By Michael J.A. Wohl
Ruby Fortune Casino has been operating since 2003 — over twenty years of collecting player data across what is now a triple-licensed platform serving Canadian players in every province, including Ontario. Owned by Baytree Interactive Limited, registered in Guernsey, Ruby Fortune holds licences from the Kahnawake Gaming Commission, the Malta Gaming Authority, and the AGCO. Each of these frameworks carries its own data handling expectations, and the combination — particularly the AGCO and MGA elements — gives Ruby Fortune a more demanding privacy compliance profile than many KGC-only platforms in this market.
The regulatory framework for Ruby Fortune’s privacy practices
| Privacy framework | Relevance to Ruby Fortune’s Canadian players |
|---|---|
| PIPEDA (Canadian federal law) | Applies to all Canadian players regardless of province |
| Ontario FIPPA via AGCO | Applies to Ontario players specifically |
| GDPR via MGA licence | Shapes group-wide data infrastructure standards |
| KGC requirements | Applies to non-Ontario players |
For Canadian players, this combination is genuinely favourable compared to KGC-only platforms. The MGA’s GDPR-aligned requirements mean Ruby Fortune’s underlying data infrastructure is built to a standard that exceeds what PIPEDA alone would require — even though GDPR doesn’t apply directly to Canadian players, the platform-wide systems built to satisfy it benefit everyone using the platform.
What data Ruby Fortune collects from Canadian players
Data provided directly:
| Category | Specific data points |
|---|---|
| Identity data | Full legal name, date of birth, nationality |
| Contact data | Home address, email, phone number |
| Verification data | Government-issued photo ID, proof of address — required for withdrawals over CA$2,000 |
| Financial data | Card details, e-wallet credentials, CA$ transaction history |
| Account preferences | Loyalty program settings, marketing consent (email and SMS), responsible gambling settings |
Data collected automatically:
| Category | Specific data points |
|---|---|
| Technical data | IP address, device type, browser, operating system |
| Behavioural data | Games played, session duration, bet sizes, win/loss records |
| Loyalty program data | Points earned, tier status across the six-tier program from Blue to Privé |
| Bonus tracking data | Wagering progress on welcome and ongoing bonuses |
| Location data | IP-based geolocation for jurisdictional verification across KGC and AGCO regions |
| Communication data | Live chat transcripts, email and SMS records |
| Cookie data | Session authentication, analytics, marketing tracking |
The CA$2,000 withdrawal verification threshold is a specific data point worth knowing in advance: players approaching or exceeding this amount in a withdrawal should expect to provide identification documents as part of standard KYC, and proactively having these ready avoids delays.
Third parties who may receive your data
| Third party category | Purpose | Notes |
|---|---|---|
| Baytree Interactive Limited group entities | Shared operational infrastructure with Spin Casino, JackpotCity | Common ownership group |
| Payment processors | CA$ transaction processing | Visa, Mastercard, Interac, e-wallets |
| Identity verification providers | KYC for withdrawals over CA$2,000 | Third-party document checks |
| Regulatory authorities | KGC, MGA, AGCO compliance reporting | Three licensing bodies |
| Evolution Gaming | Live dealer game operation | Session data for live tables |
| eCOGRA | Game and platform auditing | Independent certification |
| Marketing platforms | Email and SMS campaign delivery | Consented communications only |
Your rights as a Canadian player
- Right of access — request all data Ruby Fortune holds about you
- Right to correction — request updates to inaccurate personal information
- Right to withdraw consent — separately for email and SMS marketing
- Right to complain — file with the Office of the Privacy Commissioner of Canada or iGaming Ontario
- Right to account closure — subject to regulatory retention obligations
