My name is Tracie O. Afifi. I am a Full Professor at the University of Manitoba’s Rady Faculty of Health Sciences and hold a Tier 1 Canada Research Chair. My doctoral dissertation examined problem gambling among women in Canada, and population-level data has been central to my research program ever since.
That background gives me a specific lens when I read a casino’s privacy policy — I think about data not as an abstract compliance topic but as a concrete subject with real consequences for real people. The information that Mirax Casino collects about Canadian players includes behavioral patterns, financial histories, and identity documentation that together create a detailed profile. This piece is my plain-language analysis of what Mirax Casino’s privacy policy means for Canadian players in 2026.
Why casino privacy policies deserve more attention
Privacy policies determine how your data is used: for player protection or for aggressive marketing. My research makes me particularly aware of how individual data reveals patterns people haven’t noticed themselves. For Canadian players, understanding this document is the foundation for knowing what rights you hold under the legal frameworks of PIPEDA (federal) and Law 25 (Quebec).
What personal data Mirax Casino collects
Data you provide consciously
This includes your full legal name, date of birth, residential address, email, phone number, and identity documents (KYC). Payment details (cards, e-wallets) and all communication records with support are also stored.
Data generated by your behavior
| Data type | What is captured |
|---|---|
| Device data | Operating system, browser version, device identifiers |
| IP & Location | Approximate location, ISP details, VPN detection |
| Session behavior | Login times, duration, navigation path |
| Gaming activity | Games played, bet sizes, win/loss records |
| Financial behavior | Deposit frequency, withdrawal patterns, spending trends |
| Support history | Chat transcripts and email correspondence |
The legal basis for processing your data
- Contractual necessity: Required to deliver the service (deposits, games).
- Legal obligation: Required for identity verification (KYC) and anti-money-laundering (AML).
- Legitimate interests: Used for fraud prevention and platform security.
- Consent: Covers marketing and non-essential cookies. Under CASL, you must opt-in for marketing messages.
How Mirax Casino shares your data
| Recipient type | Purpose | Player control |
|---|---|---|
| Payment processors | CAD transaction processing | Required for service |
| Verification providers | Identity and age confirmation | Regulatory requirement |
| Licensing authorities | Compliance reporting | Legal obligation |
| Marketing platforms | Promotional campaigns | Opt-out available |
| Analytics providers | Performance analysis | Cookie settings |
| RG services | Harm reduction monitoring | Licensing requirement |
Your rights as a Canadian player (PIPEDA)
Canadian law gives you enforceable rights over your data. These include:
- Access: The right to know what data is held and receive a copy.
- Correction: The right to fix inaccurate information.
- Withdrawal: The right to opt-out of marketing at any time.
- Deletion: The right to request data removal (where legal retention allows).
- Notification: The right to be informed of any significant data breach.
- Complaint: The right to contact the Office of the Privacy Commissioner of Canada.
How long Mirax Casino retains your data
| Data category | Retention period | Basis |
|---|---|---|
| Identity documents | 5 years after account closure | AML requirement |
| Transaction records | 5-7 years | Financial compliance |
| Gaming activity logs | Account lifetime + minimum | Licensing conditions |
| Marketing preferences | Until consent is withdrawn | Consent-based |
| Cookie data | Up to 13 months | Analytics standard |
Security measures protecting your data
Mirax Casino applies SSL/TLS encryption to all data in transit. Payment data is handled under PCI-DSS standards via tokenization, meaning raw card details are not stored in the casino’s direct systems. Internal access is strictly limited through role-based permissions, and the platform undergoes regular security audits to ensure compliance with PIPEDA’s breach notification requirements.
