Privacy Policy

Reviewed by John Ferguson · Casino Analyst · Updated: July 2026

Last updated: [DATE TO BE SET AT DEPLOY]

This Privacy Policy explains how RivalBet.ca and RivalBet Casino handle personal information under Canadian federal law — specifically PIPEDA (Personal Information Protection and Electronic Documents Act) and CASL (Canada’s Anti-Spam Legislation). We wrote this in plain English first, with the technical detail underneath, so you can actually understand what happens to your data before you agree to anything. If you have a question about anything on this page, use the PIPEDA data request via Contact channel and a real person from our editorial team will get back to you.

We are not going to tell you your privacy is “important to us” — that sentence sits on every privacy policy on the internet and it means nothing. What we will tell you is exactly what we collect, exactly why we collect it, exactly who sees it, and exactly what rights you have to change or delete it. Read on.


Section 1: Personal Information We Collect

We collect three categories of personal information: information you give us directly, information we gather automatically when you use the site, and information we receive from trusted third parties.

Directly from you (at registration and during use):

  • Full legal name
  • Date of birth (for age verification — legal gambling age required)
  • Residential address (province, city, postal code)
  • Email address
  • Phone number
  • Payment details (credit card number, Interac e-Transfer email, e-wallet identifier, cryptocurrency wallet address)
  • Government-issued ID documents (driver’s licence, passport, provincial ID) — collected during KYC (Know Your Customer) verification
  • Proof of address (utility bill, bank statement) — collected during KYC
  • Source-of-funds documentation (for larger transactions under AML rules)
  • Self-exclusion or deposit-limit requests

Automatically, when you use RivalBet.ca:

  • IP address
  • Device type, operating system, browser type and version
  • Screen resolution and language settings
  • Session data (login times, session duration, pages visited)
  • Click and interaction data (which games you open, which promotions you view)
  • Betting and gaming history (stakes, outcomes, session results)
  • Referrer URL (which site sent you to us)
  • Cookie and similar tracking identifiers (see cookie details in our Cookie Policy)

From third parties:

  • Payment processors — confirmation of successful transactions, chargeback notices
  • KYC verification providers — identity confirmation, document authenticity checks
  • Affiliate networks — click identifiers, conversion tracking (which affiliate referred you)
  • Fraud-prevention services — risk scores, device fingerprints, blacklist checks
  • Regulators and law-enforcement (only where legally requested)

Section 2: Why We Collect It (Purposes)

We collect each of the above data points for a specific, limited purpose. Under PIPEDA we cannot collect data “just in case” — every collection needs a stated reason.

  • Account creation and authentication — name, email, DOB, password
  • Age and residency verification — DOB, ID documents, address (legal requirement; we cannot serve minors or Ontario residents)
  • Payment processing — payment credentials, transaction records
  • Bonus tracking and wagering compliance — betting history against bonus terms
  • Customer support — contact history so support agents can resolve your issue
  • Fraud prevention and AML (Anti-Money-Laundering) — device data, transaction patterns, source-of-funds review
  • Responsible gambling monitoring — session length, deposit velocity, self-exclusion enforcement
  • Marketing and promotional communications — only with your explicit CASL opt-in (see Section 5)
  • Legal and regulatory compliance — record-keeping mandated by our licensing jurisdiction and Canadian federal law
  • Site improvement and analytics — aggregated usage data to fix bugs and improve UX

Section 3: How We Share Your Information

We share personal information only in the categories below. We do not sell personal information to third parties for their own marketing — full stop.

Service providers. We use vetted third parties to run the site: payment processors, KYC verifiers, cloud hosting, email delivery, customer-support software, and fraud-prevention services. Every provider is bound by a written data-processing agreement requiring them to protect your data to at least PIPEDA-equivalent standards and to use it only for the service they provide us.

Regulators and law enforcement. Where a Canadian court order, regulator request, or AML reporting obligation legally requires it, we disclose the specific information demanded — no more.

Affiliates and marketing partners. Affiliates who refer players to us receive only aggregated or de-identified data (click counts, conversion counts, general geography). They do not receive your name, email, address, gaming history, or any direct identifier.

Corporate transactions. If Northern Maple Interactive Ltd. is involved in a merger, acquisition, reorganisation, or sale of assets, personal information may transfer to the acquirer — but only under a binding agreement that continues PIPEDA-level protection. You will be notified before your data moves.

Never sold. We do not sell your personal information. We do not rent it. We do not license it to data brokers.


Section 4: Cross-Border Data Transfer

Some of our service providers (cloud hosting, email delivery, KYC verification) operate outside Canada. When your data leaves Canada, we require the provider to protect it to PIPEDA-equivalent standards through the data-processing agreement. Countries with equivalent or Canadian-standard privacy regimes are typically used [BENCHMARK-PEER].

Your PIPEDA rights — to access, correct, and complain about your data — remain enforceable regardless of where the data is physically processed. If a foreign provider fails to honour those rights, the accountability sits with us as the Canadian-facing operator.


Section 5: Marketing and CASL Consent

Canada’s Anti-Spam Legislation (CASL) is one of the strictest email-marketing laws in the world. We follow it.

  • Marketing emails (promotional offers, bonus notifications, new-game announcements) require explicit opt-in at registration or later.
  • Consent is captured through a clearly labelled checkbox — never pre-ticked.
  • You can withdraw consent at any time. Every marketing email includes a one-click unsubscribe link at the bottom.
  • We honour unsubscribe requests within 10 business days (CASL requires within 10; we typically process same-day).
  • Transactional messages — account verification codes, withdrawal confirmations, KYC requests, responsible-gambling notices — are not covered by the CASL opt-in. Canadian law requires us to send these regardless of your marketing preferences.

If you believe you received a marketing message from us without consenting, contact our Privacy Officer (Section 11) and we will investigate immediately.


Section 6: Data Retention

We keep personal information only as long as we have a legitimate reason.

  • Active accounts — for the life of the account.
  • Closed or self-excluded accounts — retained for the period required under AML and licensing regulations, typically 5 to 7 years after account closure [BENCHMARK-PEER]. This is a legal minimum, not a preference.
  • Marketing data (CASL opt-in records) — retained until you withdraw consent, then deleted from active marketing lists within 30 days (a suppression record is kept so we do not re-email you by mistake).
  • KYC documents — retained for the AML-mandated period, then securely destroyed.
  • Support tickets — retained for 24 months after resolution unless linked to an open dispute.
  • Analytics and aggregated data — de-identified and retained indefinitely for site-improvement purposes.

You can request deletion at any time (Section 8). We will delete everything not required by law to retain, and we will tell you specifically what we are keeping and why.


Section 7: Security

We use industry-standard technical and organisational safeguards.

  • TLS encryption for all data in transit between your browser and our servers.
  • Encryption at rest for sensitive data (KYC documents, payment tokens, government-issued ID scans).
  • Role-based access controls — support agents see only what they need, KYC reviewers see only what they need.
  • Access logs and internal audit trails.
  • Regular security review, penetration testing, and vulnerability patching.
  • Third-party providers audited against our security requirements before onboarding.

No system connected to the internet is 100% secure. If we discover a breach that creates a real risk of significant harm to you, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA’s breach-notification obligation, without unreasonable delay.


Section 8: Your Rights Under PIPEDA

PIPEDA gives you the following rights regarding your personal information at RivalBet Casino. To exercise any of them, contact our Privacy Officer (Section 11).

  • Right of access. You can request a copy of the personal information we hold about you. We will respond within 30 days.
  • Right to correction. If the information we hold is inaccurate or incomplete, you can request that we correct it.
  • Right to know. You can ask how your data is being used, who it has been shared with, and for what purpose.
  • Right to withdraw consent. You can withdraw consent for any processing that is not required by law or contract. Some withdrawals may mean we can no longer serve you (for example, if you withdraw consent for identity verification, we cannot legally keep your account open).
  • Right to complain. If you are not satisfied with our response, you can complain directly to the Office of the Privacy Commissioner of Canada: https://www.priv.gc.ca/ or 1-800-282-1376.
  • Right to request deletion. You can request deletion of your data. We will delete everything not required by law to retain, and we will confirm in writing what has been deleted and what has been kept and why.

Section 9: Territorial Scope

This Privacy Policy applies to users accessing RivalBet.ca from Canadian provinces and territories excluding Ontario. RivalBet Casino services are not offered to Ontario residents; Ontario players who reach the site are blocked at registration and no personal information beyond the initial IP/geolocation check is retained.

For a full explanation of our territorial availability, see the Terms of Use for RivalBet.ca.


Section 10: Children’s Privacy

RivalBet.ca is not directed to persons under the legal gambling age in their province of residence (19 in most Canadian provinces, 18 in Alberta, Manitoba, and Quebec). We do not knowingly collect personal information from anyone underage.

If we discover — or are notified — that an underage user has created an account, we close the account immediately, refund any deposits net of any winnings paid out in error, and delete the associated personal information subject to any AML retention requirement.

Parents or guardians who believe an underage person has provided information to us should contact our Privacy Officer (Section 11) immediately.


Section 11: Contact Our Privacy Officer

Under PIPEDA, every organisation must designate a Privacy Officer accountable for compliance. Ours is reachable directly.

  • Privacy Officer email: [email protected]
  • Operator: Northern Maple Interactive Ltd.
  • Address: P.O. Box 34, Kahnawà:ke Mohawk Territory, QC J0L 1B0, Canada
  • Response window: 30 days from receipt, as required by PIPEDA. Complex requests may take longer; we will notify you in writing if we need an extension.

For general (non-privacy) enquiries, use the contact page linked above.


Section 12: Changes to This Policy

If we make material changes to this Privacy Policy — for example, adding a new category of data collection, changing how we share data, or altering retention periods — we will notify registered users by email and post a prominent notice on the site at least 30 days before the change takes effect. Non-material changes (typo fixes, clearer wording, updated contact details) may take effect immediately, with the “Last updated” date at the top of the page reflecting the revision.

Continued use of RivalBet.ca after a material change takes effect means you accept the revised policy. If you do not accept it, you can close your account under the procedure in the Terms of Use linked above.


We follow PIPEDA because it is Canadian law and because we think the Canadian data-handling standard is one of the better ones globally. If you want a plain-English summary of any section, or you are not sure whether a particular clause applies to your situation, contact our editorial team through the contact page linked earlier — we would rather explain it once than have you agree to something you did not understand.

Related pages on this site: the RivalBet.ca site home covers the brand review context; operator KYC and AML handling unpacks the verification framework tied to personal-data collection; About the RivalBet.ca editorial site documents the methodology behind our editorial policy.

Byline: RivalBet Editorial Team