Richard
Login Register

Richard Casino Cookies Policy

This page is the practical version of our cookie disclosure. Every cookie we set is listed by category with the job it performs, how long it stays, and what stops working if you switch it off. If you only want to opt out, jump to "Your Controls" near the bottom — the rest is here so you can decide which trade-offs you accept.

Cookies in Plain English

A cookie is a small text record (usually under 4 KB) that our domain or one of our trusted partners stores on the device you are using to play pokies. It carries an identifier — never your password, never your card. The browser sends that identifier back on the next page load so we know it is the same session, the same logged-in punter, the same device fingerprint that just deposited via PayID.

Some cookies live only as long as the tab is open. Others sit on disk for up to 365 days because we want a returning Aussie player to land back on the lobby they last used, not a fresh anonymous home page.

Two Lifespans, Many Owners

Lifespan: session cookies expire when you close the tab — typical timeout for our login session is 30 minutes of inactivity for security reasons. Persistent cookies have an expiry date written into them; ours range from 24 hours (a fraud-screen flag) to 365 days (a "remember my preferred currency: AUD" flag).

Owner: first-party cookies are set by richardcasino.com itself. Third-party cookies come from partners we deliberately integrate — payment fraud-screening, analytics, live-chat. We do not sell ad space on this site, so there are no programmatic ad-tech cookies riding along.

Categories of Cookies We Use

Strictly Necessary

These keep you logged in, hold your AU$ balance in the cart while you switch from pokies to live dealer, and stop a malicious actor from replaying your session. Examples: rc_session (session), rc_csrf (session), rc_geo_au (24h, used to enforce restricted-jurisdiction rules). Switching these off effectively logs you out and prevents real-money play. There is no opt-out for them — they are the equivalent of the "ignition key" for the site.

Functional

Remember preferences so we do not re-ask. Examples: rc_currency (AUD by default for AU players, 365 days), rc_lang (en-AU, 365 days), rc_consent (records your choices on this banner, 12 months). Disable these and the lobby will keep flipping back to defaults — usable, just annoying.

Performance and Analytics

Tell us which pokies are loaded, how long the lobby takes on a Telstra 4G connection in Brisbane versus Wi-Fi in Hobart, and where the JavaScript spends its time. Examples: Google Analytics 4 first-party cookies (_ga, _ga_*) configured with IP anonymisation and 14-month retention, plus our own rc_perf tag (24h) that times asset load. We do not use these to build advertising audiences; they exist so the engineering team has a reason to fix slow pages instead of arguing about them.

Fraud and Risk

Set by our anti-fraud partner to fingerprint the browser/device combination. They look at canvas, audio context, time-zone offset, and a few hundred other signals to decide whether the same device is opening multiple accounts or impersonating a known good one. Lifespan: typically 30 days. Switching these off blocks deposits — high-risk countries hit this gate constantly and we will not lift it.

Marketing (Off by Default)

Used to suppress emails to people who unsubscribed and to attribute legitimate referrals from approved AU partners. We do not run retargeting display ads. Marketing cookies remain off until you opt in via the cookie banner; turning them on means a small attribution cookie (90 days) is set when you arrive from a tracked partner link, plus the unsubscribe-suppression list pixel.

Specific Third Parties

Categories of third parties we currently embed: payments fraud-screening (decision logic, not advertising), KYC verification (only on the upload page), Google Analytics 4 (privacy-mode), and an embedded live-chat widget (during business hours). Each can be opted out from our cookie banner. Where the third party is Google, the data may transit US-based servers — that movement is covered in our Privacy Policy under cross-border disclosure.

Your Controls

Our Cookie Banner

The banner that loaded on your first visit has three buttons: Accept, Reject, and Manage. Reject is one click, sets only Strictly Necessary cookies, and stays remembered for 12 months. Manage lets you toggle individual categories. The choice is stored in rc_consent — clear that one cookie and the banner reappears.

Browser-Level Settings

If you want to nuke everything, the browser is the right tool:

  • Chrome (desktop): Settings → Privacy and security → Third-party cookies. You can block all, block in incognito, or whitelist sites. Site data: Settings → Privacy → Site settings → Cookies and site data → richardcasino.com → Delete.
  • Safari (macOS): Safari → Settings → Privacy. "Block all cookies" disables real-money play here. Per-site control: Manage Website Data → search "richard" → Remove.
  • Safari (iOS 17+): Settings → Apps → Safari → Advanced → Block All Cookies (do not enable for casino use). Per-site: Settings → Apps → Safari → Advanced → Website Data.
  • Firefox: Settings → Privacy & Security → Cookies and Site Data → Manage Data. Strict ETP is fine for our site — Standard is the default and works.
  • Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data → See all cookies and site data → Search "richard" → Remove.

Mobile App

The Android APK uses local storage rather than cookies for its session token; clearing the app's storage in Android Settings logs you out the same way "Reject all cookies" does in a browser. Our iOS path is a Progressive Web App, so the Safari controls above apply.

Do Not Track

The DNT header is dead — Safari removed it in 2019, browsers either ignore it or send confused signals. We respect Global Privacy Control (GPC) for analytics and marketing categories on first-party sessions. Strictly Necessary cookies still load because the site cannot function without them.

Retention at a Glance

  • Session cookies — until tab close, plus a 30-minute idle timeout for the logged-in session.
  • Functional preferences — up to 365 days; refreshed on each visit.
  • GA4 analytics — 14 months from last activity, then auto-purge.
  • Fraud fingerprint — 30 days rolling.
  • Marketing attribution — 90 days from click, off until consent.
  • Consent record — 12 months, then re-prompt.

What Breaks If You Reject Everything

Strictly necessary still loads — you can browse demo pokies and read marketing copy. Real-money play, deposits, withdrawals, KYC uploads and live chat will all fail because the session, anti-fraud and CSRF tokens cannot be set. The site is not making this up to push consent: a casino transaction without a CSRF token is the textbook example of a site you should not trust with your AU$.

Cross-Site Tracking and What It Looks Like Here

The advertising-tech ecosystem in 2026 is shrinking, and we are happy about that. Chrome's third-party cookie deprecation rolled out across most AU traffic in late 2024; Safari has blocked third-party cookies by default since 2020; Firefox followed with Total Cookie Protection. So even if we wanted to follow you across the open web (we do not), the rails are increasingly broken.

What that means at richardcasino.com: if you arrived from a search result or a typed URL, you arrive cookie-less in the third-party sense. We set our own first-party cookies to make the site work and remember your AUD currency choice. If you arrived from one of our approved AU partner links, an attribution cookie loads but only if marketing consent is granted; rejected, the click goes unattributed and the partner is paid on a fallback model.

Local Storage, Session Storage and IndexedDB

Browsers offer storage primitives beyond cookies, and casinos sometimes use them to dodge cookie controls. Plain disclosure: we use localStorage for the consent record (so it survives a cookie clear), sessionStorage for in-page state (lobby filter selection, sort order), and IndexedDB for asset caching to make the lobby snappy on a return visit. None of these stores carry identifiable information about you. Clearing site data — Chrome: Settings → Privacy → Clear browsing data → Cached images and files plus Cookies and other site data — wipes them all.

Children and Cookies

Our service is 18+. We do not knowingly set marketing or analytics cookies for under-18 visitors. The geo-fence and KYC flow stop the account-level data collection long before that becomes a real issue, and we comply with the Privacy Act 1988 (Cth) constraints on minors that flow through to APP 5.

Specific Lifespans of Our First-Party Cookies

For full transparency, the inventory of our own cookies and their precise lifespan as currently configured: rc_session (session, expires on tab close or 30-minute idle), rc_csrf (session), rc_geo_au (24h, refreshed each visit), rc_currency (365d), rc_lang (365d), rc_consent (12 months), rc_perf (24h, performance timing only), rc_attribution (90d, off until consent), rc_ab_bucket (30d, lobby A/B test allocation). That is the complete first-party set. Anything else you see in browser dev-tools under richardcasino.com is a third-party cookie set by a vendor we have integrated, listed in the categories above.

Updates and Contact

We rev this page when a vendor changes or a new category is added. Material changes are flagged on login for 14 days; minor edits get a date stamp at the top of the file (current revision: 7 May 2026). For specifics — which exact vendor, which exact lifespan — write to [email protected] from your registered address.

The legal grounding for everything above sits in our Privacy Policy, which maps directly to the Australian Privacy Principles under the Privacy Act 1988 (Cth). This page is the practical "how" — Privacy is the "why".