By Fiona Nicoll – Updated June 2026
Casino Days privacy policy decoded for Canadian players
Casino Days is operated by White Star B.V. and holds licences from the AGCO/iGaming Ontario, the Kahnawake Gaming Commission, and the Curacao Gaming Control Board. When you play at Casino Days, you’re providing your personal identity data, financial information, and a detailed behavioural record of your gaming sessions to a platform that processes that data under three overlapping regulatory frameworks. Understanding what those frameworks require – and what rights you have as a Canadian player – is what this guide covers. The platform uses 128-bit SSL encryption and undergoes regular safety audits, but security measures and privacy practices are different things, and both deserve examination.
The regulatory context for Casino Days’ privacy practices
Casino Days’ privacy framework in 2026 is shaped by three licensing bodies. The AGCO/iGaming Ontario licence – covering Ontario players – requires compliance with Ontario’s Freedom of Information and Protection of Privacy Act and Canada’s federal PIPEDA. The KGC licence covers Canadian players outside Ontario with its established data handling standards. The Curacao Gaming Control Board licence covers international operations.
Canada’s federal PIPEDA applies to all Canadian players at Casino Days regardless of province, as a matter of federal law that applies independently of where White Star B.V. is incorporated. PIPEDA requires organisations to obtain meaningful consent before collecting personal information, use it only for the purposes disclosed, and give individuals access to their own data on request. For Ontario players, the additional AGCO requirements add provincial-level oversight of how the platform handles player data, with iGaming Ontario providing an escalation pathway for privacy-related concerns.
The Curacao licence does not impose GDPR-aligned data standards in the way that MGA or UKGC licences do – a distinction worth being transparent about. Casino Days’ privacy practices are governed by PIPEDA, Ontario privacy legislation for Ontario accounts, and Curacao’s baseline requirements, rather than the more prescriptive GDPR framework that European-licensed operators must satisfy.
What data Casino Days collects from Canadian players
Data provided directly at registration and account management:
| Category | Specific data points |
|---|---|
| Identity data | Full legal name, date of birth, gender, nationality |
| Contact data | Home address, email address, phone number |
| Verification data | Government-issued photo ID, proof of address, payment method documentation |
| Financial data | Card details, bank account or e-wallet credentials, cryptocurrency wallet information, CA$ transaction history |
| Account preferences | Responsible gambling settings, marketing consent, notification preferences |
Data collected automatically through platform use:
| Category | Specific data points |
|---|---|
| Technical data | IP address, device type, browser version, operating system |
| Behavioural data | Games played, session duration, bet sizes, win and loss records |
| Cryptocurrency data | Wallet interaction patterns associated with Bitcoin and Ethereum transactions |
| Location data | IP-based geolocation for provincial eligibility verification |
| Communication data | Live chat transcripts, email support records |
| Cookie data | Session authentication, preference storage, analytics, marketing tracking |
The cryptocurrency data category is specific to Casino Days relative to many competitors because the platform supports Bitcoin and Ethereum deposits and withdrawals. While on-chain crypto transactions are publicly recorded by the blockchain network rather than Casino Days’ internal systems, the wallet addresses, transaction timing, and amounts associated with your account are part of the data profile Casino Days holds about you. Players who value transaction privacy should understand that crypto wallet interactions linked to their verified Casino Days account create a connection between on-chain data and their identity documents.
How Casino Days uses your personal data
Casino Days processes Canadian player data for the following specific purposes:
- Account creation, authentication, and ongoing account management
- Processing CA$ and cryptocurrency deposits, withdrawals, and bonus transactions
- Identity verification and KYC compliance under Canadian AML legislation
- Fraud detection, prevention, and financial crime investigation
- Regulatory compliance and reporting to the AGCO, iGaming Ontario, KGC, and Curacao GCB
- Responsible gambling monitoring – analysing behavioural data to identify potential harm indicators and restrict marketing to high-risk accounts
- Customer support and complaint resolution
- Platform development and game library improvement
- Marketing communications – with explicit prior consent only
The responsible gambling monitoring purpose directly affects how your behavioural session data is used. Casino Days’ AGCO licence requires specific measures to limit promotional contact with players identified as high-risk through behavioural pattern analysis. That monitoring depends on having access to your session and wagering data – it’s a regulatory data use that benefits players rather than primarily serving commercial interests.
Third parties who may receive your data
| Third party category | Purpose | Notes |
|---|---|---|
| White Star B.V. group entities | Corporate administration and compliance | Operator group infrastructure |
| Payment processors | Processing CA$ and crypto transactions | Visa, Mastercard, Interac, Skrill, MuchBetter, crypto platforms |
| Identity verification providers | KYC and age verification | Third-party document authentication |
| Regulatory authorities | Legal compliance and reporting | AGCO, iGaming Ontario, KGC, Curacao GCB |
| IT and infrastructure providers | Platform hosting and security | Cloud servers and security services |
| Analytics providers | Platform performance analysis | Usage and engagement tracking |
| Marketing platforms | Delivering consented communications | Email and promotional content delivery |
Casino Days states that personal data is not sold to third-party advertisers. Marketing communications are sent only to players who have explicitly opted in, and consent can be withdrawn at any time through account settings.
Data security
Casino Days protects player data through 128-bit SSL encryption on all transmitted data, access controls, firewalls, and fraud detection software. Regular safety audits are conducted as part of the platform’s compliance obligations across its three licensing jurisdictions. The audit process covers provably fair play as well as operational security standards. Players who handle cryptocurrency transactions through Casino Days are advised to ensure strong account-level security given that crypto withdrawals process near-instantly after approval – unauthorised account access could result in near-irreversible fund loss. The platform does not currently prominently offer two-factor authentication as a standard security feature.
Data retention
| Data type | Retention period | Basis |
|---|---|---|
| Identity and KYC documents | 5 years post-account closure | AML legislation |
| Financial transaction records | 5 years post-transaction | Financial compliance |
| Game session history | 3 years | Dispute resolution |
| Support records | 3 years | Complaint documentation |
| Marketing consent records | Consent duration plus 1 year | PIPEDA compliance |
| Technical logs | 12 months | Security monitoring |
Your rights as a Canadian player under PIPEDA
Under Canada’s federal privacy legislation:
- Right of access – request a complete copy of all personal data Casino Days holds about you
- Right to correction – request updates to inaccurate personal information
- Right to withdraw consent – for marketing and non-essential processing, opt out at any time through account settings
- Right to complain – file with the Office of the Privacy Commissioner of Canada; Ontario players can additionally escalate to iGaming Ontario
- Right to account closure – Casino Days must close your account on request, subject to retention obligations
PIPEDA access requests must be addressed within 30 days. Contact the live chat support team to initiate any data rights request – agents respond in under two minutes.
