← Back to HomePrivacy Policy

CRYSTAL SPORT

Privacy Policy

Effective Date: April 2026 | Version 1.0

Last Updated: April 23, 2026

Crystal Sport Limited is committed to protecting your privacy and complying with the Nigeria Data Protection Regulation (NDPR) 2019. This policy explains how we collect, use, and protect your personal data.

Table of Contents

1. Who We Are

Crystal Sport Limited ('Crystal Sport', 'we', 'us', or 'our') operates the Crystal Sport betting platform at crystalsport.ng. We are the Data Controller responsible for your personal data.

Registered Address: Nigeria

Data Protection Officer: dpo@crystalsport.ng

NLRC Licence: [NLRC Licence Number]

2. Data We Collect

2.1 Information You Provide

  • Identity data: Full name, date of birth, gender.
  • Contact data: Phone number, email address, residential address.
  • Identity verification data: BVN (Bank Verification Number), NIN (National Identification Number), government-issued ID documents, selfie photographs.
  • Financial data: Bank account details, transaction history, deposit and withdrawal records.
  • Account data: Username, password (hashed), preferences, betting history.
  • Communications: Messages sent to our support team, dispute submissions.

2.2 Data Collected Automatically

  • Technical data: IP address, browser type, operating system, device fingerprint.
  • Usage data: Pages visited, features used, time spent on Platform, click patterns.
  • Location data: Country and city derived from IP address.
  • Session data: Login times, session duration, authentication events.
  • Cookie data: Session cookies, preference cookies, analytics cookies.

2.3 Data From Third Parties

  • BVN verification data from the Central Bank of Nigeria (CBN) database via Flutterwave Identity API.
  • Payment transaction data from Flutterwave payment gateway.
  • Sports data and match results from Sportradar and The Odds API.
  • Fraud prevention data from third-party screening services.

3. How We Use Your Data

3.1 Legal Basis for Processing

We process your data on the following legal bases under the NDPR:

  • Contract performance: To provide the betting services you have requested.
  • Legal obligation: To comply with Nigerian gambling laws, NFIU requirements, and NLRC regulations.
  • Legitimate interest: For fraud prevention, platform security, and service improvement.
  • Consent: For marketing communications and optional features (where applicable).

3.2 Specific Purposes

  • Account creation, verification, and management.
  • Processing deposits, withdrawals, and bet settlements.
  • KYC verification and ongoing customer due diligence.
  • Fraud detection, prevention, and investigation.
  • Responsible gambling monitoring and intervention.
  • Customer support and dispute resolution.
  • Compliance with NLRC reporting requirements.
  • Anti-money laundering (AML) and counter-terrorism financing (CTF) obligations.
  • Improving platform performance and user experience.
  • Sending transactional notifications (bet results, deposits, withdrawals).
  • Sending marketing communications where you have opted in.

4. Data Sharing

We do not sell your personal data. We share your data only in the following circumstances:

4.1 Service Providers

  • Flutterwave: Payment processing and identity verification. Privacy policy at flutterwave.com.
  • Sportradar: Sports data and match results for bet settlement purposes only.
  • The Odds API: Pre-match odds data for sportsbook display.
  • Supabase: Secure cloud database infrastructure. Data processed in accordance with NDPR.
  • Vercel: Web hosting and content delivery infrastructure.

4.2 Regulatory Authorities

  • National Lottery Regulatory Commission (NLRC): Mandatory reporting as a licensed operator.
  • Nigerian Financial Intelligence Unit (NFIU): Suspicious transaction reports as required by law.
  • Economic and Financial Crimes Commission (EFCC): Where required by law or court order.
  • Nigeria Police Force or other law enforcement: Where required by valid legal process.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of Crystal Sport Limited, your data may be transferred to the acquiring entity. We will notify you of any such transfer and your rights in relation to it.

4.4 With Your Consent

We may share your data with third parties where you have provided explicit consent to do so.

5. Data Retention

We retain your personal data for the following periods:

  • Account data: For the duration of your account plus 7 years after closure (required by Nigerian gambling regulations).
  • Transaction records: 7 years from the date of transaction (AML/CTF requirement).
  • KYC documents: 5 years from the date of verification or account closure.
  • Session and IP logs: 2 years from the date of collection.
  • Support communications: 3 years from the date of the last communication.
  • Marketing consent records: Until consent is withdrawn plus 2 years.

When data is no longer required, it is securely deleted or anonymised.

6. Your Rights Under the NDPR

Under the Nigeria Data Protection Regulation, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data in certain circumstances.
  • Right to restriction: Request restriction of processing in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw consent for marketing at any time.

To exercise any of these rights, contact our Data Protection Officer at dpo@crystalsport.ng. We will respond within 30 days. Please note that some rights may be limited by our legal obligations as a licensed gambling operator.

7. Cookies

7.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Platform. We use cookies to maintain your session, remember your preferences, and analyse Platform usage.

7.2 Types of Cookies We Use

  • Essential cookies: Required for the Platform to function. Cannot be disabled.
  • Session cookies: Maintain your login session. Deleted when you close your browser.
  • Preference cookies: Remember your language and display preferences.
  • Analytics cookies: Help us understand how users interact with the Platform.

7.3 Managing Cookies

You can manage cookies through your browser settings. Disabling essential cookies will prevent you from using the Platform. For more information on managing cookies, visit www.allaboutcookies.org.

8. Data Security

Crystal Sport implements robust technical and organisational measures to protect your data:

  • All data is encrypted in transit using TLS 1.3.
  • Passwords are hashed using industry-standard algorithms and never stored in plain text.
  • BVN and NIN data is encrypted at rest and never stored in full.
  • Access to production systems is restricted to authorised personnel only.
  • Regular security audits and penetration testing are conducted.
  • All staff handling personal data receive data protection training.
  • We maintain an incident response plan for data breaches.

In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant authorities within 72 hours of becoming aware of the breach, as required by the NDPR.

9. Responsible Gambling and Data

Crystal Sport collects and processes data related to your betting behaviour to fulfil our responsible gambling obligations under NLRC licensing conditions. This includes:

  • Monitoring betting patterns for signs of problem gambling.
  • Enforcing self-imposed deposit limits and exclusions.
  • Sharing data with responsible gambling organisations where required.
  • Reporting to NLRC on responsible gambling compliance metrics.

This processing is carried out under our legal obligation as an NLRC licensed operator and cannot be opted out of.

10. Children's Privacy

Crystal Sport is strictly for persons aged 18 and over. We do not knowingly collect data from anyone under 18. If we discover that we have inadvertently collected data from a minor, we will immediately delete that data and close the account. If you believe we have collected data from a minor, please contact us immediately at safeguarding@crystalsport.ng.

11. International Data Transfers

Your data is primarily processed and stored in Nigeria. Where we use service providers located outside Nigeria (such as cloud infrastructure providers), we ensure appropriate safeguards are in place in accordance with the NDPR, including standard contractual clauses and data processing agreements.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 7 days before changes take effect. The current version will always be available at crystalsport.ng/privacy.

13. Contact and Complaints

For any privacy-related queries or to exercise your rights, contact:

Data Protection Officer

Crystal Sport Limited

Email: dpo@crystalsport.ng

General: privacy@crystalsport.ng

Website: crystalsport.ng

If you are not satisfied with our response, you have the right to complain to:

National Information Technology Development Agency (NITDA)

Data Protection Bureau

Website: nitda.gov.ng

Email: dataprotection@nitda.gov.ng

© 2026 Crystal Sport Limited. All rights reserved. Compliant with NDPR 2019 and NLRC licensing requirements.