phmoney Privacy Policy

1.1 This Privacy Policy applies to all personal data collected, processed, stored, or transmitted by phmoney in connection with the operation of the phmoney online gaming platform accessible at phmoney.club, including its associated mobile-optimized web interface, customer support channels, and promotional communications.

1.2 This Policy applies to all natural persons who interact with phmoney in any of the following capacities: registered account holders; prospective players who visit phmoney.club without registering; individuals who contact phmoney's customer support; and individuals who subscribe to or receive phmoney marketing communications.

1.3 This Policy does not govern the data practices of third-party game providers, payment processors, or other external services that you may access through links or integrations on the phmoney platform. Those parties operate under their own independent privacy policies. phmoney does not control and is not responsible for third-party data practices.

1.4 Throughout this Policy, "personal data" means any information that can identify or be used to identify a natural person, whether on its own or in combination with other information, consistent with the definition in Section 3(g) of the Data Privacy Act of 2012.

2.1 The personal data you provide to phmoney is controlled by phmoney, the licensed operator of phmoney.club. phmoney acts as the Personal Information Controller (PIC) as defined under Section 3(h) of the Data Privacy Act of 2012, and is responsible for determining the purposes and means of processing your personal data.

2.2 phmoney has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and the Data Privacy Act of 2012. The DPO may be contacted through the support channels identified in Section 16 of this Policy. All data privacy inquiries, rights exercise requests, and complaints should be directed to the DPO via the phmoney support contact.

2.3 phmoney's processing activities are registered with the National Privacy Commission as required for personal information controllers that process personal data of one thousand (1,000) or more individuals. phmoney's registration details are available upon written request to the DPO.

3.1 phmoney collects the following categories of personal data from players and platform users:

A. Registration & Identity Data

• Full legal name as appearing on government-issued Philippine identification;
• Date of birth (for age verification — 21+ requirement);
• Registered Philippine mobile number (primary account identifier);
• Account password (stored exclusively in hashed, non-reversible form — never in plain text);
• Email address, if voluntarily provided for account recovery or promotional communications.

B. KYC Verification Data

• Government-issued identification document type and number (PhilSys, UMID, LTO Driver's License, Philippine Passport, PRC ID, COMELEC Voter's ID);
• ID document images or scans submitted during the KYC process;
• Proof of address documentation, where requested;
• Source of funds declarations, where requested for enhanced due diligence.

C. Financial & Transaction Data

• GCash account number associated with deposits or withdrawals;
• Maya (PayMaya) account details associated with transactions;
• Bank account details for bank transfer transactions (BPI, BDO, Metrobank);
• Full transaction history including deposit amounts, withdrawal requests, dates, and processing status;
• Wagering history including game titles, bet amounts, outcomes, and timestamps.

D. Technical & Usage Data

• IP address and geolocation data at the time of login and transaction;
• Device identifiers, browser type, and operating system information;
• Session data including login timestamps, session duration, pages visited, and games accessed;
• Clickstream and navigation data collected through cookies and similar tracking technologies.

E. Communications Data

• Records of live chat conversations with phmoney customer support;
• Email correspondence related to account inquiries or complaints;
• SMS OTP logs (delivery confirmation records, not OTP values);
• Feedback, complaint, and survey responses voluntarily submitted.

phmoney collects personal data through the following channels and mechanisms:

• Direct collection: Data you provide actively during account registration, KYC submission, support interactions, or when updating your account profile;
• Automated collection: Technical and usage data automatically collected through the phmoney platform's server logs, session management systems, and cookie-based tracking when you access phmoney.club;
• Payment processor integration: Financial transaction data provided by GCash, Maya, GrabPay, and Philippine bank partners when you initiate deposits or withdrawals — shared with phmoney under those providers' own data sharing agreements;
• Identity verification services: Data returned from third-party KYC and identity verification providers used to validate government-issued ID documents against Philippine government databases;
• Regulatory authorities: In certain circumstances required by law, data may be received from or verified against records held by PAGCOR, the Anti-Money Laundering Council (AMLC), or other Philippine government bodies.

phmoney processes personal data for the following specific and legitimate purposes:

5.2 phmoney does not process personal data for purposes beyond those listed above without first obtaining your explicit consent or establishing a separate legal basis under the Data Privacy Act of 2012.

6.1 Under the Data Privacy Act of 2012, phmoney relies on the following legal bases for processing personal data, as applicable to each processing purpose:

• Contractual necessity (Section 12[b], DPA 2012): Processing required to perform the contract between phmoney and the player — including account management, payment processing, and game provision;
• Legal obligation (Section 12[c], DPA 2012): Processing required for compliance with Philippine law — including AMLA obligations, PAGCOR reporting requirements, age verification mandates, and court orders;
• Legitimate interests (Section 12[f], DPA 2012): Processing for fraud prevention, platform security, and responsible gaming monitoring where the legitimate interests of phmoney do not override the data subject's fundamental rights;
• Consent (Section 12[a], DPA 2012): Processing for optional marketing communications and non-essential analytics, where explicit opt-in consent is obtained.

6.2 Where phmoney relies on consent as the legal basis for processing, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. Marketing consent may be withdrawn through the unsubscribe mechanism in any phmoney marketing communication or by contacting phmoney support.

7.1 phmoney does not sell your personal data to any third party. phmoney shares personal data with third parties only in the following circumstances and only to the extent necessary for the stated purpose:

• Payment processors: GCash (Globe Fintech Innovations), Maya (Voyager Innovations), GrabPay, BPI, BDO, Metrobank, and 7-Eleven CLiQQ — for processing deposits and withdrawals. Each processor handles data under their own PDPA-compliant privacy framework;
• KYC verification providers: Third-party identity and document verification services used to validate government IDs and satisfy PAGCOR KYC requirements. These providers act as personal information processors under phmoney's instruction;
• Game technology providers: JILI Games, Evolution Gaming, Pragmatic Play, PG Soft, Asia Gaming, and other licensed game studios receive session data required to deliver game services. These providers do not receive personally identifiable information beyond what is necessary for game delivery;
• Philippine government authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), law enforcement agencies, and Philippine courts — when legally required by applicable Philippine law, regulatory directive, court order, or to comply with AMLA reporting obligations;
• Fraud prevention and security services: Third-party providers of IP analysis, device fingerprinting, and fraud detection services — processing data under strict confidentiality agreements as personal information processors;
• Customer support platforms: Software providers supporting phmoney's live chat and ticketing systems, operating as personal information processors under phmoney's instructions and bound by appropriate data processing agreements.

8.1 Some of phmoney's third-party service providers — including certain game technology providers and cloud infrastructure operators — may process personal data outside the Republic of the Philippines. When personal data is transferred internationally, phmoney ensures such transfers are conducted in accordance with Section 21 of the Data Privacy Act of 2012 and NPC guidelines on cross-border data transfers.

8.2 Safeguards applied to international data transfers include: contractual data processing agreements incorporating standard data protection clauses; transfer only to jurisdictions or recipients that provide adequate levels of data protection as assessed by phmoney's DPO; and limiting the scope of data transferred to the minimum necessary for the service being provided.

8.3 Players may request information regarding specific international transfer arrangements by contacting phmoney's DPO through the contact details provided in Section 16.

9.1 phmoney retains personal data only for as long as is necessary for the purposes for which it was collected, subject to mandatory minimum retention periods prescribed by Philippine law, including:

• Anti-Money Laundering Act (RA 9160, as amended): customer records and transaction histories must be retained for a minimum of five (5) years from the date of the transaction or from the date the business relationship ended, whichever is later;
• PAGCOR regulatory requirements: player records including KYC documentation, wagering history, and financial records must be retained for such periods as PAGCOR directs in its licensing conditions and circulars;
• BIR and general commercial records: financial records for tax and accounting purposes must be retained for a minimum of ten (10) years under the National Internal Revenue Code.

9.2 Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with phmoney's data disposal procedures. Anonymized data — from which it is impossible to re-identify any individual — may be retained indefinitely for statistical and analytical purposes.

9.3 Where a player requests account closure, phmoney will cease active processing of personal data for marketing and platform delivery purposes immediately, but will retain records required by law for the mandatory retention periods specified above.

10.1 phmoney uses cookies and similar tracking technologies on phmoney.club to deliver platform functionality, maintain session state, analyze usage patterns, and deliver relevant promotional content. The following categories of cookies are used:

• Strictly necessary cookies: Required for core platform functionality including session authentication, security token management, and payment processing flow integrity. These cannot be disabled without breaking platform functionality;
• Functional cookies: Used to remember your preferences such as language settings and game lobby configurations to improve your phmoney experience;
• Analytical cookies: Used to collect aggregated, anonymized data about how visitors use phmoney.club — including page visit frequency, navigation paths, and feature usage — to improve platform performance;
• Marketing and targeting cookies: Used to deliver phmoney promotional content relevant to your game preferences. These are activated only with your prior consent.

10.2 You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies will impair or prevent access to phmoney's platform features. Disabling analytical or marketing cookies will not affect your ability to use phmoney's core gaming services.

11.1 phmoney implements technical and organizational security measures appropriate to the risks presented by processing personal data of online gaming platform users. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and phmoney's servers — consistent with the standard used by Philippine banks including BPI and BDO for online banking;
• bcrypt hashing of all account passwords — no plain-text passwords are ever stored or transmitted by phmoney's systems;
• OTP-based two-factor authentication on all accounts for login verification and high-risk transaction confirmation;
• Encrypted storage of all personal data at rest on phmoney's server infrastructure;
• Role-based access controls limiting phmoney staff access to personal data to only what is required for their specific job function;
• Regular internal security assessments and vulnerability testing of phmoney's platform infrastructure;
• Device fingerprinting and anomalous login detection systems that trigger additional verification when unusual access patterns are detected.

11.2 In the event of a personal data breach that is likely to result in a real risk to the rights and freedoms of data subjects, phmoney will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, as required by the Data Privacy Act of 2012 and NPC Circular 16-03. Affected data subjects will be notified without undue delay where the breach is likely to result in high risk to their rights.

12.1 Under the Data Privacy Act of 2012, you hold the following rights with respect to your personal data processed by phmoney. Requests to exercise these rights should be directed to phmoney's DPO via the contact channels in Section 16 and will be processed within fifteen (15) working days of receipt.

• Right to be Informed: You have the right to be informed of what personal data phmoney collects, why it is collected, and how it is processed — as set out in this Privacy Policy;
• Right of Access: You have the right to request a copy of the personal data phmoney holds about you, together with information about how it is used;
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data in your phmoney account records;
• Right to Erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to overriding mandatory retention obligations under Philippine law;
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format for transfer to another controller, where technically feasible;
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests;
• Right to Damages: You have the right to be indemnified for damages sustained in the event that phmoney's data processing activities violate your rights under the Data Privacy Act of 2012;
• Right to Lodge a Complaint: You have the right to lodge a complaint with the National Privacy Commission (NPC) if you believe phmoney has processed your personal data in violation of the Data Privacy Act of 2012.

13.1 phmoney strictly prohibits access by individuals under 21 years of age in compliance with PAGCOR regulations and Republic Act No. 9487. phmoney does not knowingly collect personal data from individuals under 21. The Platform's registration process includes a date-of-birth field and KYC verification process specifically to prevent under-age access.

13.2 If phmoney becomes aware or has reason to believe that an account has been created by a person under 21 years of age, phmoney will immediately suspend the account, investigate the matter, and permanently delete personal data collected from the underage individual to the extent not required to be retained for AMLA compliance or fraud investigation purposes. All account balances associated with under-age accounts will be forfeited in accordance with phmoney's Terms and Conditions.

13.3 If you have reason to believe a person under 21 has created a phmoney account, please contact phmoney support immediately through the channels provided in Section 16.

14.1 phmoney may send you promotional communications regarding new games, bonuses, VIP program updates, and platform features through the following channels: SMS to your registered Philippine mobile number; in-Platform notifications visible after phmoney login; and email to an email address you voluntarily provided.

14.2 Marketing communications by SMS and email are sent only where you have provided consent at registration or through your account notification preferences. phmoney does not send unsolicited commercial messages (spam) in violation of Republic Act No. 10175 (Cybercrime Prevention Act) or applicable telecommunications regulations.

14.3 You may opt out of marketing communications at any time by: (a) updating your notification preferences in your phmoney account settings; (b) replying STOP to any phmoney SMS; or (c) contacting phmoney support. Opt-out requests are processed within three (3) business days. Note that opting out of marketing will not affect transactional messages required for account management, such as OTP codes, deposit confirmations, and withdrawal notifications.

15.1 phmoney may update this Privacy Policy from time to time to reflect changes in our data processing practices, changes in applicable Philippine law, or operational developments. Material changes to this Policy — those that substantially affect your privacy rights or our data processing activities — will be communicated to active account holders via SMS notification to your registered mobile number and/or in-Platform notification at least seven (7) calendar days before the updated Policy takes effect.

15.2 The current effective version of this Privacy Policy is always available at phmoney.club/privacy-policy. The "Last Updated" date at the top of this document reflects the date of the most recent revision. Continued use of the phmoney platform following the effective date of an updated Policy constitutes acceptance of the revised terms.

15.3 If you do not agree with any updates to this Privacy Policy, you must cease using the phmoney platform and may request account closure. Upon closure, phmoney will process your personal data only to the extent required by mandatory legal retention obligations.

16.1 For any questions about this Privacy Policy, to exercise your data subject rights, or to lodge a privacy complaint, please contact phmoney's Data Protection Officer through the following channels:

• Live Chat: Available 24/7 directly on phmoney.club — the fastest route for general privacy inquiries;
• Email: [email protected] — for formal rights exercise requests, include "Data Privacy Request" in your subject line. Responses within fifteen (15) working days;
• Written Request: For formal DPO correspondence, submit through the in-Platform support ticketing system, marking the request as a Data Privacy matter.

16.2 If you are not satisfied with phmoney's response to a privacy complaint or rights exercise request, you have the right to escalate your complaint to the National Privacy Commission of the Philippines (NPC). The NPC's complaint process and contact details are publicly available at the NPC's official website.