phpiso Privacy Policy

1. Introduction

phpiso is an online gaming platform built for Filipino players, offering a range of real-money games including W Live, Lucky Dice, Caishen Fishing, Genie's 3 Wishes, Bingo, Rooster Rumble, and Mines. As an operator serving players across the Philippines — from Manila and Makati to Cebu, Davao, and Quezon City — phpiso is committed to handling your personal data with the same care and transparency we bring to every other aspect of our platform.

This Policy is issued in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines and its Implementing Rules and Regulations. phpiso acts as the personal information controller in respect of the data described in this Policy.

This Policy should be read together with the phpiso Terms & Conditions, which govern your use of the platform as a whole.

2. Personal Data We Collect

phpiso collects the following categories of personal data from registered Players and platform visitors:

Category	Examples	Required?
Identity Data	Full name, date of birth, government-issued ID number	Yes – for account verification
Contact Data	Email address, mobile number	Yes – for account communication
Financial Data	GCash number, PayMaya number, bank account details (BPI, BDO, Metrobank)	Yes – for deposits and withdrawals
Transaction Data	Deposit history, withdrawal history, game wager records, win/loss records	Yes – for regulatory compliance
Technical Data	IP address, device type, browser type, operating system, session data	Automatic – collected on platform access
Usage Data	Pages visited, games played, session duration, click patterns	Automatic – collected on platform use
Communications Data	Support chat transcripts, email correspondence with phpiso	When you contact us

phpiso does not collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, or health data, except where specifically required for responsible gaming purposes (e.g., self-exclusion requests that reference a health condition).

3. How We Collect Your Data

phpiso collects personal data through the following means:

• Direct collection: Information you provide when registering an account, completing identity verification, making deposits or withdrawals, or contacting phpiso support.
• Automated collection: Technical and usage data collected automatically when you access the phpiso platform, through cookies, server logs, and similar technologies.
• Third-party sources: Identity verification data from government ID databases or third-party verification service providers engaged by phpiso for KYC (Know Your Customer) compliance purposes.
• Payment providers: Transaction confirmation data from GCash, PayMaya, BPI, BDO, and Metrobank when you make deposits or withdrawals.

4. How We Use Your Personal Data

phpiso uses your personal data for the following purposes:

• Account management: To create, maintain, and administer your phpiso account, including processing your registration and verifying your identity and age.
• Service delivery: To provide access to phpiso games, process deposits and withdrawals, and deliver the core gaming experience.
• Regulatory compliance: To comply with PAGCOR regulations, anti-money laundering (AML) obligations, and the requirements of the Data Privacy Act of 2012.
• Fraud prevention and security: To detect, investigate, and prevent fraudulent activity, unauthorized account access, and other security threats to the phpiso platform.
• Responsible gaming: To monitor gaming behavior for signs of problem gambling and to administer self-exclusion, deposit limits, and other responsible gaming tools.
• Customer support: To respond to your inquiries, resolve disputes, and provide technical assistance.
• Platform improvement: To analyze usage patterns and improve the phpiso platform, game offerings, and user experience.
• Communications: To send you account-related notifications, security alerts, and — where you have consented — promotional communications about phpiso offers and new games.

5. Legal Basis for Processing

phpiso processes your personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual necessity: Processing required to fulfill our obligations under the phpiso Terms & Conditions, including account creation, game access, and payment processing.
• Legal obligation: Processing required to comply with applicable Philippine laws and regulations, including PAGCOR licensing requirements, AML obligations, and tax reporting duties.
• Legitimate interests: Processing necessary for phpiso's legitimate business interests, including fraud prevention, platform security, and service improvement, where such interests are not overridden by your data protection rights.
• Consent: Processing based on your freely given, specific, and informed consent, including the sending of promotional communications. You may withdraw consent at any time by contacting phpiso support.

6. Data Sharing & Disclosure

6.1 No Sale of Data. phpiso does not sell, rent, or trade your personal data to any third party for marketing or commercial purposes.

6.2 Service Providers. phpiso may share your personal data with trusted third-party service providers who assist in operating the phpiso platform, including payment processors (GCash, PayMaya, BPI, BDO, Metrobank), identity verification providers, cloud hosting providers, and customer support platforms. All such providers are contractually bound to process your data only on phpiso's instructions and in accordance with applicable data protection law.

6.3 Regulatory Authorities. phpiso may disclose your personal data to PAGCOR, the National Privacy Commission, the Anti-Money Laundering Council (AMLC), or other competent Philippine government authorities where required by law, court order, or regulatory directive.

6.4 Business Transfers. In the event of a merger, acquisition, or sale of all or substantially all of phpiso's assets, your personal data may be transferred to the acquiring entity. phpiso will notify affected Players via email or platform notice prior to any such transfer.

6.5 With Your Consent. phpiso may share your data with other third parties where you have given explicit prior consent to such sharing.

7. Data Retention

7.1 phpiso retains your personal data for as long as your account remains active and for a period thereafter as required by applicable law and regulation. The following retention periods apply as a general guide:

• Account and identity data: Retained for the duration of your account and for a minimum of five (5) years following account closure, in accordance with PAGCOR and AML regulatory requirements.
• Transaction and financial data: Retained for a minimum of five (5) years from the date of the transaction, as required by Philippine AML regulations.
• Technical and usage data: Retained for up to two (2) years from collection, unless required for longer periods for security or fraud investigation purposes.
• Support communications: Retained for three (3) years from the date of the communication.

7.2 Upon expiry of the applicable retention period, phpiso will securely delete or anonymize your personal data in accordance with its data disposal procedures.

8. Data Security

8.1 phpiso implements appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure. These measures include:

• Transport Layer Security (TLS) encryption for all data transmitted between your device and the phpiso platform;
• Encryption of sensitive data at rest, including financial data and government ID information;
• Role-based access controls limiting phpiso staff access to personal data on a need-to-know basis;
• Regular security assessments and penetration testing of the phpiso platform;
• Multi-factor authentication requirements for phpiso administrative systems.

8.2 Data Breach Notification. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, phpiso will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, and will notify affected Players without undue delay where the breach is likely to result in a high risk to their rights.

8.3 While phpiso takes all reasonable steps to protect your data, no online platform can guarantee absolute security. You are responsible for maintaining the security of your phpiso account credentials and for notifying phpiso immediately if you suspect unauthorized access to your account.

9. Cookies & Tracking Technologies

9.1 phpiso uses cookies and similar tracking technologies (including web beacons and local storage) to operate and improve the platform. The following categories of cookies are used:

• Strictly necessary cookies: Essential for the phpiso platform to function. These include session authentication cookies and security tokens. These cookies cannot be disabled.
• Functional cookies: Used to remember your preferences, such as language settings and game display options, to provide a more personalized experience.
• Analytics cookies: Used to collect aggregated, anonymized data about how Players use the phpiso platform, helping us identify areas for improvement. No personally identifiable information is included in analytics reports.
• Security cookies: Used to detect and prevent fraudulent activity, bot access, and other security threats to the phpiso platform.

9.2 Managing Cookies. You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the phpiso platform. Strictly necessary cookies cannot be disabled as they are required for the platform to operate.

10. Your Data Protection Rights

Under the Data Privacy Act of 2012, you have the following rights in respect of your personal data held by phpiso:

• Right to be informed: The right to be told what personal data phpiso holds about you and how it is used — which is the purpose of this Policy.
• Right of access: The right to request a copy of the personal data phpiso holds about you.
• Right to rectification: The right to request correction of inaccurate or incomplete personal data.
• Right to erasure: The right to request deletion of your personal data, subject to phpiso's legal and regulatory retention obligations.
• Right to object: The right to object to certain types of processing, including direct marketing communications.
• Right to data portability: The right to receive your personal data in a structured, commonly used format where technically feasible.
• Right to lodge a complaint: The right to lodge a complaint with the National Privacy Commission of the Philippines if you believe phpiso has mishandled your personal data.

To exercise any of the above rights, please contact phpiso support. phpiso will respond to all data rights requests within thirty (30) calendar days of receipt. Where a request is complex or numerous, phpiso may extend this period by a further thirty (30) days, with prior notice to you.

11. Children's Privacy

The phpiso platform is strictly intended for persons aged 21 years and above. phpiso does not knowingly collect personal data from persons under the age of 21. If phpiso becomes aware that personal data has been collected from a person under 21, it will take immediate steps to delete that data and close the associated account. If you believe a minor has registered on phpiso, please contact our support team immediately.

12. Third-Party Links

The phpiso platform may contain links to third-party websites or services. This Privacy Policy applies solely to the phpiso platform. phpiso is not responsible for the privacy practices of any third-party website or service, and we encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

13.1 phpiso reserves the right to update this Privacy Policy at any time to reflect changes in our data practices, legal obligations, or platform features. The date of the most recent revision is indicated at the top of this Policy.

13.2 Where changes are material, phpiso will notify registered Players via the email address associated with their account or through a prominent notice on the platform at least seven (7) days before the changes take effect.

13.3 Your continued use of the phpiso platform following the effective date of any revised Policy constitutes your acceptance of the updated terms. If you do not agree to the revised Policy, you must cease using the platform and may request account closure in accordance with the phpiso Terms & Conditions.

14. Contact & Data Privacy Officer

If you have any questions, concerns, or requests relating to this Privacy Policy or phpiso's data practices, please contact our support team. phpiso has designated a Data Privacy Officer (DPO) responsible for overseeing compliance with the Data Privacy Act of 2012.

You also have the right to lodge a complaint directly with the National Privacy Commission of the Philippines if you believe your data protection rights have been violated.