By Sherry H. Stewart — Professor & Research Director, Mood, Anxiety, and Addiction Comorbidity (MAAC) Lab, Dalhousie University
TonyBet Casino‘s privacy policy is the document that defines exactly what information the platform holds about you, why it holds it, who it can share it with, and what rights you have to control that. For Canadian players in 2026, Canada’s privacy landscape continues to evolve — PIPEDA (the federal Personal Information Protection and Electronic Documents Act) governs how organizations like TonyBet handle personal data, and Quebec has additional requirements under Law 25. Understanding the privacy framework TonyBet operates within is the basis for exercising your rights if something goes wrong.
What personal data TonyBet Casino collects
When you open an account at TonyBet Casino, the platform collects information required both for account operation and for the regulatory KYC process. At registration this includes your full legal name, date of birth, Canadian residential address, email address, phone number, and username. TonyBet does not store full card numbers — payment processing uses tokenization and PCI-DSS compliant infrastructure that keeps raw financial data out of the casino’s direct systems.
Beyond what you provide directly, TonyBet also collects data generated by how you use the platform:
| Data type | What it captures |
|---|---|
| Device information | Browser type, operating system, device identifiers |
| IP address and location | Approximate geographic location, VPN detection |
| Session data | Login times, session duration, pages visited |
| Gaming activity | Games played, bet sizes, win/loss history, bonus usage |
| Communication records | Support chat transcripts, email correspondence |
| Cookie data | Preferences, tracking identifiers, referral source |
This behavioural data serves multiple purposes: regulatory compliance, fraud detection, responsible gambling monitoring, and marketing personalisation. Knowing it exists means you understand the full picture of what TonyBet holds about you.
How TonyBet Casino uses your personal data
- Account operation — processing deposits and withdrawals in CAD, managing account settings, delivering the service you signed up for. Core contractual use that cannot be opted out of.
- Regulatory compliance — verifying identity, confirming age and residency, reporting to licensing authorities, maintaining transaction records for AML purposes. Legally mandated regardless of player preference.
- Fraud prevention and security — monitoring account activity for unusual patterns, detecting multi-accounting, protecting both the platform and players from fraudulent activity.
- Responsible gambling monitoring — using behavioural data to identify patterns consistent with problem gambling and trigger intervention tools or communications where required by licensing conditions.
- Marketing communications — sending promotional emails, bonus offers, and platform updates. Requires explicit opt-in consent under Canadian anti-spam legislation (CASL). Consent can be withdrawn at any time.
- Platform improvement — aggregated, anonymised analysis of player behaviour. Anonymised data is not subject to the same restrictions as identifiable personal data.
Data sharing — who else sees your information
| Recipient type | Purpose | Your control |
|---|---|---|
| Payment processors | Transaction processing in CAD | No opt-out (required for service) |
| KYC and identity verification providers | Age and identity checks | No opt-out (regulatory requirement) |
| Licensing and regulatory authorities | Legal compliance and reporting | No opt-out (legal obligation) |
| Fraud detection service providers | Security and anti-fraud | No opt-out (legitimate interest) |
| Marketing technology partners | Promotional communications | Opt-out available via preferences |
| Analytics providers | Platform performance analysis | Partially controllable via cookie settings |
TonyBet Casino does not sell personal data to unaffiliated third parties for their own commercial purposes. The sharing that occurs is either necessary for the platform to function, legally required, or subject to consent controls you can manage.
Your data rights as a Canadian player
Canadian privacy law gives you a defined set of enforceable rights over your personal data at TonyBet Casino:
- The right to know what personal data TonyBet holds about you
- The right to request correction of inaccurate information
- The right to withdraw consent for non-essential processing such as marketing
- The right to request deletion of data where no legal obligation requires its retention
- The right to be informed of any data breach that poses a real risk to you
- The right to complain to the Office of the Privacy Commissioner of Canada if your rights are not respected
Data retention periods
| Data category | Retention period | Reason |
|---|---|---|
| Identity documents | 5 years after account closure | AML regulatory requirement |
| Transaction records | 5–7 years | Financial reporting and legal compliance |
| Gaming activity logs | Duration of account plus regulatory minimum | Licensing conditions |
| Marketing data | Until consent is withdrawn | Consent-based processing |
| Support communications | 3 years after resolution | Dispute resolution reference |
| Technical and cookie data | Typically 13 months | Analytics and fraud prevention |
After retention periods expire, data is securely deleted or anonymised in a way that prevents re-identification.
Cookies and tracking at TonyBet Casino
TonyBet Casino uses cookies and similar tracking technologies across three main categories. Essential cookies are required for the platform to work and cannot be disabled without breaking basic functionality — they handle session management, login state, and security tokens. Analytics cookies collect aggregated data about how players navigate the platform and can typically be declined through the cookie consent manager. Marketing cookies track your journey across websites to enable targeted advertising — Canadian players have meaningful control over these through both the TonyBet cookie settings and browser-level privacy controls.
Data security measures
TonyBet Casino applies technical and organizational security measures to protect personal data against unauthorized access, loss, or disclosure: SSL/TLS encryption for all data in transit, encrypted storage for sensitive personal information, access controls limiting which staff members can view player data, regular security audits and penetration testing, and incident response procedures that comply with PIPEDA breach notification requirements.