Data We Collect and Why
Key facts about data we collect and why
NoLimitCoins CA collects three categories of data: account data (email, name, date of birth, province), transactional data (GC/SC balances, game history, purchase records), and technical data (IP address, browser fingerprint, device type for fraud prevention). We do not sell personally identifiable information to third-party data brokers. All data is stored on servers protected with AES-256 encryption at rest and TLS 1.3 in transit. Account data is retained for 7 years from last activity for legal compliance purposes under Canadian anti-money laundering regulations. You may request a full data export or deletion by contacting our support team.
| Data Category | Purpose | Retention Period |
|---|---|---|
| Account Identity | Authentication, KYC compliance | 7 years from last activity |
| Game History | Dispute resolution | 3 years |
| Technical and Device | Fraud prevention | 90 days rolling |
| Purchase Records | Financial compliance | 7 years statutory |
| Cookie and Session | Login management | Session lifetime only |
Cookie Policy
We use strictly necessary cookies for session authentication and platform functionality. Analytics cookies (aggregated and non-personal) help improve game load performance and navigation. You may opt out of analytics cookies without affecting platform access. We do not use cross-site tracking cookies or third-party advertising cookies. Our full terms of service detail your rights regarding data processing under applicable Canadian privacy legislation including PIPEDA.
Your Rights Under PIPEDA
Accessing and correcting your data
The Personal Information Protection and Electronic Documents Act (PIPEDA) grants Canadians the right to access personal data held about them and to correct inaccurate information. To request a full data export or correction, submit a written request via the contact page. We respond to access requests within 30 days. Data provided for account verification cannot be deleted while the account remains active but will be anonymised within 90 days of permanent account closure.
Third-Party Services and Data Sharing
Who we share limited data with
We share minimal account data with three categories of third parties: payment processors (for redemption transactions only), identity verification services (for KYC), and analytics aggregators (non-personal, session-level data only). No social media platform or advertising network receives personally identifiable information. Our payment processors operate under PCI-DSS compliance. Identity verification partners are bound by the same PIPEDA obligations as NoLimitCoins CA directly.
