By Sylvia Kairouz – Updated June 2026
Jackpot City Casino privacy policy explained for Canadians
Most people click “accept” on a privacy policy the same way they click “accept” on a cookie banner – quickly, without reading, because the alternative is not getting to do the thing they opened the page to do. I understand that impulse completely. But after fifteen years of studying how gambling platforms affect real people’s lives, I’ve learned that a casino’s privacy policy is one of the most revealing documents it publishes. It tells you what data the company treats as an asset, who it shares that asset with, and how seriously it takes the difference between what it’s allowed to do and what you’d actually want it to do. Jackpot City Casino, operating since 1998 and holding licences from both the Kahnawake Gaming Commission and the AGCO for Ontario, has a data handling framework shaped by nearly three decades of regulatory evolution. Here is what it actually means for you as a Canadian player in 2026.
Why a casino privacy policy matters more than most
When you sign up at Jackpot City, you’re not just creating an entertainment account. You’re providing your full legal name, date of birth, residential address, phone number, email, government-issued identification, and financial payment details. The platform then generates ongoing behavioural data about every session you play – which games you choose, how long you play, how much you wager, and when you stop. That combination of identity data and behavioural data creates a detailed profile that is worth protecting, understanding, and actively managing. Jackpot City’s privacy practices are governed by Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA), by the AGCO’s data standards for Ontario players, and by the KGC’s licensing requirements. Knowing those frameworks exist gives you a foundation – but the specifics of how Jackpot City applies them is what this guide covers.
What data Jackpot City collects
Data collection at Jackpot City falls into two broad categories: information you provide directly and information generated automatically through your use of the platform.
Data you provide directly:
Category |
Specific data points |
Identity data |
Full legal name, date of birth, gender |
Contact data |
Home address, email address, phone number |
Verification data |
Government-issued photo ID, proof of address document, selfie or liveness check |
Financial data |
Payment card details, bank account information, transaction history |
Account preferences |
Responsible gambling limit settings, marketing consent status, communication preferences |
Data generated automatically:
Category |
Specific data points |
Technical data |
IP address, device type, browser version, operating system |
Usage data |
Games played, session duration, bet sizes, win/loss records |
Location data |
Geolocation data to confirm provincial eligibility at login |
Cookie data |
Session cookies, analytics cookies, preference cookies |
Communication data |
Records of all customer support interactions |
The geolocation data is worth specific attention. Jackpot City is legally required to confirm that players accessing the AGCO-regulated version of the platform are physically located in Ontario at the time of play. That verification uses device location data and is a licensing requirement – not an optional feature the company chose to implement. Players who access the platform using a VPN to mask their location are violating both the terms of service and the regulatory framework, and risk account termination.
How Jackpot City uses your personal data
Understanding what data is collected is only useful if you also understand what it’s used for. Jackpot City processes personal data for the following specific purposes:
- Account creation, authentication, and ongoing management
- Processing deposits, withdrawals, and bonus claims in CA$
- Identity verification and KYC compliance under Canadian AML legislation
- Fraud detection, prevention, and investigation
- Regulatory compliance reporting to the KGC and, for Ontario players, the AGCO
- Responsible gambling monitoring – identifying behavioural patterns associated with problem gambling and triggering protective interventions
- Customer support and dispute resolution
- Platform performance analysis and technical improvements
- Marketing communications – but only with your explicit prior consent
The responsible gambling monitoring use is one I want to highlight specifically because it’s genuinely in players’ interests and often overlooked. Jackpot City’s terms require it to have measures in place to limit marketing to high-risk players – which means the platform analyses session data to identify patterns associated with gambling harm and restricts promotional communications to those players. This is a direct consumer protection measure, and it only works if the platform has access to your behavioural data. It’s an example of data collection that is genuinely beneficial to the player rather than primarily commercially motivated.
Third parties who may receive your data
This is the section where casino privacy policies most often disappoint players who eventually read them. Jackpot City shares limited personal data with the following categories of third parties:
Third party category |
Purpose |
Examples |
Payment processors |
Facilitating deposits and withdrawals |
Interac, Visa, iDebit, cryptocurrency platforms |
Identity verification providers |
KYC and age verification |
Document authentication services |
Regulatory authorities |
Legal compliance and reporting |
KGC, AGCO, iGaming Ontario |
IT and infrastructure providers |
Platform hosting and security |
Cloud servers, cybersecurity services |
Analytics providers |
Platform performance analysis |
Usage tracking and optimisation tools |
Marketing service providers |
Delivering communications you’ve opted into |
Email and SMS delivery platforms |
The Super Group |
Corporate group data sharing |
Jackpot City’s parent organisation |
The Super Group data sharing is worth noting. Jackpot City operates as part of the broader Super Group portfolio. Within that corporate structure, certain operational data may be shared between entities for administrative and compliance purposes. This is disclosed in the privacy policy and is standard practice within multi-brand gaming groups. It does not mean your data is shared with other consumer-facing casino brands for marketing purposes.
Jackpot City explicitly states that personal data is not sold to third-party advertisers. That’s a meaningful commitment given the value of behavioural gambling data as a marketing asset, and it’s reinforced by PIPEDA’s consent requirements, which would make such sales legally complicated without explicit player authorisation.
Data security: how your information is protected
Jackpot City uses 256-bit SSL encryption across all data transmitted through the platform – the same standard applied by Canadian chartered banks for online transactions. Financial data is stored on PCI-DSS compliant servers, meaning payment card information is handled according to the Payment Card Industry’s security framework. Player funds are held in accounts separate from the company’s operating capital, a requirement under the iGaming Ontario operating agreement.
Additional security measures in place in 2026:
- Two-factor authentication available for account login
- Automated session timeouts after periods of inactivity
- Real-time transaction monitoring for fraud indicators
- Role-based internal access controls limiting staff access to player data
- Regular third-party security audits and penetration testing
Two-factor authentication is available and I’d strongly recommend enabling it. A Jackpot City account holds your payment details, personal identification, and real-money balance – it deserves at least the same level of access protection you’d apply to your online banking login.
Data retention: how long Jackpot City keeps your information
Jackpot City retains personal data for as long as your account is active and for defined periods after account closure, driven primarily by Canadian regulatory requirements:
Data type |
Retention period |
Regulatory basis |
Identity and KYC documents |
5 years post-account closure |
Canadian AML legislation |
Financial transaction records |
5 years post-transaction |
Financial audit requirements |
Game play history |
3 years |
Dispute resolution and fraud investigation |
Customer support records |
3 years |
Complaint handling and compliance |
Marketing consent records |
Duration of consent plus 1 year |
PIPEDA consent documentation |
Technical access logs |
12 months |
Security monitoring |
The five-year retention of identity documents is a legal obligation under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act – it applies to all licensed Canadian gambling operators and cannot be waived even if a player requests it during the retention period. After the retention period expires, Jackpot City is required to securely delete or anonymise the data.
Cookie management
Jackpot City uses cookies for four primary purposes: session authentication (keeping you logged in), preference memory (storing your platform settings), performance analytics (measuring how features are used), and marketing (delivering relevant promotional content to opted-in players). You can manage cookie preferences through your browser settings or the platform’s cookie consent tool. Rejecting non-essential cookies will not prevent you from using the casino, but will limit personalised content and may affect some platform features.
