Security & Data Protection
Industry-leading security measures to protect your information
Your Security is Our Priority
At Charm Chance, we implement comprehensive security measures to protect your personal information and ensure a safe gaming environment. Our multi-layered security approach combines advanced technology with strict operational procedures.
Social Casino Security
As a social casino using virtual currency (no real-world value) only, we focus on protecting your personal data and account information - no financial transactions or real money are involved in our games.
256-bit SSL
Bank-level encryption for all data transmission
24/7 Monitoring
Continuous security monitoring and threat detection
Regular Audits
Independent security assessments and penetration testing
Compliance
Adherence to Canadian privacy and security regulations
Technical Security Measures
SSL/TLS Encryption
What It Does:
All data transmitted between your device and our servers is protected with 256-bit SSL encryption - the same level used by banks and financial institutions.
How It Protects You:
- Login credentials are encrypted during transmission
- Personal information cannot be intercepted
- Session data is protected from eavesdropping
- Man-in-the-middle attacks are prevented
How to Verify:
Look for the padlock icon in your browser's address bar and "https://" at the beginning of our URL.
Secure Server Infrastructure
What It Includes:
- Hardened Servers: Operating systems configured for maximum security
- Firewalls: Multiple layers of network protection
- Intrusion Detection: Real-time monitoring for suspicious activity
- DDoS Protection: Defense against distributed denial-of-service attacks
- Regular Updates: Automatic security patches and updates
Physical Security:
- Servers housed in secure, climate-controlled data centers
- 24/7 physical security and access controls
- Biometric access controls and surveillance
- Redundant power and network connections
Data Protection
Encryption at Rest:
All stored data is encrypted using advanced encryption standards (AES-256) to protect against unauthorized access.
Database Security:
- Encrypted database connections
- Role-based access controls
- Regular security audits and monitoring
- Automated backup and recovery systems
Data Minimization:
- We collect only necessary information
- Data is deleted when no longer needed
- Regular data retention policy reviews
- Secure data disposal procedures
Application Security
Secure Development:
- Code Reviews: All code undergoes security review
- Vulnerability Testing: Regular security scans and assessments
- Input Validation: Protection against injection attacks
- Session Management: Secure session handling and timeout
Authentication Security:
- Strong password requirements
- Account lockout protection
- Session timeout for inactive accounts
- Secure password reset procedures
Protecting Your Account
Our Account Protection
Age Verification
Strict 18+ verification process with document validation when required to ensure compliance and protect minors.
Account Monitoring
Continuous monitoring for suspicious activity, unusual login patterns, and potential security threats.
Fraud Prevention
Advanced algorithms detect and prevent fraudulent account creation and suspicious behavior patterns.
Secure Communications
All email communications include security verification and we never ask for passwords via email.
Your Role in Account Security
Strong Passwords
- Use at least 8 characters
- Include uppercase and lowercase letters
- Add numbers and special characters
- Avoid common words or personal information
- Don't reuse passwords from other sites
Safe Login Practices
- Always log out when using shared devices
- Never share your login credentials
- Check for "https://" and the padlock icon
- Avoid logging in on public Wi-Fi
- Keep your browser and device updated
Recognizing Threats
- Be wary of phishing emails
- Never click suspicious links
- Verify communications directly with us
- Report suspicious activity immediately
- Keep personal information private
Privacy Protection
Data Collection Principles
Minimal Collection
We collect only the information necessary to provide our services and comply with legal requirements.
Purpose Limitation
Personal information is used only for the specific purposes for which it was collected.
Consent-Based
We obtain clear consent before collecting or using your personal information.
Transparency
We clearly explain what information we collect and how we use it in our Privacy Policy.
Your Privacy Rights
Access Your Data
Request a copy of all personal information we hold about you.
Correct Your Data
Update or correct any inaccurate or incomplete personal information.
Delete Your Data
Request deletion of your personal information when it's no longer needed.
Data Portability
Receive your data in a structured, machine-readable format.
Withdraw Consent
Withdraw your consent for data processing at any time.
Compliance & Regular Auditing
Regulatory Compliance
PIPEDA Compliance
Full compliance with Canada's Personal Information Protection and Electronic Documents Act for privacy protection.
Gaming Regulations
Adherence to AGCO, BCLC, and AGLC security and operational requirements for social casino operations.
Industry Standards
Implementation of ISO 27001 security management principles and best practices.
Data Protection
Following international data protection standards and privacy-by-design principles.
Security Auditing Process
Quarterly Internal Audits
Comprehensive internal security reviews covering all systems, processes, and procedures.
Annual External Audits
Independent third-party security assessments and penetration testing by certified professionals.
Continuous Monitoring
Real-time security monitoring, threat detection, and automated vulnerability scanning.
Remediation & Improvement
Immediate action on identified issues and continuous improvement of security measures.
Security Incident Response
Our Response Plan
In the unlikely event of a security incident, we have a comprehensive response plan to protect your information and minimize any impact.
Immediate Detection
24/7 monitoring systems detect potential security incidents within minutes of occurrence.
Rapid Response
Our security team is alerted immediately and begins containment procedures within 15 minutes.
Assessment & Containment
We quickly assess the scope of the incident and implement measures to prevent further impact.
User Notification
If your data is affected, we'll notify you within 72 hours with details and recommended actions.
Recovery & Prevention
We restore normal operations and implement additional safeguards to prevent similar incidents.
What You Should Do
If You Suspect a Security Issue:
- Change your password immediately
- Contact our support team right away
- Monitor your account for unusual activity
- Don't share your concerns publicly
If We Notify You of an Incident:
- Follow our recommended actions promptly
- Update your password and security settings
- Review your account activity carefully
- Contact us if you have questions
Security Best Practices
Password Security
Create Strong Passwords
- Use a unique password for your Charm Chance account
- Include a mix of letters, numbers, and symbols
- Make it at least 12 characters long
- Avoid personal information or common words
Password Management
- Consider using a reputable password manager
- Never write passwords down in unsecure locations
- Don't share passwords with anyone
- Change passwords if you suspect compromise
Safe Browsing
Verify Our Website
- Always type "charmchance.com" directly
- Look for the SSL padlock icon
- Bookmark our official website
- Be wary of suspicious links in emails
Device Security
- Keep your browser and device updated
- Use reputable antivirus software
- Avoid public Wi-Fi for account access
- Log out completely when finished
Phishing Protection
Recognize Phishing Attempts
- We never ask for passwords via email
- Suspicious emails often have poor grammar
- Urgent requests for information are red flags
- Verify communications by contacting us directly
What to Do
- Don't click suspicious links
- Forward phishing emails to our security team
- Report suspicious activity immediately
- When in doubt, contact our support team
Security Questions or Concerns?
Our security team is available 24/7 to address any security-related questions or concerns you may have.
Security Team
Email: help@charmchance.com
Subject Line: "Security Inquiry"
Response Time: Within 4 hours for security issues
Report Security Issues
Email: help@charmchance.com
Subject Line: "URGENT - Security Issue"
Response Time: Within 1 hour for urgent security matters
Remember
- Never share your login credentials with anyone
- We will never ask for your password via email
- Report suspicious activity immediately
- Keep your contact information up to date