I started reviewing online casino australia sites because I got sick of marketing fluff pretending to be honest advice, and Harry Ally is built to be the opposite of that. Running a site like this means I collect a small amount of personal information along the way — nothing sinister, just the everyday bits that keep the contact form working and the reviews honest. This privacy policy explains, in plain English rather than legal fog, what harryally.com collects, how and why, where it's stored, and what rights you have under Australian privacy law.
I've written this to comply with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) inside it, kept as close to how I'd explain it to a mate over a coffee as the law reasonably allows. The headings below run in the order most people actually think through a privacy policy: what we collect, why, where it goes, how long we keep it, and what you can do about it.
Who we are and what this policy covers
Harry Ally is an independently run Australian website publishing reviews and guides about online casino australia operators, pokies, bonuses and payment methods. We don't operate a casino, take bets, or process gambling transactions — we're a publisher, full stop. That means the personal information we collect is limited to what a review site genuinely needs, not the identity and payment data a licensed operator would hold.
This policy applies to every page on harryally.com, including our real money casino reviews, our bonus guides, and the contact form dotted through the site. It's one policy covering the whole domain — we don't run separate terms per section.
About Harry Ally
I'm Harry, and I run this site as an independent reviewer, not as part of a casino group or affiliate network's in-house marketing team. That independence shapes this policy too: I have no interest in hoarding your data or building a profile of your gambling habits, because that isn't the business I'm in. For more on how the site operates, our about us page covers it in full.
What I do collect is what any small publisher needs: enough to run the site, reply to your emails, see which guides are actually useful, and keep the place secure against abuse.
The personal information we collect
Information reaching us falls into two buckets: what you give us directly, and what's collected automatically because you're browsing a website. We don't collect sensitive information under the Privacy Act — health records, ethnic origin, religious belief — and we have no reason to ask for any of it.
We also don't collect payment card details on harryally.com, because we don't process transactions. Anything you enter on a casino operator's own site is governed by their systems and their privacy policy, not ours.
Information you give us directly
If you use a contact form, subscribe for updates, or leave a comment, you're handing over a small, voluntary set of details. Typically that includes:
- Your name, or the name you choose to give us
- Your email address, so we can reply
- The content of your message or feedback
- Your newsletter preference, if you sign up
We only ask for what we need to respond to you. If a field seems unnecessary for its purpose, that's an oversight worth flagging to us rather than a deliberate ask.
Information collected automatically
Like almost every site, harryally.com picks up technical details the moment you land on a page: your IP address, browser and device type, pages viewed, referring site, and an approximate location derived from your IP (usually city-level, never your street address).
None of this is collected to identify you personally. It's aggregated across visitors and used to understand traffic patterns — say, whether readers on mobile are finding our payments and payouts guide useful.
How we collect your information
We deliberately keep our collection channels short, because the fewer of them there are, the easier it is to actually know where your data lives. We don't buy lists of personal information, and we don't harvest data from social media unless you message us there directly.
Broadly, information reaches us two ways: through forms you fill in on the site, and through cookies and analytics scripts that run automatically while you're reading a page.
Contact forms and cookies working together
When you submit our contact form, the message and your email go to a human — usually me — who reads and replies. We don't auto-forward submissions to any casino operator, advertiser, or unrelated third party, and we don't add your email to a marketing list unless you've separately opted in.
Cookies work differently: they're small text files your browser stores automatically, mostly to remember basic preferences and power our analytics. We cover exactly which types, and how to manage them, in the dedicated section below.
Why we collect and use your information
Under APP 3, we're only meant to collect personal information reasonably necessary for our functions as a publisher, and APP 6 says we can generally only use it for the purpose we collected it for. So it's worth being specific about why each category exists.
In short: to keep the site running, to respond to people who contact us, to see which content genuinely helps readers, and occasionally for security reasons, such as investigating abuse of our contact form.
Running, securing and improving the site
Analytics data shows which guides — our bonus content, for instance — are actually read, and which pages people bounce off quickly. That feeds directly into what gets researched or rewritten next.
The same data has a security function too. Unusual traffic patterns or repeated failed form submissions from one IP address can flag an attempted attack, letting us respond before it becomes a bigger problem for readers.
Responding to your enquiries
If you ask a question — how a review was researched, why a payout figure is described as typical rather than guaranteed — we use your name and email purely to have that conversation, never for marketing unless you've clearly opted in elsewhere.
Where a question is really a gambling harm concern rather than a content question, we'll point you towards Gambling Help Online rather than try to handle it ourselves, because that's a specialist service and we're not counsellors.
Cookies and analytics in detail
We run a small, deliberately limited set of cookies. Strictly necessary ones keep the site functioning — remembering you've dismissed a notice, for example. Analytics cookies, from a privacy-conscious platform, help us understand aggregate traffic: visitor numbers, rough location, device type, and which pages get read.
We configure that tooling to minimise the personal footprint where the platform allows — truncating IP addresses, for instance. No analytics setup is perfectly anonymous, which is why cookies sit squarely inside this policy rather than off to one side.
The types of cookies we use
Cookies here fall into two categories: the ones the site needs to function, and the ones that exist purely to generate traffic statistics. We don't run cookies for personalised advertising, and we don't sell cookie data to anyone.
Weighing it up is fairly simple once you see both sides set out plainly, so here's a quick honest rundown of what allowing cookies actually gets you, and what it costs you in return.
Pros of allowing cookies
- Fewer repeated notices and more consistent page behaviour
- Helps us see which guides are actually working
- Supports faster, more reliable page loading
Cons of allowing cookies
- Your browsing contributes to aggregate analytics data
- Some cookies persist between visits until cleared
- You need to actively manage settings to opt out fully
Managing your cookie settings
Every modern browser lets you view, block or delete cookies through its settings menu, and most analytics platforms offer their own opt-out tool. Blocking cookies entirely won't stop you reading the site — a dismissed notice will just reappear more often.
On a shared or public computer, it's worth clearing cookies once you're done, particularly after using a contact form, so the next person doesn't see fields auto-filled by browser memory rather than anything we've stored.
Third-party services and links
We rely on a small number of providers to actually run the site — hosting, email delivery for the contact form, and analytics. Each processes only a limited slice of data on our behalf, strictly for that purpose, and none may use it for their own unrelated marketing.
We don't work with data brokers, and we don't sell or rent visitor information to advertisers or any online casino australia operator, no matter how many times an affiliate manager asks.
Links to casino operators and other sites
Because this is a review site, we link out constantly to casino operators and industry resources. Those links take you off harryally.com entirely, and the operator's own privacy policy — not ours — governs anything you submit there, including identity and payment details. Our guide to licensing and regulation explains why offshore licensing means Australian consumer protections generally don't extend to what happens on an operator's own platform.
Worth remembering: BetStop, the National Self-Exclusion Register, only covers licensed Australian wagering providers, not offshore online casino australia operators. Self-excluding through BetStop won't automatically block you from an offshore site — Gambling Help Online (1800 858 858) can talk through options that actually apply.
How we store and secure your data
We take reasonable technical and organisational steps to protect information we hold, consistent with APP 11. That includes encrypted form submissions, restricted access to our inbox and hosting panel, and keeping the number of people with access to raw data to an absolute minimum — realistically, just me and occasionally a trusted contractor.
No website can promise perfect security, and we won't pretend otherwise. We can promise security isn't an afterthought: administration credentials are unique, software is kept updated, and we don't store payment data at all, which removes an entire category of risk.
Security measures we take
Practically, our forms submit over HTTPS, our hosting is kept patched, and infrastructure access is limited to accounts with individually managed credentials. We also avoid storing more than we need in the first place — data we don't hold can't be exposed.
Where a provider stores data on our behalf, we choose ones who publish their own security practices and are contractually obliged to protect whatever they process for us.
How long we keep your data
We don't keep information indefinitely just because storage is cheap. As a general guide, contact enquiries are typically retained for around 12 to 24 months after the last exchange, so we can refer back if you follow up, then deleted or de-identified.
Aggregated analytics data may be retained longer, since it's no longer meaningfully personal once combined across thousands of visitors. Newsletter details are kept only for the duration of your subscription, and removed promptly once you unsubscribe.
Typical retention periods
These are typical ranges, not fixed rules — a complaint still being resolved might need a little longer than a routine question answered the same day. Roughly: contact enquiries, 12–24 months; newsletter details, for the duration of subscription; security logs, a few weeks to months.
We periodically review what we're holding and clear out anything that's outlived its purpose. If you'd like specific data deleted sooner, you can ask us directly — see the section below.
Your rights under the Privacy Act 1988 and the APPs
The Privacy Act 1988 (Cth) is the main Commonwealth law governing how organisations handle personal information, built around 13 Australian Privacy Principles. They cover everything from how transparently we must explain our practices (this document) to how information crosses Australia's borders.
Not every APP is equally relevant to a small publishing site — some target large organisations handling government identifiers or mass direct marketing — but the ones below most directly shape how harryally.com is run.
The 13 Australian Privacy Principles at a glance
Here's a quick-look table covering the principles most relevant to how we handle your information. It's a plain-English summary, not a substitute for reading the Act itself.
| Principle | What it covers | What it means here |
|---|---|---|
| APP 1 | Open and transparent management | This policy, published and kept current |
| APP 2 | Anonymity and pseudonymity | You can browse, and even contact us, without your real name |
| APP 3 | Collection of solicited information | We only ask for what's reasonably needed |
| APP 5 | Notification of collection | Explained at or before the point of collection |
| APP 6 | Use or disclosure | Used only for the purpose it was collected for |
| APP 8 | Cross-border disclosure | Covered in our overseas data handling section |
| APP 11 | Security of personal information | Reasonable safeguards, described above |
| APP 12–13 | Access and correction | You can ask to see or fix what we hold |
The remaining principles cover unsolicited information (APP 4), direct marketing (APP 7) and government-related identifiers (APP 9–10) — areas that mostly don't arise here, since we run no direct marketing campaigns and have no legitimate reason to collect anything like a Medicare number or a driver's licence number from our readers.
Access, correction and anonymity
Under APP 2 you can deal with us anonymously or under a pseudonym where practical — you don't need a real name to read a review. It only becomes impractical once you want a direct reply, since we need somewhere to send it.
Under APPs 12 and 13, you can ask what we hold about you and have it corrected if wrong. We'll respond to reasonable requests within a reasonable timeframe, with no fee just for asking.
How to access, correct or complain
If you want to know what we hold, have it corrected, or have it deleted, the simplest path is contacting us directly using the details at the bottom of this page. Include enough detail for us to identify the right records — an email address you've used before is usually fastest.
We'll aim to acknowledge requests promptly and resolve straightforward ones quickly. More complex requests may take longer, particularly if records span more than one system.
Making a request to us directly
Email us with a clear description: access, correction, deletion, or a general complaint about handling. We may need to verify who you are before releasing personal details — a security measure for your benefit, not an attempt to stall.
If we can't fully action a request, for instance because we're required to retain a record for a legitimate reason, we'll explain why rather than simply ignoring it.
Taking a complaint to the OAIC
If you've raised a concern with us and aren't satisfied with the outcome, you can escalate to the Office of the Australian Information Commissioner (OAIC), Australia's independent privacy regulator. The OAIC can be reached on 1300 363 992 or via oaic.gov.au, where a formal complaint form is available.
The OAIC generally expects you to have tried resolving the issue with us first — one reason we'd genuinely rather you came to us directly, since most issues are a quick fix once we know about them.
Overseas data handling
Depending on which hosting, email and analytics providers we use, some personal information may be processed or stored outside Australia, most commonly in the United States or other jurisdictions hosting major cloud infrastructure. This is standard for small websites and not unique to us.
APP 8 requires reasonable steps to ensure overseas recipients don't breach the APPs before we disclose information to them. That shapes which providers we choose, favouring established names with clear privacy commitments over cheaper, less transparent alternatives.
Where your data may be sent and how it's safeguarded
In practice, this means data passing through cloud infrastructure that typically spans multiple countries and regions, rather than sitting on a single server in one fixed location. We don't have full visibility into every internal server location a given provider uses, but we choose ones publishing clear data-handling commitments of their own.
We do not disclose personal information to overseas casino operators or marketing companies for their own independent use — any overseas processing is solely on our behalf, for the purposes described earlier in this policy. If you'd rather opt out of analytics entirely, the browser-level cookie controls described above stop that data reaching our provider in the first place.
This site is for adults 18+, plus policy changes and contact
Harry Ally is intended for readers aged 18 and over. Gambling content, including reviews of online casino australia operators and pokies guides, is not intended for minors, and we don't knowingly collect information from anyone under 18. If we become aware we've inadvertently done so, we'll take reasonable steps to delete it.
We take gambling harm seriously, and that shapes how we write, not just this policy. If gambling has stopped being fun and started feeling like a problem, reach out to Gambling Help Online on 1800 858 858, free, confidential and available 24/7. Remember BetStop only applies to licensed Australian providers — it won't cover offshore sites, so self-excluding through your bank, using blocking software, and talking to Gambling Help Online are more reliable if you're stepping back from gambling altogether.
If reading about odds, bonuses or payout speeds is starting to feel less like research and more like a compulsion, that's worth taking seriously straight away. Call Gambling Help Online on 1800 858 858 (24/7, free and confidential) — it's a conversation, not a commitment, and it's the same advice I'd give a mate.
Age restriction and responsible gambling support
We don't run age-verification gates on our own pages, being a publisher rather than an operator, but we expect readers to be adults, and any casino operator you go on to join will run its own identity and age checks — standard practice that persists even on offshore platforms.
Parents or guardians concerned about a young person's access can use device or browser parental controls to restrict gambling and betting-related sites at the network level. We review this policy periodically and update the "last updated" note whenever practices, providers or the law change; this version was last reviewed in 2026. For any question, to access or correct your information, or to raise a concern, contact us via our about us page — we'd rather sort it out directly with you than have it become a formal OAIC complaint.
Sources
- Office of the Australian Information Commissioner (OAIC) — regulates the Privacy Act 1988 and the Australian Privacy Principles
- Gambling Help Online — free, confidential 24/7 support — 1800 858 858
- AUSTRAC — Australia's AML/CTF and financial-intelligence regulator
Read more
- online casino Australia guide — our pillar overview
- about our review team — how we test and score
- licensing and regulation — the IGA, ACMA and offshore licences
