py2ph Privacy Policy

1. Overview

py2ph ("we," "us," "our") is committed to protecting the privacy and personal data of all individuals who use the py2ph Platform — including registered account holders, visitors, and anyone who interacts with our website, mobile platform, games, or customer support services (collectively, the "Platform").

This Privacy Policy describes our practices regarding the collection, use, storage, disclosure, and protection of your personal data. It applies to all personal data processed by py2ph in connection with your use of the Platform, regardless of the device or channel through which you access it.

This Policy should be read together with our Terms & Conditions and our Responsible Gaming Policy, both of which are incorporated by reference. Capitalized terms not defined in this Policy have the meanings given to them in the Terms & Conditions.

2. Data Controller

For the purposes of the Philippine Data Privacy Act of 2012 and applicable data protection legislation, py2ph is the Personal Information Controller (PIC) in respect of the personal data it collects and processes through the Platform.

As a Personal Information Controller, py2ph determines the purposes and means of processing your personal data and is responsible for ensuring that such processing is carried out in accordance with applicable data protection laws, including RA 10173 and the regulations issued by the National Privacy Commission (NPC) of the Philippines.

py2ph has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with this Policy and applicable data protection laws. Contact details for the DPO are provided in Section 15 of this Policy.

3. Personal Data We Collect

py2ph collects the following categories of personal data in connection with your use of the Platform:

Category	Examples	When Collected
Identity Data	Full legal name, date of birth, gender, government-issued ID number (passport, driver's license, PhilSys ID, SSS/GSIS ID)	Registration & KYC verification
Contact Data	Email address, mobile number, residential address (city, province, postal code)	Registration & account updates
Financial Data	GCash number, Maya account, bank account details (BPI, BDO, Metrobank, UnionBank, etc.), debit card details, transaction history	Deposits, withdrawals & KYC
Gaming Data	Game history, bet amounts, win/loss records, session duration, bonus usage, wagering activity	Ongoing Platform use
Technical Data	IP address, device type, browser type and version, operating system, device identifiers, login timestamps	Automatic collection during Platform use
Usage Data	Pages visited, features used, click patterns, session duration, referral source	Automatic collection via cookies and analytics
Communications Data	Live chat transcripts, support ticket content, email correspondence, survey responses	When you contact py2ph support
Responsible Gaming Data	Deposit limits set, self-exclusion status, cooling-off periods, reality check preferences	When you use responsible gaming tools

            
            Sensitive Personal Information: Government-issued ID numbers and financial account details are classified as sensitive personal information under RA 10173. py2ph processes this data only to the extent strictly necessary for identity verification, fraud prevention, and regulatory compliance, and applies enhanced security measures to its protection.
          

4. How We Collect Your Data

py2ph collects personal data through the following means:

4.1 Directly From You

The majority of personal data py2ph holds about you is provided directly by you when you: register an account on the Platform; complete KYC verification by submitting identity documents; make deposits or request withdrawals; contact our customer support team; respond to surveys or promotional communications; or use responsible gaming tools in your account settings.

4.2 Automatically During Platform Use

When you access and use the py2ph Platform, we automatically collect certain technical and usage data through cookies, web beacons, log files, and similar tracking technologies. This includes your IP address, device identifiers, browser information, and behavioral data about how you interact with the Platform. See Section 10 for more details on our use of cookies.

4.3 From Third Parties

py2ph may receive personal data about you from third parties in limited circumstances, including: identity verification service providers used for KYC purposes; payment processors (GCash, Maya, banks) in connection with deposit and withdrawal transactions; fraud detection and anti-money laundering service providers; and PAGCOR or other regulatory authorities where required by law.

5. Purposes of Processing

py2ph processes your personal data for the following purposes:

Account Registration & Management: To create and maintain your py2ph account, verify your identity, and manage your account settings and preferences.
KYC & Age Verification: To verify that you are at least 21 years of age and to comply with Know Your Customer obligations under PAGCOR regulations and AML laws.
Payment Processing: To process deposits and withdrawals via GCash, Maya, bank transfer, and debit card, and to maintain accurate financial records.
Game Provision & Platform Operation: To provide access to casino games, sports betting, and other Platform features, and to ensure the integrity and fairness of gameplay.
Fraud Prevention & Security: To detect, investigate, and prevent fraudulent activity, money laundering, bonus abuse, and other prohibited conduct.
Regulatory Compliance: To comply with obligations under PAGCOR regulations, the Anti-Money Laundering Act (AMLA), RA 10173, and other applicable Philippine laws.
Responsible Gaming: To monitor gaming activity for signs of problem gambling, to administer responsible gaming tools (deposit limits, self-exclusion, cooling-off periods), and to fulfill our duty of care to players.
Customer Support: To respond to your inquiries, resolve disputes, and provide technical assistance.
Marketing & Promotions: To send you information about py2ph promotions, bonuses, and new features, where you have consented to receive such communications or where we have a legitimate interest in doing so.
Platform Improvement: To analyze usage patterns, conduct research, and improve the functionality, performance, and user experience of the Platform.
Legal Claims: To establish, exercise, or defend legal claims in connection with disputes or regulatory proceedings.

6. Legal Basis for Processing

Under the Philippine Data Privacy Act of 2012, py2ph processes your personal data on the following legal bases:

Contractual Necessity: Processing necessary for the performance of our contract with you (the Terms & Conditions), including account management, payment processing, and game provision.
Legal Obligation: Processing required to comply with applicable laws and regulations, including PAGCOR licensing requirements, AMLA obligations, and NPC regulations under RA 10173.
Legitimate Interests: Processing necessary for py2ph's legitimate interests, including fraud prevention, platform security, responsible gaming monitoring, and platform improvement, where such interests are not overridden by your rights and interests.
Consent: Processing based on your freely given, specific, informed, and unambiguous consent, including for direct marketing communications. You may withdraw your consent at any time by contacting our support team or updating your account preferences.

Withdrawing Consent: Where py2ph processes your data on the basis of consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. To withdraw consent for marketing communications, update your notification preferences in your account settings or contact our support team.

7. Data Sharing & Disclosure

py2ph does not sell your personal data to third parties. We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data protection safeguards:

7.1 Service Providers

py2ph engages third-party service providers who process personal data on our behalf as Personal Information Processors (PIPs) under RA 10173. These include identity verification and KYC providers, payment processors (GCash, Maya, and banking partners), fraud detection and AML screening services, cloud hosting and infrastructure providers, customer support platform providers, and analytics service providers. All PIPs are bound by data processing agreements that require them to process personal data only on py2ph's instructions and in accordance with applicable data protection laws.

7.2 Regulatory & Law Enforcement Authorities

py2ph is required by law to disclose personal data to regulatory and law enforcement authorities in certain circumstances, including: reports to the Anti-Money Laundering Council (AMLC) of the Philippines in connection with suspicious transactions; disclosures to PAGCOR in connection with licensing compliance and player protection obligations; and disclosures to the National Privacy Commission (NPC) in connection with data breach notifications or regulatory inquiries. py2ph will only make such disclosures to the extent required or permitted by applicable law.

7.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of py2ph's business, your personal data may be transferred to the acquiring entity as part of that transaction. py2ph will notify you of any such transfer and ensure that the acquiring entity is bound by privacy obligations no less protective than those set out in this Policy.

7.4 With Your Consent

py2ph may share your personal data with other third parties where you have given your explicit consent to such sharing. You may withdraw this consent at any time by contacting our support team.

8. Data Retention

py2ph retains your personal data for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory obligations, and to resolve disputes or enforce our agreements. The following general retention periods apply:

Data Category	Retention Period	Basis
Account & Identity Data	Duration of account + 5 years after closure	PAGCOR & AMLA regulatory requirements
Financial & Transaction Data	5 years from transaction date	AMLA obligations (RA 9160 as amended)
Gaming & Betting Records	5 years from account closure	PAGCOR licensing requirements
KYC Documents	5 years from account closure	AMLA & PAGCOR compliance
Customer Support Records	3 years from last interaction	Legitimate interests (dispute resolution)
Marketing Preferences	Until consent withdrawn or account closed	Consent
Technical & Log Data	12 months from collection	Legitimate interests (security & fraud prevention)

Upon expiry of the applicable retention period, py2ph will securely delete or anonymize your personal data in accordance with its data disposal procedures. Where data cannot be immediately deleted due to technical constraints, it will be isolated and protected from further processing until deletion is possible.

9. Data Security

py2ph implements a comprehensive set of technical and organizational security measures designed to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

Encryption: All data transmitted between your device and the py2ph Platform is encrypted using 256-bit SSL/TLS encryption. Sensitive data at rest, including financial account details and government ID information, is encrypted using industry-standard encryption algorithms.
Access Controls: Access to personal data is restricted to py2ph personnel and authorized service providers who have a legitimate need to access it. All access is governed by role-based access controls and is logged for audit purposes.
Two-Factor Authentication: py2ph supports and encourages the use of two-factor authentication (2FA) for account login to provide an additional layer of security for your account.
Penetration Testing & Security Audits: py2ph conducts regular security assessments, including penetration testing and vulnerability scanning, to identify and remediate security weaknesses in the Platform.
Incident Response: py2ph maintains a data breach response plan. In the event of a personal data breach that poses a risk to your rights and freedoms, py2ph will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay, in accordance with RA 10173.
Staff Training: All py2ph personnel who handle personal data receive regular training on data protection obligations and security best practices.

            
            Your Role in Security: While py2ph takes extensive measures to protect your data, you also play an important role. Keep your py2ph account password confidential, use a strong and unique password, enable 2FA, and contact our support team immediately if you suspect unauthorized access to your account.
          

10. Cookies & Tracking Technologies

py2ph uses cookies and similar tracking technologies (including web beacons, pixel tags, and local storage) to operate and improve the Platform, to personalize your experience, and to analyze Platform usage. This section explains what cookies we use and how you can manage them.

10.1 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the Platform to function and cannot be disabled. They include session cookies that keep you logged in, security cookies that protect against cross-site request forgery, and cookies that remember your cookie consent preferences.
Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your language preferences, game settings, and responsible gaming tool configurations.
Analytics Cookies: These cookies help py2ph understand how players use the Platform by collecting aggregated, anonymized data about page visits, session duration, and feature usage. This data is used to improve Platform performance and user experience.
Marketing Cookies: These cookies are used to deliver relevant promotional content and to measure the effectiveness of py2ph's marketing campaigns. They are only set where you have given your consent.

10.2 Managing Cookies

You can manage your cookie preferences through the cookie consent banner displayed when you first visit the Platform, or by updating your preferences in your account settings. You may also control cookies through your browser settings; however, disabling strictly necessary cookies may affect the functionality of the Platform. Note that blocking all cookies may prevent you from logging in to your py2ph account.

11. Your Data Subject Rights

Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the following rights in respect of your personal data held by py2ph. To exercise any of these rights, please contact our Data Protection Officer using the details in Section 15.

Right to Access

Request a copy of the personal data py2ph holds about you and information about how it is being processed.

Right to Rectification

Request correction of inaccurate or incomplete personal data held about you.

Right to Erasure

Request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.

Right to Object

Object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.

Right to Data Portability

Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Withdraw Consent

Withdraw consent for processing based on consent at any time, without affecting the lawfulness of prior processing.

py2ph will respond to all data subject rights requests within thirty (30) calendar days of receipt. Where a request is complex or py2ph receives a high volume of requests, this period may be extended by a further two months, with notice provided to you within the initial 30-day period. py2ph will not charge a fee for handling data subject rights requests unless they are manifestly unfounded or excessive.

If you are not satisfied with py2ph's response to a data subject rights request, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines through its official channels.

12. Minors & Age Restriction

The py2ph Platform is strictly intended for individuals who are 21 years of age or older, in accordance with Philippine gaming regulations. py2ph does not knowingly collect personal data from individuals under the age of 21.

As part of the registration process, py2ph requires all applicants to confirm that they are at least 21 years old and to submit government-issued identification for age verification. Accounts found to belong to individuals under 21 will be immediately suspended, all associated personal data will be deleted (except where retention is required by law), and any deposits will be returned.

If you believe that py2ph has inadvertently collected personal data from a person under the age of 21, please contact our Data Protection Officer immediately using the details in Section 15 so that we can take prompt corrective action.

Parental Awareness: If you are a parent or guardian and are concerned about a minor accessing gambling platforms, we encourage you to use parental control software and to have open conversations about responsible online behavior. py2ph supports all efforts to prevent underage gambling.

13. International Data Transfers

py2ph primarily processes and stores personal data within the Philippines. In certain circumstances, personal data may be transferred to and processed in countries outside the Philippines — for example, where py2ph uses cloud infrastructure or service providers whose servers are located abroad.

Where personal data is transferred outside the Philippines, py2ph ensures that appropriate safeguards are in place to protect your data in accordance with RA 10173 and NPC regulations. These safeguards may include: standard contractual clauses approved by the NPC; binding corporate rules; or transfers to countries that the NPC has determined provide an adequate level of data protection.

By using the py2ph Platform, you acknowledge that your personal data may be transferred to and processed in countries outside the Philippines, subject to the safeguards described above.

14. Changes to This Privacy Policy

py2ph reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable laws, or regulatory requirements. The "Last Updated" date at the top of this page will always reflect the date of the most recent revision.

Where changes to this Policy are material — meaning they significantly affect your rights or how py2ph processes your personal data — py2ph will provide advance notice via email to your registered address or via a prominent notice on the Platform, at least seven (7) days before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how py2ph protects your personal data. Your continued use of the Platform after any changes to this Policy constitutes your acknowledgment of the updated Policy.

15. Contact & Data Protection Officer

If you have any questions, concerns, or requests relating to this Privacy Policy or py2ph's data processing practices, or if you wish to exercise any of your data subject rights under RA 10173, please contact our Data Protection Officer:

Data Protection Officer (DPO) — py2ph

Email: [email protected]

General Support: [email protected]

Live Chat: Available 24/7 via the py2ph Platform after login

py2ph aims to acknowledge all privacy-related inquiries within one (1) business day and to provide a substantive response within thirty (30) calendar days. If you are not satisfied with our response, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines.

For general data protection guidance and to understand your rights as a data subject under Philippine law, you may refer to the official resources published by the National Privacy Commission.

Table of Contents