burger icon
Super Boss United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how AXO L.L.C., operating the online casino brand “Super Boss” at suprboss.com (including its UK-facing version referred to as Super Boss), collects, uses, stores and protects your personal data. It applies to all players, visitors and other individuals who access suprboss.com, its subdomains, mobile versions and related services. By using suprboss.com, you acknowledge that your personal data will be processed in accordance with this Privacy Policy. This Privacy Policy is effective from 1 January 2026.

Who We Are

OBSERVE: suprboss.com is operated by an offshore gambling company serving UK players without a UK Gambling Commission licence, primarily under Curacao regulation.

EXPAND: For data protection purposes, it is important that you know who is responsible for your personal data and how you can contact them.

REFLECT: We therefore clearly identify our legal entity, licensing framework and contact channels below.

Data controller: The controller responsible for processing your personal data in connection with suprboss.com (including Super Boss) is:

AXO L.L.C.
Abraham de Veerstraat 9
Curacao

AXO L.L.C. operates the “Super Boss” online casino under Master Licence 8048/JAZ2020-013 issued by Antillephone N.V. in Curacao. AXO L.L.C. is not licensed by the UK Gambling Commission and is considered an offshore / non-GamStop operator for UK players.

Contact for privacy matters (data protection contact / DPO function):

  • E-mail: [email protected] (preferred channel)
  • Postal correspondence: AXO L.L.C., Privacy Officer, Abraham de Veerstraat 9, Curacao

If you contact us about your privacy rights, please include your full name, registered account username, and the country where you are located (for example, the UK) so we can handle your request under the correct legal framework (such as UK GDPR).

What Personal Data We Collect

OBSERVE: Running an online gambling platform requires identifying players, operating accounts, handling payments, and protecting against fraud and money laundering.

EXPAND: This leads to several categories of personal and technical data being collected when you visit suprboss.com, register, deposit, play or withdraw.

REFLECT: We group these categories below to explain what we collect and why.

Identification and contact data

  • Basic registration data: full name, date of birth, country of residence, address, e-mail address, username, and password.
  • Contact data: e-mail address and any other contact details you provide (for example, messaging handles) for support, verification and account communication.
  • KYC/AML data: copies of identity documents (passport, ID card, driving licence), proof of address (utility bill, bank statement), payment ownership documents and any additional information requested during enhanced due diligence, particularly when withdrawals exceed certain thresholds (for example, initial withdrawals above approximately £500 equivalent).

Technical and device data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, language settings, and time zone.
  • Usage logs: login timestamps, session duration, pages visited, clicks, error logs and similar diagnostic information generated by your use of suprboss.com.

Payment and transaction data

  • Deposit data: chosen payment method (e.g., Visa/Mastercard, Skrill/Neteller, crypto such as BTC/ETH/USDT/LTC), transaction identifiers, amount, currency, and time of transaction.
  • Withdrawal data: withdrawal method (e.g., crypto, bank transfer), destination wallet or bank details as provided by you, transaction identifiers, amounts and timestamps.
  • Processing metadata: risk assessment results, fraud flags, chargeback records, and interactions with payment processing subsidiaries (often located in Cyprus) and other financial intermediaries.

Gaming and behavioural data

  • Account activity: login history, verification status, self-exclusion or account-limitation settings (if used) and responsible gaming tools you enable.
  • Gameplay data: betting and game history, stakes, wins/losses, bonus usage, tournament participation and other in-game actions.
  • Behavioural data: clicks, navigation paths, time spent on different sections of the website, and reactions to promotions or communications (e.g., whether an email was opened).

Cookies and similar technologies

  • Cookies: small text files stored on your device that may be session-based (deleted when you close your browser) or persistent (stored for a longer period).
  • Similar technologies: web beacons, tracking pixels, local storage or SDKs used to recognise your browser or device, measure traffic, and personalise content, including through third-party analytics and advertising partners.

Where we collect data that is required by law or necessary to enter into a contract with you (for example, KYC documents for withdrawals), failure to provide such data may result in our inability to open an account, process a payment or allow you to continue using certain services.

Legal Basis for Processing

OBSERVE: As we serve UK players and individuals from other countries, our processing is primarily governed by the UK General Data Protection Regulation (“UK GDPR”) and, for EU-based individuals, the EU GDPR.

EXPAND: These laws require us to identify one or more legal bases for each processing activity.

REFLECT: Below are the main legal bases we rely on when processing your personal data.

  • Performance of a contract: We process data necessary to create, administer and operate your player account; to allow deposits, gameplay and withdrawals; to verify your identity before paying out winnings; and to provide customer support. Without this data, we cannot fulfil our contractual obligations to you.
  • Compliance with legal obligations: We are required under applicable anti-money laundering (AML), counter-terrorist financing (CTF), fraud prevention, tax reporting and gambling regulations in Curacao and relevant international standards to perform identity verification (KYC), monitor transactions, keep certain records and report suspicious activities to competent authorities. These obligations may require us to retain your data for specific minimum periods.
  • Legitimate interests: We process data to maintain the security and integrity of suprboss.com (including detecting and preventing fraud, bonus abuse, multi-accounting and payment risks); to improve our services and user experience; to perform aggregated analytics; to defend our legal rights; and to manage business operations, including the use of Cyprus-based or other regional payment processing subsidiaries. When relying on legitimate interests, we balance our interests against your rights and reasonable expectations.
  • Consent: In certain situations, we rely on your consent, for example for:
    • sending electronic marketing communications not covered by soft opt-in rules;
    • using non-essential cookies and similar technologies for personalised advertising;
    • processing certain special categories of data if you voluntarily disclose them to us in a context requiring explicit consent.
    You may withdraw your consent at any time (see “Your Rights” below), but this will not affect the lawfulness of processing before withdrawal.

Purpose of Processing

OBSERVE: We process personal data for multiple purposes related to operating an offshore online casino for UK and other international players.

EXPAND: These purposes are linked directly to our contractual obligations, legal duties and legitimate interests.

REFLECT: The main purposes are as follows.

  • Provision of casino services: to register and manage your account; enable deposits, gameplay and withdrawals; issue bonuses; administer tournaments and loyalty schemes; and provide customer support.
  • Regulatory and legal compliance: to perform KYC/AML checks, prevent fraud and money laundering, monitor transactions, maintain mandatory records, and cooperate with lawful requests from regulators and other competent authorities.
  • Service improvement and analytics: to analyse website usage and gameplay patterns; troubleshoot technical issues; improve usability and platform performance; and develop new features and products.
  • Marketing and personalisation: to send you promotional communications about suprboss.com (where permitted) and to tailor content, offers and recommendations based on your profile and behaviour, including via cookies and third-party advertising networks when you consent.
  • Security and fraud prevention: to protect our platform, players and business from unauthorised access, hacking, payment abuse, chargebacks, bonus abuse, and other fraudulent activities; to detect unusual activity such as the “KYC loop” scenarios reported in the industry; and to manage related disputes.
  • Business operations: to manage our relationship with payment processing subsidiaries (for example, in Cyprus), crypto payment providers, IT and other suppliers; and to support corporate governance, audits and risk management.

Disclosure & Sharing

OBSERVE: Operating suprboss.com requires cooperation with third parties such as payment processors, IT providers and regulators.

EXPAND: We only share personal data when necessary, subject to appropriate safeguards and contractual obligations.

REFLECT: The main categories of recipients are listed below.

  • Group companies and affiliates: entities that are under common ownership or control with AXO L.L.C., including any payment processing subsidiaries (often located in Cyprus) and marketing affiliates that promote suprboss.com to UK and international players.
  • Payment service providers: banks, card schemes (e.g., Visa/Mastercard), e-wallets (e.g., Skrill, Neteller) and crypto payment processors handling deposits and withdrawals, as well as intermediaries who help route transactions to offshore gambling merchants where traditional UK banking channels may block or restrict such payments.
  • Verification, fraud and AML partners: third-party providers performing identity verification, document checks, transaction monitoring, risk scoring and sanctions screening, in order to meet KYC/AML obligations and protect against fraud.
  • Technical and IT service providers: hosting companies, platform developers, customer support tools, analytics providers and other IT vendors who process data on our behalf to operate and improve suprboss.com.
  • Advertising and analytics partners: third-party networks and platforms providing analytics, retargeting or personalised advertising services, only where this involves personal data and where permitted by applicable law and your cookie/marketing preferences.
  • Regulators and authorities: licensing and supervisory bodies in Curacao (such as Antillephone N.V.), financial intelligence units, law enforcement and tax authorities, where we are legally required to provide information or where disclosure is necessary to protect our legal rights.
  • Professional advisers: lawyers, auditors and consultants engaged by AXO L.L.C. in connection with regulatory inquiries, disputes, audits or corporate transactions.
  • Business transfers: in the event of a merger, acquisition, restructuring or sale of all or part of our business, personal data may be shared with potential or actual purchasers and their advisers, subject to confidentiality obligations.

We do not sell your personal data in the sense of transferring it to third parties for monetary consideration independent of the purposes described in this Privacy Policy.

International Transfers

OBSERVE: AXO L.L.C. is registered in Curacao and works with service providers located in different countries, including Cyprus-based payment processing subsidiaries and other international partners.

EXPAND: This means your data may be transferred outside the UK and the European Economic Area (EEA) to countries that may not offer the same level of data protection as your home jurisdiction.

REFLECT: We apply appropriate safeguards to protect your data during such transfers.

  • Curacao: Your data is processed and stored on systems operated from or accessible in Curacao, where AXO L.L.C. is registered and licensed under Master Licence 8048/JAZ2020-013.
  • Cyprus and other EEA locations: Payment processing and certain support services may be handled by subsidiaries and partners located in Cyprus or elsewhere in the EEA, which benefit from EU/EEA data protection rules.
  • Other non-UK/EEA countries: Some service providers (for hosting, analytics, customer support or crypto payment processing) may be located in other countries outside the UK/EEA.

Where we transfer personal data from the UK or EEA to countries that do not have an adequacy decision, we implement appropriate safeguards, which may include:

  • standard contractual clauses approved by the European Commission or UK authorities (such as the UK International Data Transfer Agreement), as applicable;
  • contractual obligations requiring recipients to apply data protection standards that are essentially equivalent to those in the UK / EEA;
  • technical measures such as encryption, access controls and pseudonymisation.

You may contact us at [email protected] for further information on the specific safeguards used in connection with a particular transfer, where legally permitted.

Data Retention

OBSERVE: We must retain certain data to operate your account, comply with legal obligations (including AML/CTF) and resolve disputes.

EXPAND: Retention periods depend on the nature of the data and our regulatory environment as an offshore operator serving UK players from Curacao.

REFLECT: We apply the principle of storage limitation: data is kept only as long as necessary for the purposes described.

Data category Typical retention period
Player account data (identification, contact details, account history) For the life of the account and generally up to 5 years after account closure, unless a longer period is required for legal, regulatory or dispute-related reasons.
Transaction and payment records At least 5 years and up to 10 years from the date of the relevant transaction, to comply with AML/CTF obligations, accounting and tax rules.
KYC/AML documentation Generally 5 years after the end of the business relationship or the date of the last transaction, subject to longer retention where required by applicable AML laws.
Gameplay and betting history For the life of the account and up to 5 years after account closure, to handle disputes, responsible gaming inquiries and regulatory requirements.
Marketing and communications data Until you opt out of marketing, plus a short period (normally up to 2 years) to document your preferences and demonstrate compliance.
Technical logs and analytics Typically up to 12 months from collection, unless a longer period is required to investigate security incidents or persistent technical issues.

When data is no longer required, we will either securely delete or anonymise it so that it no longer identifies you. Where immediate deletion is not technically feasible (for example, stored in backups), we will securely isolate the data and prevent further processing until deletion is possible.

Your Rights

OBSERVE: Individuals using suprboss.com from the UK and other countries have rights over their personal data.

EXPAND: For UK residents, these rights arise under the UK GDPR and the Data Protection Act 2018. EU residents have similar rights under the EU GDPR. Individuals in Mexico may also benefit from rights under Mexican data protection law (such as the Federal Law on the Protection of Personal Data Held by Private Parties, “LFPDPPP”).

REFLECT: We respect these rights and have processes in place to help you exercise them.

Core data protection rights

  • Right of access: You can request confirmation whether we process your personal data and receive a copy of that data, along with information about how we use it.
  • Right to rectification: You can ask us to correct inaccurate or incomplete personal data. In many cases, you can update your details directly in your account profile.
  • Right to erasure (“right to be forgotten”): You can request deletion of your personal data where it is no longer needed for the purposes for which it was collected, where you withdraw consent (if consent was the only legal basis), or where processing is unlawful. We may need to retain certain data despite your request if required by AML/CTF, tax or other legal obligations.
  • Right to restriction of processing: You can ask us to restrict processing of your data in certain circumstances (for example, while we verify its accuracy or when you object to processing based on legitimate interests).
  • Right to object: You may object to processing based on our legitimate interests, including profiling related to those interests. We will stop processing unless we demonstrate overriding legitimate grounds or the processing is needed for legal claims.
  • Right to data portability: For data you provided to us that we process by automated means based on your consent or a contract, you can request a copy in a structured, commonly used and machine-readable format and ask us to transmit it to another controller where technically feasible.
  • Right to withdraw consent: Where we rely on your consent (for example, for marketing communications or non-essential cookies), you can withdraw it at any time via your account settings, the unsubscribe link in emails or by contacting us. Withdrawal does not affect processing carried out before the withdrawal.

Additional notes for Mexican users

If you are located in Mexico, you may have additional rights under Mexican data protection law, commonly referred to as ARCO rights (Access, Rectification, Cancellation and Opposition). You can exercise these rights through the same contact channels described below. We will consider such requests in light of applicable Mexican law and other relevant regulations.

How to exercise your rights

  • Contact channel: Send an e-mail to [email protected] from the address linked to your suprboss.com account, clearly stating which right you wish to exercise and providing sufficient information to identify you.
  • Verification: To protect your account and data, we may ask for additional information to verify your identity, especially for access, portability and erasure requests.
  • Response time: We aim to respond within one month (30 days) of receiving your request. For complex or multiple requests, this period may be extended by up to two further months; if so, we will inform you of the extension and reasons.
  • Charges: We do not charge a fee for handling your request, unless it is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse to act, as permitted by law.

Cookies & Tracking Technologies

OBSERVE: suprboss.com uses cookies and similar technologies to provide core functionality, enhance your experience and, where permitted, support analytics and advertising.

EXPAND: Some cookies are essential for the website to function, while others are optional and used only with your consent.

REFLECT: Below we explain the types of cookies we use and how you can manage them.

Types of cookies

  • Session cookies: Temporary cookies that exist only while your browser is open. They enable basic functions such as keeping you logged in during a session and ensuring security during your visit. They are deleted when you close your browser.
  • Persistent cookies: Cookies that remain on your device for a defined period or until you delete them. They allow us to remember your preferences (such as language, region, or saved settings) and recognise you when you return to suprboss.com.
  • First-party cookies: Cookies set directly by suprboss.com to provide core services and functionality.
  • Third-party cookies: Cookies set by third-party service providers (for example, analytics tools or advertising networks) to measure performance, help prevent fraud, or deliver personalised content and marketing where permitted.

Purposes of cookies

  • Strictly necessary / functional: Required for the site to operate, including enabling secure login, processing bets, and remembering choices necessary to provide the services you request.
  • Analytics and performance: Used to understand how visitors use suprboss.com (e.g., most visited pages, error messages) so we can improve usability and performance.
  • Advertising and personalisation: Used, where legally permitted and subject to your consent, to deliver relevant marketing messages, measure campaign effectiveness and personalise offers on suprboss.com or third-party platforms.

Managing cookies

  • You can manage or disable cookies through your browser settings. Most browsers allow you to block or delete cookies, or to be notified before a cookie is stored.
  • Where available, you may also use our internal cookie preferences panel or banner on suprboss.com to accept or reject different categories of non-essential cookies.
  • Please note that blocking or deleting certain cookies may affect the functionality of suprboss.com and your ability to use some features, including secure login and gameplay.

Data Security

OBSERVE: Operating an offshore online casino for UK players involves heightened risks regarding fraud, cyberattacks and regulatory scrutiny.

EXPAND: To mitigate these risks, we implement a combination of technical and organisational measures to protect personal data.

REFLECT: While no system can be completely secure, we strive to maintain a level of security appropriate to the risks of processing.

  • Encryption: Data transmitted between your browser and suprboss.com is protected using TLS 1.2+ or higher encryption protocols. Where appropriate, sensitive data is encrypted at rest on our servers or within secure databases.
  • Access controls and authentication: Access to personal data is restricted to authorised personnel and service providers who need it for legitimate business purposes, based on role-based access controls. Internal access requires strong authentication, and multi-factor authentication is implemented for critical systems.
  • Network and infrastructure security: Firewalls, intrusion detection/prevention systems, anti-malware solutions and monitoring tools are used to protect our infrastructure from unauthorised access and malicious activity.
  • Security governance and training: Staff with access to personal data receive training on data protection, confidentiality and security responsibilities. Internal policies govern data handling, retention and incident response.
  • Vendor management: Third-party service providers who process data on our behalf are required to adopt security standards consistent with our own and with applicable law. We perform due diligence and, where appropriate, obtain contractual commitments regarding security and data protection.
  • Incident response: We maintain procedures to identify, investigate and respond to suspected personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals in accordance with legal requirements.
  • Alignment with standards: We aim to align our security controls with recognised international standards (such as ISO 27001 and SOC 2) as far as reasonably practicable for our operational model, although suprboss.com may not hold formal certifications.

Complaints & Contacts

OBSERVE: Even with robust safeguards, you may wish to raise questions or complaints about how we process your data.

EXPAND: You have the right to contact us directly and, if dissatisfied, to escalate your concerns to a relevant supervisory authority.

REFLECT: We describe the available channels and steps below.

Contacting us

  • E-mail (primary): [email protected]
  • Postal address: AXO L.L.C., Privacy Officer, Abraham de Veerstraat 9, Curacao

When submitting a complaint, please:

  1. Describe your concern clearly (for example, access request delay, marketing preference issue, data accuracy concern).
  2. Provide your suprboss.com username, registered e-mail address and country of residence (e.g., UK).
  3. Attach any relevant documentation (such as screenshots or correspondence).

We aim to acknowledge your complaint within a reasonable time and provide a substantive response within 30 days. For complex issues, we may need more time but will keep you informed about progress.

Escalation to supervisory authorities

If you are not satisfied with our response or believe that our processing of your personal data infringes applicable data protection law, you may lodge a complaint with a supervisory authority:

  • United Kingdom (UK residents):
    Information Commissioner's Office (ICO)
    Website: www.ico.org.uk
    Phone (from within the UK): 0303 123 1113
  • European Union (EU residents): You may contact your local data protection authority in the EU member state where you live, work or where you believe an infringement occurred. Contact details are available on the European Data Protection Board website.
  • Mexico (if applicable): If Mexican data protection law applies to you, you may lodge a complaint with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI). Website: www.inai.org.mx.

Please note that AXO L.L.C. is established in Curacao and not in the UK, EU or Mexico. However, where we target or serve residents of these jurisdictions (such as UK players), we take reasonable steps to respect applicable data protection frameworks and cooperate with supervisory authorities as required.

Updates

OBSERVE: Our services, regulatory environment and technical measures may evolve over time, especially given the offshore nature of suprboss.com and changing attitudes toward non-UKGC casinos.

EXPAND: We may therefore need to update this Privacy Policy to reflect new legal requirements, industry standards or changes to how we process personal data.

REFLECT: We are committed to informing you about material changes in a transparent manner.

  • Notification methods: When we make significant changes, we will notify you by one or more of the following:
    • e-mail sent to the address associated with your account;
    • prominent notice or banner on suprboss.com (including the Super Boss interface);
    • alerts or messages within your account dashboard.
  • Advance notice: For material changes that significantly affect your rights or how we use your data, we will provide, where practicable, at least 30 days' notice before the new terms take effect, so you can review them and decide whether to continue using our services.
  • Your options: If you do not agree with the updated Privacy Policy, you may close your account and stop using suprboss.com. Continued use of the services after the effective date of the updated Privacy Policy will constitute your acceptance of the changes.
  • Version control: Each version of this Privacy Policy will be identified by a “Last updated” date. We also maintain internal records of material changes for accountability.

Last updated: January 2026