Esportes Gaming Brasil, the 100% Brazilian company behind Esportes da Sorte, Onabet and Lottu, has had one of its most active periods since launching under Brazil’s regulated betting framework.
Esportes da Sorte now ranks as the second largest operator in the country, with most of its technology built and managed internally from its base in Recife, in Brazil’s Northeast.
The company received Great Place to Work certification, won gold at the 2026 CX ClienteSA Award in the Sports Betting and Online Gaming category — following an independent audit by V2 Consulting.
Also launched two high-profile marketing campaigns: “Torça como um Corinthiano,” built around the brand’s partnership with Corinthians and the resilience of one of Brazil’s most passionate football fanbases, and “Convoque,” a multiplatform World Cup campaign that transforms Esportes da Sorte’s iconic blue hat into a narrative universe featuring creators, musicians and football personalities.
At the centre of the company’s technological infrastructure is Ruy Conolly, CTO of Esportes Gaming Brasil.
In this exclusive interview, Conolly speaks about how the company built its own internal intelligence layer for risk, data and governance; why the Northeast has become a genuine strategic hub for iGaming in Brazil; and what it really means to treat compliance as infrastructure rather than bureaucracy.
GA – You structured an internal layer of operational intelligence, data and risk governance. How does this technology differ from market solutions and what was the biggest technical challenge in integrating it into the operation’s critical flows?
Ruy Conolly – I usually say that the main difference lies not just in the use of artificial intelligence, but in the ability to transform operational data into reliable and auditable decisions.
Market solutions are important and serve a relevant role, but they often arrive as external, standardised layers with low adherence to the real context of the operation.
What we sought internally was to build an intelligence layer closer to the transactional journey, operational events, risk signals and Brazilian regulatory requirements.
The biggest technical challenge was not simply processing volume. Volume is solved with infrastructure. The real challenge was creating an architecture where data is consistent, auditable and useful for decision-making.
In a regulated operation, a poorly calibrated signal can create unnecessary friction for the client, while an absent signal can create risk for the company.
Technology needs to balance speed, precision and governance. For me, that is the central point: AI in iGaming cannot be treated as decoration. It needs to be tied to well-structured data, traceability, clear criteria and the capacity for human review.
You frequently highlight the Northeast as a strategic engine. How does the location of your technology team influence agility in implementing regulatory changes compared to operators that depend 100% on foreign platforms?
Location influences less through geography and more through cultural, operational and decision-making proximity to the problem.
The Northeast has a very strong culture of execution. People are close to the business, they understand Brazilian user behaviour, they know the local dynamics of payments, customer service, acquisition, risk and operations.
This creates an important advantage in a regulated market, because regulation is not just a legal rule — it needs to become product flow, data validation, permissions, reporting, alerts, customer service and user experience.
When an operator depends 100% on a foreign platform, it often joins a global queue of priorities. Brazilian regulatory changes compete with demands from other countries, other markets and other roadmaps.
When you have local technical intelligence, you can translate regulatory requirements into execution much faster.
The Northeast, in this sense, is not a peripheral alternative. It is a real centre of operational, technological and strategic capacity for the sector.
You have led educational initiatives on match manipulation for athletes. How does your technology team work alongside global monitoring tools such as Sportradar to detect anomalies?
Sports integrity needs to be treated as an ecosystem. There is no single tool, single database or single reading capable of solving everything on its own.
Global monitoring tools are fundamental because they bring a broad market view, international standards, atypical movements and specialised intelligence.
The role of the internal technology team is to connect those signals with the operational reality of the house: betting data, transactional behaviour, history, exposure, limits, recurrence patterns and local context.
But there is an important point: technology does not replace governance. It organises signals, reduces noise, improves response time and helps prioritise investigation.
Responsible decisions require process, human analysis, records, traceability and interaction with areas such as risk, compliance, legal and integrity. In the workshops, the message for athletes is complementary: match manipulation is not just a betting problem.
It is a problem of education, culture, prevention and collective responsibility. Technology helps detect it, but the sector also needs to act before the problem occurs.
When integrating solutions from partners, what is your main technical criterion for ensuring that user experience does not suffer latency, given Brazil’s internet infrastructure?
The first criterion is understanding that integration cannot be treated as merely a technical connection. Integration is user experience, operational risk and brand reputation.
Before any relevant integration, we evaluate stability, response time, resilience, observability, audit capability and impact on the user journey. It is not enough for a partner to function in a controlled environment.
It needs to work well in the Brazilian reality, with different devices, mobile networks, regions and connectivity standards.
The main point is designing the architecture to prevent an external dependency from degrading the overall experience.
In the end, the user does not want to know whether the latency came from the platform, the provider, the jackpot, the payment method or the authentication.
For them, the experience is one. That is why the CTO needs to view integration as a product, not just an API.
You mentioned that iGaming has become a “stack” of integrations that generates noise. What is the first step for a CTO to unstack those layers and give executives a clear view, without inflated dashboards and redundant metrics?
The first step is separating data from decision. The iGaming market has created a culture of many dashboards, many screens, many reports and little clarity.
That gives a false sense of control. The executive does not need another screen, they need to understand what is happening, which risk deserves attention, which indicator actually moves the business and which metric is simply repeating another with a different name.
To unstack, the CTO needs to map the sources of truth. Who owns the data? Which system records the original event? Which metric is operational, which is financial, which is regulatory and which is purely analytical? Without that, each area creates its own numbers and the company ends up debating reports instead of decisions.
Then comes governance: standardisation of concepts, reconciliation, traceability, reduction of redundancy and the construction of a simple executive layer. Good architecture is not the one that shows everything. It is the one that shows the essential with confidence.
How does federated authentication and real permission segmentation move beyond being a security item and become a tool for business speed?
When authentication and permissions are poorly designed, security becomes bureaucracy. When they are well designed, security becomes speed.
In a regulated operation, each area needs to access what is necessary to perform well, but without undue exposure of sensitive data. If everything depends on manual approvals, exceptions, generic access or overly broad profiles, the company becomes slow and vulnerable at the same time.
Federated authentication and real permission segmentation create a more mature model: access by function, audit trail, segregation of responsibility and reduction of operational risk.
The business gain is direct: less internal friction, less improvisation, less risk of data leaks, more speed to launch products, respond to audits, serve regulators and make decisions.
How is Esportes da Sorte’s technology structured to ensure that growth is sustainable rather than fragile, especially when user scale rises sharply?
Fragile growth is the kind that depends only on campaigns, media or volume. Sustainable growth requires structure.
From a technology standpoint, this involves several pillars: reliable data, resilient integrations, observability, security, access governance, audit capability and processes prepared for scale. In iGaming, growth means nothing if the operation cannot reconcile payments, respond to users, monitor risk, protect data and meet regulatory requirements.
Technology needs to be thought of as critical infrastructure. It does not only appear when there is a problem. It sustains the user experience, financial operations, partner relationships, compliance and brand credibility.
My view is that scale is not measured only by how many users enter. It is measured by how much of the operation remains reliable when that volume grows rapidly. That is where a mature operation separates itself from one that is merely loud.
You said at BiS SiGMA Americas that technology is no longer the differentiator, execution is. What does the technical team in the Northeast deliver today that foreign off-the-shelf solutions cannot match?
Technology has become more accessible. Cloud, AI, APIs, providers, dashboards and tools are available to everyone. The differentiator is no longer having access to technology. It has become knowing how to execute with context.
A technical team close to the problem understands the particularities of the Brazilian user, Pix, local operations, regulation, customer service, fraud, communication and the speed at which the market changes.
hat proximity allows faster course corrections and the building of less generic solutions.
Foreign solutions are important and part of the ecosystem, but they often arrive with a global logic. Brazil requires adaptation.
The Northeast delivers precisely that field-level reading: less distance between problem, decision and execution. In practice, this means turning complexity into operational routine. And that may be one of the most valuable capabilities in the regulated market.
How are you designing the architecture so that the new 2026 rules are natively integrated, turning compliance into protection rather than friction?
Compliance becomes a brake when it is placed at the end of the process. When a company designs its product, data and operations without considering compliance from the start, any regulatory requirement feels like an obstacle.
The architecture needs to be built with compliance embedded. That means traceable data, well-defined permissions, logs, audit trails, reconciliation, identity validation, behaviour monitoring, exposure rules, risk management and consistent reporting.
When compliance is native, it protects the business, the user and the brand. It reduces rework, prevents decisions without evidence, improves the relationship with regulators and builds confidence to grow.
The key mindset shift is understanding that compliance does not compete with growth. In the regulated market, compliance is a condition for growth to be lasting.
How do you see the Northeast’s evolution as the second largest iGaming hub? Is it a matter of operational cost or is a specific execution culture emerging in the region?
Reducing the Northeast to operational cost is to misread what is happening. There is, indeed, an execution culture emerging in the region.
It combines proximity to the consumer market, technical capability, pragmatism, speed of adaptation and a very strong culture of solving real problems.
The Northeast is not just providing labour. It is building leadership, technical teams, operations, product vision and market intelligence.
Brazilian iGaming requires a rare combination: technology, regulation, data, marketing, payments, customer service, risk and responsibility.
That combination is not built simply by importing a platform. It is built with people who understand the territory, the user and the operation. I see the Northeast as a strategic hub because it delivers something the market will increasingly need: execution with context. And in the next cycle of regulated iGaming, context will be just as important as technology.
