The short version: We collect the minimum data needed to run this site and understand how people use it. We use Google Analytics 4, Google Tag Manager, and Meta Pixel — all governed by Google Consent Mode v2, which means nothing tracks you until you explicitly accept cookies. You can withdraw consent any time. We never sell your data, and we never share it with online casinos.
For our editorial standards and how we handle commercial relationships, see Editorial Policy & Methodology.
Who We Are and What This Policy Covers
The Gaming Lab ("we," "us," "our") operates thegaminglab.io. This Privacy Policy explains what information we collect when you visit the site, how we use it, who we share it with, and the rights you have over your data.
This policy applies to all visitors regardless of location, but we apply the strictest standard — the EU General Data Protection Regulation (GDPR) — as our baseline. Visitors from the Philippines, Southeast Asia, and the rest of the world receive the same protections.
What Data We Collect
We collect two categories of information: data that's collected automatically when you browse, and data you choose to provide.
Automatically Collected Data
| Data Type | Examples | Source |
|---|---|---|
| Technical data | IP address (anonymized), browser type, operating system, device type, screen resolution | Server logs, GA4 |
| Usage data | Pages visited, time on page, click paths, referring URLs, search terms used on-site | GA4, GTM |
| Engagement data | Scroll depth, video plays, outbound link clicks, file downloads | GA4, Meta Pixel |
| Approximate location | City and country level only (derived from IP) | GA4, Cloudflare |
We do not collect precise GPS location, and IP addresses are anonymized before storage where technically possible.
Data You Provide Directly
If you contact us by email, submit feedback, or report an issue, you provide:
- Your email address
- Any information you choose to include in the message (name, question content, attachments)
We use this information solely to respond to your inquiry. We do not add you to any mailing list without your explicit opt-in.
Cookies and Tracking Technologies
Cookies are small text files stored on your device. We use them — along with similar technologies like pixels and local storage — for three purposes: making the site work, understanding how people use it, and measuring the performance of our content across platforms.
Cookie Categories
| Category | Purpose | Requires Consent? | Examples |
|---|---|---|---|
| Strictly Necessary | Site functionality, security, consent state storage | No (always active) | Session cookies, CSRF tokens, cookie consent record |
| Analytics | Understand site usage to improve content | Yes | Google Analytics 4 (`_ga`, `_ga_*`) |
| Marketing | Measure ad performance on Meta platforms, retargeting | Yes | Meta Pixel (`_fbp`, `fr`) |
Our Cookie Consent Approach
When you first visit thegaminglab.io, a cookie banner appears with two clear options:
- Accept All: All cookie categories activate, including Analytics and Marketing.
- Reject All: Only Strictly Necessary cookies are loaded. No Analytics or Marketing tracking occurs.
Until you make a choice, all non-essential tracking is blocked by default through Google Consent Mode v2 (see next section). You can change your decision at any time by clicking the "Cookie Settings" link in the site footer.
Google Consent Mode v2
We implement Google Consent Mode v2, which is Google's framework for respecting user consent across its services (GA4, Google Ads, GTM). This is a meaningful technical commitment, not just a label.
What This Means in Practice
Consent Mode v2 controls four specific consent signals:
| Signal | Controls | Default State Before Consent |
|---|---|---|
ad_storage | Advertising cookies and identifiers | Denied |
analytics_storage | Analytics cookies (GA4) | Denied |
ad_user_data | Sharing user data with Google for advertising | Denied |
ad_personalization | Personalized advertising | Denied |
When you click "Reject All" (or take no action), all four signals remain in their Denied state. Google's tools still load, but they operate in a privacy-preserving mode that uses anonymous, aggregated signals only — no cookies are written, no personal identifiers are collected, and no cross-site tracking occurs.
When you click "Accept All," all four signals are set to Granted, and full measurement and personalization functionality is enabled.
This means even users who reject cookies are not punished with a degraded experience — they simply contribute aggregated, non-identifiable signals that help us understand overall traffic patterns without revealing who they are.
How We Use Your Data
Every data point we collect serves one of the following purposes. We do not collect data for unspecified "future uses."
| Purpose | Legal Basis (GDPR) |
|---|---|
| Operate the website, prevent fraud and abuse, maintain security | Legitimate Interest (Art. 6(1)(f)) |
| Analyze site usage to improve content and user experience | Consent (Art. 6(1)(a)) |
| Measure performance of social media content and outbound campaigns | Consent (Art. 6(1)(a)) |
| Respond to your direct inquiries and support requests | Legitimate Interest (Art. 6(1)(f)) |
| Comply with legal obligations (e.g., responding to lawful requests) | Legal Obligation (Art. 6(1)(c)) |
Third-Party Services We Use
We use the following third-party processors. Each operates under its own privacy policy, and we have either Standard Contractual Clauses (SCCs) or equivalent safeguards in place for cross-border data transfers.
| Service | Provider | Purpose | Privacy Policy |
|---|---|---|---|
| Google Analytics 4 | Google LLC (USA) | Site usage analytics | policies.google.com/privacy |
| Google Tag Manager | Google LLC (USA) | Tag deployment and consent orchestration | policies.google.com/privacy |
| Meta Pixel | Meta Platforms, Inc. (USA) | Measure ad performance on Facebook and Instagram | facebook.com/privacy/policy |
| Cloudflare | Cloudflare, Inc. (USA) | CDN, DDoS protection, basic traffic analytics | cloudflare.com/privacypolicy |
We do not share your data with online casinos, gaming platforms, or any third party we review on this site. Our editorial relationships — including any disclosed commercial relationships with operators — never involve sharing visitor data.
Data Retention
We keep data only as long as needed for the purpose it was collected.
| Data Category | Retention Period |
|---|---|
| Server access logs | 30 days, then automatically deleted |
| Google Analytics 4 data | 14 months (configured in GA4 settings) |
| Meta Pixel data | Per Meta's retention policy (typically up to 2 years) |
| Cookie consent record | 12 months, then re-prompted |
| Email correspondence | Until the conversation is resolved + 12 months |
International Data Transfers
Our third-party processors (Google, Meta, Cloudflare) are based in the United States. When data is transferred outside the European Economic Area, we rely on the following safeguards:
- EU-US Data Privacy Framework: Google and Meta are certified participants.
- Standard Contractual Clauses (SCCs): Adopted by the European Commission for transfers to processors in jurisdictions without an adequacy decision.
- Data minimization: We configure our tools to collect the minimum data needed for each function.
Your Rights
If you are located in the EU/EEA, UK, or any jurisdiction with comparable data protection law, you have the following rights. We extend these rights to all visitors regardless of location, as a matter of policy.
| Right | What It Means |
|---|---|
| Right of Access | Request a copy of the data we hold about you |
| Right to Rectification | Ask us to correct inaccurate data |
| Right to Erasure ("Right to be Forgotten") | Ask us to delete your data, subject to legal retention requirements |
| Right to Restrict Processing | Ask us to pause processing while a dispute is resolved |
| Right to Data Portability | Receive your data in a machine-readable format |
| Right to Object | Object to processing based on legitimate interest |
| Right to Withdraw Consent | Withdraw cookie or marketing consent at any time |
| Right to Lodge a Complaint | File a complaint with your local data protection authority |
To exercise any of these rights, email us at [email protected]. We respond to all verified requests within 30 days, as required by GDPR.
Children's Privacy
This website covers online gambling content, which is restricted to adults under the law of every jurisdiction we serve. The Gaming Lab is strictly intended for users aged 18 or older (or 21+ where local law requires).
We do not knowingly collect data from anyone under 18. If you believe a minor has provided us with personal data, contact [email protected] immediately and we will delete it.
Security Measures
We implement technical and organizational measures to protect your data:
- Encryption in transit: All site traffic is encrypted via HTTPS (TLS 1.2 or higher).
- Access controls: Administrative access to our systems is restricted to authorized team members and protected by strong authentication.
- Infrastructure security: Hosted on hardened servers with DDoS protection and Web Application Firewall (WAF) provided by Cloudflare.
- Data minimization: We collect only what we need, retain it only as long as needed, and anonymize where possible.
No security system is perfect. If we ever become aware of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Article 33.
What We Don't Do
We never sell your data. Not to advertisers, not to data brokers, not to anyone. Period.
We never share visitor data with online casinos. Our reviews are read-only relationships with operators — we send our analysis out, we don't pipe your data in.
We never track you across other websites for our own purposes. Third-party tools we use (GA4, Meta Pixel) may have broader tracking capabilities, but we configure them to the minimum necessary scope and respect your consent choices through Consent Mode v2.
We never use dark patterns to obtain consent. "Accept" and "Reject" are equally visible, equally easy to click. Refusing cookies does not degrade your site experience.
We never collect data for unspecified future purposes. Every data point we collect has a defined purpose listed in this policy.
Five commitments — non-negotiable, regardless of business pressures.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the tools we use. When we do:
- The "Last Updated" date at the bottom of this page will change.
- For material changes (new processors, expanded data collection, changes affecting your rights), we will display a prominent notice on the site and may re-prompt cookie consent.
- For minor clarifications (typo fixes, wording improvements), we update silently with the date change.
We recommend reviewing this policy periodically. Continued use of the site after material changes constitutes acceptance of the updated policy.
Contact Us
For any privacy-related question, request, or complaint:
- Privacy inquiries: [email protected]
- Editorial inquiries: [email protected]
We aim to respond to all privacy inquiries within 72 hours, and to formal data subject requests within 30 days as required by GDPR.
For our editorial standards, scoring methodology, and how we handle commercial relationships with operators, see Editorial Policy & Methodology and How We Rate.
