Privacy Policy
At Mr Play, privacy is a core part of safe play in Canada. This Privacy Policy explains how we collect, use, share, and protect personal information under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial requirements.
Navigation
By using our services, you agree to the practices described here. If you prefer not to provide certain optional details, you can adjust your settings, withdraw consent where applicable, or request account closure at any time.
What we collect and why
We collect information needed to create and manage your account, process payments reliably, and meet legal obligations. This data also helps with fraud prevention, security monitoring, and improving your onsite experience.
Core information types
- Personal details: name, address, email, date of birth, phone number, and identification documents used for verification.
- Payment details: credit/debit card information, e-wallet details, and transaction history for deposits and withdrawals in CAD.
- Technical data: IP address, device details, cookies, browser type, operating system, and related logs.
- Gameplay records: games played, deposits, withdrawals, and promotions accessed.
- Support history: chat logs, emails, and phone contacts used for quality control and issue resolution.
How we use your information
- Open, operate, and manage your account, including secure payment processing.
- Verify identity, age, and eligibility to participate.
- Personalize onsite content, including how bonuses and promotions are displayed.
- Analyze site usage to improve products, campaigns, and platform performance.
- Comply with legal obligations, including anti-money laundering requirements.
Your consent and privacy rights
Consent supports registration, verification, and ongoing account operations. You can withdraw consent by requesting account closure or contacting us to discuss how your information is handled.
Under PIPEDA, you can request access to the personal information we hold, ask us to correct inaccuracies, request account deletion where permitted, and object to processing in specific situations. Correction requests are handled within seven business days.
Sharing, disclosure, and limits
We do not sell, trade, or rent personal information. We share information only when necessary to run the service and limit sharing to what is required for the specific purpose.
Information may be shared with payment processors, software and analytics providers, identity verification services, or legal authorities when required. These partners operate under confidentiality obligations, and data handling follows Canadian privacy rules, with GDPR-aligned safeguards applied where relevant.
Marketing-related sharing requires clear permission and does not include sensitive information. You can also refuse ad tracking at any time through your settings.
International processing and safeguards
We are headquartered in Canada, and some processors may store or process information outside Canada, including within the EU. When information is transferred, contractual safeguards are used to maintain privacy protection comparable to Canadian standards.
Where needed, transfers outside the European Economic Area rely on mechanisms such as Standard Contractual Clauses or similar frameworks that preserve comparable protection levels.
Security measures and incident response
We apply layered security controls to protect accounts and strengthen infrastructure resilience. Measures include SSL encryption, two-factor authentication, regular vulnerability scans, penetration testing, and staff access controls.
- Encryption for sensitive transactions uses 256-bit SSL protocols.
- Stored information is protected using AES-256 encryption, where applicable.
- Transport security supports modern standards, including TLS 1.3 for data transmission.
- Passwords are not stored in plain text and are hashed using bcrypt with salt.
- Sessions end after 30 minutes of inactivity to reduce exposure.
If a security incident affects your data, we notify you promptly and inform relevant authorities where required. Response steps may include isolating affected access points, ending active sessions, and resetting credentials linked to suspicious activity.
Practical account safety tips
- Use a unique password and avoid reusing credentials across services.
- Update your password every six months, or sooner if you notice unusual login activity.
- Enable multi-factor authentication using SMS codes or an authenticator app.
- Avoid sharing login details or signing in on shared devices.
Cookies and tracking controls
Cookies, pixels, and similar tools help keep the site responsive, measure performance, support security, and tailor content. You can manage cookie preferences through your account settings, and you may refuse ad tracking whenever you choose.
Retention and deletion
We keep personal data while your account is active and for any additional period required by Canadian legal or regulatory obligations. Account records are typically retained for five years after account closure, or longer where the law requires.
Where deletion is permitted, we apply digital erasure practices designed to remove information from internal systems while still respecting mandatory retention requirements.
Age limits and minors
Our services are for adults only. Access is restricted to users aged 18+, and the site is not intended for individuals under 19. We do not knowingly collect or process information from minors, and controls are in place to help prevent underage access.
Quick reference table
| Topic | What it covers | Your options / key notes |
|---|---|---|
| Eligibility checks | Age and identity verification to support safe access and compliance. |
|
| Registration details | Name, date of birth, address, and contact options used to create your profile. | Updates are available through settings or support when verification permits. |
| Payment processing | Card or e-wallet details and transaction history used for deposits and withdrawals. | Shared only with authorized processors and compliance partners as needed. |
| Technical logs | IP address, device data, cookies, and log files used for performance and security monitoring. |
|
| Gameplay records | Games played and promotion access used for account management and auditing. | Requests to access stored data can be made through secure channels. |
| Access controls | Two-factor authentication and role-based staff access used to limit exposure. | Sessions close after 30 minutes of inactivity. |
| Encryption standards | Transaction security uses 256-bit SSL; storage uses AES-256. | Passwords are hashed with bcrypt and salt, and not stored in plain text. |
| Retention timeline | Data is kept while your account is active, plus required legal or regulatory periods. | Account records held for five years after closure, if required. |
| Rights timeline | Access, correction, and deletion requests supported under PIPEDA obligations. | Corrections handled within seven business days. |
How to reach us securely
A Data Protection Officer oversees privacy questions and requests. You can contact us through encrypted contact forms within the site, and we use secure authentication methods before releasing account-related information.