WINGO
Win Real Cash
4 Live
Top pool: LKR 15,600
Back to Wingo
Privacy Document

Privacy Policy

We take your privacy seriously. This policy explains what data we collect, why we collect it, and how we protect it.

Last updated: April 16, 2026
01

Introduction

Wingo ("Wingo", "we", "our", or "us") is committed to protecting and respecting the privacy of our users. This Privacy Policy describes how we collect, use, store, process, and disclose your personal information when you use the Wingo platform and services ("Platform").

This Policy applies to all users of the Platform, including visitors, registered users, and challenge participants. It should be read alongside our Terms & Conditions and Refund Policy.

Legal Basis: This Privacy Policy is drafted in compliance with the Personal Data Protection Act No. 9 of 2022 (PDPA) of Sri Lanka, as well as internationally recognized data protection principles.

By registering for an account or using the Platform, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree, you must not use the Platform.

02

Data We Collect

We collect personal data in the following categories:

a) Identity & Contact Data

  • Full legal name as it appears on your National Identity Card (NIC) or passport
  • Date of birth
  • National Identity Card (NIC) number or passport number
  • Email address
  • Sri Lankan mobile phone number
  • Profile photograph (if provided)

b) Financial Data

  • Bank account number and bank name (for prize disbursement only)
  • Payment method details (stored securely via our payment processors — we do not store raw card details)
  • Transaction history: entry fee payments, prize disbursements, and refunds

c) Technical & Usage Data

  • IP address and approximate geolocation
  • Browser type and version
  • Device type, operating system, and screen resolution
  • Time zone and language preferences
  • Pages visited, features used, and time spent on the Platform
  • Referral source (how you found Wingo)
  • Error logs and crash reports

d) Challenge & Competition Data

  • Challenge entries and submissions
  • Competition results and history
  • Score and ranking data

e) Communications Data

  • Support tickets and correspondence with our team
  • Feedback, survey responses, and contest-related communications
  • Email and notification preferences
Sensitive Data: We do not collect or process sensitive personal data such as racial origin, political opinions, religious beliefs, health data, or biometric data, except for NIC/passport data required for identity verification as mandated by Sri Lankan financial regulations.
03

How We Use Your Data

We process your personal data only for legitimate purposes and on appropriate legal bases, including contractual necessity, legal obligation, and legitimate interest. Specifically, we use your data to:

  • Account management: Create, maintain, and administer your account, including verifying your identity during registration and KYC processes.
  • Challenge participation: Process your entry fees, manage your challenge submissions, and determine winners.
  • Prize disbursement: Transfer prize winnings to your registered bank account or digital wallet.
  • Payment processing: Facilitate secure payment transactions and maintain transaction records as required by Sri Lankan financial regulations.
  • Legal compliance: Meet our obligations under applicable Sri Lankan laws, including tax reporting, anti-money laundering (AML) compliance, and Know Your Customer (KYC) requirements.
  • Platform improvement: Analyze usage patterns to improve features, fix bugs, and enhance overall user experience.
  • Communication: Send you transactional emails (receipts, prize notifications, account alerts), platform updates, and, with your consent, promotional communications.
  • Security & fraud prevention: Detect, investigate, and prevent fraudulent transactions, unauthorized access, and other prohibited activities.
  • Customer support: Respond to your inquiries, complaints, and support requests.
  • Legal disputes: Establish, exercise, or defend legal claims when necessary.

We will not use your personal data for purposes that are incompatible with those listed above without obtaining your prior explicit consent.

04

Data Sharing & Disclosure

We do not sell, rent, or trade your personal data to third parties. We share your data only in the following limited circumstances:

  • Payment processors: We share necessary financial data with authorized payment gateway providers (e.g., PayHere, ipay, or equivalent) to process entry fees and prize disbursements. These providers are contractually bound to maintain data confidentiality.
  • Identity verification services: We may share your NIC/passport data with licensed identity verification service providers to complete KYC requirements.
  • Cloud & infrastructure providers: Our data is hosted on secure cloud servers. Infrastructure providers are bound by strict data processing agreements.
  • Analytics providers: We use anonymized and aggregated analytics data with third-party analytics tools. No personally identifiable information is shared for this purpose.
  • Legal authorities: We will disclose your personal data to law enforcement agencies, regulatory bodies, courts, or government authorities when required by law, court order, or in response to a valid legal request, including investigations relating to fraud, tax compliance, or financial crimes.
  • Business transfers:In the event of a merger, acquisition, or sale of Wingo's assets, your data may be transferred to the acquiring entity, subject to equivalent data protection obligations.
Any third party with whom we share your data is required to implement appropriate technical and organizational security measures and is only permitted to use your data for the specified purpose.
05

Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience on the Platform. Cookies are small text files stored on your device by your web browser.

Types of cookies we use:

  • Strictly necessary cookies: Essential for the Platform to function. These include session cookies for maintaining your login state and security tokens. These cannot be disabled.
  • Performance cookies: Used to collect anonymized data about how visitors use the Platform (page views, user flows, error rates). This helps us improve Platform performance.
  • Functional cookies: Remember your preferences such as theme selection (dark/light mode), language settings, and other customization options.
  • Marketing cookies: Only used with your explicit consent. These help us display relevant advertisements and measure campaign effectiveness. You may opt out at any time.

You can control cookie preferences through your browser settings. However, disabling certain cookies may impair the functionality of the Platform. For detailed cookie management instructions, please refer to your browser's help documentation.

We use local storage to persist your theme preference (dark/light mode) between sessions. This data is stored entirely on your device and is not transmitted to our servers.

06

Data Security

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256 encryption.
  • Access controls: Access to personal data is restricted to authorized personnel on a strictly need-to-know basis. All staff with data access are subject to confidentiality obligations.
  • Secure payment processing: We do not store raw payment card details. All payment data is handled by PCI-DSS compliant payment processors.
  • Regular audits: We conduct periodic security assessments and penetration testing to identify and remediate vulnerabilities.
  • Incident response: We maintain a documented data breach response procedure. In the event of a breach affecting your personal data, we will notify you and relevant authorities as required by the PDPA within 72 hours.
  • Two-factor authentication: We strongly recommend enabling two-factor authentication (2FA) on your account for additional security.
Important: While we take all reasonable precautions, no method of data transmission or storage is completely secure. We cannot guarantee absolute security. In the event of a data breach, we will take all necessary steps to contain the breach, assess the damage, and notify affected users promptly.
07

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

  • Account data:Retained for the duration of your account's existence, plus 7 years after account closure (as required for financial record-keeping under Sri Lankan law).
  • Transaction records: Retained for a minimum of 7 years as required by the Inland Revenue Act and financial regulations.
  • KYC documents: Retained for 7 years from the date of submission in compliance with AML regulations.
  • Challenge submissions: Retained for 2 years after the conclusion of the relevant challenge, then deleted or anonymized.
  • Support communications: Retained for 3 years from the last interaction.
  • Analytics data: Retained in anonymized form indefinitely for Platform improvement purposes.

Upon expiry of the applicable retention period, your data will be securely deleted or permanently anonymized so that it can no longer be linked to you as an individual.

08

Your Rights

Under the Personal Data Protection Act No. 9 of 2022 (PDPA) of Sri Lanka and applicable data protection principles, you have the following rights regarding your personal data:

  • Right to Access: You may request a copy of all personal data we hold about you, including information about how it is processed.
  • Right to Rectification: You may request correction of any inaccurate or incomplete personal data. You can update most account information directly through your account settings.
  • Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations.
  • Right to Restrict Processing: You may request that we limit the processing of your data in certain circumstances, such as when you contest its accuracy.
  • Right to Data Portability: You may request your data in a structured, machine-readable format to transfer to another service provider, where technically feasible.
  • Right to Object: You may object to processing of your data for direct marketing purposes at any time.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Please note that certain rights may be limited where retention is required by law (e.g., financial records, KYC data) or where processing is necessary for the establishment, exercise, or defense of legal claims.
09

Children's Privacy

Wingo is strictly an adults-only platform. The Platform is not directed at, and we do not knowingly collect personal data from, individuals under the age of 18.

If we become aware that we have collected personal data from a person under 18 years of age, we will take immediate steps to:

  • Suspend the associated account pending verification.
  • Delete all personal data collected from the minor.
  • Refund any entry fees paid, minus any applicable administrative costs, to the payment method used.
  • Notify the relevant authorities where required by law.

If you are a parent or guardian and believe that your child has provided personal data to Wingo without your consent, please submit a support ticket immediately via our Contact page.

10

Third-Party Links

The Platform may contain links to third-party websites, applications, or services that are not operated by Wingo. These links are provided for your convenience only. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

We strongly advise you to review the privacy policy of every website you visit. Our Privacy Policy does not apply to any third-party services, and we are not responsible for any data they collect.

11

International Transfers

Wingo primarily operates within Sri Lanka. However, some of our service providers and infrastructure partners may be located outside Sri Lanka, which may involve the transfer of your personal data across international borders.

When we transfer personal data internationally, we ensure that:

  • The transfer is to a country recognized as providing an adequate level of data protection, or
  • Appropriate safeguards are in place, such as standard contractual clauses or binding corporate rules approved by the relevant data protection authority, or
  • The transfer is otherwise permitted under applicable Sri Lankan data protection law.
12

PDPA Compliance (Sri Lanka)

Wingo is fully committed to compliance with the Personal Data Protection Act No. 9 of 2022 (PDPA) of Sri Lanka. As a data controller, we have implemented the following measures:

  • Appointed a Data Protection Officer (DPO) responsible for overseeing PDPA compliance.
  • Maintained a Record of Processing Activities (ROPA) as required by the PDPA.
  • Implemented Privacy by Design principles in our Platform development and data handling processes.
  • Established documented procedures for handling data subject requests within statutory timeframes.
  • Conducting Data Protection Impact Assessments (DPIAs) for high-risk processing activities.
  • Registered with the Data Protection Authority of Sri Lanka in accordance with regulatory requirements.

If you believe your data protection rights under the PDPA have been violated, you have the right to lodge a complaint with the Data Protection Authority of Sri Lanka.

13

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or Platform features. When we make significant changes, we will:

  • Update the "Last Updated" date at the top of this Policy.
  • Send a notification to your registered email address.
  • Display a prominent banner on the Platform for at least 14 days following the change.

Your continued use of the Platform after any changes to this Privacy Policy constitutes your acceptance of those changes. We encourage you to review this Policy periodically.