Skip to content

Responsible Gaming

Slotty Labs enforces responsible gaming controls at the platform level, ensuring compliance across all jurisdictions and games.

Jurisdiction Limits

Each jurisdiction defines mandatory limits that are enforced server-side:

ParameterDescriptionExample (CW)
maxBetMaximum bet per round$500
maxWinMaximum win per round$50,000
maxRoundDurationSecondsMaximum time for a single round300s
realityCheckIntervalMinutesTime between reality check prompts60 min
sessionTimeLimitMinutesMaximum session duration480 min
cooldownPeriodMinutesMandatory cooldown after session limit15 min

INFO

Jurisdiction limits are enforced server-side and cannot be overridden by operators or players. Players can set stricter limits, but never looser ones.

Player Limits

Players can set personal limits that are stricter than jurisdiction defaults:

Limit TypePeriodsDescription
depositDaily, Weekly, MonthlyMaximum deposit amount
lossDaily, Weekly, MonthlyMaximum net loss
sessionPer sessionMaximum session duration (minutes)
wageringDaily, Weekly, MonthlyMaximum total wager amount

Setting Limits via API

typescript
// Set a daily deposit limit
await fetch('/api/v1/players/:id/limits', {
  method: 'POST',
  body: JSON.stringify({
    type: 'deposit',
    period: 'daily',
    value: 100, // $100/day
    currency: 'USD',
  }),
});

Limit Enforcement

  • Decrease takes effect immediately
  • Increase takes effect after a 24-hour cooling period
  • When a limit is reached, the player.limit_reached webhook is fired

Session Controls

Session Timer

SettingDescription
maxSessionMinutesMaximum allowed session duration (jurisdiction + player limit, whichever is lower)
nextRealityCheckAtISO 8601 timestamp of the next reality check prompt

Reality Check Flow

  1. Server sends session_warning WebSocket message when nextRealityCheckAt is reached
  2. Game fires game:realityCheck postMessage to parent with session stats:
typescript
{
  source: 'slotty-game',
  type: 'game:realityCheck',
  payload: {
    sessionDuration: 3600,    // seconds played
    totalWagered: 500.00,     // total bets placed
    netResult: -45.50,        // net win/loss
  },
  timestamp: 1719849600000
}
  1. Player must acknowledge the reality check to continue playing
  2. If the player doesn't respond within 60 seconds, the game pauses automatically

Session Expiry

When the session time limit is reached:

  1. The current round is allowed to complete
  2. Server sends session_warning WebSocket message with type: 'session_expired'
  3. Game fires game:sessionExpired postMessage to parent:
typescript
{
  source: 'slotty-game',
  type: 'game:sessionExpired',
  payload: {
    reason: 'time_limit',     // or 'cooldown', 'maintenance'
    sessionDuration: 28800,   // 8 hours in seconds
  },
  timestamp: 1719849600000
}
  1. A mandatory cooldown period begins (jurisdiction-defined, typically 15 minutes)

Self-Exclusion

Players can self-exclude from all games for a specified period.

Webhook Event

When a player self-excludes, the player.self_excluded webhook is fired:

typescript
interface SelfExcludedData {
  playerId: string;
  externalPlayerId: string;
  type: 'temporary' | 'permanent';
  duration: string | null;      // e.g. "6_months", null for permanent
  startDate: string;            // ISO 8601
  endDate: string | null;       // ISO 8601, null for permanent
  reason: string | null;        // Optional player-provided reason
}

Self-Exclusion Types and Durations

TypeDurationReversal
Temporary24 hoursAuto-expires
Temporary7 daysAuto-expires
Temporary30 daysAuto-expires
Temporary6 monthsAuto-expires
Temporary1 yearAuto-expires
PermanentIndefiniteRequires manual review

DANGER

During self-exclusion, all game launches, deposits, and bets are blocked. Active sessions are terminated immediately. Marketing communications must cease.

Compliance Audit Events

The following events are logged for regulatory compliance and can be queried via the Admin API:

EventDescription
self_exclusionPlayer initiated self-exclusion
limit_changedPlayer or operator changed a limit
limit_breachedA player limit was reached or exceeded
reality_check_deliveredA reality check prompt was shown
geo_checkGeolocation verification performed
exclusion_checkSelf-exclusion list checked before game launch
age_verifiedAge verification completed

All audit events include:

  • Timestamp (ISO 8601)
  • Player ID
  • Tenant ID
  • Jurisdiction
  • IP address
  • Event-specific metadata
typescript
interface AuditEvent {
  id: string;
  type: string;
  playerId: string;
  tenantId: string;
  jurisdiction: string;
  ipAddress: string;
  timestamp: string;
  metadata: Record<string, unknown>;
}