Privacy Policy

This Privacy Policy explains how Cashed Casino ("Cashed Casino", operating via cashed-ca.com) collects, uses, discloses, and protects personal data of players and website visitors. It applies to all individuals who access or use our websites, products, and services, regardless of device or location, with a primary focus on users located in Canada. By using our services, you acknowledge that you have read and understood this Policy. This Policy is effective and applies to processing activities carried out from and after 1 January 2025 and is expected to remain in force through at least 31 December 2026, unless replaced or updated as described below.

Who We Are

OBSERVE: Users need to know the identity and contact details of the data controller and related entities. EXPAND: The operation uses an offshore corporate structure with a licensed gaming operator and a payment-processing affiliate. REFLECT: We clearly identify the entities, their roles, and a dedicated privacy contact.

The online casino service marketed as "Cashed Casino" for Canadian users at cashed-ca.com is operated by:

• Operator (Data Controller for gaming services): Liernin Enterprises LTD, a limited company incorporated under the laws of the Republic of the Marshall Islands, registration number 126211.
• Registered / corporate jurisdiction: Marshall Islands (exact registered address may be provided to authorities and users on request for verification and legal correspondence).
• Licensing context: Liernin Enterprises LTD operates the casino under Offshore Gaming License no. 22-0025 issued by the Philippine Amusement and Gaming Corporation (PAGCOR), Philippines, for offshore online casino operations, including RNG games.

For certain payment and processing activities, we also rely on:

• Payment Processing Subsidiary / Merchant of Record (for certain fiat transactions such as Interac and credit cards): Mirata Services LTD, a limited company incorporated in Cyprus, registration number HE 433658.

Data Protection Contact / Privacy Contact

We have appointed an internal privacy contact function responsible for data protection matters related to Cashed Casino:

• Data Protection / Privacy Department: Cashed Casino Privacy Office
• E-mail (primary): [email protected]
• E-mail (support-related requests, including privacy queries): [email protected]
• E-mail (payment-related queries): [email protected]

Where required by applicable law, the data controller for your personal data will primarily be Liernin Enterprises LTD. Mirata Services LTD and other service providers may act as data processors or independent controllers for specific activities (such as payment processing or fraud prevention), as further described below.

What Personal Data We Collect

OBSERVE: Operation of an offshore online casino requires a range of personal, technical, financial, and behavioral data. EXPAND: We must cover all typical categories used for account management, AML/KYC, responsible gambling, marketing, and security. REFLECT: We categorize data clearly and explain the nature and examples of each type.

1. Identification and Contact Data

• Account data: Full name, username, password (stored in hashed form), date of birth, gender (if provided), country and place of residence.
• Contact details: E-mail address, phone number (where provided), preferred language.
• Verification (KYC) data: Copies or details of identification documents (e.g., passport, national ID, driver's licence), proof of address (e.g., utility bill, bank statement), selfies or video verification clips where required, and other documents reasonably required under licensing or AML rules.

2. Technical and Usage Data

• Device and connection data: IP address, approximate location derived from IP, device identifiers, browser type and version, operating system, screen resolution, language settings, referrer URLs.
• Log and event data: Login and logout times, session identifiers, time spent on pages, clicks, navigation paths, error logs.
• Security data: Failed login attempts, suspected account takeover indicators, device fingerprints used for fraud and security analysis.

3. Financial and Transaction Data

• Payment details: Limited card data (e.g., card type, masked card number, expiry date), payment instrument identifiers, payment account references from payment providers (such as Interac or card gateways). Complete card data is typically handled by our payment processors and not stored by us in full.
• Deposit and withdrawal records: Transaction dates, amounts, currencies, payment methods, account balances and wallet history.
• AML-related data: Information and documentation collected to comply with anti-money laundering and counter-terrorist financing obligations, including source-of-funds information where required.

4. Gaming and Behavioral Data

• Gameplay history: Game sessions, bets placed, wins and losses, jackpots, return-to-player metrics at account level, bonuses used.
• Behavioral patterns: Frequency of play, time of day, amount wagered, self-exclusion or cooling-off behavior, use of responsible gambling tools.
• Communication records: Copies of correspondence with customer support (e-mails, chat logs, complaint records), notes of support interactions, call summaries where applicable.

5. Marketing and Preferences Data

• Marketing preferences: Opt-in/opt-out status for e-mail, SMS, push notifications, and other channels.
• Campaign interaction data: Records of whether you opened, clicked or responded to our marketing messages; bonus redemption and promotional participation tied to specific campaigns.

6. Cookies and Similar Technologies

• Cookie identifiers: Unique identifiers stored in cookies or similar technologies (local storage, pixels, tags) to distinguish browsers and devices.
• Tracking data: Information collected via analytics tools, advertising pixels and similar technologies, as described in the "Cookies & Tracking Technologies" section below.

We generally do not seek to collect special categories of personal data (such as health information or political opinions). However, in rare cases, aspects of your responsible gambling interactions (for example, if you voluntarily disclose a gambling problem or mental health condition to support) may incidentally reveal sensitive information. Such information is handled with heightened care and only to the extent necessary to provide support, comply with legal obligations, or protect vital interests.

Legal Basis for Processing

OBSERVE: We operate from offshore jurisdictions but target Canadian players who expect standards aligned with modern data protection frameworks. EXPAND: We therefore explain legal bases in terms comparable to GDPR concepts (consent, contract, legitimate interests, legal obligation, vital interests) while acknowledging our offshore licensing and AML duties. REFLECT: Each key processing activity is mapped to its primary legal basis.

1. Performance of a Contract

• Scope: Processing that is necessary to create, administer and provide your user account, gaming services, promotions, and related customer support.
• Examples:
  • Opening and managing your Cashed Casino account.
  • Processing deposits, bets, wins, withdrawals and bonuses.
  • Verifying that you meet eligibility requirements (e.g., legal age, residence where applicable).
  • Communicating with you about service provision (e.g., service announcements, transactional e-mails, account notices).

2. Compliance with Legal and Regulatory Obligations

• Scope: Processing required by applicable laws and regulatory instruments, including AML/CFT rules, responsible gambling obligations as interpreted under our PAGCOR license and other applicable regulations, tax and accounting rules, and legal reporting duties.
• Examples:
  • Carrying out Know Your Customer (KYC) checks and verifying your identity.
  • Monitoring transactions for suspicious activity, money laundering or fraud.
  • Responding to lawful requests from regulators, tax authorities and law enforcement bodies.
  • Maintaining records for statutory retention periods related to financial and gaming transactions.

3. Legitimate Interests

• Scope: Processing necessary for our legitimate business interests, balanced against your privacy rights and freedoms. When required by law, we will document this balancing and, where appropriate, offer opt-out mechanisms.
• Examples:
  • Preventing fraud, abuse of bonuses, account takeover, and other security threats.
  • Improving and optimizing our website, games, and user experience.
  • Conducting internal analytics and statistics on an aggregated or pseudonymized basis.
  • Protecting our legal rights, enforcing our Terms & Conditions, and managing disputes.

4. Consent

• Scope: Certain processing activities are based on your explicit consent, which you can withdraw at any time with future effect.
• Examples:
  • Sending you marketing communications (e-mail, SMS, push) where consent is required.
  • Using non-essential cookies and similar technologies (e.g., for advertising or advanced analytics), depending on your browser settings and local law.
  • In limited cases, sharing information with affiliates or advertising partners for targeted offers.

5. Protection of Vital Interests and Legal Claims

• Scope: In rare situations, we may process data to protect your or another person's vital interests (e.g., in the context of serious problem gambling concerns or urgent threats) or to establish, exercise, or defend legal claims.

Purpose of Processing

OBSERVE: Players expect a clear explanation of how their data supports casino operations and additional services. EXPAND: We connect each purpose to typical gaming and compliance needs, including responsible gambling and marketing. REFLECT: We present purposes in a structured manner, helping users understand and evaluate our practices.

1. Provision of Casino and Related Services

• Creating and managing your account and profile.
• Providing access to games, tournaments, and promotions available on cashed-ca.com.
• Processing deposits, wagers, wins, and withdrawals.
• Providing customer support and handling technical or account-related issues.

2. Compliance, Risk Management and Responsible Gambling

• Conducting identity verification, age checks and ongoing KYC procedures.
• Monitoring transactions and gameplay for AML/CFT compliance and fraud prevention.
• Detecting and addressing potential problem gambling behavior, including the management of self-exclusions, cooling-off periods, and limits requested by you.
• Keeping records necessary to comply with laws, regulations, license conditions, and tax or accounting rules.

3. Service Improvement and Analytics

• Analyzing how users interact with our pages, games, and features to improve functionality, stability and user experience.
• Testing and developing new products, features, and promotional mechanics.
• Producing statistics, business reports and forecasts (usually on an aggregated or pseudonymized basis).

4. Marketing and Personalization

• Sending you newsletters, promotions and offers where permitted by law and your preferences.
• Customizing content, bonus offers and recommendations based on your playing behavior and preferences, within the limits of applicable law and your consent where required.
• Measuring the effectiveness of our marketing campaigns and optimizing them.

5. Security and Dispute Management

• Ensuring the security of our systems, preventing unauthorized access and misuse.
• Investigating and resolving disputes, complaints, and chargebacks.
• Enforcing our Terms & Conditions and other applicable rules.

Disclosure & Sharing

OBSERVE: Online casinos rely on a network of third parties (payment processors, hosting, analytics, regulators). EXPAND: We specify types of recipients, circumstances of disclosure and safeguards, acknowledging offshore licensing and Canadian user expectations. REFLECT: We define categories rather than an exhaustive list, enabling operational flexibility while maintaining transparency.

1. Group Companies and Corporate Structure

• Operator: Liernin Enterprises LTD acts as the primary data controller for gaming operations.
• Payment Processor: Mirata Services LTD processes certain payment transactions and related data, acting as a data processor or independent controller, depending on the context.

2. Payment Partners and Financial Institutions

• Banking partners, card schemes, Interac and other payment service providers involved in processing deposits, withdrawals and chargebacks.
• These parties receive data such as transaction identifiers, limited card details, wallet references, and account-holder information necessary to process your payments and comply with financial regulations.

3. Service Providers (Processors)

• IT and hosting providers, including data centers, cloud platform providers and content delivery networks hosting our website and game content.
• Customer support platforms, communication tools (e-mail/SMS providers), analytics platforms, fraud and risk management tools, and KYC providers.
• These providers are bound by contractual obligations to process personal data only on our instructions and to implement appropriate security measures.

4. Regulators, Authorities and Dispute Bodies

• PAGCOR or other regulators with jurisdiction over our licence or cross-border operations, when required under applicable gaming, AML, or reporting rules.
• Tax, financial, or law enforcement authorities where we are legally required to provide information or where disclosure is necessary to protect our rights or comply with court orders.

5. Affiliates and Advertising Networks

• Marketing affiliates and advertising networks that refer players to cashed-ca.com or display our advertising content.
• In such cases, the information shared is typically limited to technical data (e.g., cookie identifiers, referral IDs, campaign performance metrics) and, where required by law, subject to your prior consent.

6. Corporate Transactions

• In the event of a merger, acquisition, sale of assets, restructuring or similar transaction involving Cashed Casino, your personal data may be transferred as part of the transaction, subject to appropriate confidentiality and data protection safeguards.

We do not sell your personal data to third parties in the sense of "data brokerage". Any sharing for marketing or analytics purposes is done within the framework of service-provider relationships, affiliate marketing, or with your consent where required.

International Transfers

OBSERVE: Our main entities are located outside Canada and the European Union, and we serve Canadian players via offshore infrastructure. EXPAND: Transfers may involve the Philippines, the Marshall Islands, Cyprus, and other locations of service providers. REFLECT: We explain that data may be stored or accessed across several jurisdictions and outline safeguards and risk disclosure.

1. Locations of Processing

• Your personal data may be processed or stored in:
  • The Marshall Islands (Liernin Enterprises LTD - operator).
  • The Philippines (PAGCOR licensing oversight and certain support or compliance functions).
  • Cyprus (Mirata Services LTD - payment processing and support functions).
  • Other countries where our technical infrastructure or key service providers are located, which may include EU/EEA member states, the United Kingdom, and other jurisdictions.

2. Safeguards for Cross-Border Transfers

• Where we transfer personal data to service providers or partners in jurisdictions that do not provide an equivalent level of data protection, we take reasonable steps to protect your information, which may include:
  • Entering into contractual clauses that require recipients to protect personal data (e.g., clauses modeled on standard contractual clauses or equivalent, as applicable).
  • Implementing technical safeguards such as encryption and pseudonymization.
  • Limiting access on a need-to-know basis and ensuring robust internal policies.

Because Cashed Casino operates as an offshore, grey-market online casino for Canadian players and is primarily regulated outside Canada, your data may not benefit from the same statutory protections or regulatory oversight that apply to domestically licensed Canadian operators. By using our services, you acknowledge that your personal data may be transferred to and processed in jurisdictions whose data protection laws may differ from those in your home jurisdiction.

Data Retention

OBSERVE: Gambling and AML regulations require retention of certain data for specified periods, while privacy principles require storage no longer than necessary. EXPAND: We provide indicative retention periods per category and describe deletion/anonimization criteria. REFLECT: We balance compliance needs with minimization and explain how users can trigger review or deletion where permitted.

1. General Principles

• We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
  • Providing services and maintaining your account.
  • Complying with legal, accounting, and reporting obligations.
  • Resolving disputes and enforcing agreements.
• After the relevant retention period expires, we will either delete or irreversibly anonymize the data, unless further storage is required by law or justified by ongoing legal claims.

2. Indicative Retention Periods

• Account and identification data: Generally kept for the duration of your active account and for up to 5 years after account closure, unless a longer period (up to 10 years) is required by applicable AML, gaming or financial regulations.
• Financial and transaction data: Typically retained for 5 - 10 years from the date of the relevant transaction, in accordance with applicable accounting and AML obligations.
• Gameplay and behavioral data: Kept while your account is active and for up to 5 years following account closure for regulatory, responsible gambling and dispute-management purposes, after which it may be anonymized for statistical use.
• Marketing data: Retained until you withdraw consent or object to processing for marketing, and for a limited period thereafter to record your opt-out.
• Cookies and technical logs: Stored in accordance with our cookie lifetimes, which typically range from the duration of the session up to 2 years, depending on the cookie's purpose, unless logs must be retained longer for security or legal reasons.

3. Deletion Criteria

• Account closure initiated by you, after expiry of mandatory retention periods.
• Prolonged inactivity, where retention is no longer necessary and no outstanding legal obligations or disputes exist.
• Successful requests for erasure, where applicable and compatible with legal retention requirements.

Your Rights

OBSERVE: While we are not a Canadian or EU domestic operator, users expect rights similar to those under modern data protection frameworks (e.g., GDPR). EXPAND: We describe rights of access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent, along with timelines and procedures. REFLECT: We clarify that the ability to exercise these rights may be limited by legal obligations (e.g., AML retention) and by the cross-border nature of our operation.

1. Overview of Rights

• Right of access: You may request confirmation whether we process your personal data and receive a copy of such data, together with information about how we process it.
• Right to rectification: You may request the correction of inaccurate or incomplete personal data (e.g., updated address or contact details).
• Right to erasure ("right to be forgotten"): You may request deletion of your personal data in certain situations, for example where the data is no longer necessary for the purposes for which it was collected or where you withdraw consent. We may retain certain data where required by AML/gaming or other laws.
• Right to restriction of processing: You may request that we limit processing of your data (e.g., while verifying its accuracy or the basis for processing).
• Right to object: You may object to processing based on our legitimate interests, including profiling, and to processing for direct marketing.
• Right to data portability: Where technically feasible and applicable, you may request a copy of certain personal data in a structured, commonly used and machine-readable format and ask that it be transmitted to another controller.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

2. Exercising Your Rights

• How to contact us:
  • Primary: [email protected]
  • Alternative (support-related queries): [email protected]
• Verification: We may ask you to provide information necessary to verify your identity before acting on your request (e.g., confirming account details or requesting supporting documents).
• Response time: We aim to respond to all legitimate requests within 30 days of receipt. Where requests are complex or numerous, we may extend this period by a further 30 days and will inform you of the extension and reasons.
• Fees: Requests are generally handled free of charge. However, we may charge a reasonable fee or refuse to act where requests are manifestly unfounded, excessive, or repetitive, in accordance with applicable law.

Please note that the exercise of certain rights may be restricted where we must retain or process your data to comply with legal obligations (for example, AML or gaming regulations), to protect the rights and freedoms of others, or to establish, exercise or defend legal claims.

Where you are protected by modern data protection rules (such as GDPR-equivalent standards) through your local law or conflict-of-laws principles, we will make reasonable efforts to respect these rights, to the extent consistent with our licensing and legal obligations in our operating jurisdictions.

Cookies & Tracking Technologies

OBSERVE: Cookies are essential for secure account operation, but also used for analytics and marketing. EXPAND: We classify cookies by duration and purpose and describe how to manage them. REFLECT: We support user choice while noting that disabling certain cookies may affect functionality.

1. Types of Cookies We Use

• Session cookies: Temporary cookies that exist only for the duration of your session and are deleted when you close your browser. They are used to maintain your login state, remember your selections during a session, and help secure your account.
• Persistent cookies: Cookies stored on your device for a defined period (e.g., days, months, or up to 2 years) used to remember your preferences and recognize you when you return.
• First-party cookies: Cookies set directly by cashed-ca.com to provide core functionality and remember your settings.
• Third-party cookies: Cookies set by service providers such as analytics platforms, advertising networks or affiliate trackers, which help us measure performance, attribute referrals, or deliver relevant content.

2. Purposes of Cookies

• Strictly necessary / functional: Required for operating the website and providing the services you expressly request, including security features, account login, payment processing and language settings. These cannot usually be disabled via our internal tools without impacting site functionality.
• Analytics and performance: Used to understand how users interact with our website (e.g., pages visited, time spent, error messages). This information is generally aggregated and helps us improve the design, performance and usability of our platform.
• Advertising and marketing: Used to track the effectiveness of our marketing campaigns, attribute affiliate traffic, and, where permitted, display tailored advertising or promotions.

3. Managing Cookies

• Browser settings: Most web browsers allow you to manage cookies through their settings, including blocking or deleting cookies. Please refer to your browser's help section for details.
• Device and OS controls: Mobile operating systems may provide additional options to reset advertising identifiers and manage tracking.
• Impact of disabling cookies: If you block or delete cookies, some parts of the website may not function properly, and you may not be able to use all features (e.g., staying logged in, saving preferences).

Data Security

OBSERVE: Players entrust us with sensitive financial and identification data and expect strong protection. EXPAND: We outline organizational and technical measures including encryption, access control, monitoring and training. REFLECT: We acknowledge that no system is perfectly secure and commit to continuous improvement and incident response.

1. Technical Measures

• Encryption in transit: Data transmitted between your device and our servers is protected using Transport Layer Security (TLS) 1.2 or higher, helping to prevent interception.
• Encryption at rest (where applicable): Sensitive data elements, such as passwords and specific financial details, are stored in encrypted or hashed form and are never stored in plain text.
• Access controls: Access to personal data is restricted to authorized personnel and service providers on a need-to-know basis, protected by authentication, role-based access controls and, where appropriate, multi-factor authentication.
• Network and infrastructure security: We utilize firewalls, intrusion detection/prevention systems, and other security technologies to reduce the risk of unauthorized access and attacks.

2. Organizational Measures

• Policies and training: Staff involved in processing personal data are subject to confidentiality obligations and receive periodic training on data protection, privacy, and security best practices.
• Vendor management: We carefully select third-party service providers and require them to implement appropriate security measures and comply with contractual data protection obligations.
• Incident response: We maintain processes to detect, investigate, and respond to suspected personal data breaches. Where required by law, we will notify relevant authorities and affected individuals without undue delay.

While we strive to follow recognized security practices and may align aspects of our security program with international standards such as ISO 27001 or SOC 2 principles where practicable, our offshore status and licensing framework mean that we may not be formally certified under such standards. Nevertheless, we are committed to continuously improving our security posture.

Complaints & Contacts

OBSERVE: Users need clear channels to raise privacy concerns and escalate complaints. EXPAND: We define internal procedures and identify supervisory or regulatory bodies relevant to our offshore licensing. REFLECT: We provide contact information and realistic expectations, given our regulatory framework.

1. Contacting Us

• Primary privacy contact e-mail: [email protected]
• Customer support (including privacy-related queries): [email protected]
• Payment-related issues: [email protected]

If a postal contact address or specific reference office is required for your complaint, you may request that information via the above e-mail addresses, and we will provide the appropriate correspondence details for Liernin Enterprises LTD or Mirata Services LTD.

2. Internal Complaint Procedure

1. Submission: Send us a detailed description of your concern (including your account ID, relevant dates and any supporting documentation) via e-mail to our privacy contact or support.
2. Acknowledgment: We will acknowledge receipt of your complaint, usually within 5 business days.
3. Investigation: We will investigate your complaint internally, which may involve our legal, compliance, security and support teams.
4. Response: We aim to provide you with a substantive response within 30 days. Where further time is required for complex matters, we will update you on progress and expected timelines.
5. Escalation: If you are not satisfied with our response, you may request internal escalation to a higher management or compliance level.

3. Escalation to Authorities

Because Cashed Casino operates as an offshore entity primarily licensed under PAGCOR in the Philippines, oversight of our operations (including aspects related to player treatment and records) may rest with that authority. After exhausting our internal procedures, you may contact:

• Philippine Amusement and Gaming Corporation (PAGCOR)
  See: https://pagcor.ph/regulatory for regulatory contacts and complaint mechanisms.

If your local laws grant you the right to lodge a complaint with a data protection authority in your country or region (for example, in jurisdictions applying GDPR-equivalent standards), you may be able to exercise that right. However, please note that such authorities may have limited direct jurisdiction over offshore operators like Cashed Casino.

Updates

OBSERVE: Regulatory expectations and business practices evolve, requiring updates to this Policy. EXPAND: We specify how users will be informed, how versioning is handled and what options exist in case of material changes. REFLECT: We provide reasonable notice for significant changes and explain the consequences for continued use.

1. Policy Changes and Version Control

• We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or regulatory guidance.
• Each version of the Policy will be identified by a "Last updated" date at the bottom of the text.

2. Notification of Material Changes

• Material changes: Where we make significant modifications that materially affect your rights or the way we process your data (for example, introducing new categories of recipients or substantially changing retention periods), we will:
  • Provide notice on our website (e.g., via banner or pop-up).
  • Where feasible, send e-mail notifications to the primary e-mail address associated with your account.
  • Where applicable, display notices in your account dashboard.
• Notice period: We will endeavor to provide at least 30 days' advance notice before material changes take effect, unless immediate changes are required by law, security or regulatory reasons.

3. Your Options

• If you do not agree with the updated Policy, you may choose to stop using our services and request account closure, subject to withdrawal of your available balance and completion of any outstanding obligations.
• Your continued use of our services after the effective date of the updated Policy will constitute your acceptance of the changes, as far as permitted by applicable law.

Last updated: November 2025 (intended to be applicable through at least the end of 2026, subject to interim updates as described above).