Big Wins Await You!
Every Spin. Every Chance!
Every time you have fun with us, you can be sure that your data is safe, your preferences are clear, and your data is handled in a way that is easy to understand. Our protocol is in line with the rules of GDPR, CCPA, and PCI DSS. It makes it clear what your personal information, session statistics, financial records, and user identity tools, like cookies and device identifiers, are not.
We only process the user data that we need: registration information, transaction records, device details, and user activity logs are all kept safe and watched over by trusted experts. We don't want any extra information.
Your information is used to manage your account, make deposits and withdrawals safely, and create personalized reward structures. Analytical insights are completely anonymous to make the system more reliable without giving away private information.
Opt-in methods for marketing and communication make sure that your preferences decide how often and through which channels you are contacted. You can change or take away permissions at any time in your account settings.
Information can only be shared with regulatory bodies or certain partners for the purpose of complying with regulations and processing transactions. All third parties must follow strict rules about privacy and security.
We keep user profiles, payment information, and support emails for as long as the law requires, which is usually five years. When it expires, the whole thing is erased digitally.
Our infrastructure is based on two-factor authentication, end-to-end encryption, and regular system audits. Monthly penetration tests make sure that all holes are filled.
Users can ask to see, change, or delete their personal records at any time. Dedicated support channels make sure that requests are handled within 30 days. Please see our downloadable reference guide for a full list of these steps, or get in touch with our compliance officers directly for more information.
What data is collected and why When you sign up for and use our platform, we collect certain information to set up accounts, process payments, and follow the law. Here is a list of the different kinds of records that are gathered and what they are used for:
All personal records stored on our platform are well protected against being shared or changed without permission. Only employees and partners who need to know sensitive user information for work purposes are allowed to see it. This is backed up by strong authentication protocols and activity monitoring. We use multifactor authentication (MFA) on all of our internal systems that deal with customer data. The Advanced Encryption Standard (AES) with a 256-bit key length encrypts data that is not being used. Transport Layer Security (TLS) version 1.3 is the only way to send personal information over networks. This makes it almost impossible for third parties to see the information. Encryption keys are handled and changed on a regular basis, and all access attempts are tracked by strict audit trails. Our infrastructure includes regular automated scans and penetration tests by outside security experts who find possible weaknesses before they can be used. Every three months, we review our incident response procedures to make sure that any suspicious activity involving user data is quickly found, contained, and fixed. Staff onboarding and development includes regular training on international data protection laws, such as the GDPR and PCI DSS standards. Additionally, all third-party vendors and technology partners go through a thorough due diligence process and agree to the same confidentiality rules in their contracts. To keep data safe, user activity and personal information are stored on separate servers, and analytical datasets are anonymized. Backups are kept on encrypted storage for only as long as compliance requires, and then they are deleted according to strict rules. Users should keep their login information private. The platform gives clear instructions on how to make strong passwords and has ways for users to get help if they think their data has been stolen or their account has been hacked. We create a strong environment based on trust and discretion by using a mix of technical, organizational, and operational measures.
Data may only be shared with certain outside service partners if there is a contract in place. These companies help with many operational tasks, such as processing payments, maintaining software, preventing fraud, providing analytics solutions, customer support, and marketing communications. Each provider goes through a thorough screening process that checks their data security standards, compliance credentials, and commitment to keeping information private. Agreements say that the provider can only use personal information for the purposes they were given and can't share it with anyone else. To process deposits, make sure reports are accurate, or send targeted content, transaction details, account authentication data, device identifiers, and communication history may be shared only when it is legally required and necessary. Sensitive identifiers (such as payment credentials or government-issued documents) are communicated only via encrypted channels and solely to entities authorized for regulatory purposes or legitimate operational needs. All vendors must demonstrate ongoing adherence to relevant data protection frameworks (including but not limited to GDPR or national equivalents), and are regularly audited for compliance. Data access is limited: only professionals with a legitimate business requirement are permitted to handle user information. Users have the right to request additional details regarding specific external recipients and to exercise control over the extent of information shared wherever possible. For data transfers outside the local jurisdiction, additional protective measures assure compliance with cross-border transfer laws. People can change their minds about sharing non-essential data at any time by contacting support or using the settings in the self-service portal, as long as they follow the rules set by the law or their contracts.
As a registered member, you have complete control over the personal information in your account dashboard. There are several things you can do:
To submit requests regarding data access or changes not available in your dashboard, use the secured contact form in the Help section. For identity validation, an authentication step (such as a verification code or ID submission) may be required. Regular reviews of data permissions and preferences are recommended–especially after significant profile changes or regulatory updates.
Advanced cryptographic protocols keep all financial transactions on the platform safe. Every transaction leverages at least 256-bit SSL/TLS encryption, matching or exceeding the standards specified by international payment processors and regulators such as the PCI DSS. This protocol not only encrypts data that users enter, like card numbers or withdrawal information, but it also verifies the connection between the server and the client, stopping interception and man-in-the-middle attacks. RSA public key cryptosystems and Elliptic Curve Diffie-Hellman key exchanges work together to keep user data safe during each session. Each session receives a unique, dynamically generated key, which limits potential exposure from any security breach. Sensitive information in transit is rendered unreadable without the matching private decryption key, stored securely in hardware security modules (HSM) separate from web and application servers. Data at rest, including transaction logs and user balances, is protected using AES encryption with a 256-bit key size. Access to decrypted information is strictly controlled, with multi-factor authentication required for systems that handle sensitive transaction data. Periodic audits are conducted, and encryption protocols are updated to counter emerging threats and comply with the latest security guidelines. Users should check for the secure lock icon in their browser and verify the website’s SSL certificate before entering any payment details. Users are also encouraged to use endpoints that support TLS 1.3 and keep their browsers up to date for extra security. When it's available, turning on two-step authentication adds an extra layer of security to transactions, making them less likely to be stolen or phished.
Age verification checks at account registration are the first step in making sure that everyone can legally take part. During sign-up, systems need government-issued ID that includes a date of birth that is checked against official databases. Every document that is sent in is checked for authenticity by both machines and people, who can spot altered or fake submissions in real time. Age re-verification is required by law when someone asks to withdraw money, goes over a deposit limit, or changes their account information. Facial recognition and biometric checks work with document analysis to keep minors from getting around controls. Sessions from IP addresses and devices that are commonly used by underage users are automatically blocked until further verification is done. By default, player protection tools are turned on. Users can proactively manage their activity by using self-exclusion locks, cooling-off timers, and adjustable deposit and loss limits in their account settings. Guardians should set up parental controls and passwords for their devices to make it less likely that kids will get into them by accident.
| Feature | Description |
|---|---|
| Verifying Identity | Checking documents (like ID cards and passports), checking ages against each other, and recognising faces |
| Session Monitoring | Automated restrictions on flagged accounts, IP, or device anomalies during registration |
| Player Safeguards | Self-exclusion, temporary blocks, control over financial and session limits |
| Guardian Tools | Recommendations for third-party content filters and system-level parental locks |
Collaborative partnerships with international organizations enable referral to third-party support and counseling for vulnerable users. All frontline staff get regular training on how to spot compulsive behaviours and make sure that help is given quickly through direct messages and account notifications.
When changes are made to the current data protection statement, registered users are sent an email to the main email address associated with their profile. This message talks about important changes and how they might affect how user information is collected, used, or stored. Also, there is a notification banner that shows up at account login for at least 30 days after the update. This banner gives a quick overview of the changes and tells users where to find the full revised document to read. Users must tick a box to show that they are aware of the changes before they can use the gaming features again. There is a special archive that keeps old versions of the data handling statement. You can find it in the settings for your user account. This openness lets users look at older versions if they want to see how changes have been made. There is a minimum notice period of 10 working days before changes take effect for material changes, such as changes in how long data is kept, how data is shared with third parties, or how users can control their data. If you don't like the updates, you can ask the support team to delete your account and all of your stored data before they go into effect. If users need more information about the recent changes, they can look in the help centre or contact support through the channels that are available. Clear documentation helps users stay informed and in control of how they want their data to be handled.
Bonus
for first deposit
1000CAD + 250 FS
Switch Language
