Privacy, plainly explained

Our Privacy Policy, Explained Properly for 2026

Here's exactly what Harry Ally collects when you read a review, why we collect it, and how you can access, correct or delete it under Australian privacy law — no legal jargon, no hidden fine print, just a straight answer to what actually happens to your data on this site.

Privacy Policy at Harry Ally — privacy policy
A simple illustration of a document and padlock, representing how Harry Ally collects, stores and protects reader data.

I started reviewing online casino australia sites because I got sick of marketing fluff pretending to be honest advice, and Harry Ally is built to be the opposite of that. Running a site like this means I collect a small amount of personal information along the way — nothing sinister, just the everyday bits that keep the contact form working and the reviews honest. This privacy policy explains, in plain English rather than legal fog, what harryally.com collects, how and why, where it's stored, and what rights you have under Australian privacy law.

I've written this to comply with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) inside it, kept as close to how I'd explain it to a mate over a coffee as the law reasonably allows. The headings below run in the order most people actually think through a privacy policy: what we collect, why, where it goes, how long we keep it, and what you can do about it.

Who we are and what this policy covers

Harry Ally is an independently run Australian website publishing reviews and guides about online casino australia operators, pokies, bonuses and payment methods. We don't operate a casino, take bets, or process gambling transactions — we're a publisher, full stop. That means the personal information we collect is limited to what a review site genuinely needs, not the identity and payment data a licensed operator would hold.

This policy applies to every page on harryally.com, including our real money casino reviews, our bonus guides, and the contact form dotted through the site. It's one policy covering the whole domain — we don't run separate terms per section.

About Harry Ally

I'm Harry, and I run this site as an independent reviewer, not as part of a casino group or affiliate network's in-house marketing team. That independence shapes this policy too: I have no interest in hoarding your data or building a profile of your gambling habits, because that isn't the business I'm in. For more on how the site operates, our about us page covers it in full.

What I do collect is what any small publisher needs: enough to run the site, reply to your emails, see which guides are actually useful, and keep the place secure against abuse.

The personal information we collect

Information reaching us falls into two buckets: what you give us directly, and what's collected automatically because you're browsing a website. We don't collect sensitive information under the Privacy Act — health records, ethnic origin, religious belief — and we have no reason to ask for any of it.

We also don't collect payment card details on harryally.com, because we don't process transactions. Anything you enter on a casino operator's own site is governed by their systems and their privacy policy, not ours.

Information you give us directly

If you use a contact form, subscribe for updates, or leave a comment, you're handing over a small, voluntary set of details. Typically that includes:

  • Your name, or the name you choose to give us
  • Your email address, so we can reply
  • The content of your message or feedback
  • Your newsletter preference, if you sign up

We only ask for what we need to respond to you. If a field seems unnecessary for its purpose, that's an oversight worth flagging to us rather than a deliberate ask.

Information collected automatically

Like almost every site, harryally.com picks up technical details the moment you land on a page: your IP address, browser and device type, pages viewed, referring site, and an approximate location derived from your IP (usually city-level, never your street address).

None of this is collected to identify you personally. It's aggregated across visitors and used to understand traffic patterns — say, whether readers on mobile are finding our payments and payouts guide useful.

How we collect your information

We deliberately keep our collection channels short, because the fewer of them there are, the easier it is to actually know where your data lives. We don't buy lists of personal information, and we don't harvest data from social media unless you message us there directly.

Broadly, information reaches us two ways: through forms you fill in on the site, and through cookies and analytics scripts that run automatically while you're reading a page.

Contact forms and cookies working together

When you submit our contact form, the message and your email go to a human — usually me — who reads and replies. We don't auto-forward submissions to any casino operator, advertiser, or unrelated third party, and we don't add your email to a marketing list unless you've separately opted in.

Cookies work differently: they're small text files your browser stores automatically, mostly to remember basic preferences and power our analytics. We cover exactly which types, and how to manage them, in the dedicated section below.

Why we collect and use your information

Under APP 3, we're only meant to collect personal information reasonably necessary for our functions as a publisher, and APP 6 says we can generally only use it for the purpose we collected it for. So it's worth being specific about why each category exists.

In short: to keep the site running, to respond to people who contact us, to see which content genuinely helps readers, and occasionally for security reasons, such as investigating abuse of our contact form.

Running, securing and improving the site

Analytics data shows which guides — our bonus content, for instance — are actually read, and which pages people bounce off quickly. That feeds directly into what gets researched or rewritten next.

The same data has a security function too. Unusual traffic patterns or repeated failed form submissions from one IP address can flag an attempted attack, letting us respond before it becomes a bigger problem for readers.

Responding to your enquiries

If you ask a question — how a review was researched, why a payout figure is described as typical rather than guaranteed — we use your name and email purely to have that conversation, never for marketing unless you've clearly opted in elsewhere.

Where a question is really a gambling harm concern rather than a content question, we'll point you towards Gambling Help Online rather than try to handle it ourselves, because that's a specialist service and we're not counsellors.

Cookies and analytics in detail

We run a small, deliberately limited set of cookies. Strictly necessary ones keep the site functioning — remembering you've dismissed a notice, for example. Analytics cookies, from a privacy-conscious platform, help us understand aggregate traffic: visitor numbers, rough location, device type, and which pages get read.

We configure that tooling to minimise the personal footprint where the platform allows — truncating IP addresses, for instance. No analytics setup is perfectly anonymous, which is why cookies sit squarely inside this policy rather than off to one side.

The types of cookies we use

Cookies here fall into two categories: the ones the site needs to function, and the ones that exist purely to generate traffic statistics. We don't run cookies for personalised advertising, and we don't sell cookie data to anyone.

Weighing it up is fairly simple once you see both sides set out plainly, so here's a quick honest rundown of what allowing cookies actually gets you, and what it costs you in return.

Pros of allowing cookies

  • Fewer repeated notices and more consistent page behaviour
  • Helps us see which guides are actually working
  • Supports faster, more reliable page loading

Cons of allowing cookies

  • Your browsing contributes to aggregate analytics data
  • Some cookies persist between visits until cleared
  • You need to actively manage settings to opt out fully

Managing your cookie settings

Every modern browser lets you view, block or delete cookies through its settings menu, and most analytics platforms offer their own opt-out tool. Blocking cookies entirely won't stop you reading the site — a dismissed notice will just reappear more often.

On a shared or public computer, it's worth clearing cookies once you're done, particularly after using a contact form, so the next person doesn't see fields auto-filled by browser memory rather than anything we've stored.

We rely on a small number of providers to actually run the site — hosting, email delivery for the contact form, and analytics. Each processes only a limited slice of data on our behalf, strictly for that purpose, and none may use it for their own unrelated marketing.

We don't work with data brokers, and we don't sell or rent visitor information to advertisers or any online casino australia operator, no matter how many times an affiliate manager asks.

Links to casino operators and other sites

Because this is a review site, we link out constantly to casino operators and industry resources. Those links take you off harryally.com entirely, and the operator's own privacy policy — not ours — governs anything you submit there, including identity and payment details. Our guide to licensing and regulation explains why offshore licensing means Australian consumer protections generally don't extend to what happens on an operator's own platform.

Worth remembering: BetStop, the National Self-Exclusion Register, only covers licensed Australian wagering providers, not offshore online casino australia operators. Self-excluding through BetStop won't automatically block you from an offshore site — Gambling Help Online (1800 858 858) can talk through options that actually apply.

How we store and secure your data

We take reasonable technical and organisational steps to protect information we hold, consistent with APP 11. That includes encrypted form submissions, restricted access to our inbox and hosting panel, and keeping the number of people with access to raw data to an absolute minimum — realistically, just me and occasionally a trusted contractor.

No website can promise perfect security, and we won't pretend otherwise. We can promise security isn't an afterthought: administration credentials are unique, software is kept updated, and we don't store payment data at all, which removes an entire category of risk.

Security measures we take

Practically, our forms submit over HTTPS, our hosting is kept patched, and infrastructure access is limited to accounts with individually managed credentials. We also avoid storing more than we need in the first place — data we don't hold can't be exposed.

Where a provider stores data on our behalf, we choose ones who publish their own security practices and are contractually obliged to protect whatever they process for us.

How long we keep your data

We don't keep information indefinitely just because storage is cheap. As a general guide, contact enquiries are typically retained for around 12 to 24 months after the last exchange, so we can refer back if you follow up, then deleted or de-identified.

Aggregated analytics data may be retained longer, since it's no longer meaningfully personal once combined across thousands of visitors. Newsletter details are kept only for the duration of your subscription, and removed promptly once you unsubscribe.

Typical retention periods

These are typical ranges, not fixed rules — a complaint still being resolved might need a little longer than a routine question answered the same day. Roughly: contact enquiries, 12–24 months; newsletter details, for the duration of subscription; security logs, a few weeks to months.

We periodically review what we're holding and clear out anything that's outlived its purpose. If you'd like specific data deleted sooner, you can ask us directly — see the section below.

Your rights under the Privacy Act 1988 and the APPs

The Privacy Act 1988 (Cth) is the main Commonwealth law governing how organisations handle personal information, built around 13 Australian Privacy Principles. They cover everything from how transparently we must explain our practices (this document) to how information crosses Australia's borders.

Not every APP is equally relevant to a small publishing site — some target large organisations handling government identifiers or mass direct marketing — but the ones below most directly shape how harryally.com is run.

The 13 Australian Privacy Principles at a glance

Here's a quick-look table covering the principles most relevant to how we handle your information. It's a plain-English summary, not a substitute for reading the Act itself.

Principle What it covers What it means here
APP 1 Open and transparent management This policy, published and kept current
APP 2 Anonymity and pseudonymity You can browse, and even contact us, without your real name
APP 3 Collection of solicited information We only ask for what's reasonably needed
APP 5 Notification of collection Explained at or before the point of collection
APP 6 Use or disclosure Used only for the purpose it was collected for
APP 8 Cross-border disclosure Covered in our overseas data handling section
APP 11 Security of personal information Reasonable safeguards, described above
APP 12–13 Access and correction You can ask to see or fix what we hold

The remaining principles cover unsolicited information (APP 4), direct marketing (APP 7) and government-related identifiers (APP 9–10) — areas that mostly don't arise here, since we run no direct marketing campaigns and have no legitimate reason to collect anything like a Medicare number or a driver's licence number from our readers.

Access, correction and anonymity

Under APP 2 you can deal with us anonymously or under a pseudonym where practical — you don't need a real name to read a review. It only becomes impractical once you want a direct reply, since we need somewhere to send it.

Under APPs 12 and 13, you can ask what we hold about you and have it corrected if wrong. We'll respond to reasonable requests within a reasonable timeframe, with no fee just for asking.

How to access, correct or complain

If you want to know what we hold, have it corrected, or have it deleted, the simplest path is contacting us directly using the details at the bottom of this page. Include enough detail for us to identify the right records — an email address you've used before is usually fastest.

We'll aim to acknowledge requests promptly and resolve straightforward ones quickly. More complex requests may take longer, particularly if records span more than one system.

Making a request to us directly

Email us with a clear description: access, correction, deletion, or a general complaint about handling. We may need to verify who you are before releasing personal details — a security measure for your benefit, not an attempt to stall.

If we can't fully action a request, for instance because we're required to retain a record for a legitimate reason, we'll explain why rather than simply ignoring it.

Taking a complaint to the OAIC

If you've raised a concern with us and aren't satisfied with the outcome, you can escalate to the Office of the Australian Information Commissioner (OAIC), Australia's independent privacy regulator. The OAIC can be reached on 1300 363 992 or via oaic.gov.au, where a formal complaint form is available.

The OAIC generally expects you to have tried resolving the issue with us first — one reason we'd genuinely rather you came to us directly, since most issues are a quick fix once we know about them.

Overseas data handling

Depending on which hosting, email and analytics providers we use, some personal information may be processed or stored outside Australia, most commonly in the United States or other jurisdictions hosting major cloud infrastructure. This is standard for small websites and not unique to us.

APP 8 requires reasonable steps to ensure overseas recipients don't breach the APPs before we disclose information to them. That shapes which providers we choose, favouring established names with clear privacy commitments over cheaper, less transparent alternatives.

Where your data may be sent and how it's safeguarded

In practice, this means data passing through cloud infrastructure that typically spans multiple countries and regions, rather than sitting on a single server in one fixed location. We don't have full visibility into every internal server location a given provider uses, but we choose ones publishing clear data-handling commitments of their own.

We do not disclose personal information to overseas casino operators or marketing companies for their own independent use — any overseas processing is solely on our behalf, for the purposes described earlier in this policy. If you'd rather opt out of analytics entirely, the browser-level cookie controls described above stop that data reaching our provider in the first place.

This site is for adults 18+, plus policy changes and contact

Harry Ally is intended for readers aged 18 and over. Gambling content, including reviews of online casino australia operators and pokies guides, is not intended for minors, and we don't knowingly collect information from anyone under 18. If we become aware we've inadvertently done so, we'll take reasonable steps to delete it.

We take gambling harm seriously, and that shapes how we write, not just this policy. If gambling has stopped being fun and started feeling like a problem, reach out to Gambling Help Online on 1800 858 858, free, confidential and available 24/7. Remember BetStop only applies to licensed Australian providers — it won't cover offshore sites, so self-excluding through your bank, using blocking software, and talking to Gambling Help Online are more reliable if you're stepping back from gambling altogether.

If reading about odds, bonuses or payout speeds is starting to feel less like research and more like a compulsion, that's worth taking seriously straight away. Call Gambling Help Online on 1800 858 858 (24/7, free and confidential) — it's a conversation, not a commitment, and it's the same advice I'd give a mate.

Age restriction and responsible gambling support

We don't run age-verification gates on our own pages, being a publisher rather than an operator, but we expect readers to be adults, and any casino operator you go on to join will run its own identity and age checks — standard practice that persists even on offshore platforms.

Parents or guardians concerned about a young person's access can use device or browser parental controls to restrict gambling and betting-related sites at the network level. We review this policy periodically and update the "last updated" note whenever practices, providers or the law change; this version was last reviewed in 2026. For any question, to access or correct your information, or to raise a concern, contact us via our about us page — we'd rather sort it out directly with you than have it become a formal OAIC complaint.

Harry Ally

Harry Ally

Founder & Lead Reviewer · Harry Ally

Harry Ally is the Founder and Lead Reviewer at Harry Ally, where he researches and writes hands-on guides to online casinos, pokies and payment methods for Australian punters. He handles this site's day-to-day operations personally, which is why this privacy policy is written in his own voice rather than boilerplate legal text.

Last updated 17 July 2026

Frequently asked questions

What personal information does Harry Ally collect?

Mainly what you give us directly, such as your name and email through the contact form, plus technical data collected automatically like your IP address, browser type and the pages you visit. We don't collect payment details or sensitive information, and we don't need your real identity to let you browse the site.

Does harryally.com use cookies?

Yes, a limited set. Strictly necessary cookies keep basic site functions working, and analytics cookies help us understand traffic patterns in aggregate. We don't run advertising or retargeting cookies, and you can block or delete any of them through your browser settings without losing access to the site.

Do you share my data with online casinos?

No. We don't pass contact form details, email addresses or analytics data to any casino operator, affiliate network or advertiser. If you click through to an operator's own site and sign up there, that's a separate relationship governed by their privacy policy, not by anything we hold.

How do I access the information you hold about me?

Email us with enough detail to identify your previous correspondence, such as the address you used to contact us before. Under Australian Privacy Principles 12 and 13 we'll confirm what we hold and correct anything inaccurate, usually without needing to charge a fee just for asking.

Can I ask you to delete my data?

Yes, you can request deletion at any time and we'll action it unless we're required to retain something for a genuine operational or legal reason, in which case we'll explain why. Newsletter subscribers are removed promptly on unsubscribing, and old contact enquiries are cleared or de-identified on a regular cycle anyway.

Is my data sent overseas?

Possibly, depending on which hosting, email or analytics providers we're using at the time — many cloud services operate data centres outside Australia, often in the United States. Under APP 8 we take reasonable steps to check overseas providers handle data responsibly before we rely on them for anything.

What is the Privacy Act 1988 and how does it protect me?

The Privacy Act 1988 (Cth) is the main Commonwealth law governing how Australian organisations handle personal information. It's built around 13 Australian Privacy Principles covering collection, use, storage, security, access and correction, and it's the legislation this entire policy has been written to comply with.

What are the Australian Privacy Principles (APPs)?

They're the 13 rules inside the Privacy Act 1988 that set out how organisations must collect, use, store and disclose personal information, plus how people can access or correct their own records. We've summarised the ones most relevant to a small publishing site like ours in the table on this page.

How do I make a privacy complaint?

Contact us first, directly, through the details on our about us page — most concerns are resolved quickly once we know about them. If you're not satisfied with our response, you can then escalate to the Office of the Australian Information Commissioner (OAIC) on 1300 363 992.

What does the OAIC do?

The Office of the Australian Information Commissioner is the independent regulator that oversees privacy compliance under the Privacy Act 1988. It investigates unresolved complaints, can issue formal determinations against organisations that breach the Australian Privacy Principles, and publishes plain-English guidance on privacy rights and obligations at oaic.gov.au.

Does BetStop cover the casinos reviewed on this site?

No, and this trips a lot of people up. BetStop, the National Self-Exclusion Register, only covers licensed Australian wagering providers — it doesn't extend to offshore online casino australia operators. If you're stepping back from gambling entirely, pair it with bank-level blocks and a call to Gambling Help Online on 1800 858 858.

Is Harry Ally suitable for under-18s?

No. This site is intended for readers aged 18 and over, consistent with the gambling content we cover, and we don't knowingly collect information from anyone under 18. Parents concerned about access can use standard browser or device parental controls to restrict gambling-related websites.