Is STOP Gambling Pro a medical treatment?

No. STOP Gambling Pro is a digital support tool. It is not a medical device, therapy, or substitute for professional care. It is designed to complement professional treatment and support your journey toward change.

Yes. We take privacy seriously and build with European data protection standards in mind. Your personal data is never sold or shared with third parties.

For anyone who feels that gambling has become a problem — whether you're just starting to notice the signs or have been struggling for a while. We also provide resources for families and partners.

We are working on making the tool as accessible as possible. Details about pricing and availability will be shared soon.

Can this replace therapy?

No. STOP Gambling Pro is designed to support, not replace, professional care. If you are in crisis or need immediate help, please contact a professional helpline in your area.

How does self-exclusion work?

Self-exclusion allows you to voluntarily ban yourself from gambling platforms. In Germany, the OASIS system provides a centralized self-exclusion mechanism. We guide you through the process and connect you with official resources.

Privacy Policy

Last updated: 7 May 2026

At STOP Gambling Pro we take the privacy of our users with the utmost seriousness. This policy explains what personal data we collect, for what purpose, on what legal basis, and what your rights are under the General Data Protection Regulation (GDPR, EU 2016/679). Please read it carefully.

1. Identity and contact details of the data controller

The controller responsible for processing your personal data is Rubén Acosta Sanz, acting as a natural person operating STOP Gambling Pro. Contact email: [email protected] At the time of this update, the service is not yet presented as a registered company. If and when self-employment or other business-registration details become applicable and are required to be published, the legal notice and this policy should be updated accordingly. A full postal address for the controller must still be added to the imprint / legal notice to complete the mandatory identification details.

2. Personal data we collect

We collect the following categories of personal data: a) Account and profile data: — Name — Email address — Password hash if you register with email and password — Google account identifier and profile photo if you sign in with Google — Language and profile preferences b) Recovery and service data that you choose to create inside the service: — Weekly check-ins — Self-assessment answers and results — Quit date, streak data, badges and progress history — Stories or other free-text content you submit — Contact form messages c) Session, security and attribution data: — Session tokens and authentication timestamps — Registration and login attribution data such as landing page, referrer, UTM parameters, browser language and, where provided by our proxy or hosting stack, approximate country, region or city — Technical security logs, rate-limiting data and abuse-prevention metadata d) Technical telemetry on public pages only: — Privacy-focused website analytics collected through our self-hosted Umami installation after consent — Error and performance telemetry collected through Sentry with data minimisation enabled Because of the nature of the service, some content you choose to enter may reveal highly sensitive information about gambling behaviour, recovery progress, mood or related personal circumstances. Please avoid entering personal data about third parties or unnecessary medical details in free-text fields.

3. Legal basis for processing

We process your personal data on the following legal bases under Art. 6 GDPR: a) Performance of a contract (Art. 6(1)(b) GDPR): to create and maintain your account, authenticate you, provide dashboard features, store your progress, and deliver user-requested functions such as exports, reminders and account management. b) Legitimate interests (Art. 6(1)(f) GDPR): to secure the service, prevent abuse, investigate incidents, maintain logs, measure reliability and resolve technical errors. c) Consent (Art. 6(1)(a) GDPR): for optional public-page analytics and replay-based diagnostics, and for any optional feature where we specifically ask for consent. You may withdraw consent at any time for future processing. d) Compliance with legal obligations (Art. 6(1)(c) GDPR): where we must retain or disclose information under applicable law.

4. Purposes of processing

We use your personal data for the following purposes: — Creating and managing your user account — Authenticating access and protecting the platform against misuse — Providing recovery tools such as check-ins, assessments, streaks, stories and profile settings — Sending transactional emails such as account security notices, deletion codes, story moderation notices and reminder emails you enable — Answering support and contact requests — Running public-page analytics after consent to understand traffic sources and improve the public website — Monitoring reliability, debugging failures and improving security — Translating submitted stories for moderation or publication workflows where applicable — Complying with legal obligations and enforcing our terms We do not sell your data and we do not use your account data for third-party advertising.

5. Recipients and third-party transfers

Your personal data may be disclosed only to service providers that help us operate STOP Gambling Pro, subject to the relevant contractual and technical safeguards: — Google, when you use Google OAuth and when transactional email is sent through Google mail infrastructure — Sentry, for error monitoring and performance diagnostics — DeepL, if submitted story content is translated through the DeepL API — Our self-hosted infrastructure and database providers that run the website, analytics and backups — Other providers only where strictly necessary for hosting, security, email delivery or legal compliance Our self-hosted Umami analytics installation runs on infrastructure controlled by us or our hosting provider. We do not send your analytics data to Google Analytics or other advertising networks. We do not sell or rent your personal data to third parties for their own purposes.

6. International data transfers

Some providers used by the service may process data outside the European Economic Area or may be headquartered in countries outside the EEA. This may include Google services, Sentry and any infrastructure or email provider used to operate the service. Where such transfers take place, they must rely on an appropriate transfer mechanism such as an adequacy decision, the EU Standard Contractual Clauses, or another lawful safeguard under Arts. 44 to 49 GDPR. Our public-page analytics stack is self-hosted. That means Umami analytics data stays on our own infrastructure or the infrastructure of our hosting provider rather than being sent to a third-party analytics cloud by default.

7. Data retention periods

We retain personal data only for as long as necessary for the purposes described in this policy: — Account, profile, check-in, assessment, tracker and story data: while your account remains active and until deletion is completed — Transactional email records and contact requests: for as long as needed to handle the request, operate the service and document security-relevant actions — Session and security logs: only for a limited period necessary for fraud prevention, abuse handling and service security — Public-page analytics and technical diagnostics: for as long as necessary to analyse traffic, improve reliability and investigate incidents, subject to periodic deletion or rotation — Encrypted backups: for the backup retention period in force at the time of deletion When data is no longer needed and no legal obligation requires retention, we delete or irreversibly anonymise it.

8. Your rights as a data subject

Under GDPR, you have the following rights regarding your personal data: — Right of access (Art. 15 GDPR) — Right to rectification (Art. 16 GDPR) — Right to erasure (Art. 17 GDPR) — Right to restriction of processing (Art. 18 GDPR) — Right to data portability (Art. 20 GDPR) — Right to object to processing based on legitimate interests (Art. 21 GDPR) — Right to withdraw consent at any time for future processing based on consent — Right not to be subject to solely automated decisions with legal or similarly significant effects You can exercise account export and deletion functions from your profile where available, or contact us at [email protected]. You also have the right to lodge a complaint with the competent supervisory authority, including in Germany the Bundesbeauftragte fuer den Datenschutz und die Informationsfreiheit (BfDI) or the competent state authority for your Land.

9. Cookies and similar technologies

We use strictly necessary technologies to keep the site secure and functional, including session handling, authentication-related storage, language preference and your cookie-consent choice. If you consent, we also enable limited non-essential measurement on public pages only: — Self-hosted Umami analytics for privacy-focused pageview analytics — Sentry Replay for technical debugging on public pages only, with masking enabled and with replay disabled on sensitive routes We do not enable Umami analytics or Sentry Replay on account, dashboard, check-in, assessment, story submission, contact or consent pages. We also configure Umami not to record URL search parameters or hash fragments. You can refuse optional analytics by choosing essential-only cookies.

10. Security measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, disclosure or alteration. These measures include: — TLS/HTTPS encryption for data in transit — Restricted access to production systems and databases — Password hashing for credentials-based accounts — Encrypted backups — Logging, rate limiting and abuse-prevention controls — Data minimisation for monitoring and analytics tools No internet-based service can guarantee absolute security. If a personal-data breach creates a risk to your rights and freedoms, we will handle notifications in line with Arts. 33 and 34 GDPR.

11. Children's privacy

STOP Gambling Pro is intended only for adults aged 18 and over. We do not knowingly provide the service to minors or knowingly collect personal data from minors. If you believe a minor has used the service, contact [email protected] so we can review and delete the relevant data where appropriate.

12. Changes to this policy

We may update this privacy policy to reflect changes in our data processing practices, applicable legislation or service development. When we make material changes, we will notify you via a notice on the platform or by email at least 15 days before the changes take effect. The date of the last update appears at the top of this document.

13. Contact

For questions about this privacy policy or the processing of your personal data: Email: [email protected] We aim to respond within one month, subject to the time limits permitted by the GDPR.