Responsible Gaming
Slotty Labs enforces responsible gaming controls at the platform level, ensuring compliance across all jurisdictions and games.
Jurisdiction Limits
Each jurisdiction defines mandatory limits that are enforced server-side:
| Parameter | Description | Example (CW) |
|---|---|---|
maxBet | Maximum bet per round | $500 |
maxWin | Maximum win per round | $50,000 |
maxRoundDurationSeconds | Maximum time for a single round | 300s |
realityCheckIntervalMinutes | Time between reality check prompts | 60 min |
sessionTimeLimitMinutes | Maximum session duration | 480 min |
cooldownPeriodMinutes | Mandatory cooldown after session limit | 15 min |
INFO
Jurisdiction limits are enforced server-side and cannot be overridden by operators or players. Players can set stricter limits, but never looser ones.
Player Limits
Players can set personal limits that are stricter than jurisdiction defaults:
| Limit Type | Periods | Description |
|---|---|---|
deposit | Daily, Weekly, Monthly | Maximum deposit amount |
loss | Daily, Weekly, Monthly | Maximum net loss |
session | Per session | Maximum session duration (minutes) |
wagering | Daily, Weekly, Monthly | Maximum total wager amount |
Setting Limits via API
// Set a daily deposit limit
await fetch('/api/v1/players/:id/limits', {
method: 'POST',
body: JSON.stringify({
type: 'deposit',
period: 'daily',
value: 100, // $100/day
currency: 'USD',
}),
});Limit Enforcement
- Decrease takes effect immediately
- Increase takes effect after a 24-hour cooling period
- When a limit is reached, the
player.limit_reachedwebhook is fired
Session Controls
Session Timer
| Setting | Description |
|---|---|
maxSessionMinutes | Maximum allowed session duration (jurisdiction + player limit, whichever is lower) |
nextRealityCheckAt | ISO 8601 timestamp of the next reality check prompt |
Reality Check Flow
- Server sends
session_warningWebSocket message whennextRealityCheckAtis reached - Game fires
game:realityCheckpostMessage to parent with session stats:
{
source: 'slotty-game',
type: 'game:realityCheck',
payload: {
sessionDuration: 3600, // seconds played
totalWagered: 500.00, // total bets placed
netResult: -45.50, // net win/loss
},
timestamp: 1719849600000
}- Player must acknowledge the reality check to continue playing
- If the player doesn't respond within 60 seconds, the game pauses automatically
Session Expiry
When the session time limit is reached:
- The current round is allowed to complete
- Server sends
session_warningWebSocket message withtype: 'session_expired' - Game fires
game:sessionExpiredpostMessage to parent:
{
source: 'slotty-game',
type: 'game:sessionExpired',
payload: {
reason: 'time_limit', // or 'cooldown', 'maintenance'
sessionDuration: 28800, // 8 hours in seconds
},
timestamp: 1719849600000
}- A mandatory cooldown period begins (jurisdiction-defined, typically 15 minutes)
Self-Exclusion
Players can self-exclude from all games for a specified period.
Webhook Event
When a player self-excludes, the player.self_excluded webhook is fired:
interface SelfExcludedData {
playerId: string;
externalPlayerId: string;
type: 'temporary' | 'permanent';
duration: string | null; // e.g. "6_months", null for permanent
startDate: string; // ISO 8601
endDate: string | null; // ISO 8601, null for permanent
reason: string | null; // Optional player-provided reason
}Self-Exclusion Types and Durations
| Type | Duration | Reversal |
|---|---|---|
| Temporary | 24 hours | Auto-expires |
| Temporary | 7 days | Auto-expires |
| Temporary | 30 days | Auto-expires |
| Temporary | 6 months | Auto-expires |
| Temporary | 1 year | Auto-expires |
| Permanent | Indefinite | Requires manual review |
DANGER
During self-exclusion, all game launches, deposits, and bets are blocked. Active sessions are terminated immediately. Marketing communications must cease.
Compliance Audit Events
The following events are logged for regulatory compliance and can be queried via the Admin API:
| Event | Description |
|---|---|
self_exclusion | Player initiated self-exclusion |
limit_changed | Player or operator changed a limit |
limit_breached | A player limit was reached or exceeded |
reality_check_delivered | A reality check prompt was shown |
geo_check | Geolocation verification performed |
exclusion_check | Self-exclusion list checked before game launch |
age_verified | Age verification completed |
All audit events include:
- Timestamp (ISO 8601)
- Player ID
- Tenant ID
- Jurisdiction
- IP address
- Event-specific metadata
interface AuditEvent {
id: string;
type: string;
playerId: string;
tenantId: string;
jurisdiction: string;
ipAddress: string;
timestamp: string;
metadata: Record<string, unknown>;
}