotiwon mobile application (Android/iOS) • All services and features offered through the platform • All interactions with our support team **Our Core Principles:** ✓ **Transparency:** We explain exactly what we collect and why ✓ **Minimization:** We collect only what we need to provide the service ✓ **Security:** We protect your data with top-tier encryption ✓ **Control:** We give you the ability to manage your data

**Data You Provide Directly:** **A. Registration Information:** • Full name • Email address • Phone number (optional) • Date of birth • Country of residence • Password (encrypted) **B. Identity Verification (KYC) Information:** • Official ID photo (passport, ID card) • Proof of address • Selfie for verification **C. Financial Information:** • Payment method details (PCI-DSS encrypted) • Deposit and withdrawal history • Transaction records **Data We Collect Automatically:** **A. Usage Data:** • Login history and times • Pages visited • Draws participated in • Feature interactions **B. Technical Data:** • IP address • Browser type and version • Operating system • Device identifier (for app) • Cookie data **C. Location Data:** • Country (from IP address) • Time zone

**Primary Purposes:** **1. Service Delivery:** • Create and manage your account • Process deposits and withdrawals • Record your draw participations • Distribute winnings to winners • Send important account notifications **2. Security & Fraud Prevention:** • Verify your identity • Detect and prevent suspicious activities • Protect against fraud and money laundering • Ensure fair and clean play **3. Service Improvement:** • Analyze usage patterns • Develop new features • Fix technical bugs • Improve user experience **4. Communication:** • Send important account notifications • Updates about draws and results • Promotional offers (you can opt-out) • Respond to your inquiries **5. Legal Compliance:** • Respond to legal requests • Comply with anti-money laundering regulations • Report to authorities when necessary **Legal Basis for Processing:** • **Contract:** Necessary to provide our services • **Legitimate Interest:** Security and fraud prevention • **Consent:** Marketing and promotional communications • **Legal Obligation:** KYC/AML requirements

**Technical Security Measures:** **Encryption:** • 256-bit SSL/TLS encryption for all communications • AES-256 encryption for stored data • Password encryption with bcrypt algorithm • Payment data encrypted per PCI-DSS standards **Infrastructure:** • Servers protected by multi-layer firewalls • Cloudflare protection against DDoS attacks • Daily encrypted backups • Certified data centers (ISO 27001) **Access Control:** • Two-factor authentication (2FA) available • All administrative access logged • Principle of least privilege • Regular security audits **Organizational Security Measures:** • Employee training on data protection • Strict access policies for sensitive data • Confidentiality agreements with all employees • Data incident response plan **In Case of Breach:** If we discover any data breach affecting you: 1. We notify you within 72 hours maximum 2. We report to relevant authorities 3. We take immediate action to contain the breach 4. We provide necessary support to protect your account

**When We Share Your Data:** **1. Service Providers (Data Processors):** • Payment processors (for your financial transactions) • Identity verification services (KYC) • Cloud hosting providers • Analytics services (anonymized data) • Email and notification services **2. Legal Obligations:** • In response to valid court orders • Requests from authorized government authorities • Anti-money laundering (AML) requirements • Protecting our legal rights **3. Safety Protection:** • Preventing fraud and illegal activities • Protecting other users' safety • Investigating terms violations **What We NEVER Do:** ✗ We do NOT sell your personal data to any party ✗ We do NOT share your data for external marketing purposes ✗ We do NOT disclose your financial information to unauthorized parties **Data Sharing Safeguards:** • All third parties are bound by data protection contracts • We verify their compliance with security standards • We share only data necessary to perform the service

**What Are Cookies?** Cookies are small text files stored on your device when you visit our website. They help us remember your preferences and improve your experience. **Types of Cookies We Use:** **1. Essential (Mandatory):** • Enable login and authentication • Maintain user session • Ensure transaction security • Cannot be disabled **2. Functional (Recommended):** • Remember language preferences • Save display settings • Improve performance **3. Analytical (Optional):** • Understand how the site is used • Improve user experience • Measure feature effectiveness • We use Google Analytics (anonymized data) **4. Marketing (Optional):** • Display relevant ads • Measure campaign effectiveness • You can opt-out **Managing Cookies:** You can manage your preferences from: • Browser settings • Account settings page • Cookie consent popup **Note:** Disabling essential cookies may affect website functionality.

**Your Rights Under Data Protection Laws:** **1. Right to Access:** • Request a copy of your personal data • Know how we use your data • Get information about third-party sharing **2. Right to Rectification:** • Correct any inaccurate data • Update your personal information • Complete incomplete data **3. Right to Erasure ("Right to be Forgotten"):** • Request deletion of your personal data • **Limitations:** We cannot delete legally required data (transaction records, KYC) **4. Right to Restriction:** • Restrict processing of your data in certain cases • Temporarily stop data use during verification **5. Right to Data Portability:** • Obtain your data in machine-readable format • Transfer your data to another service **6. Right to Object:** • Object to direct marketing • Object to processing based on legitimate interest **How to Exercise Your Rights:** 📧 Email us at: privacy@lotiwon.com 📋 Or through: Account Settings > Privacy **Response Time:** We respond within 30 days maximum

**Data Retention Policy:** We retain your data only for the period necessary to fulfill the purposes outlined in this policy, or as required by law. **Retention Periods:** | Data Type | Retention Period | |-----------|------------------| | Account data | Duration of active account + 3 years | | Transaction records | 7 years (legal requirement) | | KYC documents | 5 years after account closure | | Draw participation records | 5 years | | Support records | 3 years | | Marketing data | Until opt-out | | Log files | 90 days | **After Retention Period:** • Data is securely deleted • Or anonymized for analytics • Backups destroyed per schedule **Exceptions:** We may retain data longer in case of: • Ongoing legal disputes • Active investigations • Regulatory requirements

**Requesting Account Deletion:** You can request account deletion at any time from: • Account Settings > Delete Account • Or by emailing: support@lotiwon.com **Deletion Process:** 1. **Verification:** We confirm your identity 2. **Grace Period:** 14 days to cancel the request 3. **Execution:** Data deleted after period ends **What Gets Deleted:** • Personal account information • Preferences and settings • Participation history (after retention period) • Marketing data **What Is NOT Deleted (Legal Requirements):** • Financial transaction records (7 years) • KYC documents (5 years) • Fraud/violation records **Important Note:** • Remaining balances must be withdrawn before deletion • Deletion is permanent and irreversible • Anonymized data may remain for analytics

**Strict Policy:** Lotiwon is **NOT intended** for individuals under 18 years of age. **Our Commitment:** • We do not knowingly collect data from minors • We do not allow account creation for those under 18 • We require age verification during registration **If We Discover a Minor's Account:** 1. Account is immediately suspended 2. All associated data is deleted 3. Any balances or winnings are forfeited **Reporting:** If you believe a minor has registered on the platform: 📧 Report immediately: safety@lotiwon.com

**Data Location:** Your data may be processed and stored in different countries, including: • Egypt (headquarters) • European Union (backup servers) • United States (cloud service providers) **Transfer Safeguards:** When transferring data internationally, we ensure: • Recipients comply with equivalent data protection standards • Use of approved Standard Contractual Clauses (SCCs) • Verification of security certifications (ISO 27001, SOC 2) **Your Rights:** You can inquire about: • Your data storage locations • Applied safeguards • Receiving parties For inquiries: privacy@lotiwon.com

**Policy Updates:** We may update this policy from time to time. Material changes will be announced via: • In-app notification • Email message • Update of "Last Modified" date at the top We recommend reviewing this policy periodically to stay informed. **Contact Us:** For any privacy-related inquiries: 📧 **Email:** privacy@lotiwon.com 📧 **General Support:** support@lotiwon.com 📧 **Legal Affairs:** legal@lotiwon.com **Data Protection Officer (DPO):** dpo@lotiwon.com **Response Time:** We commit to responding to all inquiries within 30 days. **Complaints:** If you are not satisfied with our response, you have the right to file a complaint with the relevant regulatory authority in your country.