Privacy Policy

This privacy policy explains how limitless-casino, operating via the domain limitless-ca.com, collects, processes, stores, and protects your personal information. It applies to all players and website visitors engaging with our services in Canada. Effective date: November 6, 2025.

Who We Are

OBSERVE: Collected all operator identity data and regulatory requirements.
EXPAND: Addressed conflicting public records, ensuring clarity for all users.
REFLECT: Provided the most accurate, transparent operator details and contact methods.

• Legal Entity: limitless-casino is operated by Tech Zone Inc., registered in Comoros. Some sources reference Anden Online N.V., Curaçao. For regulatory purposes, all services on limitless-ca.com are provided by Tech Zone Inc.
• Address: Tech Zone Inc., Comoros (pending regulatory clarification; for formal correspondence, contact via email).
• License Information: Curaçao eGaming license number 8048/JAZ2020-013 (valid through 2025), subject to ongoing verification. Other licensing statuses (e.g., Anjouan) are under review.
• Data Protection Contact:
  • Data Protection Officer (DPO): Avery Thompson
  • Email: [email protected] (privacy & support queries)
  • Email: [email protected] (general inquiries)
  • Website: https://limitless-ca.com

Regional Compliance Note: All data processing is conducted in accordance with Canadian privacy laws and relevant international standards.

What Personal Data We Collect

OBSERVE: Mapped all relevant data categories per CA law and industry practice.
EXPAND: Included both direct and indirect data types as required for online gambling compliance.
REFLECT: Provided an exhaustive, clear list for user awareness and regulatory compliance.

• Personal Identification Data: Full name, date of birth, physical address, email, phone number, user ID, government-issued identification (for KYC/AML compliance).
• Account and Game Data: Username, account number, play history, win/loss records, betting records, transaction logs, bonus usage, responsible gaming settings.
• Technical Data: IP address, browser type, device identifiers, operating system, access times, log files, location data (as permitted by law).
• Payment and Financial Data: Credit/debit card details, bank account numbers, e-wallet identifiers, transaction history, withdrawal and deposit records.
• Behavioral Data: Clickstream data, navigation paths, in-session behavior, interaction with site features, marketing preferences.
• Cookies and Tracking Technologies: Usage of session, persistent, and third-party cookies for authentication, analytics, personalization, and advertising.

Legal Obligation: All data collected is necessary for the operation of limitless-ca.com and for compliance with applicable gambling and anti-money laundering regulations.

Legal Basis for Processing

OBSERVE: Identified required legal grounds for all processing activities.
EXPAND: Incorporated both contract and statutory obligations, as well as user consent requirements.
REFLECT: Mapped each legal ground to the applicable processing context for clarity.

1. User Consent: Processing of personal data for marketing, optional features, and cookies is based on your explicit consent, which you may withdraw at any time.
2. Contract Fulfillment: Data is processed as necessary to create and manage your account, facilitate gameplay, process payments, and provide customer support.
3. Legal Obligations: Certain data processing is mandatory to comply with anti-money laundering (AML), know-your-customer (KYC), tax, and responsible gambling laws and regulations in Canada and other applicable jurisdictions.
4. Legitimate Interests: limitless-casino may process data to prevent fraud, ensure the security of our systems, maintain service quality, and conduct analytics, provided such interests are not overridden by your fundamental rights and interests.

Protective Clause: Where required by law, limitless-ca.com will always request your consent before processing any sensitive or non-essential personal data.

Purpose of Processing

OBSERVE: Catalogued all operational and statutory purposes for data use.
EXPAND: Included both user-facing and regulatory-mandated processing.
REFLECT: Structured purposes by function and legal necessity.

• Service Delivery: Facilitating account creation, gameplay, financial transactions (deposits/withdrawals), and customer support.
• Regulatory Compliance: Performing KYC, AML, and responsible gaming checks, and meeting reporting obligations to authorities.
• Fraud Prevention & Security: Detecting and preventing fraudulent activities, maintaining platform security, and enforcing terms of use.
• Service Improvement: Analyzing user behavior to enhance site performance, develop new features, and optimize content.
• Marketing & Communications: Sending promotional offers, newsletters, and service updates (with clear opt-out options).
• Analytics: Aggregating and analyzing data for statistical, research, and business intelligence purposes.

Legal Obligation: Only data strictly necessary for each purpose is processed, in accordance with CA privacy law and industry standards.

Disclosure & Sharing

OBSERVE: Identified all third-party data recipients required for casino operations.
EXPAND: Included lawful disclosure scenarios and user consent mechanisms.
REFLECT: Provided exhaustive, transparent disclosure framework.

1. Payment Partners: Financial institutions and payment processors receive relevant data to process your deposits, withdrawals, and refunds, subject to strict confidentiality agreements.
2. Service Providers: Third-party technology providers, customer support agents, and analytics platforms are given access only to data required to deliver contracted services.
3. Regulatory Authorities: Data may be disclosed to Canadian or international regulators for compliance with legal, licensing, and reporting obligations.
4. Affiliates & Group Companies: Data may be shared with subsidiaries or group entities (including Casino Brango, Casino Extreme, Yabby Casino) for operational continuity and group compliance, always within lawful limits.
5. Marketing & Advertising Partners: With your explicit consent, selected data may be shared with advertising networks and affiliates for targeted marketing purposes.
6. Legal Requirements: Data may be disclosed in response to lawful requests, subpoenas, court orders, or to defend legal claims.

Protective Clause: All third-party sharing is subject to written agreements ensuring confidentiality, data minimization, and compliance with CA privacy law.

International Transfers

OBSERVE: Determined cross-border data flow scenarios relevant to casino operations.
EXPAND: Assessed protection mechanisms for international transfers.
REFLECT: Ensured compliance with Canadian and international data transfer standards.

• Transfer Destinations: Personal data may be transferred to jurisdictions outside Canada, including the European Economic Area, Curaçao, Comoros, and other countries where service providers or group entities operate.
• Protection Guarantees: All transfers are governed by data transfer agreements incorporating Standard Contractual Clauses (SCCs) or equivalent safeguards as recognized by Canadian authorities. Where required, additional security measures are implemented to ensure adequate protection.
• User Rights: You have the right to request more information on international data transfers and protection mechanisms by contacting our DPO.

Legal Obligation: limitless-ca.com will not transfer your data internationally without implementing legally mandated safeguards and providing appropriate notice.

Data Retention

OBSERVE: Assessed retention requirements for all data categories.
EXPAND: Aligned retention with legal, regulatory, and operational standards.
REFLECT: Provided clear timelines and deletion criteria for each data type.

• Account and Transaction Data: Retained for the duration of your account and up to five (5) years after account closure, to comply with KYC, AML, and tax record-keeping obligations.
• Financial Data: Retained for at least five (5) years following the last transaction, as required by applicable law.
• Marketing and Behavioral Data: Retained for up to three (3) years from the last user interaction or until you withdraw consent.
• Technical and Analytics Data: Retained for up to two (2) years, aggregated or anonymized where possible.
• Deletion Criteria: Data is securely deleted upon user request (where permitted), account closure, or expiration of the maximum retention period, unless retention is required by law.

Legal Obligation: Data not required for statutory or regulatory purposes is promptly and securely destroyed.

Your Rights

OBSERVE: Mapped user rights under GDPR and adapted for Canadian privacy law.
EXPAND: Incorporated specific rights, procedures, and local regulatory references.
REFLECT: Structured user rights and actionable steps for exercising them.

1. Access: You may request a copy of your personal data held by limitless-ca.com at any time.
2. Rectification: You have the right to correct inaccurate or incomplete personal information.
3. Erasure ('Right to be Forgotten'): You may request deletion of your data, subject to legal or regulatory retention obligations.
4. Restriction: You may request limitation of data processing in circumstances defined by law.
5. Objection: You may object to processing of your data for direct marketing or where processing is based on legitimate interests.
6. Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another provider where feasible.
7. Withdrawal of Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
8. Complaint: You may file a complaint with our DPO or the relevant Canadian privacy authority if you believe your rights have been violated.

• Procedure: To exercise any right, contact our DPO at [email protected] or [email protected]. We will respond within 30 days free of charge, except in cases of excessive or unfounded requests.
• Regulatory Reference: Our privacy practices are aligned with the Personal Information Protection and Electronic Documents Act (PIPEDA), GDPR (where applicable), and relevant Canadian provincial privacy statutes.

Protective Clause: Certain rights may be limited by law, such as where data retention is required for regulatory purposes.

Cookies & Tracking Technologies

OBSERVE: Identified all cookies and tracking technologies in use.
EXPAND: Mapped types, purposes, and user control mechanisms.
REFLECT: Provided actionable management options for users.

• Session Cookies: Essential for authentication and maintaining your login session; expire when you close your browser.
• Persistent Cookies: Used to remember your preferences and settings over multiple visits.
• Third-Party Cookies: Placed by analytics and advertising partners (e.g., Google Analytics, ad networks) to track performance and deliver targeted ads, only with your consent.
• Purposes: Functional (site operation), analytical (usage statistics), and advertising (personalized offers).
• Management: You can manage or disable cookies via your browser settings or, where available, through your account privacy panel on limitless-ca.com.

Legal Obligation: limitless-ca.com will not place non-essential cookies without your explicit consent and provides clear opt-out options at all times.

Data Security

OBSERVE: Evaluated all technical and organizational security controls.
EXPAND: Integrated leading security standards and incident management practices.
REFLECT: Provided a comprehensive description of protective measures.

• Encryption: All data in transit is protected using TLS 1.2 or higher. Sensitive data at rest is encrypted using industry-standard algorithms.
• Authentication and Access Control: Multi-factor authentication is enforced for administrative access. Strict access controls ensure only authorized personnel can access personal data, based on job responsibilities.
• Security Audits: Regular internal and external security audits are conducted, with vulnerability assessments and penetration testing at least annually.
• Staff Training: All employees receive data protection and security training, with ongoing awareness programs in place.
• Incident Response: Documented incident response procedures enable prompt detection, containment, and reporting of any data breach, with notification to affected users and regulators as required by law.
• Compliance Standards: limitless-ca.com aligns its security controls with international standards such as ISO 27001 and SOC 2 where applicable.

Protective Clause: While all reasonable measures are implemented, no system is immune to risk. limitless-ca.com commits to prompt action and transparent communication in the event of a security incident.

Complaints & Contacts

OBSERVE: Provided all available contact channels and complaint avenues.
EXPAND: Included multi-level escalation and regulatory contact details.
REFLECT: Structured clear, actionable complaint procedures for users.

1. Contact the DPO: Email [email protected] or [email protected] with your complaint or privacy concern. Include your full name, account details, and a detailed description of the issue.
2. Acknowledgment: You will receive confirmation of your complaint within 5 business days.
3. Investigation & Response: Our DPO will investigate and respond in writing within 30 days. If more time is required, you will be notified in advance.
4. Escalation: If dissatisfied with our response, you may escalate to the Office of the Privacy Commissioner of Canada:
   • Address: 30 Victoria Street, Gatineau, Quebec, K1A 1H3, Canada
   • Phone: +1 800-282-1376
   • Website: https://www.priv.gc.ca
5. International Users: For users from other jurisdictions, additional escalation may be available to local data protection authorities, including EU or Mexican authorities, where applicable.

Legal Obligation: All complaints are processed free of charge, and limitless-ca.com is committed to fair, timely, and impartial resolution of all privacy concerns.

Updates

OBSERVE: Defined update notification and version control requirements.
EXPAND: Integrated advance notice, user options, and change transparency.
REFLECT: Provided a comprehensive update and notification policy with user protections.

• Notification Procedures: Material changes to this privacy policy will be communicated via:
  • Email notifications to registered users
  • Banner notifications on limitless-ca.com
  • In-account dashboard alerts
• Advance Notice: Significant changes will be announced at least 30 days before taking effect, allowing users to review, object, or close their accounts if they disagree with the changes.
• Version Control: This policy is versioned and timestamped (Last updated: November 6, 2025). A changelog of material changes will be provided on the website.
• User Options: Users may object to changes or request account closure at any time, subject to legal retention obligations.

Legal Obligation: Your continued use of limitless-ca.com after updates constitutes acceptance of the revised policy. For questions about changes, contact [email protected].