Contents
- 1. Introduction
- 2. Legal Basis (NPC / DPA)
- 3. Data We Collect
- 4. How We Collect Data
- 5. Why We Use Your Data
- 6. Data Sharing
- 7. Cookies & Tracking
- 8. Data Retention
- 9. Data Security
- 10. Your Rights
- 11. Children's Privacy
- 12. International Transfers
- 13. Marketing & Opt-Out
- 14. Policy Changes
- 15. Contact & DPO
Introduction
phphone Casino ("phphone", "we", "us", "our") is committed to protecting the personal information of all registered users and visitors to the phphone Platform at phphone.org. This Privacy Policy describes the types of personal data we collect, the purposes for which we process that data, the parties with whom we may share it, the measures we take to keep it secure, and the rights available to you as a data subject under Philippine law.
This Privacy Policy applies to all personal data collected through: (a) the phphone Casino website at phphone.org; (b) the account registration and phphone Login process; (c) deposit, withdrawal, and gameplay activities; (d) communications with phphone's customer support team; and (e) any promotional or loyalty programme participation on the phphone Platform.
By creating an Account on phphone or by continuing to use the Platform after the effective date of this Policy, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein. If you do not agree with any part of this Policy, you must stop using the phphone Platform and contact support to close your account.
phphone collects personal data to operate your account, verify your identity, process GCash and bank payments, and keep the platform safe. We do not sell your data to anyone. You have legal rights over your data and can contact us at any time to exercise them.
Legal Basis — Philippine Data Privacy Act
phphone's collection and processing of personal data is governed by the Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), and its implementing rules and regulations as administered by the National Privacy Commission (NPC) of the Philippines.
phphone processes your personal data on the following lawful bases, as applicable to each processing activity:
- Contractual Necessity: Processing required to fulfil the contract between phphone and you as a registered user — including account creation, game access, deposits, and withdrawal processing.
- Legal Obligation: Processing required to comply with Philippine law, including anti-money laundering (AMLA) obligations, PAGCOR-related regulatory requirements, and tax reporting duties.
- Legitimate Interest: Processing necessary for phphone's legitimate business interests — including fraud prevention, platform security, responsible gaming monitoring, and service improvement — provided these interests do not override your rights as a data subject.
- Consent: Processing based on your freely given, specific, informed, and unambiguous consent — primarily in the context of marketing communications and optional analytics features.
Personal Data We Collect
The categories of personal data collected by phphone depend on how you interact with the Platform. The following table summarises the primary data categories and their collection context:
| Data Category | Examples | Collected When |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, government ID type and number, selfie photograph | Registration & KYC |
| Contact Data | Philippine mobile number (+63), email address | Registration |
| Financial Data | GCash account reference, PayMaya reference, bank account details (BPI, BDO, Metrobank), transaction amounts and timestamps | Deposits & withdrawals |
| Gameplay Data | Game sessions, bet amounts, win/loss records, game titles played, session duration | Active play |
| Device & Technical Data | IP address, browser type and version, operating system, device type, screen resolution, time zone | Platform visits |
| Communications Data | Live chat transcripts, support email content, feedback submissions | Support interactions |
| Responsible Gaming Data | Deposit limits set, self-exclusion status, session alerts configured, responsible gaming questionnaire responses | Account settings |
| Behavioural & Analytics Data | Pages visited, click paths, feature usage patterns, session frequency | Platform navigation |
Government-issued ID numbers, financial account details, and biometric photographs submitted for KYC are classified as sensitive personal information under the Philippine Data Privacy Act. phphone applies enhanced security controls to this category of data, including restricted access, additional encryption layers, and a strict data minimisation principle — we collect only what is necessary to complete identity verification.
How We Collect Your Data
phphone collects personal data through the following channels and mechanisms:
4.1 Directly From You
- Account Registration: When you create a phphone account, you provide your mobile number, email address, chosen username, and password.
- KYC Verification: When you upload a government-issued ID and selfie to complete identity verification before your first withdrawal.
- Payment Transactions: When you initiate a GCash or bank transfer deposit or withdrawal, payment reference details are shared with phphone's payment processing partners.
- Support Communications: When you contact phphone via live chat or email, the content of those communications is recorded for service quality and compliance purposes.
4.2 Automatically During Platform Use
- Cookies and Session Data: phphone uses cookies and similar tracking technologies to maintain your login session, remember preferences, and analyse platform usage. See Section 7 for full cookie details.
- Game Servers: All gameplay activity is automatically logged by phphone's game servers for the purposes of result verification, dispute resolution, and responsible gaming monitoring.
- Device Fingerprinting: phphone collects device and browser attributes for fraud prevention and multi-account detection purposes.
4.3 From Third Parties
- Payment Processors: GCash, PayMaya, BPI, BDO, and Metrobank may share transaction confirmation data and, where applicable, account verification statuses with phphone.
- Identity Verification Services: Third-party KYC partners may provide enhanced identity verification results, including document authenticity checks, to supplement phphone's in-house verification process.
- Fraud Prevention Databases: phphone may check submitted information against fraud prevention and sanctions databases as part of its compliance obligations under Philippine law.
How We Use Your Personal Data
phphone uses personal data collected from Filipino players for the following defined purposes only:
Account & Service Delivery
- Creating, verifying, and maintaining your phphone Casino account.
- Processing deposits and withdrawals via GCash, PayMaya, and linked bank accounts.
- Providing access to all phphone Casino game categories, promotions, and loyalty features.
- Sending account notifications — including deposit confirmations, withdrawal status updates, and OTP verification codes.
Legal Compliance
- Completing KYC (Know Your Customer) age and identity verification as required for all accounts that request withdrawals.
- Meeting anti-money laundering (AMLA) monitoring obligations applicable to phphone's operation in the Philippines.
- Responding to lawful requests from Philippine law enforcement, courts, and regulatory authorities including PAGCOR and the NPC.
Security & Fraud Prevention
- Detecting and preventing multi-account registrations, fraudulent deposits, and identity fraud.
- Monitoring login activity for unusual access patterns that may indicate unauthorized account access.
- Investigating reported disputes, chargebacks, and suspected platform abuse.
Responsible Gaming
- Monitoring gameplay patterns to identify early indicators of problem gambling behaviour, consistent with phphone's responsible gaming obligations.
- Processing deposit limit requests, self-exclusion activations, and session alert configurations.
- Maintaining records of voluntary self-exclusion agreements to prevent re-registration during exclusion periods.
Platform Improvement & Analytics
- Analysing aggregated, anonymised gameplay and navigation data to improve phphone's product offering and user experience.
- Measuring the uptake and effectiveness of phphone promotions and game categories to guide future content decisions.
Data Sharing & Third Parties
phphone does not sell your personal data to any third party, at any time, under any circumstances. Personal data may, however, be shared with the following categories of third parties strictly for the purposes described:
| Recipient Category | Purpose of Sharing | Data Shared |
|---|---|---|
| Payment Processors (GCash, PayMaya, BPI, BDO, Metrobank) | Processing deposit and withdrawal transactions; verifying payment account ownership | Financial & identity data |
| KYC / Identity Verification Partners | Verifying submitted government ID documents for authenticity and age confirmation | Identity & biometric data |
| Game Content Providers (JILI, Pragmatic Play, PG Soft, etc.) | Delivering licensed game content; recording and verifying game round outcomes | Account ID, gameplay data |
| Cloud Infrastructure Providers | Hosting phphone Platform servers, databases, and backup systems | All platform data (encrypted) |
| Fraud Prevention & Risk Services | Screening accounts and transactions against fraud and sanctions databases | Identity & financial data |
| Philippine Regulatory Authorities (PAGCOR, NPC, AMLC) | Responding to lawful regulatory requests, audits, and compliance reporting | As required by law |
All third-party service providers who handle phphone user data on our behalf are required to implement data protection standards consistent with the Philippine Data Privacy Act and to use shared data solely for the contracted purpose. phphone does not permit service providers to use your data for their own independent purposes.
phphone never sells, rents, or auctions your personal data to advertisers, data brokers, or any other commercial entity. Any sharing of data is strictly limited to the operational and legal purposes described in this Policy.
Cookies & Tracking Technologies
phphone uses cookies and similar browser storage technologies to enable core platform functionality, maintain your login session, prevent fraud, and analyse platform usage. The following cookies are used on the phphone Platform:
You may manage cookie preferences through your browser settings. Disabling essential cookies will affect your ability to log in and use phphone Casino. Disabling analytics or functional cookies will not affect account access but may result in a reduced experience or loss of saved preferences.
Data Retention
phphone retains personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable Philippine law. The following retention periods apply:
- Active Account Data: Retained for the duration of your phphone account and for a minimum of five (5) years following account closure, consistent with AMLA record-keeping obligations.
- KYC Identity Documents: Retained for a minimum of five (5) years from the date of verification, as required by anti-money laundering regulations applicable in the Philippines.
- Financial Transaction Records: Retained for a minimum of five (5) years from the date of the transaction.
- Gameplay Logs: Retained for a minimum of three (3) years to facilitate dispute resolution and responsible gaming monitoring.
- Support Communications: Retained for two (2) years from the date of the last interaction, or longer if relevant to an ongoing dispute or regulatory inquiry.
- Self-Exclusion Records: Retained indefinitely for voluntary permanent exclusions, and for the duration of the exclusion period plus two (2) years for temporary exclusions, to prevent re-registration.
- Analytics Data: Anonymised analytics data may be retained indefinitely as it can no longer be linked to individual users.
Upon expiry of the applicable retention period, phphone will securely delete, anonymise, or de-identify your personal data in accordance with the requirements of the Data Privacy Act of 2012.
Data Security
phphone implements a layered set of technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, destruction, and accidental loss. Key security controls include:
- 256-bit SSL/TLS Encryption: All data transmitted between your device and phphone's servers is encrypted using industry-standard 256-bit SSL/TLS — the same encryption level used by Philippine banks and major financial institutions.
- Encryption at Rest: Sensitive personal data — including KYC documents, government ID numbers, and financial account references — is encrypted in storage using AES-256 encryption.
- Access Controls: Access to phphone user data is restricted to personnel who require it to perform their assigned function. Access is governed by role-based permissions and subject to audit logging.
- Two-Factor Authentication for Internal Systems: phphone staff accessing systems that hold user data are required to authenticate via multi-factor authentication.
- Regular Security Audits: phphone conducts regular internal and third-party security assessments of its platform and data handling practices.
- Incident Response: phphone maintains a documented data breach response procedure. In the event of a personal data breach that poses a significant risk to affected users, phphone will notify the National Privacy Commission and affected data subjects within seventy-two (72) hours of becoming aware, as required by the Data Privacy Act.
- Use a strong, unique password for your phphone account — not one shared with GCash, Gmail, or Facebook.
- Enable two-factor authentication (2FA) in your phphone account settings.
- Never share your phphone login credentials, OTP codes, or withdrawal PIN with anyone.
- Log out of phphone when using a shared or public device in an internet café or mall.
- Report any suspicious account activity immediately to phphone support.
Your Rights as a Data Subject
As a data subject under the Philippine Data Privacy Act of 2012, you are entitled to the following rights in relation to your personal data held by phphone:
To exercise any of the rights listed above, please contact phphone's Data Protection Officer at [email protected], clearly identifying yourself, the right you wish to exercise, and the specific data concerned. phphone will respond within thirty (30) calendar days of a verifiable request.
Children's Privacy
phphone Casino is strictly intended for adults aged twenty-one (21) years and above. phphone does not knowingly collect, solicit, or store personal data from any individual under the age of 21. The phphone Platform is not directed at, marketed to, or accessible to minors.
If phphone discovers or is notified that personal data has been collected from a person under 21 years of age, phphone will immediately suspend the associated account, delete all personal data collected from the minor, void any gameplay or transactions, and handle the matter in accordance with applicable Philippine law regarding underage gambling.
If you are a parent or guardian and believe that your minor child has registered on phphone or submitted personal data to the Platform, please contact phphone support immediately at [email protected] with the relevant account details so that the matter can be resolved without delay.
phphone enforces the minimum age of 21 years through mandatory KYC identity verification. Any account found to be operated by an individual under 21 will be permanently suspended, all funds forfeited, and the matter may be reported to relevant Philippine authorities. This is a non-negotiable policy aligned with PAGCOR responsible gaming standards.
International Data Transfers
phphone primarily stores and processes user data within secure data centre infrastructure. Some of phphone's third-party service providers — including certain game content providers and cloud infrastructure partners — may be located outside the Philippines. Where personal data is transferred outside of the Philippines, phphone ensures that appropriate safeguards are in place consistent with Section 21 of the Data Privacy Act and the implementing rules of the National Privacy Commission, including:
- Data processing agreements with receiving parties that impose privacy and security obligations at least equivalent to those under Philippine law.
- Transfer to jurisdictions with adequate data protection frameworks as recognised by the NPC.
- Technical controls including data encryption in transit and at rest regardless of the geographic location of processing.
phphone will only transfer personal data to the extent necessary for the contracted service purpose and will not authorise receiving parties to further transfer or sub-process the data without phphone's written approval.
Marketing Communications & Opt-Out
phphone may send marketing communications — including promotional offers, bonus announcements, and platform updates — to registered users via SMS to your Philippine mobile number and to your registered email address, where you have not opted out of such communications.
13.1 Consent Basis
Marketing communications from phphone are sent on the basis of your consent, which is collected during the account registration process. You may withdraw this consent at any time without affecting the validity of your phphone account or your access to any platform features.
13.2 How to Opt Out
To stop receiving marketing messages from phphone, you may:
- Reply STOP to any promotional SMS received from phphone.
- Use the unsubscribe link included in every promotional email.
- Adjust your communication preferences in the Notifications section of your phphone account dashboard.
- Contact phphone support at [email protected] and request removal from all marketing communications.
Opting out of marketing communications will not affect essential transactional notifications — such as deposit confirmations, withdrawal status updates, OTP codes, and account security alerts — which are sent as necessary components of operating your phphone account.
Changes to This Privacy Policy
phphone reserves the right to update or revise this Privacy Policy at any time to reflect changes in our data practices, applicable Philippine law, NPC guidance, or regulatory requirements. The "Last Updated" date at the top of this page will be revised each time the Policy is amended.
Where changes to this Privacy Policy are material — meaning they significantly affect how phphone collects or uses your personal data — phphone will provide advance notice to registered users via on-platform notification or email at least seven (7) calendar days before the revised Policy takes effect.
Your continued use of the phphone Platform after a revised Privacy Policy takes effect constitutes your acknowledgement of and agreement to the updated Policy. If you do not accept the revised terms, please cease using the Platform and contact phphone support to close your account and arrange return of any withdrawable balance.
The most current version of this Privacy Policy will always be accessible at phphone.org/privacy-policy.
Contact & Data Protection Officer
phphone has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the Philippine Data Privacy Act and this Privacy Policy. If you have any questions, concerns, or requests related to your personal data, or if you wish to exercise any of your data subject rights, please contact us through the following channels:
- Data Protection Officer — Email: [email protected] (please include "Privacy / DPO Request" in your subject line so we can prioritise your enquiry)
- Live Chat Support: Available 24 hours a day, 7 days a week via the live chat feature on the phphone Platform. For DPO-related matters, ask to escalate to the privacy team.
phphone aims to respond to all data subject requests and privacy enquiries within thirty (30) calendar days. Where a request is complex or involves a large volume of data, we may extend this period by a further thirty (30) days, in which case we will notify you of the extension and the reason for it.
If you are not satisfied with phphone's response to your privacy concern, you have the right to file a complaint directly with the National Privacy Commission (NPC) of the Philippines, the supervisory authority for data protection matters in the Philippines.