Privacy Policy

1. About This Policy

This Privacy Policy explains how Sunshine Lots LLC ("we," "us," "our") collects, uses, and protects information when you use sunshinelots.com and related subdomains (the "Service"). By using the Service you consent to the practices described here. This policy reflects the sweepstakes nature of the Service — most players will have minimal data collected; only players who choose to redeem Sweep Coins for prizes will provide additional identity and delivery information.

2. Two Tiers of Data Collection

We separate data collection into two clear tiers depending on how you use the Service:

• Gameplay only (Golden Coins or Sweep Coins, no redemption). We collect minimal technical data — see Section 3. No personal identity information is required.
• Sweep Coin redemption. Before processing any gift card prize, we are required to verify your identity (KYC). This involves collecting additional personal information as described in Section 4. This step is only triggered when you voluntarily submit a redemption request.

3. Information We Collect for All Players

• Account registration. When you create an account we collect your email address, chosen display name, date of birth (to verify you are 18 or older), and state of residence. Login may also be completed via Google or Apple sign-in, in which case we receive only the profile data you authorize through that provider (typically email and name).
• Wallet balances. Your Golden Coin and Sweep Coin balances are stored server-side and associated with your account. These are virtual currencies with no monetary value (GC) or conditional sweepstakes value (SC) and are not financial data.
• Gameplay session data. Spin results, game outcomes, and session activity are logged to operate the games, calculate coin balances accurately, and detect abuse. Session logs are retained for 90 days then deleted.
• Technical logs. Standard web-server logs: IP address, browser type, device type, timestamps, and requested URLs. Used to operate and secure the Service. Retained for 30 days.
• Browser local storage. We store your age-gate confirmation and session token in your browser's localStorage. This data stays on your device and is not transmitted to us independently of your session.
• Voluntary contact. If you email us, we receive your email address and the content of your message.

For gameplay-only users we do not collect: full legal name, home address, phone number, government-issued ID, financial account details, or social security number.

4. Additional Information Collected at Redemption (KYC)

When you submit a Sweep Coin redemption request for a gift card prize, we are required to verify your identity before releasing any prize. At that point only, we collect:

• Full legal name and date of birth;
• Home address (to confirm U.S. residency and non-prohibited jurisdiction);
• Government-issued photo ID (driver's license, state ID, or passport — front and back);
• Selfie photograph matched against the submitted ID;
• Tax identification information (e.g., IRS Form W-9) if your cumulative redemptions reach or exceed federal reporting thresholds (see Section 10 of the Official Rules);
• Delivery email address for digital Visa or MasterCard gift card fulfillment. This information is used solely to deliver your gift card prize and is not stored beyond the retention period in Section 6.

KYC documents are reviewed to confirm eligibility (age, residency, not in a prohibited state) and to prevent fraud. You complete KYC once per account; you do not need to re-submit documents for future redemptions unless your information has changed or we request re-verification.

5. How We Use Your Information

• To operate the games and maintain your coin balances;
• To verify your age and eligibility at registration;
• To process Sweep Coin redemption requests and fulfill gift card prizes;
• To verify identity and prevent fraud, multiple accounts, and abuse of the sweepstakes promotion;
• To comply with applicable sweepstakes law, tax reporting obligations, and any legal obligations;
• To communicate with you about your account, redemptions, or support requests;
• To improve the Service based on aggregated, anonymized usage patterns.

We do not use your information for advertising profiling, behavioral tracking, or sale to third parties.

6. Data Retention

• Account data (email, display name, DOB, state) — retained for the life of your account plus 12 months after account closure.
• Coin balance records — retained for 24 months after the last transaction to resolve any disputes.
• Gameplay session logs — 90 days, then deleted.
• Technical server logs — 30 days, then deleted.
• KYC documents (ID, selfie, address) — retained for 5 years from the date of the redemption to which they apply. This retention period reflects standard sweepstakes compliance practice and our ability to respond to any legal or regulatory inquiry about prize disbursements.
• Tax records (W-9, payment records) — retained for the period required by applicable federal and state tax law (generally 7 years).
• Gift card delivery email — deleted within 90 days of successful prize fulfillment.

7. Cookies and Similar Technologies

We use browser localStorage to remember your age-gate confirmation and session token. We do not use advertising cookies, third-party tracking pixels, or cross-site tracking of any kind. If you clear your browser storage you will be re-prompted for age confirmation on your next visit.

8. Information Sharing

We do not sell your personal information. We share it only in these limited circumstances:

• KYC verification provider. Identity documents may be processed by a third-party KYC verification service. That provider acts under contract as a data processor on our behalf and is prohibited from using your data for any other purpose.
• Gift card issuer. Your delivery email and the prize amount are shared with the Visa or MasterCard gift card issuer solely to deliver your prize.
• Tax authorities. If your cumulative redemptions meet applicable reporting thresholds, we are required to share name, address, tax identification number, and prize amounts with the IRS and any applicable state tax authority.
• Infrastructure providers. Cloudflare processes connection metadata (IP, request URL) as part of content delivery and security; see Cloudflare's privacy policy. AWS processes server-side data under our account; see AWS's privacy policy.
• Legal obligations. We may disclose information if required by law, valid court order, or to protect the safety and rights of our users or the public.
• Promotional use of winner information. By accepting a prize, winners consent to the use of their first name and state of residence for promotional purposes (e.g., a winners list) to the extent required or permitted by applicable sweepstakes law, unless prohibited in their jurisdiction.

9. Security

We use TLS encryption for all data in transit via Cloudflare. KYC documents are stored encrypted at rest. Gift card delivery information is handled over encrypted channels and deleted promptly after fulfillment. Access to KYC data is restricted to personnel who need it solely to process redemptions. No system is perfectly secure, but we have designed the Service to minimize the personal data we hold and to protect what we do hold with appropriate technical and organizational measures.

10. Children

The Service is for users 18 and older. We do not knowingly collect information from anyone under 18. If we learn we have collected information from a minor, we will delete it and close the associated account immediately.

11. Your Rights

Depending on your jurisdiction you may have rights to access, correct, or request deletion of personal information we hold about you. For gameplay-only users there is very little to retrieve. For users who have completed KYC, note that we are required to retain identity and tax documents for the retention periods in Section 6 and cannot delete them early while that obligation applies. To exercise your rights or ask questions, email [email protected] with the subject line "Privacy Request."

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Effective" date above and, for material changes, provide notice in the player dashboard. Continued use of the Service after changes become effective means you accept the revised policy.

13. Contact

Privacy questions, data requests, or concerns: [email protected].