New player bundle: up to $10,000 and 180 free spins Claim bonus

Privacy Policy

Privacy Policy

Protecting your personal data is central to how we operate Mr Play in Canada. This Privacy Policy explains how we collect, use, disclose, and safeguard information under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial rules.

Navigation

By accessing our services, you accept the practices described here. Where settings are available in your account, we keep those controls visible and easy to update.

What we collect, and why

We collect information needed to create and manage your account, process payments, verify eligibility, and protect the platform. We also use technical and behavioural signals to secure sessions and improve performance.

  • Personal details used for registration and account verification checks.
  • Payment information and transaction history for deposits and withdrawals.
  • Technical data like IP address, device details, cookies, and browsing patterns.
  • Gameplay data covering games played, promotions accessed, and account activity.
  • Support interaction history when you contact our customer service channels.

How we use personal information

We use collected data to keep accounts functional, compliant, and secure. Processing supports fraud controls, identity checks, and responsible participation requirements.

  • Create and manage accounts, including secure sign-in and recovery steps.
  • Process deposits, withdrawals, and related financial administration accurately.
  • Verify identity, age, and eligibility to participate in gaming activities.
  • Personalize onsite content, including bonuses and promotional visibility preferences.
  • Analyze usage to improve services, products, campaigns, and platform stability.

Cookies help the site run smoothly and remember your preferences. We also use pixels and similar tracking tools to measure performance and support offer relevance, as described in our Cookies Policy.

You can disable cookies or adjust how they work in your account settings. You can also refuse ad tracking at any time through the available preference controls.

Data security that supports safe play

We use layered technical and operational safeguards to reduce risk during login, gameplay, and payment flows. Access is limited to authorized team members under confidentiality commitments.

  • 256-bit SSL protocols protect sensitive transfers, including card transactions.
  • TLS version 1.3 supports data transactions between client and backend servers.
  • AES-256 helps encrypt personal data stored in databases.
  • Passwords are hashed using bcrypt and salt, never stored in plain text.
  • Two-factor authentication and role-based access controls strengthen account protection.

Account safety basics

Your settings and habits matter, too. These steps can help reduce unauthorized access and keep your login secure.

  • Use a password that differs from those used on other services.
  • Change credentials every six months, or sooner after unusual activity.
  • Keep login information private and avoid sharing devices for sign-in.
  • Enable two-step verification when it suits your account preferences.

Sharing, disclosure, and minimization

We do not sell, trade, or rent your personal information to third parties. When disclosure is necessary, we share only what is required for the specific purpose and in line with Canadian privacy requirements.

We may disclose information to payment processors, software providers, analytics services, or legal authorities for legitimate needs such as payment handling, technical administration, fraud prevention, and compliance reporting. Payment processors are checked for PCI DSS compliance.

When analytics are used, datasets may be aggregated, anonymized, or pseudonymized where practical. Marketing partner involvement requires clear permission and excludes sensitive data.

International processing and safeguards

We are headquartered in Canada, and some processors may store or process information outside Canada, including within the EU. Transfers follow contractual safeguards designed to provide privacy protection equivalent to Canadian standards.

Where data moves outside the European Economic Area, contractual mechanisms such as Standard Contractual Clauses can be used to maintain consistent protections.

By using our services, you consent to the collection and processing of your personal data as outlined. You may withdraw consent by requesting account closure or contacting us for clarification on handling practices.

Under PIPEDA, you have rights that include access to stored personal data, correction of inaccurate information, and objections to processing in certain circumstances.

Category Examples How it’s used or protected
Personal details
  • Name, address, email
  • Date of birth, phone number
  • ID documents for verification
 Correction requests handled within seven business days.
Payments Card or e-wallet details and transaction history for secure processing Processors checked for PCI DSS compliance; minimum sharing applied.
Gameplay activity Games played, deposits, withdrawals, and promotions accessed Used to protect platform integrity and enforce Terms & Conditions.
Device and logs
  • IP address
  • Browser type, device model, operating system
  • Log files
 Supports fraud detection and performance tuning across platforms.
Cookies and pixels Preference storage, performance measurement, and offer relevance Cookie settings are adjustable; ad tracking can be refused.
Encryption in transit 256-bit SSL with TLS 1.3 for data transactions Helps prevent content being readable during transfer.
Encryption at rest AES-256 encryption for stored personal information Access limited via role-based controls and two-factor verification.
Retention Kept while the account is active plus required legal periods Typically five years after closure, or as required by law.
Session protection Sessions end after 30 minutes of inactivity New-device access may trigger email or SMS alerts.

Access, correction, and deletion

You can request a copy of saved account data through customer service. If information needs updates, corrections are handled within seven business days after proper verification.

You can also request account deletion, subject to legal retention rules. Where digital erasure practices apply, traces are removed from internal systems as permitted.

Retention and breach response

Account records are retained only as long as necessary for operations and legal compliance. A typical retention period is five years after an account is closed, or longer when required by law.

If a security breach affects your data, we notify impacted individuals promptly and inform relevant authorities. Containment steps can include session termination, access isolation, and credential resets.

Age limits and minor protection

Our website is not intended for individuals under 19 years of age. We do not knowingly collect or process information from minors, and we use checks designed to prevent access.

How to contact us

A Data Protection Officer oversees questions about how personal data is handled. You can reach us using the encrypted contact forms available on the site, whenever it suits you.