burger icon
Calupoh Сasino
Log In

Privacy Policy

Observe: This Privacy Policy explains how calupoh at https://calupoh-ca.com collects, uses, shares, and protects personal information. Expand: It applies to players and website/app visitors in Canada who access or use our services, including account creation, gameplay, payments, support, and marketing. Reflect: By using our services, you acknowledge this Policy. Effective date: October 2025.

Who We Are

Observe: Identification of the data controller and contact channels. Expand: calupoh services offered on calupoh-ca.com are operated by CALUPOH eSports S. de R.L. de C.V., a Mexican company that operates under a Mexican gaming permit framework. Reflect: We provide dedicated privacy contact routes and will update this section as further corporate coordinates are published.

  • Operator (company name): CALUPOH eSports S. de R.L. de C.V.
  • Permit context (Mexico): Operates under the Mexican permitting ecosystem; permit holder: Espectáculos Deportivos de Cancún, S.A. de C.V.; permit number DGAJS/SCEVF/P-1327 Y S/N/91; issuing authority: Secretaría de Gobernación (SEGOB), Dirección General de Juegos y Sorteos; status: Permit in force (as of 2025-10). Verification: http://www.juegosysorteos.gob.mx/
  • Registered/Legal address: Mexico (full legal address to be published in this Policy when available).
  • Website for Canada: https://calupoh-ca.com
  • Data Protection point of contact: Data Protection Department, CALUPOH eSports S. de R.L. de C.V. Contact us via the Contact/Support link on https://calupoh-ca.com with the subject "Privacy Request - Canada".

Regional compliance note (Canada): We act as an organization under Canada's federal PIPEDA (and, where applicable, substantially similar provincial laws in Quebec, British Columbia, or Alberta). We also align with Mexico's LFPDPPP where relevant to our operations.

What Personal Data We Collect

Observe: We collect information necessary to deliver and improve our services and meet legal obligations. Expand: Data categories include identifiers, technical telemetry, payments, KYC/AML, and behavioral data. Reflect: Collection is minimized to what is reasonable and proportionate for Canadian users.

  • Identity and contact: Full name, date of birth, address, email, phone, government-issued IDs or verification data (for KYC/age checks).
  • Account and interaction: Username, preferences, communication history, support tickets, marketing consents.
  • Technical and usage: IP address, device/browser info, operating system, language, time zone, session identifiers, error logs, performance data.
  • Location: Approximate location from IP or device settings, where permitted, to comply with geographic restrictions and fraud controls.
  • Payment and financial: Deposits/withdrawals, masked card details or tokenized payment references, bank/processor identifiers, transaction timestamps; chargeback data.
  • Behavioral and gameplay: Betting/wager history, stakes, wins/losses, game events, clicks, page views, referral sources, A/B testing tags.
  • Compliance/KYC-AML: Sanctions screening results, risk scores, adverse media flags, source-of-funds documentation where required by law.
  • Cookies and similar tech: Session/persistent cookies, SDKs, pixels, local storage, and device identifiers for functionality, analytics, and-where consented-advertising.

Legal Basis for Processing

Observe: Canadian privacy law emphasizes consent and reasonable purposes; cross-border operations may invoke additional bases. Expand: Our grounds depend on the activity and jurisdiction. Reflect: We rely on the following:

  • Consent (PIPEDA/CASL): We obtain express or implied consent for the collection, use, and disclosure of personal information, including opt-in consent for commercial electronic messages under CASL. You may withdraw consent at any time subject to legal/contractual limits and reasonable notice.
  • Performance of a contract/Requested service: To register and administer your account, verify age/eligibility, process payments, deliver games, provide support, and fulfill withdrawals.
  • Reasonable purposes (PIPEDA s.5(3)) / Legitimate interests (for non-Canadian contexts): Fraud prevention, security, service integrity, internal analytics, improving features. We assess impacts and implement safeguards to protect your interests.
  • Legal obligations: KYC/AML screening, recordkeeping, reporting to competent authorities, responding to lawful requests, enforcing terms, and safeguarding platform integrity.

Purpose of Processing

Observe: We articulate why data is used. Expand: Purposes must be specific, informed, and reasonable. Reflect: We use personal data to:

  • Provide and operate services: Account setup, gameplay, payments, customer support, geolocation checks, age/identity verification.
  • Improve and personalize: Diagnostics, UX optimization, feature development, A/B testing, content personalization within consent boundaries.
  • Marketing (with consent): Email/SMS/push campaigns, offers, bonuses, surveys, and referral programs; you can opt out anytime.
  • Analytics and measurement: Understanding engagement and performance to maintain service quality and security.
  • Security and fraud prevention: Monitoring, risk scoring, bot detection, chargeback management, incident response, and regulatory compliance.

Disclosure & Sharing

Observe: Disclosures occur for operations and compliance. Expand: We limit sharing to what is necessary and apply contractual safeguards. Reflect: We may disclose to:

  • Payment partners and banks: To process deposits/withdrawals, verify transactions, and prevent fraud.
  • Service providers (processors): Cloud hosting, security vendors, analytics, customer support tools, KYC/AML vendors-bound by confidentiality and data-processing terms.
  • Regulators and law enforcement: To comply with applicable laws, lawful requests, audits, or to protect rights, users, and integrity of services.
  • Affiliates within our group: For consolidated operations, support, or compliance, under appropriate intra-group agreements.
  • Advertising and social platforms: Only where permitted by law and your consent/preferences; identifiers may be hashed or pseudonymized where possible.
  • Business transactions: In mergers, acquisitions, or financing, subject to confidentiality and continued protection of personal data.

International Transfers

Observe: Data may be processed outside your province or Canada. Expand: Typical locations include Mexico (operational base), the United States (cloud/analytics), and other jurisdictions of service providers. Reflect: We implement safeguards to ensure a comparable level of protection.

  • Safeguards: Contractual protections (including Standard Contractual Clauses where applicable), transfer assessments (including Quebec Law 25 privacy impact assessments for cross-border disclosures), encryption in transit/at rest, and access controls.
  • Vendor frameworks: Where relevant, we prefer vendors adhering to recognized frameworks (e.g., EU Standard Contractual Clauses; for U.S. vendors, participation in the EU-U.S. Data Privacy Framework, where certified).
  • Notice: Foreign authorities may lawfully access data according to local laws. We assess risks and minimize data shared.

Data Retention

Observe: Retention must be limited to what is necessary. Expand: Durations vary by category and legal mandates. Reflect: We apply the following baseline periods (subject to extension for investigations, disputes, or statutory requirements):

  • Account and identity records: Up to 5 years after account closure.
  • KYC/AML and transaction records: Typically 5 years from the date of the transaction or the end of the relationship (to align with Canadian AML requirements).
  • Gameplay and behavioral logs: 24 months rolling, unless needed longer for fraud/security or legal claims.
  • Technical logs and telemetry: 12-24 months, aggregated or anonymized thereafter where feasible.
  • Marketing data: Until you withdraw consent or after 24 months of inactivity, whichever comes first, unless a longer period is allowed/required.
  • Cookies: Session cookies expire on logout/close; persistent cookies typically 6-24 months (see Cookie section).

Deletion criteria include: completion of purpose, expiry of retention period, successful anonymization, or a verified deletion request where no overriding legal basis applies.

Your Rights

Observe: Canadian users have rights under PIPEDA; we align with Mexico's LFPDPPP (ARCO rights) and, where relevant, GDPR-like controls. Expand: Rights are subject to legal exceptions (e.g., AML recordkeeping, fraud prevention). Reflect: You may:

  • Access: Request confirmation and access to your personal information and to information about our use/disclosure.
  • Correction/Rectification: Request correction of inaccurate or incomplete data.
  • Deletion/Cancellation: Request deletion where data is no longer necessary, consent is withdrawn, or processing is unlawful; we may retain where legally required (e.g., AML).
  • Restriction/Opposition: Ask us to limit certain uses (e.g., marketing) or object to uses not necessary for service delivery or legal compliance.
  • Portability (where feasible): Obtain a copy in a commonly used format, subject to technical and legal limits.
  • Consent withdrawal: Opt out of marketing and revoke consents at any time, without affecting prior lawful processing.

How to exercise: Submit a request via the Contact/Support link on https://calupoh-ca.com with the subject "Privacy Request - Canada." We may request information to verify your identity and authority. We respond within 30 days (or inform you of any permissible extension) and generally free of charge (cost-recovery fees may apply where allowed by law). If we decline a request, we will explain why and your options to challenge our decision.

Regulatory references: PIPEDA; provincial private-sector privacy laws (Quebec Law 25, BC PIPA, AB PIPA); Mexico LFPDPPP (ARCO: Access, Rectification, Cancellation, Opposition). GDPR-style rights are honored where legally applicable.

Cookies & Tracking Technologies

Observe: Cookies enable functionality and insights. Expand: We categorize them and provide control options. Reflect: Your choices may affect site performance.

  • Session cookies: Essential for login, security, and navigation; expire when you close the browser.
  • Persistent cookies: Remember preferences, improve load times, and support analytics; typical lifespan 6-24 months.
  • Third-party cookies/SDKs: Analytics, performance, and (with consent) advertising/attribution pixels from approved partners.

Purposes: Functional (required), analytics (usage measurement), and advertising (personalized or contextual, where consented). You can manage cookies via your browser settings and, where offered, our on-site cookie banner/preferences panel. Disabling certain cookies may limit functionality.

Data Security

Observe: Security safeguards must match the sensitivity of data. Expand: We apply layered, risk-based controls. Reflect: While no system is perfectly secure, we strive for industry-leading protections.

  • Encryption: TLS 1.2+ for data in transit; strong encryption for sensitive data at rest.
  • Access controls: Role-based access, least privilege, MFA for administrative access, secrets management.
  • Monitoring and testing: Vulnerability management, security logging, periodic penetration tests, and third-party risk assessments.
  • Governance: Security policies, employee training, background checks where permitted, incident response runbooks.
  • Standards alignment: We align our program with recognized frameworks (e.g., ISO/IEC 27001 controls). Certain vendors maintain SOC 2 Type II or ISO certifications.
  • Breach response (Canada): We assess and, where required by PIPEDA, notify affected individuals and the Office of the Privacy Commissioner of Canada (and keep records of all breaches) when there is a real risk of significant harm.

Complaints & Contacts

Observe: Clear escalation paths are required. Expand: We provide internal and regulator channels. Reflect: We aim to resolve issues promptly and transparently.

  • Contact calupoh (primary): Use the Contact/Support link on https://calupoh-ca.com, addressed to "Data Protection Department - Canada". Include your name, contact details, and request description.
  • Process: We acknowledge within 7 days, may seek verification/details, and aim to resolve within 30 days (extensions communicated where permitted).
  • Escalation - Canada (OPC): Office of the Privacy Commissioner of Canada, https://www.priv.gc.ca/en, Toll-free: 1‑800‑282‑1376, Complaint guidance: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/guide_org/
  • Escalation - Mexico (LFPDPPP): Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI), https://home.inai.org.mx/ and https://www.datospersonales.org.mx/
  • EEA residents (where applicable): You may contact your local Data Protection Authority. List: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Updates

Observe: Policies evolve as services and laws change. Expand: We provide transparent notices and versioning. Reflect: Material changes include new data uses, new categories of recipients, or expanded profiling.

  • Notifications: We will notify you of significant updates via email (where available), in-account alerts, and/or prominent website banners.
  • Advance notice: For material changes, at least 30 days' notice before the change becomes effective, unless required sooner by law or to address security/compliance needs.
  • Your options: Review changes, adjust preferences, withdraw marketing consent, or close your account if you do not agree (subject to outstanding obligations).
  • Version control: Last updated: October 2025. We maintain a changelog summarizing material updates upon request.

If any provision of this Policy conflicts with applicable Canadian law, the law prevails, and we will adapt our practices accordingly.