By Hyoun (Andrew) Kim — Associate Professor & Canada Research Chair in Gambling and Mental Health, University of Ottawa
Privacy policy pages quietly determine who has access to your personal and financial information the moment you create an account at Spinz Casino. This page breaks down what the platform actually does with your data in plain language, shaped significantly by the Personal Information Protection and Electronic Documents Act (PIPEDA) — Canada’s federal standard governing how private companies collect, use, and disclose personal information. Quebec residents fall under an additional layer through Law 25, which has progressively tightened consent and data handling obligations since its phased implementation began.
Information collected when you create an account
| Data category | Examples | Purpose |
|---|---|---|
| Identity information | Full name, date of birth, address | Confirming age and eligibility |
| Contact details | Email address, phone number | Account communication and support |
| Financial information | Payment method details, transaction history | Processing deposits and withdrawals |
| Technical data | IP address, device type, browser details | Security and fraud prevention |
| Behavioural data | Game activity, session length | Responsible gambling monitoring |
Identity verification documents — government-issued ID or proof of address — are typically requested during the withdrawal process rather than at initial sign-up, reducing unnecessary upfront data collection. Financial details tied to payment methods are often handled through secure third-party payment processors rather than stored entirely within the casino’s own internal systems, limiting how much sensitive financial data sits in any single database.
How long your data stays on file
Canadian gambling operators are generally required to retain certain account and transaction records for a minimum period — often spanning several years — to comply with anti-money laundering rules and potential future audits. Marketing-related data, such as email engagement history, usually gets retained for a shorter window and can be deleted upon request once a player closes their account or unsubscribes from communications entirely. Check the specific retention figures in the full policy document directly, since these details can shift alongside regulatory updates.
What your data actually gets used for
Collected data actively powers several functions across the platform. From a responsible gambling research perspective, behavioural data use for monitoring is particularly meaningful — patterns in deposit frequency, session length, and loss amounts can help flag accounts that might benefit from proactive outreach about available limit tools, and this is one of the few commercial data uses that directly serves player wellbeing rather than platform revenue.
- Identity verification confirming age and provincial eligibility
- Fraud detection through monitoring of unusual account or transaction patterns
- Responsible gambling analysis supporting proactive player protection efforts
- Customer support functions, including dispute resolution and account assistance
- Marketing communications sent only with explicit, separately tracked consent
Consent for marketing communication is tracked separately from consent for core account functionality — you can opt out of promotional emails entirely while keeping full access to your account. This separation is required under Canada’s anti-spam legislation (CASL), which sets strict standards around commercial electronic messages and the consent needed to send them legally.
Who else gets access to your information
| Third party type | Data shared | Reason for sharing |
|---|---|---|
| Payment processors | Transaction and payment method details | Processing deposits and withdrawals |
| Identity verification services | ID documents, personal details | Confirming age and identity |
| Regulatory authorities | Account and transaction records | Legal compliance and licensing |
| Analytics providers | Anonymized usage data | Improving platform performance |
| Marketing platforms | Email address, with consent only | Sending promotional communications |
None of these categories involve selling personal data outright to unrelated third parties for independent marketing purposes. Each category exists because it is functionally required for the platform to operate, verify identity, or meet Canadian regulatory obligations.
Your rights under Canadian privacy law
Under PIPEDA, players have the right to access the personal information held about them, request corrections to inaccurate data, and withdraw consent for non-essential uses like marketing communications. Quebec residents carry additional protections under Law 25, including stronger data portability rights and more explicit consent requirements for sensitive categories of information.
- The right to request access to personal data held by the platform
- The right to request corrections to inaccurate or outdated information
- The right to withdraw marketing consent at any time without penalty
- The right to request account closure alongside applicable data retention rules
- Quebec residents hold additional data portability rights under Law 25
Exercising these rights generally involves contacting the platform’s privacy or support team directly at [email protected]. For formal privacy complaints beyond the platform level, the Office of the Privacy Commissioner of Canada is accessible at priv.gc.ca.
Security infrastructure protecting your data
| Security measure | What it protects |
|---|---|
| SSL encryption | Data transmitted between device and server |
| Restricted internal access | Limits staff exposure to sensitive data |
| Regular security audits | Catches vulnerabilities before exploitation |
| Secure payment processing | Protects financial transaction details |