Lucky Days Casino — Privacy & Data Protection Analysis
By Robert J. Williams – Updated June 2026
Lucky Days Casino launched in 2019 and operates in Canada under three regulatory frameworks simultaneously: AGCO and iGaming Ontario licensing for Ontario players (obtained October 2022), Kahnawake Gaming Commission licensing for players in other provinces, and Curaçao Gaming Commission international licensing. Operated by L7 Entertainment Limited (a Malta-based company) under the Raging Rhino N.V. trading name, Lucky Days’s privacy framework is shaped by this multi-jurisdiction reality. Ontario players are covered by the most demanding layer — the AGCO/iGaming Ontario framework with its provincial enforcement mechanisms — while players in other provinces benefit from the KGC’s established standards alongside Canada’s federal PIPEDA. This guide explains what the combination means for the personal data you share when you play.
About the author
My name is Robert J. Williams. I’m a Full Professor in the Faculty of Health Sciences at the University of Lethbridge in Alberta, and a Research Coordinator with the Alberta Gambling Research Institute, a position I’ve held since joining the university in 2001. A clinical psychologist by training, I spent the first 15 years of my career as a regional psychologist for northern Manitoba before transitioning to academic research. For over two decades, my research has centred on gambling — particularly internet gambling, the prevention of problem gambling, the socioeconomic impacts of gambling, and the assessment of problem gambling prevalence across Canadian populations. I’ve received over $7 million in research funding, provide consultation to government and industry, and gave a public lecture on gambling’s structure and scale in Lethbridge in March 2026. I write independently, without commercial arrangements with any operator I cover.
Regulatory stack: three frameworks, one Canadian player
The privacy framework at Lucky Days is more layered than most platforms in this review series because of the dual-licensed structure covering both Ontario and non-Ontario players.
| Framework | Who it covers | Key privacy obligations |
|---|---|---|
| AGCO / iGaming Ontario | Ontario players (19+) | Mandatory data handling as provincial licensing conditions, iGaming Ontario dispute arbitration |
| Kahnawake Gaming Commission | Non-Ontario Canadian provinces | KGC established oversight standards |
| Curaçao Gaming Commission | International and overlay licensing | Baseline offshore data standards |
| PIPEDA | All Canadian players | Federal privacy rights regardless of province |
| PCI DSS certification | All players | Payment card data security standard |
The PCI DSS certification is worth naming specifically because it’s a privacy protection distinct from gambling regulation. PCI DSS (Payment Card Industry Data Security Standard) governs how payment card data is stored, processed, and transmitted, applying independently of any gambling licence. Lucky Days’s PCI DSS certification means its payment data handling meets an internationally recognised security standard that casino-specific licences don’t automatically require.
What data does Lucky Days Casino collect?
Data provided directly at registration and throughout account activity:
| Category | Specific data points |
|---|---|
| Identity data | Full legal name, date of birth (19+ Ontario, applicable minimums elsewhere) |
| Contact data | Email address, residential address, phone number |
| Verification data | Government-issued photo ID and supporting documents for KYC |
| Financial data | Payment method details across Interac, Visa, Mastercard, iDebit, InstaDebit, MuchBetter, Neosurf, Payz, Paysafecard, bank transfer |
| Account preferences | Welcome bonus opt-in status, responsible gambling settings |
| Support communications | Customer support interaction records across available contact channels |
Data collected automatically during platform use, by contrast, shifts the picture from identity to behaviour — including the geolocation checks that Ontario’s framework specifically requires:
| Category | Specific data points |
|---|---|
| Technical data | IP address, device type, browser, operating system |
| Geolocation data | Ontario physical presence confirmation at every login (AGCO-mandated) |
| Behavioural data | Games played across the 2,150-plus Ontario library or 4,200-plus international library, session duration, bet sizes |
| Bonus tracking data | Welcome package wagering progress toward 30x requirement across three deposit stages |
| RNG audit data | Game outcome records maintained for iTechLabs certification compliance |
| Cookie data | Navigation patterns, lobby engagement, promotional content interaction |
The geolocation data category applies specifically to Ontario players because of the AGCO’s mandatory requirement for physical presence confirmation at every login — not just at registration. This means Lucky Days maintains a session-by-session record of location confirmations for Ontario accounts, a continuous data collection rather than a one-time verification, which produces more comprehensive geolocation data than platforms that only check location at signup. The payment method breadth is also worth noting from a privacy standpoint: with 10 documented deposit methods, Lucky Days holds payment data across a wider range of financial infrastructure types than many platforms, from PCI DSS-covered card data to e-wallet credentials to bank transfer details, each carrying its own data protection standards.
How Lucky Days uses your data
Lucky Days processes Canadian player data for:
- Account creation, authentication, and multi-licence KYC compliance — across AGCO, KGC, and Curaçao frameworks as applicable
- CAD payment processing — across 10 documented banking methods, with PCI DSS certification covering card transactions specifically
- Geolocation confirmation — at every login for Ontario players under AGCO requirements
- iTechLabs RNG certification support — and ongoing game fairness auditing
- Responsible gambling tool administration — for Ontario players, including deposit limits, loss limits, and session controls
- iGaming Ontario dispute resolution support
- Welcome bonus administration — across the three-deposit structure and 100 free spin drip delivery
- Customer support provision
- Marketing communications with consent — subject to AGCO advertising restrictions for Ontario players
The welcome bonus administration generates a specific type of player data worth understanding: Lucky Days tracks wagering progress toward the 30x requirement across three deposit stages, meaning the platform maintains a detailed record of how a player’s bonus activity relates to their overall betting behaviour during the bonus period. This data is necessary for legitimate bonus management, but it also means Lucky Days holds a particularly granular record of play patterns during the most commercially sensitive period of a new player’s relationship with the platform.
Third-party data sharing: who else sees your information?
The dual-operator structure and multi-licence reality mean Lucky Days shares data with a defined set of outside parties, each receiving only the information they need to perform their specific role.
| Third party | Purpose | Notes |
|---|---|---|
| L7 Entertainment Limited group | Shared Malta-based operational infrastructure | Parent company |
| Raging Rhino N.V. | Global operational management | Trading name operator |
| Payment processors | CAD transactions across 10 documented methods | PCI DSS-governed for card data |
| iTechLabs | RNG certification and audit records | Independent testing body |
| AGCO / iGaming Ontario | Ontario regulatory reporting and dispute arbitration | Ontario players |
| Kahnawake Gaming Commission | Non-Ontario Canadian regulatory reporting | Non-Ontario players |
| Analytics providers | Platform performance and player experience data | May be consented |
| Marketing platforms | Promotional communications with consent | AGCO restrictions for Ontario |
The dual-operator structure (L7 Entertainment Limited as the legal entity, Raging Rhino N.V. as the global operator) creates a specific data sharing dynamic: some operational infrastructure is shared between the Malta-registered parent and the N.V. operating entity. Canadian player data may flow between these entities as part of normal platform operation, subject to the privacy protections applicable under their respective licensing frameworks and PIPEDA’s requirements for cross-border data transfers involving Canadian residents.
Security infrastructure protecting your data
Lucky Days uses SSL encryption alongside its PCI DSS certification, covering both general platform security and the more specific payment card data security standard that banking regulators apply independently of gambling oversight. The platform has been described by one reviewer as scoring 4.7 on licence and security metrics, placing it in the top tier of similarly rated casinos.
From a practical standpoint for players, this security infrastructure means: SSL protects data in transit between your browser and the platform, PCI DSS governs how card payment data is stored and handled, and the iTechLabs RNG certification ensures game outcome integrity rather than data security specifically — but these three elements together represent the most auditable security framework at Lucky Days.
Your rights under PIPEDA, and Ontario players’ additional iGaming pathway
Under PIPEDA, all Canadian players at Lucky Days retain:
- Right of access: to personal information held about them
- Right to correction: of inaccurate data
- Right to withdraw marketing consent: at any time
- Right to know: what third parties have received their data
- Right to complain: to the Office of the Privacy Commissioner of Canada
Ontario players additionally have access to iGaming Ontario’s dispute arbitration for complaints with a gambling-specific dimension, and the AGCO’s regulatory oversight adds an enforcement layer that operates faster and with more provincial authority than a federal privacy complaint process alone. This dual-pathway for Ontario players — PIPEDA for general data privacy, iGaming Ontario for gambling-specific data disputes — is one of the practical benefits of Lucky Days’s AGCO licensing that players in other provinces don’t have equivalent access to.
