Privacy Policy

This Privacy Policy explains how Silver Oak Casino, operated through the website silveroakbet-ca.com (the "Website"), collects, uses, discloses, and protects personal information of players and Website visitors located in Canada. It applies to all individuals who access or use the Website, create an account, participate in games, promotions, or communications, or otherwise interact with our services. By using the Website, you acknowledge that you have read and understood this Privacy Policy. The effective date of this Privacy Policy is 1 January 2026.

Who We Are

For the purposes of this Privacy Policy, the data controller responsible for the processing of your personal information in connection with the Website is:

Operator: Ace Revenue Group (trading as "Silver Oak Casino" for the Canadian-facing brand Silver Oak Casino)
Registered corporate ID (Costa Rica): 3-102-646282
Operator jurisdiction: Costa Rica (business registry only, not a gambling regulatory license)

The operator is an offshore, privately held entity with a business registration in Costa Rica and no verifiable active iGaming license from Canadian or tier-1 gambling regulators. Services are offered to Canadian residents on a cross-border/offshore basis.

Because the corporate legal address and mailing address are not publicly specified in the source data, formal written correspondence related to privacy should be directed electronically in the first instance.

Data Protection Contact / DPO Function
For all questions, requests, or complaints relating to privacy or this Privacy Policy, you may contact our data protection contact point:

Email: [email protected] (primary contact for privacy and general matters)

When you contact us, please include your name, account username (if applicable), and a clear description of your request so we can identify you and respond efficiently.

What Personal Data We Collect

Account and Identification Data

Profile information: full name, date of birth, country of residence, address (where requested), email address, and telephone number.
Account credentials: username, encrypted password, security questions and answers (if implemented).
KYC / verification data: copies or data extracted from identity documents, proof of address, and other verification materials you provide for age, identity, and anti-fraud checks.

Technical and Usage Data

Technical identifiers: IP address, device identifiers, browser type, operating system, language settings, referring URLs, and approximate geolocation derived from IP.
Log data: access dates and times, pages viewed, clicks, session duration, login and logout times, error logs, and interaction with customer support.
Device and network information: hardware model, device settings, connection type, and related diagnostic information used to secure and optimize the Website.

Payment and Financial Data

Payment transaction data: deposits, wagers, bonuses, withdrawals, and related timestamps, methods, and status.
Payment instrument data: limited card or payment wallet details (such as masked card number, card type, expiry date) processed through payment partners. We do not store full card numbers or CVV codes on our servers where our payment processors provide tokenization.
Financial verification data: documents or records to confirm ownership of payment instruments or sources of funds where required by risk management or compliance processes.

Behavioral and Gaming Data

Gaming history: games played, session length, stakes, wins and losses, bonuses claimed, and wagering progress.
Interaction data: clicks on banners, use of promotional codes, participation in tournaments or loyalty programs, and response to marketing campaigns.
Risk and responsible play indicators: patterns of play that may suggest risky behavior, self-exclusions or cooling-off requests, deposit limits, and similar controls you activate.

Communications Data

Support and correspondence: records of emails, live chats, or other messages exchanged with customer support or our data protection contact.
Preferences: marketing and communication preferences, language choices, and consent records (including opt-ins and opt-outs).

Cookies and Similar Technologies

Cookies: small text files stored on your device to recognize your browser, maintain sessions, and remember preferences.
Tracking technologies: web beacons, pixels, tags, scripts, and similar technologies used for analytics, security monitoring, and advertising (where permitted by law and your settings).
Cookie-derived data: unique identifiers, timestamps, pages visited, referral sources, and interactions with marketing materials.

Where required by applicable law, certain categories of data (for example, precise behavioral profiling or marketing cookies) will only be collected with your explicit consent.

Legal Basis for Processing

Although Silver Oak Casino is operated offshore, we structure our privacy practices with reference to established data protection principles, including those reflected in Canadian privacy laws and, by analogy, GDPR-style standards. Depending on the context, we rely on one or more of the following legal bases:

Performance of a Contract

Account creation and management: we process your identification, contact, and account data to register you, authenticate logins, and manage your player account.
Provision of gaming services: we process gaming, payment, and technical data to provide games, process bets, manage balances, and pay winnings.
Customer support: we use your contact and communications data to respond to your inquiries, complaints, and requests and to resolve operational issues.

Compliance with Legal or Regulatory Obligations

Age and identity verification: we process KYC data to help ensure users are legally permitted to gamble in their jurisdiction and to mitigate fraud and abuse.
Recordkeeping and reporting: we may be required to maintain transaction records and verification documentation for a specified period under applicable business, tax, or anti-money-laundering style obligations existing in our jurisdiction.
Enforcement and cooperation: we may process and share data to comply with lawful requests from competent authorities to which we are subject, to enforce our Terms and Conditions, or to establish, exercise, or defend legal claims.

Legitimate Interests

Fraud prevention and security: we process technical, behavioral, and payment-related data to detect and prevent fraud, unauthorized access, money laundering patterns, bonus abuse, and other harmful activities.
Service improvement and analytics: we analyze aggregated and pseudonymized data to understand performance, detect errors, and enhance games, user experience, and Website functionality.
Business operations: we process data as reasonably necessary to manage our business, internal governance, audits, and risk management, provided such interests are not overridden by your privacy interests.

Consent

Marketing communications: we send promotional emails, SMS, or push notifications about offers, bonuses, and new games only where you have given consent where required, or where you have not objected to receiving such communications as permitted by applicable anti-spam rules.
Cookies and tracking for advertising: we place non-essential cookies or similar technologies on your device and use data for targeted advertising only where you have provided consent through our cookie banner or settings (where such mechanisms are available).
Special categories or additional uses: where we seek to process your information for a purpose materially different from those described in this Policy, we will request your explicit consent where required.

You may withdraw your consent at any time (see "Your Rights" below). Withdrawal does not affect processing that has already occurred lawfully on the basis of consent before withdrawal.

Purpose of Processing

Provision and Management of Casino Services

Service delivery: to register accounts, authenticate users, host and operate games, record wagers, calculate and credit winnings, and administer promotions and loyalty schemes.
Payment processing: to process deposits and withdrawals, verify payment instruments, and maintain accurate balance and transaction histories.
Customer support: to provide assistance, investigate complaints, and respond to questions via email or other channels.

Safety, Integrity, and Compliance

Fraud and abuse prevention: to detect suspicious activity, multiple accounts, chargebacks, collusion, or exploitation of technical vulnerabilities.
Security: to protect the Website, our infrastructure, and your account from hacking, unauthorized access, or other security incidents.
Legal and risk management: to comply with recordkeeping, business, and tax-related requirements applicable to our operations, and to manage disputes or legal claims.

Improvement and Analytics

Performance analytics: to understand how the Website and games are used, identify popular content, and assess the effectiveness of promotions.
User experience optimization: to tailor content, interface design, and product features to user preferences and technical environments.
Research and development: to develop new games, features, and offerings based on aggregated and pseudonymized data trends.

Marketing and Personalization

Direct marketing: to provide information about bonuses, tournaments, promotions, and products that may be of interest, subject to your marketing preferences and applicable anti-spam laws.
Segmentation and profiling: to group players based on activity, preferences, and risk profiles, so that bonuses and communications can be more relevant and to encourage responsible play.
Advertising campaigns: to measure and improve the performance of advertising and acquisition campaigns in cooperation with affiliates and advertising networks, where permitted.

Disclosure & Sharing

Service Providers and Technical Partners

Payment processors and banks: to process deposits, withdrawals, and refunds. These partners receive necessary payment and identification data to complete transactions and perform fraud checks.
IT and hosting providers: to host our servers, store data securely, provide cloud services, and maintain IT infrastructure.
Game and software providers: where third-party game content or platforms are integrated, certain technical or gaming data may be shared as necessary to run the games and ensure fairness and security.
Analytics and security vendors: to analyze Website traffic, monitor performance, and detect fraudulent or malicious behavior.

Affiliates and Marketing Partners

Affiliate partners: to track the performance of affiliate marketing campaigns and to attribute referrals properly. Shared data is typically limited to identifiers and aggregated performance metrics.
Advertising networks: where you have consented to marketing cookies or equivalent tracking, we may share pseudonymized identifiers and event data to enable targeted or retargeted advertising.

Group and Corporate Structure

Parent and related entities: within Ace Revenue Group and its associated brands (such as other sister casinos), personal data may be shared for centralized customer support, payment processing, risk management, and consolidated reporting, subject to appropriate safeguards.
Business transfers: in the event of a merger, acquisition, reorganization, or sale of all or part of our assets, your personal data may be transferred to the relevant successor entity, subject to this Privacy Policy or an equivalent that provides at least the same level of protection.

Regulators, Authorities, and Legal Recipients

Public authorities: we may disclose data when required to comply with applicable laws, regulations, court orders, or lawful requests by public authorities to which we are subject.
Legal advisors and enforcement: we may share data with lawyers, auditors, or other professional advisors where necessary to protect our rights, pursue claims, or defend against legal actions.
Fraud and enforcement networks: in cases of proven or suspected fraud, money laundering, or other unlawful behavior, we may share limited relevant information with banks, payment providers, or other operators for the purpose of investigation and prevention.

Disclosure with Your Consent

Where you explicitly consent to a specific disclosure not covered above, we will share your data in accordance with that consent, which you may withdraw at any time.

We do not sell your personal information in the sense of transferring it to third parties in exchange for monetary consideration for their independent marketing purposes.

International Transfers

Silver Oak Casino and the Website silveroakbet-ca.com are operated by an entity registered in Costa Rica and rely on infrastructure and service providers that may be located in multiple countries.

Locations of Processing

Primary processing location: Costa Rica (business registry jurisdiction of Ace Revenue Group).
Additional locations: data may be processed or stored on servers located in other countries, such as in the European Economic Area (EEA), the United States, or other regions where our hosting, payment, security, and analytics providers operate.

Protection Measures for Cross-Border Transfers

Contractual safeguards: where feasible, we enter into contractual arrangements with service providers and partners that require them to protect personal data in a manner consistent with this Privacy Policy and applicable data protection principles.
Technical safeguards: we use encryption, access controls, and data minimization practices to reduce the risks associated with international transfers.
Risk-based approach: because our operator is registered in Costa Rica and not subject to Canadian federal or provincial gambling licensing regimes, we evaluate and mitigate cross-border transfer risks as part of our general risk management framework, while recognizing that some protections may differ from those in your home jurisdiction.

By using the Website and providing your personal information, you understand that your data may be transferred to and processed in countries that may have different data protection laws than those in Canada. Where local law requires your explicit consent for such transfers, we will rely on your continued use of the services after clear notice of this Policy as an indication of that consent, in addition to any specific consent prompts you may receive.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including for the purposes of satisfying legal, accounting, and business requirements. Retention periods are determined based on the type of data, the purposes for which it is processed, and applicable legal or regulatory obligations in our operating jurisdictions.

Standard Retention Periods

Account and profile data: generally retained for the lifetime of your account and for up to five (5) years after account closure or your last interaction, whichever is later, unless a longer period is necessary for dispute resolution or legal obligations.
KYC and verification documents: typically retained for up to five (5) years after your account is closed or after the last transaction requiring verification, subject to any longer retention that may be required or reasonably justified by applicable law or risk management needs.
Payment and transaction records: retained for at least five (5) years from the date of the relevant transaction, or longer where needed for accounting, tax, chargeback, or dispute purposes.
Gaming and behavioral data: detailed logs may be retained for up to five (5) years after account closure in order to investigate disputes, detect fraud patterns, and comply with business recordkeeping obligations. Aggregated or anonymized data may be retained indefinitely.
Marketing and consent records: retained for as long as you remain subscribed to marketing communications and for up to three (3) years thereafter to demonstrate compliance with consent and opt-out requirements.
Support communications: retained for up to five (5) years after resolution of the relevant query or complaint, depending on the nature of the matter.

Deletion and Anonymization Criteria

End of purpose: when data is no longer needed for the purposes for which it was collected and there is no legal or business necessity to retain it, we will delete or effectively anonymize it.
User requests: where you validly exercise your right to erasure or objection (subject to applicable limitations), we will delete or anonymize your data accordingly.
Security and backup cycles: data stored in system backups may be retained for longer periods, but will be isolated from routine processing and securely destroyed in accordance with our backup and disaster recovery schedules.

Your Rights

As a user in Canada, you benefit from privacy protections under applicable Canadian privacy laws. In addition, Silver Oak Casino aligns many of its practices with rights concepts reflected in frameworks such as the EU General Data Protection Regulation (GDPR), even though we are not established in the EU, and with comparable principles used in other jurisdictions. While references in this section are not a statement that all such regimes apply directly, we intend to provide a clear and rights-respecting framework.

Key Rights You May Exercise

Right of access: you may request confirmation of whether we hold personal data about you and obtain a copy of such data, along with information about how we process it.
Right to rectification: you may request correction of inaccurate personal data and completion of incomplete data. You can correct many details directly in your account settings.
Right to erasure (deletion): you may request that we delete your personal data, particularly where it is no longer necessary for the original purposes, you have withdrawn consent (where consent was the basis), or you believe the processing is unlawful. We may need to retain certain data where required by law, for dispute resolution, or for legitimate business purposes.
Right to restriction of processing: you may request that we limit processing of your data in certain circumstances, for example while we verify accuracy or assess an objection you have raised.
Right to object: you may object to processing based on our legitimate interests, including profiling related to such interests. We will stop processing unless we can demonstrate compelling legitimate grounds or the processing is required for legal claims.
Right to data portability: where technically feasible and required by law, you may request that we provide you with certain personal data in a structured, commonly used, and machine-readable format, or transmit it to another service provider at your request.
Right to withdraw consent: where processing is based on your consent (for example, marketing or certain cookies), you may withdraw that consent at any time. We will then cease processing for that purpose, without affecting prior lawful processing.
Right to opt out of marketing: you may opt out of receiving marketing emails or SMS at any time by using the unsubscribe link in our communications or by contacting us.

How to Exercise Your Rights

Submit your request: send an email to [email protected] from the email address associated with your account, clearly stating:
- your full name and username;
- the right you wish to exercise (e.g., access, rectification, deletion); and
- any relevant details that will help us locate your data (e.g., approximate registration date).
Identity verification: for your protection, we may request additional information or documentation to verify your identity before acting on your request, especially for sensitive rights such as access or deletion.
Response timeframe: we aim to respond to all valid requests within thirty (30) days of receipt. If your request is complex or we receive multiple requests from you, we may extend this period by a reasonable additional time, in which case we will inform you of the extension and reasons.
Fees: we process rights requests free of charge. However, where allowed by law, we may charge a reasonable fee or decline to act on requests that are manifestly unfounded, repetitive, or excessive.

Nothing in this section limits any rights you may have under applicable Canadian federal or provincial privacy laws. Our references to other regimes (such as GDPR-style rights) are for alignment and clarity and do not create additional enforcement rights beyond those recognized by relevant law.

Cookies & Tracking Technologies

Types of Cookies We Use

Strictly necessary cookies (session cookies): required for the Website to function, for example to maintain your login session, process bets, and ensure page navigation. These are typically stored only for the duration of your session.
Functional cookies (persistent cookies): used to remember your preferences (such as language or region), keep you logged in between sessions where you choose this option, and enhance basic functionality. These cookies may remain on your device for a defined period.
Analytics cookies: used to collect aggregated information about how visitors use the Website (pages visited, error messages, performance metrics) to help us improve functionality and user experience.
Advertising and tracking cookies (third-party): set by us or by third-party partners (such as affiliate networks or advertising platforms) to measure campaign performance, prevent fraud, and, where permitted, deliver more relevant advertising based on your interactions with the Website.

Purposes of Cookies and Tracking

Security and integrity: to detect irregular or suspicious behavior (e.g., multiple logins from different locations) and protect accounts.
Performance monitoring: to understand how the Website performs across devices and networks and to identify and fix technical issues.
User experience: to provide customized content, remember preferences, and streamline navigation.
Marketing and analytics: to analyze the effectiveness of campaigns and, where allowed, tailor marketing content to user segments.

Managing Cookies

Browser settings: most browsers allow you to view, delete, or block cookies, and to set preferences for different websites. Please refer to your browser's help section for instructions. Blocking certain cookies may affect the functionality of the Website.
Internal settings (where available): if the Website offers a cookie banner or settings panel, you can adjust your preferences for non-essential cookies (such as analytics or advertising) through that interface.
Third-party opt-outs: some analytics and advertising providers offer their own opt-out mechanisms. Where relevant, we may provide links to these mechanisms in our cookie information or within this Privacy Policy.

By continuing to use the Website without adjusting your browser or internal cookie settings, you consent to the placement and use of cookies as described in this section, to the extent permitted by applicable law.

Data Security

We take the security of your personal data seriously and implement a combination of technical, organizational, and procedural measures designed to protect it against unauthorized or unlawful access, loss, alteration, or destruction. While no system can be guaranteed as completely secure, we continuously work to reduce risks and follow industry-aligned practices suitable for an online gaming environment.

Technical Measures

Encryption in transit: data transmitted between your browser and our servers is protected using Transport Layer Security (TLS) version 1.2 or higher, helping to prevent interception and tampering.
Encryption at rest (where implemented): sensitive data elements are stored using encryption or other strong protection mechanisms to reduce the impact of unauthorized access.
Access controls: system access is granted on a need-to-know basis, with authentication controls to limit access to authorized personnel and systems only.
Network security: use of firewalls, intrusion detection or prevention systems, rate limiting, and other controls to protect against common attack vectors.

Organizational and Procedural Measures

Staff training: employees and contractors with access to personal data receive training on data protection, confidentiality, and security responsibilities.
Policies and procedures: internal policies govern how personal data is handled, including classification, retention, and incident response procedures.
Vendor due diligence: we perform reasonable checks on key service providers (such as hosting and payment processors) to ensure they maintain appropriate security measures.
Monitoring and audits: we regularly monitor systems and, where appropriate, conduct internal reviews and assessments of security controls.

Incident Response

Detection and containment: we aim to detect unusual or unauthorized activities promptly and to contain potential incidents through technical and organizational measures.
Investigation and remediation: when an incident is identified, we investigate, mitigate any adverse effects, and take steps to prevent recurrence.
Notification: where required by applicable law and where a data breach is likely to result in a significant risk to your rights or interests, we will notify you and, where applicable, relevant authorities as soon as reasonably practicable, providing information on what occurred and recommended protective steps.

While we strive for high security standards and may be inspired by recognized frameworks such as ISO 27001 or SOC 2, Silver Oak Casino does not claim formal certification under any specific standard unless explicitly stated on the Website.

Complaints & Contacts

Contacting Us

If you have questions, concerns, or complaints about this Privacy Policy or our handling of your personal data, you should contact us in the first instance so that we can attempt to resolve the matter directly.

Email (primary channel): [email protected]

Internal Complaint Procedure

Submit your complaint: send a detailed description of your concern, including relevant dates, communications, and any supporting documents, to [email protected].
Acknowledgment: we aim to acknowledge receipt of your complaint within five (5) business days.
Investigation: your complaint will be reviewed by our data protection contact and, where necessary, by other relevant departments (e.g., security, customer support, payments).
Response: we will provide a substantive response, including our findings and any proposed resolution, within thirty (30) days of receiving your complaint, unless the matter is particularly complex, in which case we will inform you of any delay and the reasons for it.
Further steps: if you are not satisfied with our response, you may request that we escalate the matter internally for further review.

Escalation to Supervisory or Public Authorities

Because Silver Oak Casino is operated by an offshore entity registered in Costa Rica and does not hold a Canadian provincial iGaming license, there may not be a dedicated gambling regulator in Canada responsible for this Website. However, you may still have recourse to general privacy or consumer protection regulators in your jurisdiction.

Canada (federal): you may contact the Office of the Privacy Commissioner of Canada (OPC) concerning possible violations of federal private-sector privacy obligations:
- Office of the Privacy Commissioner of Canada
  Website: https://www.priv.gc.ca
Provincial privacy commissioners: depending on your province of residence, you may have additional rights to complain to a provincial privacy commissioner or ombudsman.

Where you are located in another jurisdiction, you may have the right to lodge a complaint with your local data protection or consumer authority. The availability and scope of such recourse will depend on your local laws and the extent to which they apply to offshore operators.

Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the end of this Policy and, where appropriate, provide additional notice.

Notification Methods

On-site notice: by posting the updated Privacy Policy on silveroakbet-ca.com with a revised "Last updated" date.
Email notifications: where you have an active account and where the changes are material, we may send an email to the address associated with your account summarizing the key updates.
Account dashboard or banners: we may display notices or banners upon login or on key pages to inform you of significant changes.

Material Changes and Advance Notice

Advance notice: for changes that materially affect your rights or the way we process your personal data, we will, where practicable, provide at least thirty (30) days' advance notice before the new terms take effect.
Your options: if you do not agree with the updated Privacy Policy, you may choose to stop using the Website and request account closure and, where applicable, deletion or restriction of your personal data in accordance with this Policy.
Continued use: your continued use of the Website after the effective date of any updated Privacy Policy will constitute your acknowledgment of the changes, to the extent permitted by law.

Last updated: January 2026