Loading...
Version 1.0.
Last Updated: 27 May 2026
Privacy Policy
This Privacy Policy explains how Vision Derby Ltd ("Vision Derby", "we", "us", or "our") collects, uses, stores, shares, and protects information about individuals who visit or use the Vision Derby website located at jokio.com (the "Site"), together with any related webpages, applications, products, or services made available through the Site (collectively, the "Services").
In this Policy, the terms "you" and "your" refer to any individual who accesses or interacts with our Services. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. Where express, opt-in consent is required by applicable law (for example, before we collect biometric information or share certain personal information with third parties), we will obtain that consent through clearly separate disclosures and consent prompts, and not solely by your use of the Services.
If you do not agree with the practices described in this Policy, you should not access or use the Services.
The Services are intended solely for adults aged 21 years or older who are physically located in a jurisdiction in which Vision Derby is authorised to offer the Services. The Services are not directed to, designed for, or intended to be used by anyone under the age of 21, and we do not knowingly collect personal information from anyone under that age.
If we become aware that we have collected personal information from a person under the age of 21 without appropriate authorisation, we will take prompt steps to close the account, delete the information, and restrict access to the Services. If you believe that we may have collected information from a person under 21, please contact us at the email address set out in the "Contact Us" section below.
Vision Derby may update or revise this Privacy Policy from time to time. The "Last Updated" date at the top of this Policy will reflect any changes. Where required by applicable law, we will provide additional notice (for example, by email or through a prominent notice on the Site) before material changes take effect. Your continued use of the Services following the effective date of any update indicates your acceptance of the revised Privacy Policy.
We collect information that you choose to provide when interacting with our Services. This may include information provided when you register for, verify, fund, or manage an account, place wagers, play Pari-mutuel Powered Games, complete forms, surveys, or promotions, contact customer support, provide feedback, or otherwise communicate with us.
| Category | Examples |
|---|---|
| Profile Data | Username, password, security questions, account preferences and settings. |
| Personal Identifiers | Full name, residential address, date of birth, the last four digits of your Social Security number, government-issued identification (driver’s license, state ID, passport) and related document numbers and images. |
| Biometric Information | Facial images, "selfie" photographs, facial recognition templates or "faceprints," and other biometric identifiers or biometric information generated from images of government-issued identification and selfies used to confirm your identity. See Section 5 (Biometric Information Policy) below for details on how this information is collected, stored, used, and destroyed. |
| Contact Information | Residential address, billing address, email address, mobile telephone number. |
| Financial Information | Payment card details, ACH/bank account information and routing numbers, PayPal or other electronic wallet identifiers, deposit and withdrawal history, and tax information required for IRS reporting (including W-2G and 1099 information). |
| Wagering and Account Activity | Deposits, withdrawals, account balances, wagers placed, game play history, results, winnings, losses, bonus and promotional activity. |
| Commercial Information | Transaction records, purchase history, refunds, and details relating to products or services obtained through the Services. |
| Marketing and Communications | Marketing campaign data, click-throughs, your marketing preferences and consents, communication preferences, email, phone, SMS, and live chat communications with us. |
| Geolocation Data | Precise GPS location, device location, Wi-Fi data, mobile network data, and other information used to verify that you are physically located in a jurisdiction in which the Services may lawfully be offered. |
| Audio and Visual Information | Photographs (including selfies for identity verification) and call recordings of customer support interactions. |
| Inferences | Inferences drawn from the information above to create a profile reflecting your preferences, characteristics, behaviour, and engagement with the Services. |
When you access or interact with the Site or Services, certain information is collected automatically, including:
We may receive information about you from third parties that support our Services, including:
Where appropriate, we may combine information received from third parties with information we already hold about you to help us operate, secure, and improve the Services.
We use your information for the purposes set out below. Where required by applicable law, we will only use particular categories of personal information (such as biometric information or "sensitive personal information") for the limited purposes specified in this Policy and with the consents required by law.
We share personal information with the categories of recipients set out below. We do not sell your personal information for money. We do disclose certain personal information to service providers and to advertising and analytics partners; in some states, those disclosures may be treated as "sales" or "sharing" of personal information for "cross-context behavioural advertising," and you have the right to opt out of those disclosures (see Section 11).
Jokio.com is a "Skin" operated by Vision Derby on the licensed Advance Deposit Wagering ("ADW") platform of AmWest Entertainment, LLC ("AmWest"). AmWest is the licensed pari-mutuel hub operator under Oregon Revised Statutes Chapter 462 and is regulated by the Oregon Racing Commission. All wagers placed through Jokio.com are accepted in, and deemed made in, the State of Oregon and are processed on equipment owned and operated by AmWest through an Oregon Racing Commission-approved totalizator system.
Because of this regulatory structure, every player who registers, deposits, wagers, or plays a Pari-mutuel Powered Game on Jokio.com is also a wagering customer of AmWest in its capacity as the licensed pari-mutuel hub operator. In order to make the Services available to you, we share, and AmWest collects, accesses, processes, and stores, the following categories of information:
AmWest processes this information as a controller for its own regulatory, licensing, financial, tax-reporting, anti-money laundering, fraud-prevention, and dispute-resolution purposes, and to provide and maintain the underlying platform. AmWest is also subject to oversight by, and may be required to disclose information to, the Oregon Racing Commission and other regulators with jurisdiction over the Services.
We engage other service providers and technology partners to perform services on our behalf, including hosting and cloud infrastructure, identity verification and biometric verification, geolocation verification, payment processing, billing and accounting, customer support, analytics, marketing, advertising, fraud prevention, and tax and regulatory compliance services. These providers may collect, access, or process personal information only as necessary to provide services to Vision Derby and are subject to contractual obligations regarding confidentiality, data protection, and the appropriate use of personal information.
Representative categories of providers (which may change from time to time) include:
We work with third-party marketing, advertising, affiliate, and analytics partners to promote our Services, measure the effectiveness of marketing and advertising campaigns, and offer you cross-account creation promotions and other promotions in respect of brands within Vision Derby’s affiliated corporate group. In connection with these activities, we may disclose certain personal information — including identifiers, advertising identifiers, IP address, device information, internet or other electronic network activity information, geolocation data, profile data, commercial information, and inferences drawn from any of the foregoing — to these partners.
These disclosures may be deemed "selling" or "sharing" of personal information under California law and similar concepts under the privacy laws of other US states (including for the purpose of "cross-context behavioural advertising" or "targeted advertising"). We do not sell personal information for monetary consideration. We do not knowingly sell or share the personal information of consumers under the age of 21, and we have no actual knowledge of any sales or sharing of personal information of consumers under the age of 21.
You may opt out of this selling or sharing by emailing us at [email protected] with the subject line "Do Not Sell or Share." Where your browser or device supports it, we will also treat a Global Privacy Control ("GPC") signal as a valid opt-out of selling and sharing of personal information for that browser or device and, where reasonably linkable, for the associated account.
We may disclose personal information to gaming regulators (including the Oregon Racing Commission), state and federal racing or gaming authorities in each state in which we operate, law-enforcement agencies, tax authorities, courts, and other governmental authorities, where we believe in good faith that disclosure is necessary or appropriate to: (i) comply with applicable laws, regulations, licensing requirements, subpoenas, court orders, or other legal process; (ii) cooperate with investigations of suspected or actual unlawful activity or violations of our Terms; (iii) protect the rights, property, or safety of Vision Derby, our players, or others; or (iv) prevent fraud, money laundering, or other harm.
If Vision Derby is involved in a corporate transaction such as a merger, acquisition, financing, restructuring, sale of assets, or insolvency proceeding, personal information may be transferred as part of that transaction. In such circumstances, we will require the recipient to handle the information in a manner consistent with this Privacy Policy.
We may share personal information for any other purpose disclosed to you at the time it is collected or with your separate consent.
When you participate in a game or interactive feature, your username, profile information, gameplay statistics, and any messages you choose to send through public or social features may be visible to other players. You should exercise care when sharing personal information through these features.
This Section is Vision Derby’s written policy regarding the collection, use, storage, retention, disclosure, and destruction of biometric information. It applies in addition to any state-specific notices and is intended to comply with applicable state biometric privacy laws, including, where applicable, the Illinois Biometric Information Privacy Act (740 ILCS 14/) and similar laws.
In order to verify your identity and to comply with applicable gaming, anti-money laundering, "know your customer," and responsible-gaming requirements, we and our identity-verification service providers may collect and process the following biometric information:
We collect this information solely for the following purposes:
We do not use biometric information for any commercial purpose other than as described in this Policy. We do not sell, lease, trade, or otherwise profit from biometric information. We will not disclose biometric information except as expressly permitted by this Policy and by applicable law.
Biometric information is processed by our identity-verification provider, Jumio Corporation (the "Verification Provider"), acting on our behalf under written contract that requires the Verification Provider to handle biometric information in accordance with this Policy and applicable law. The Verification Provider may also be required to share verification results with AmWest, which is the licensed hub operator. We will update this Policy if our Verification Provider changes.
Before we (or the Verification Provider acting on our behalf) collect, capture, or otherwise obtain your biometric information, we will:
You may decline to provide biometric information; however, because biometric identity verification is a regulatory and operational requirement for the Services, we may not be able to verify your identity or allow you to use the Services if you do not consent.
We and our Verification Provider will retain biometric information only for as long as reasonably necessary to fulfil the purposes set out above. In any event, biometric information will be permanently destroyed by us and our Verification Provider on or before the earlier of:
Where applicable law requires a shorter retention period for biometric information (for example, under the Illinois Biometric Information Privacy Act), we will apply the shorter period. Where applicable law requires a longer retention period for related records (for example, anti-money-laundering or tax records), we may retain non-biometric records of the verification (such as the fact, date, and outcome of verification) for that longer period.
Biometric information is stored using a reasonable standard of care for the industry, and in a manner that is the same as, or more protective than, the manner in which we store, transmit, and protect other confidential and sensitive personal information. Biometric information is encrypted in transit and at rest and is subject to access controls, logging, and other technical and organisational safeguards.
We and our service providers use cookies, pixels, tags, software development kits ("SDKs"), and similar technologies to operate the Services, recognise returning users, analyse use of the Services, secure your account, deliver and measure marketing, and improve functionality. Cookies are small text files placed on your browser or device. Pixels and SDKs allow us to collect technical information from your device and to measure how you interact with our communications and content.
We use the following broad categories of cookies and similar technologies:
You can manage your cookie and tracking preferences in the following ways:
Where required by applicable law, we treat a "Global Privacy Control" ("GPC") signal sent by your browser or device as a valid request to opt out of "sales" of personal information and "sharing" of personal information for cross-context behavioural advertising for that browser or device and, where reasonably linkable, for the associated account. Our Services do not currently respond to legacy "Do Not Track" browser signals.
We use third-party analytics tools, including Google Analytics, to understand how visitors use our Site and Services. These tools may collect information such as your IP address, pages viewed, time spent on pages, and navigation patterns. You can learn more about Google’s practices at https://policies.google.com/privacy and opt out of Google Analytics through Google’s opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.
We retain personal information only for as long as necessary to fulfil the purposes described in this Policy, including providing the Services, complying with our legal, regulatory, licensing, anti-money laundering, tax, and accounting obligations, resolving disputes, preventing fraud, and enforcing our agreements. The specific retention periods we apply include:
| Category of Information | Retention Period |
|---|---|
| Account, KYC, identity verification, and transaction records (other than biometric information) | For the life of your account and for a minimum of five (5) years following account closure, or longer where required by applicable anti-money-laundering, tax, or gaming regulations. |
| Wagering, gameplay, and Regulatory Data | Retained by AmWest as the licensed hub operator for the period required under applicable pari-mutuel and gaming laws (generally at least five (5) years), and by Vision Derby for the same period to the extent we are required or permitted to maintain such records. |
| Biometric information | See Section 5.4. Destroyed no later than three (3) years after your last interaction with the Services, or earlier where required by applicable law. |
| Tax-reporting information (including W-2G and 1099 information) | Retained for the period required by U.S. federal and state tax law (generally seven (7) years). |
| Self-exclusion and responsible-gaming records | Retained for the period required by applicable gaming and responsible-gaming regulations, which may extend indefinitely for permanent self-exclusion lists. |
| Marketing preferences, opt-out and consent records | Retained for as long as the related communications are sent and for a reasonable period afterwards to evidence compliance. |
| Customer support, complaint, and dispute records | Retained for a minimum of five (5) years following resolution of the issue. |
| Website usage, cookie, and analytics data | Retained for up to twenty-four (24) months, except where a longer period is required for security or legal purposes. |
When personal information is no longer required, we will take reasonable steps to securely delete, de-identify, or anonymise it in accordance with applicable law.
Vision Derby implements technical and organisational safeguards designed to protect personal information against unauthorised access, disclosure, alteration, or loss. Access to personal information is restricted to personnel who require such access to perform their responsibilities. Systems containing personal data are protected through access controls, encryption in transit and at rest where appropriate, network and application security controls, logging and monitoring, vendor due diligence, and other safeguards designed to maintain the confidentiality, integrity, and availability of personal information.
No system can be guaranteed to be entirely secure, and we cannot guarantee the security of information transmitted to or from the Services. You are responsible for keeping your login credentials confidential and for notifying us promptly of any suspected unauthorised use of your account.
Vision Derby maintains a written incident response plan. In the event of a security incident that affects the confidentiality, integrity, or availability of personal information, Vision Derby will:
Your personal information may be transferred to, processed in, and stored in the United States and other jurisdictions in which Vision Derby, AmWest, or our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. Where we transfer personal information internationally, we take appropriate steps designed to ensure that such transfers comply with applicable data protection laws and that your information remains protected.
Depending on the state in which you reside, you may have specific rights under applicable state privacy laws. This Section describes those rights and how to exercise them. References below to "personal information" and similar terms have the meanings given to them in the applicable state law.
Subject to limited exceptions, residents of states with comprehensive privacy laws generally have the following rights:
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"), grants you the rights described in Section 11.1 above with respect to your personal information.
Categories of personal information collected. In the preceding 12 months, we have collected the categories of personal information described in Section 3, which correspond to the following CCPA categories: identifiers; categories of personal information described in California Civil Code Section 1798.80(e) (customer records); commercial information; internet or other electronic network activity information; geolocation data; audio, electronic, visual, or similar information; professional or employment-related information (limited); inferences drawn from the foregoing; and "sensitive personal information" (specifically, government identifiers including the last four digits of Social Security numbers and information in government-issued identification documents; account log-in and password; precise geolocation; and biometric information processed for the purpose of uniquely identifying you).
Sources and purposes. We collect this information from the sources, and use and disclose it for the business and commercial purposes, described in Sections 3 and 4 above.
Disclosures for business purposes and "sharing." We disclose all of the above categories to service providers and to AmWest as described in Section 4.2. We do not sell personal information for money. We do "share" certain identifiers, internet activity information, and inferences (for example, advertising IDs and on-Site activity) with advertising partners for cross-context behavioural advertising; you may opt out as described below. We do not knowingly sell or share the personal information of consumers under the age of 16.
Use of sensitive personal information. We use and disclose sensitive personal information only for the purposes permitted by California Civil Code Section 1798.121 and the CCPA regulations, including to perform the Services, verify your identity, prevent fraud and security incidents, comply with law, and as otherwise authorised by you.
How to exercise California rights. You may submit a request to know, delete, correct, opt out of sale/sharing, or limit use of sensitive personal information by:
We will verify your identity using information associated with your account before responding to a request. You may use an authorised agent to submit a request on your behalf by providing the agent with written, signed permission and verifying your identity directly with us. We will respond to verified requests within the timeframes required by the CCPA.
California Shine the Light. Under California Civil Code Section 1798.83, California residents may request, once per calendar year, information about the categories of personal information we have shared with third parties for those third parties’ direct marketing purposes. We do not currently share personal information with third parties for their own direct marketing purposes.
If you are a Colorado resident, the Colorado Privacy Act grants you the rights described in Section 11.1, including the right of access, correction, deletion, portability, and the right to opt out of "targeted advertising," "sale" of personal data, and certain "profiling" that produces legal or similarly significant effects. Colorado residents also have the right to appeal our refusal to act on a privacy rights request; instructions for doing so will be included in any response refusing a request. You may submit a request by emailing [email protected] with the subject line "Colorado Privacy Request."
If you are a New York resident, you are protected by New York’s SHIELD Act, which requires Vision Derby to maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of "private information" of New York residents, and to notify affected New York residents and the New York Attorney General in the event of a security breach affecting such information. We will provide such notification in accordance with N.Y. Gen. Bus. Law § 899-aa and § 899-bb. If New York adopts additional comprehensive consumer privacy legislation that applies to Vision Derby, we will update this Policy and provide New York residents with the rights afforded under that law.
If you are a Delaware resident, the Delaware Personal Data Privacy Act ("DPDPA") grants you the rights described in Section 11.1, including the right of access, correction, deletion, portability, and the right to opt out of "targeted advertising," "sale" of personal data, and certain "profiling." Delaware residents also have a right to appeal our refusal to act on a privacy rights request; instructions for doing so will be included in any response refusing a request. You may submit a request by emailing [email protected] with the subject line "Delaware Privacy Request."
If you are a resident of Alabama, Florida, Kansas, Louisiana, Nebraska, New Mexico, North Dakota, Oklahoma, Wisconsin, or Wyoming, you may have privacy rights under applicable state law. In particular:
We will honour all valid privacy rights requests from residents of these states to the extent required by applicable law. To submit a request, please contact us at [email protected] with the subject line "Privacy Request" and indicate your state of residence.
If Vision Derby expands the Services into additional states in the future, residents of those states may have additional privacy rights under applicable state law, and we will honour those rights in accordance with the requirements of the applicable statute.
You may use an authorised agent to submit a privacy rights request on your behalf, subject to verification requirements described above and as permitted by applicable law. We may request additional information to verify your identity or, in the case of an authorised agent, to verify the agent’s authority to act on your behalf.
While we value our communications with you, if you do not want Vision Derby or its representatives to contact you for marketing purposes, you may opt out at any time by following the unsubscribe instructions included in our marketing emails, replying STOP to marketing SMS messages, or updating your communication preferences in your account settings. This opt-out will not apply to service-related, transactional, regulatory, or administrative communications relating to your account or your use of the Services. You may continue to receive promotional messages for a short period while we process your request.
To request account closure or deletion of personal information we have collected, please email us at [email protected] with the subject line "Data Deletion" (or "Account Closure"). We may deny or limit a deletion request to the extent necessary to:
The Services are intended solely for adults aged 21 or older. They are not designed for or directed to children, and we do not knowingly collect personal information from anyone under 21. If we learn that we have collected personal information from a person under 21 without appropriate authorisation, we will close the account and delete the information.
If you have any questions about our privacy practices or this Policy, or would like to exercise any of the rights described above, please contact us at:
Vision Derby Ltd – Privacy Team
Email: [email protected]
General support: [email protected]
