Security & Data Protection
Independent affiliate review — this covers both site-level security (ours) and operator-level security (theirs). 19+ where applicable (18+ in Alberta, Manitoba and Quebec).
Security on a gambling review site breaks into two different questions, and readers often conflate them. First: what does this site (northstar-bet.ca, an independent affiliate review) do with the small amount of data it touches? Second: what does the operator, NorthStar Bets, do with the sensitive data — identity, payments, deposits — you hand over once you sign up? We don’t run the sportsbook and we never see your KYC file, deposit history or card numbers. The operator does. Below, we split the two layers cleanly so you know who’s responsible for what. For the product overview, see our NorthStar Bets deep-dive or jump to payment methods.
How this site handles your data
What we actually have on you is limited, and the safeguards match that scope:
- HTTPS everywhere. Every connection to northstar-bet.ca runs over TLS. There is no plain-HTTP fallback.
- Cookies. A small set for site function and aggregated analytics. Full breakdown in our Cookie Policy.
- Aggregated analytics only. We look at page-level trends (which reviews get read, which links get clicked) — not individual profiles.
- We do NOT hold gambling data. No deposits, no player accounts, no ID documents, no payment details, no bet history. That data lives with the operator, not with us.
- PIPEDA framework. Under Canada’s Personal Information Protection and Electronic Documents Act, we handle any personal information as described in our Privacy Policy.
How the operator handles your data
NorthStar Bets is licensed by the Kahnawake Gaming Commission (KGC), licence No. 00930, and operates under Conseil des Abénakis de Wôlinak. As a KGC-licensed operator working with Canadian players, it is expected to run a fairly standard security stack for the category:
- HTTPS and TLS across the sign-up, deposit and withdrawal flows.
- Encryption of user credentials at rest — standard practice for licensed operators; we can’t inspect their database, but this is the baseline the KGC licence framework assumes.
- Segregated player funds — a KGC licence condition, meaning your balance is held separately from the operator’s working capital.
- KYC records stored in line with AML retention rules.
- FINTRAC guidelines applied to financial data handling, as they apply to licensed gambling businesses.
The important point: the operator owns its own security architecture. We can describe what a KGC-licensed book is expected to do; we can’t audit their servers. For the KYC/AML side in more detail, see KYC & AML.
Payment security
The payment layer inherits security from the rails themselves, not just from the operator:
- Interac e-Transfer runs on bank-grade authentication. You authorise the transfer inside your own bank’s app or portal, and the operator never touches your banking credentials.
- Visa and Mastercard deposits go through 3D Secure (Verified by Visa / Mastercard Identity Check), adding a second-factor step at your card issuer.
- Card number storage. Licensed operators typically tokenize card data rather than storing full PANs. That’s the industry norm; treat any book that asks you to email a card photo as an immediate red flag.
Account safety — what YOU can do
Most account compromises in this vertical are on the player side, not the operator side. Practical hygiene:
- Use a strong, unique password for the operator account — not the same one you use for email.
- Enable 2FA the moment the operator offers it.
- Do not share account credentials with anyone — not a “betting group,” not a family member, not support staff who ask.
- Log out after sessions on shared or public devices.
- Review your transaction history regularly and flag anything you don’t recognise.
Recognising phishing & fraud
Phishing around Canadian gambling brands has been rising. Typical tells: URLs that look almost-right but aren’t the operator’s official domain; emails asking you to “confirm your password” via a link; messages claiming you’ve won and need to “send a verification fee” to release funds. A legitimate operator will never ask for your password, and no licensed book charges a fee to release your own winnings. If in doubt, ignore the email, open the operator’s site by typing the URL directly, and check your account from there.
Data breaches
If you suspect your operator account or personal data has been compromised:
- Change your operator password immediately.
- Contact the operator’s support and ask them to freeze account activity while they investigate.
- You can escalate to the Kahnawake Gaming Commission at gamingcommission.ca — the KGC handles player-side disputes with licensees.
- For a privacy incident involving this site (northstar-bet.ca), see our Privacy Policy for how to reach the site owner.
Reporting security issues
If you’ve found a vulnerability on northstar-bet.ca itself — a broken link that leaks data, a misconfigured header, anything similar — reach us through the site owner (contact route described in the Privacy Policy). For issues on the operator’s site or app, use their in-product support channel; we can’t action operator-side bugs.
Regulatory oversight
Two bodies matter here. The Kahnawake Gaming Commission audits its licensees periodically, requires segregated player funds, and provides a dispute route for players. FINTRAC oversees the AML side that applies to the operator as a licensed gambling business. On the privacy side, PIPEDA is the federal framework that governs how personal information is handled; it applies to us as a Canadian-facing site, and to the operator’s Canadian data handling as well. None of these guarantee that nothing bad will ever happen. They set the baseline everyone has to meet, and give you somewhere to go when it isn’t met.