Privacy Policy

This Privacy Policy explains how Ruby Slots ("Ruby Slots", "we", "us", "our") collects, uses, discloses, and protects personal information of players and other visitors who access and use the website available at https://rubyslots-ca.com (the "Site") from Canada. It applies to all use of our Site and online casino services, including account registration, gameplay, payments, and marketing communications.

By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you should not use the Site or our services.

Effective date: 1 January 2026

Who We Are

For the purposes of this Privacy Policy, the online casino operated at https://rubyslots-ca.com under the name Ruby Slots is part of the wider Ruby Slots brand and is operated on an offshore basis for Canadian players. The Ruby Slots brand is associated with the Virtual Casino Group (also known as VIP Lounge Group), a private operator group. Certain corporate and licensing details referenced below relate to entities associated with that group and to the original domain rubyslots.com.

Important notice: Our Costa Rica Corporate ID and references to Curaçao authorization are corporate and payment-processing references only and do not constitute a Canadian provincial iGaming licence. Ruby Slots is not licensed by any Canadian provincial gaming authority (including iGaming Ontario, BCLC, or Loto-Québec) and operates as an offshore site targeting Canadian users.

Operator and Registration Information

Brand name: Ruby Slots (Ruby Slots version for Canadian players)
Project domain: rubyslots-ca.com
Corporate group: Virtual Casino Group (also known as VIP Lounge Group)
Corporate registration reference: Costa Rica Corporate ID No. 3-102-525732 (corporate registration only; explicitly not an iGaming licence)
Game licensing reference: Curaçao Master Licence 1668/JAZ, issued to Cyberluck Curaçao N.V., referenced indirectly via certain payment processors. As of January 2025, there is no active, verifiable, direct licence for the Ruby Slots brand under the Curaçao Gaming Control Board LOK framework.
Registered / legal address: A precise legal address for the specific operating entity of Ruby Slots is not publicly disclosed. Any reference to Costa Rica or Curaçao in this Policy relates to corporate registration or processing arrangements and not to Canadian regulation.

Because of the offshore and group-based structure, the above information is provided for transparency but does not imply that Ruby Slots is locally regulated in Canada.

Data Protection Contact

While no formal Data Protection Officer (DPO) is mandated by law for this operation, we have designated an internal team responsible for privacy and data protection matters.

Data protection contact / privacy team: Privacy & Compliance Team, Ruby Slots
Email (privacy and support): [email protected]
Email (general information and legal notices): [email protected]

You may contact us at these addresses for any questions regarding this Privacy Policy or our handling of your personal information.

What Personal Data We Collect

We collect only the personal information that is necessary to operate Ruby Slots, provide our online casino services, comply with applicable laws (including anti-money laundering and fraud-prevention requirements where applicable), and maintain the security and integrity of our operations.

Identification and Contact Data

Account and profile information: full name, date of birth, country of residence, address (where required), username, and password (stored in hashed form).
Contact details: email address, telephone number (where provided), preferred language, and communication preferences.
Verification/KYC information (where required): scanned identification documents (e.g., passport, driver's licence, national ID), proof of address documents (e.g., utility bill, bank statement), and any additional data required to verify your identity, age, and residency or to comply with anti-fraud or anti-money laundering checks.

Technical and Usage Data

Device and connection data: IP address, device identifiers, browser type and version, operating system, time zone setting, language settings, and other device characteristics.
Usage and log data: login times, session duration, pages viewed, URLs clicked, referring URLs, error logs, and other diagnostic data related to your use of the Site and services.
Geolocation indicators: coarse location derived from your IP address to determine your jurisdiction for geo-restriction, risk assessment, and compliance purposes. We do not typically collect precise GPS-based location data.

Payment and Financial Data

Transaction data: records of deposits, withdrawals, bonus redemptions, chargebacks, account balances, and payment history.
Payment method details: limited payment card or banking details as required to process your transactions (in many cases handled directly by third-party payment providers, who will process your financial data as independent or joint controllers according to their own privacy policies).
Fraud and risk information: data arising from security checks, verification processes, chargeback reports, and internal or third-party fraud screening tools.

Behavioral and Profile Data

Gameplay data: betting and wagering history, games played, bet sizes, win/loss records, jackpot participation, and game session times.
Interaction data: clicks, navigation patterns, promotions viewed or activated, features used, and responses to in-site messages or banners.
Marketing and profiling data: email open rates, link clicks, engagement with promotional campaigns, bonus opt-ins, and inferred interests based on the games you play and offers you redeem.

Communications and Customer Support Data

Support communications: messages you send to us via email (for example, to [email protected]), or other channels (if/when available), and our responses.
Complaint and dispute data: records related to complaints, disputes, and escalations, including relevant correspondence, notes, and supporting documentation.

Cookies and Similar Technologies

Cookies: small text files stored on your device that allow us to recognize your browser, remember your preferences, maintain sessions, and perform analytics and marketing activities. See "Cookies & Tracking Technologies" below for more details.
Similar technologies: web beacons, pixels, tags, and local storage used to measure campaign performance, prevent fraud, and enhance the user experience.

Where we collect personal information from third parties (such as payment providers, verification services, or affiliates), we do so only where they are lawfully permitted to share such information with us and only for the purposes described in this Privacy Policy.

Legal Basis for Processing

Because Ruby Slots targets users in multiple jurisdictions and may interact with players who are also protected by other privacy frameworks (such as the EU General Data Protection Regulation (GDPR) or comparable international standards), we rely on the following legal bases for the collection and processing of personal information:

Performance of a Contract

Account creation and management: We process your identification, contact, and account data to register you as a player, authenticate your logins, and operate your account.
Provision of gaming services: We process gameplay, transactional, and device data to provide access to casino games, accept bets, settle wagers, and pay out winnings.
Customer support: We process communication and support data to respond to your requests, answer questions, and resolve operational issues.

Compliance with Legal and Regulatory Obligations

KYC/AML obligations: Where applicable under anti-money laundering, counter-terrorist financing, fraud, or sanctions laws of relevant jurisdictions (for example, laws applying to our payment processors or corporate jurisdictions such as Curaçao or Costa Rica), we process identification, verification, transaction, and risk data.
Record-keeping and tax reporting: We may retain transaction and account data to comply with statutory retention rules, financial reporting, or audit obligations arising in our operational jurisdictions.
Responsible gambling and risk controls: We may process behavioral and transactional data to detect problematic gambling patterns and apply appropriate measures where relevant under applicable standards or our internal policies.

Legitimate Interests

Security and fraud prevention: We process device, technical, transactional, and behavioral data to secure our systems, detect and prevent fraud and abuse, enforce our Terms and Conditions, and protect our legitimate business interests, other players, and third parties.
Service improvement and analytics: We analyze aggregated and pseudonymized usage and gameplay data to improve the Site, optimize game offerings, fix bugs, and enhance user experience.
Internal business operations: We process data as necessary for internal administration, risk management, backup, and reporting, provided such processing does not unduly impact your fundamental rights and freedoms.

Consent

Marketing communications: Where required by applicable law, we send electronic marketing messages (such as promotional emails or newsletters) to you only if you have provided your consent, such as by opting in during registration or in your account settings.
Non-essential cookies and tracking: We use certain analytics, advertising, and personalization cookies, pixels, or similar technologies based on your consent, where required. You may withdraw your consent at any time, as described below.
Optional data elements: If we ask for optional information not required for your account or for legal compliance, we will process such information based on your consent.

Where we rely on consent, you may withdraw it at any time with effect for the future by following the instructions set out in this Privacy Policy (for example, adjusting cookie settings or unsubscribing from marketing emails). This will not affect the lawfulness of processing prior to withdrawal.

Purpose of Processing

We process your personal information only for specified, explicit, and legitimate purposes, and we do not use it in ways that are incompatible with those purposes.

Core Service Provision

Operating the Site and services: to allow you to register and use an account, log in securely, access games, place bets, and receive winnings.
Account administration: to manage your account settings, bonus balances, loyalty programs (if any), and responsible gambling tools.
Payments and withdrawals: to process deposits, withdrawals, payment reversals, and related financial operations.

Improvement and Optimization

Service enhancement: to understand how users interact with the Site, identify usability issues, and improve design and functionality.
Game offering optimization: to analyze which games and promotions are most popular and adjust our offerings accordingly.
Technical performance and troubleshooting: to monitor and improve the stability, performance, and security of our systems.

Marketing and Personalization

Promotional communications: to send you offers, bonuses, newsletters, and promotions tailored to your profile and preferences, subject to your consent and applicable law.
Personalized experience: to recommend games, offers, or features that may be of interest to you based on your previous activity.
Campaign measurement: to evaluate the effectiveness of our marketing efforts, affiliate campaigns, and promotional activities.

Analytics, Risk Management, and Fraud Prevention

Usage analytics: to collect aggregated statistics about site usage, bet patterns, and other metrics to guide business decisions.
Fraud and abuse detection: to identify suspicious accounts, bonus abuse, collusion, money laundering risks, or breaches of our Terms and Conditions.
Compliance monitoring: to monitor transactions and activity for compliance with applicable AML, fraud detection, sanctions, and risk management frameworks.

Legal, Regulatory, and Enforcement Purposes

Dispute resolution and claims: to investigate and resolve complaints, disputes, or legal claims involving you, us, or third parties.
Regulatory cooperation: to respond to lawful requests from regulatory or law enforcement authorities in applicable jurisdictions where we or our processors are subject to law.
Enforcement of our rights: to enforce our Terms and Conditions, protect our assets, our reputation, and the safety and security of other users.

Disclosure & Sharing

We do not sell your personal information to third parties. However, we may disclose or share personal information with carefully selected recipients as reasonably necessary for the operation of Ruby Slots, for compliance with legal obligations, or for the protection of our legitimate interests, as outlined below.

Service Providers and Partners

Payment processors and financial institutions: to process deposits, withdrawals, chargebacks, and other financial transactions. These providers will process your financial data in accordance with their own legal obligations and privacy policies.
Game and software providers: to supply and operate casino games and related platforms. Gameplay-related data (such as bets, wins, game identifiers, and session data) may be shared with such providers as necessary for technical and regulatory purposes.
IT and infrastructure providers: including hosting companies, cloud service providers, email delivery services, data analytics tools, and customer support platforms.

Professional Advisors and Corporate Affiliates

Group companies / corporate affiliates: members of the Virtual Casino Group (or similar entities) involved in the operation, support, risk management, or strategic management of Ruby Slots, subject to appropriate safeguards.
Professional advisors: lawyers, auditors, consultants, and accountants who require access to relevant data to provide their services under confidentiality obligations.

Regulatory, Government, and Law Enforcement Bodies

Regulatory authorities: gaming, financial, or data protection authorities in jurisdictions where we or our processors operate, where disclosure is required by law or necessary to demonstrate compliance (for example, Curaçao authorities in relation to AML or gaming oversight, or other offshore regulators, if applicable).
Law enforcement / public authorities: where required to comply with legal obligations, court orders, or lawful requests, or where disclosure is necessary for the establishment, exercise, or defence of legal claims.

Affiliates and Advertising Networks

Affiliate partners: to attribute traffic, measure performance, prevent abuse of affiliate programs, and pay commission, which may involve the sharing of pseudonymized identifiers, tracking information, and aggregated performance statistics.
Advertising and marketing networks: with your consent where required, we may share pseudonymized identifiers or cookie data with advertising networks, remarketing services, or marketing platforms to deliver or measure targeted advertising campaigns.

Corporate Transactions

Business transfers: In the event of a merger, acquisition, reorganization, sale of assets, or insolvency event involving the Virtual Casino Group or a relevant operating entity, your personal information may be transferred to one or more third parties as part of the transaction, subject to confidentiality and applicable law.

Whenever we share personal information with third parties, we require them to implement appropriate technical and organizational measures to protect the data and to process it only to the extent necessary for the relevant purpose, in accordance with applicable laws and, where required, under written data-processing agreements or equivalent safeguards.

International Transfers

Ruby Slots operates on an offshore basis, and many of our key service providers and partners are located outside of Canada, including in jurisdictions such as Costa Rica, Curaçao, the United States, and member states of the European Economic Area (EEA). As a result, your personal information may be transferred to and processed in countries that may have different data protection laws than those in your home jurisdiction.

Destinations of Data Transfers

Corporate and operational jurisdictions: Costa Rica and Curaçao, in connection with corporate administration, payment processing, risk management, and compliance obligations associated with our corporate and licensing arrangements.
Technology and infrastructure locations: the United States, EEA, or other countries where our hosting, cloud, or technology providers maintain servers and infrastructure.
Support and service locations: other jurisdictions where customer support, marketing, analytics, or professional service providers are located.

Safeguards for International Transfers

Contractual safeguards: Where required, we enter into contracts with our service providers and partners that include standard data protection clauses or equivalent contractual safeguards designed to protect your personal information.
Security measures: Transfers are accompanied by robust technical and organizational security measures, including encryption, access controls, and minimization practices, to reduce risks of unauthorized access, disclosure, or misuse.
Risk assessment: We conduct reasonable due diligence on key third parties to evaluate their security posture and data protection practices.

By using the Site and providing us with your personal information, you acknowledge that your data may be processed in countries outside of Canada and consent to such transfers where required by law. In all cases, we take steps designed to ensure that your information receives a level of protection consistent with this Privacy Policy.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, regulatory, or reporting requirements, resolving disputes, and enforcing our rights.

Retention Periods by Category

Account and identification data: typically retained for the duration of your active account and, after account closure, for a period of up to five (5) years, unless a longer period is required by applicable law or necessary due to ongoing disputes, investigations, or regulatory requests.
Transaction and payment data: retained for at least five (5) years from the date of the relevant transaction or account closure (whichever is later), to satisfy potential anti-money laundering, financial reporting, and legal retention obligations applicable in relevant jurisdictions.
Gameplay and behavioral data: retained for the duration of the account and a subsequent period of up to five (5) years after closure, in a manner aligned with risk management, fraud prevention, and dispute resolution needs. Where possible, data may be anonymized or pseudonymized earlier for analytics purposes.
Communications and support records: retained for up to three (3) years from the date of the last communication, or longer where necessary to resolve disputes or comply with legal obligations.
Marketing data: retained until you withdraw your consent, opt out of marketing communications, or your account is closed, plus a short additional period (typically up to twelve (12) months) to record and implement your opt-out request.

Deletion and Anonymization

Deletion upon request: Subject to applicable legal and regulatory constraints, we will delete or de-identify your personal information when you request erasure and when continued retention is no longer legally required or justified.
End of purpose: We will either delete or anonymize personal information when it is no longer needed for the specific purposes for which it was collected, provided that we are not required to retain it by law or for legitimate business needs (such as defending legal claims).
Backups: Copies of your personal information may persist in backup archives for a limited period, after which they are overwritten or destroyed according to our backup and disaster recovery policies.

Your Rights

Although Ruby Slots operates on an offshore basis and is not subject to a single comprehensive Canadian federal privacy statute for gambling services, we strive to align our privacy practices with recognized international data protection standards, including the EU General Data Protection Regulation (GDPR) and, where relevant, comparable principles found in other frameworks such as Mexican data protection regulations. Depending on your jurisdiction and applicable law, you may have some or all of the rights described below.

Access and Portability

Right of access: You may request confirmation as to whether we process your personal information and obtain a copy of such information, along with information about how we process it.
Right to data portability (where applicable): You may request that we provide you with certain personal information you have provided to us in a structured, commonly used, and machine-readable format, and you may ask us to transmit that data to another controller where technically feasible.

Correction and Deletion

Right to rectification: You may request correction of inaccurate or incomplete personal information. Where possible, you should update your account details directly in your profile settings.
Right to erasure ("right to be forgotten"): You may request deletion of your personal information where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (and no other legal basis applies), or where you believe we have processed it unlawfully. We may need to retain certain data where required by law (e.g., AML, tax, or regulatory obligations) or where necessary to establish, exercise, or defend legal claims.

Restriction and Objection

Right to restriction of processing: You may request that we restrict the processing of your personal information in certain circumstances, for example, while we verify its accuracy or assess an objection you have raised.
Right to object: You may object, on grounds relating to your particular situation, to the processing of your personal information where we rely on legitimate interests. We will stop such processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is required for legal claims.
Right to object to direct marketing: You may opt out of direct marketing at any time, including profiling related to such marketing. Where you object, we will no longer process your information for marketing purposes.

Consent Management

Withdrawal of consent: Where we rely on your consent (for example, for certain marketing communications or use of non-essential cookies), you may withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal but may limit your access to certain features.

Exercising Your Rights and Timeframes

How to submit a request: You may submit requests regarding your privacy rights by contacting us at [email protected] or [email protected]. Please clearly state your identity and the nature of your request.
Verification: For your protection, we may need to verify your identity before fulfilling your request, which may involve asking for additional information or documentation.
Response timeframe: We aim to respond to all legitimate requests without undue delay and, in any event, within thirty (30) days of receipt. If your request is particularly complex or we have received numerous requests, we may extend this period as allowed by applicable law and will inform you of any such extension.
Cost: We will not charge a fee for processing reasonable requests. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, repetitive, or excessive, to the extent permitted by applicable law.

Important jurisdictional note: The precise scope and enforceability of the above rights may vary depending on which privacy laws apply to our processing of your personal information. While we seek to honor these rights as a matter of policy, this Privacy Policy does not create rights that exceed or conflict with those granted under applicable law.

Cookies & Tracking Technologies

We use cookies and similar tracking technologies on Ruby Slots to provide, secure, and improve our services, to remember your preferences, and to deliver personalized content and marketing where permitted.

Types of Cookies We Use

Session cookies: Temporary cookies that are deleted when you close your browser. They are used to maintain your session, keep you logged in while you navigate the Site, and manage temporary selections or transactions.
Persistent cookies: Cookies that remain on your device for a set period or until you delete them. They help us remember your preferences (e.g., language, display settings), and recognize you when you return to the Site.
First-party cookies: Cookies set directly by rubyslots-ca.com, typically for essential and functional purposes, such as session management and preference storage.
Third-party cookies: Cookies set by other domains, such as analytics providers, advertising networks, or affiliate partners, used to perform analytics, track campaign performance, or deliver targeted adverts, subject to your consent where required.

Purposes of Cookies

Strictly necessary / functional: Required for the proper functioning of the Site, including letting you navigate pages, access secure areas, use account features, process transactions, and maintain session security.
Analytics and performance: Used to collect aggregated information about how visitors use the Site (e.g., which pages are visited most, error messages received) to improve performance and user experience.
Advertising and targeting: Used to track your browsing habits across sessions and, in some cases, across websites, in order to provide targeted advertising, limit the frequency of ads, and measure campaign effectiveness. These cookies are typically set by third-party networks and are used only with your consent where required.

Managing Cookies

Browser settings: Most web browsers allow you to control cookies through their settings, including blocking or deleting cookies. Refer to your browser's help section for instructions. Please note that disabling certain cookies, especially strictly necessary ones, may affect the availability or functionality of parts of the Site.
In-site tools (where available): If we provide a cookie banner or preferences panel, you can use it to manage your choices regarding non-essential cookies (such as analytics or advertising cookies).
Third-party opt-outs: Some third-party analytics and advertising providers offer their own opt-out mechanisms, which you can use in addition to the controls described above.

Data Security

We take the security of your personal information seriously and implement a range of technical and organizational measures designed to protect it against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Technical Security Measures

Encryption in transit: Data transmitted between your browser and our servers is protected using Transport Layer Security (TLS) version 1.2 or higher, helping prevent interception or tampering during transmission.
Encryption at rest: Where feasible and appropriate, sensitive data is encrypted or otherwise protected at rest using industry-standard encryption algorithms and secure key management practices.
Access controls: Access to personal information is restricted to authorized personnel and service providers who require the information to perform their duties, using authentication measures such as strong passwords, role-based access control, and, where appropriate, multi-factor authentication.
Secure development practices: Our systems and applications are developed and maintained with security in mind, including patch management, vulnerability monitoring, and change control procedures.

Organizational and Procedural Measures

Policies and training: Staff who handle personal information are subject to confidentiality obligations and receive training on data protection, information security, and responsible handling of user data.
Security audits and assessments: We periodically review and assess our security controls and may engage external providers to conduct security testing or audits, where appropriate.
Incident response: We maintain incident response procedures designed to detect, investigate, and respond to potential data breaches or security incidents in a timely manner. Where required by applicable law, we will notify affected individuals and/or relevant authorities of a data breach without undue delay.

While we strive to implement appropriate and commercially reasonable safeguards, no system can be guaranteed to be 100% secure. You are responsible for maintaining the confidentiality of your login credentials and for using appropriate security measures on your own devices. You should notify us immediately at [email protected] if you suspect any unauthorized access to your account.

Complaints & Contacts

If you have any questions, concerns, or complaints regarding this Privacy Policy or our handling of your personal information, you may contact us using the details below.

Contacting Ruby Slots

Email (privacy and support): [email protected]
Email (general and legal inquiries): [email protected]
Website: https://rubyslots-ca.com

As an offshore operation, we do not currently provide a dedicated postal address or telephone number for Canadian users. All privacy-related communications should be submitted via email.

Internal Complaint Procedure

Submission: Send a detailed description of your concern or complaint to [email protected] or [email protected], indicating that your message relates to "Privacy" or "Data Protection".
Acknowledgment: We will acknowledge receipt of your complaint as soon as reasonably practicable, typically within five (5) business days.
Investigation: Our Privacy & Compliance Team will review your complaint, may request additional information if necessary, and will investigate the matter, including liaising with relevant internal teams or service providers.
Response: We aim to provide you with a substantive response, including our findings and any corrective actions taken or proposed, within thirty (30) days of receiving all relevant information.
Further steps: If you are not satisfied with our response, you may contact us again with additional details, and we will reassess your complaint where appropriate.

Escalation to Supervisory Authorities

Because Ruby Slots is operated from offshore jurisdictions and is not directly regulated by Canadian provincial gaming authorities, there may not be a single supervisory authority with jurisdiction over all aspects of our operations. However:

If you are located in a jurisdiction with a competent data protection authority (for example, an EU member state under GDPR or another country with a comparable framework), you may have the right to lodge a complaint with that authority regarding our data processing activities that fall under its remit.
If our processing is subject to data protection rules in any of our corporate or service-provider jurisdictions (such as Curaçao, EU/EEA states where our processors operate, or other territories), you may also be able to seek recourse through the relevant local authority, according to that authority's rules and procedures.

We encourage you to contact us first so that we can attempt to resolve your concerns directly and promptly.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will take reasonable steps to notify users and give them an opportunity to review the updated Policy.

Notification Methods

On-site notices: We may display a prominent notice or banner on the Site informing you of significant changes to this Privacy Policy.
Email communication: Where appropriate and where we have your current email address (for example, for registered players), we may send you an email summarizing key changes and linking to the updated Policy.
Account dashboard alerts (where available): We may display notifications within your account area drawing attention to material updates.

Effective Date and Version Control

Last updated: January 2026
Versioning: Each update of this Privacy Policy will be accompanied by an updated "Last updated" date. In cases of material change, we may keep a summary of key modifications or a brief changelog accessible for reference.

Advance Notice and User Choices

Advance notice for material changes: Where feasible and where changes are material (for example, involving new purposes of processing, new categories of recipients, or substantially different data practices), we will aim to provide at least thirty (30) days' advance notice before the changes take effect.
Right to object or close account: If you do not agree with the updated Policy, you may choose to stop using the Site and request closure of your account. Continued use of the Site after the effective date of any changes will be deemed acceptance of the updated Policy to the extent permitted by applicable law.

If you have any questions about the current version of this Privacy Policy, please contact us at [email protected] or [email protected].