phpcom Privacy Policy

phpcom is committed to protecting the privacy and personal information of every Filipino player who uses our platform. We recognize that personal data is not just a compliance requirement — it is information entrusted to us by real people who deserve to know exactly how it is handled.

This Policy applies to all personal information collected by phpcom through any channel, including the phpcom website at https://phpcom.co, the phpcom mobile browser interface, live chat and messaging support channels (including Messenger and Viber), email correspondence, and any other direct interaction between you and phpcom.

This Policy does not apply to third-party websites, payment processors, game providers, or other services linked to or accessible through the phpcom platform. Those entities operate under their own privacy policies, and phpcom recommends reviewing those policies before submitting personal information to any third-party service.

For the purposes of the Data Privacy Act of 2012 and its Implementing Rules, phpcom acts as the Personal Information Controller with respect to personal data collected through the phpcom platform. As Personal Information Controller, phpcom determines the purposes and means of processing your personal data and is responsible for ensuring that all processing activities comply with applicable Philippine data privacy law.

phpcom has designated a Data Privacy Officer ("DPO") responsible for overseeing compliance with this Policy and the Data Privacy Act. The phpcom DPO can be contacted at the details provided in Section 15 of this Policy. The DPO is the primary point of contact for all data privacy inquiries, data subject rights requests, and privacy incident reports from Players.

Where phpcom engages third-party service providers to process personal data on phpcom's behalf — for example, payment processors or KYC verification platforms — those providers act as Personal Information Processors under written agreements that bind them to confidentiality and data protection standards no less stringent than those applied by phpcom internally.

phpcom collects only the personal data necessary to operate a PAGCOR-regulated online gaming platform, comply with applicable Philippine law, and provide the services requested by Players. The categories of personal data we collect are described below.

phpcom does not collect sensitive personal information — as defined under Section 3(l) of the Data Privacy Act — beyond what is strictly necessary for PAGCOR-mandated KYC compliance and AMLA obligations. We do not collect religious beliefs, political affiliations, or health data except in the specific context of a responsible gaming self-exclusion request supported by a medical or professional assessment voluntarily submitted by the Player.

phpcom collects personal data through the following means:

4.1 Directly from You

• When you register a Player Account on phpcom, including the information provided in the registration form;
• When you submit KYC documents through the account verification center;
• When you make a deposit or submit a withdrawal request through the phpcom cashier;
• When you contact phpcom's customer support via live chat, email, Messenger, or Viber;
• When you configure your account settings, including responsible gaming preferences and notification opt-ins;
• When you participate in promotions, surveys, or feedback requests conducted by phpcom.

4.2 Automatically Through Your Use of the Platform

• Technical data including IP address, device identifiers, browser information, and session activity is collected automatically as you navigate and interact with the phpcom website;
• Cookies and similar tracking technologies collect usage data as described in Section 9 of this Policy;
• Game activity data is recorded automatically by the phpcom platform as a function of game operation.

4.3 From Third-Party Sources

• Payment processors (GCash, Maya, BPI, BDO, and others) provide transaction confirmation data to phpcom to facilitate deposit crediting and withdrawal processing;
• KYC verification service providers may return identity match scores or verification status to phpcom;
• Fraud prevention and anti-money laundering screening services may provide risk assessment data relating to your account or transactions.

phpcom processes personal data only where a lawful basis exists under Section 12 or Section 13 of the Data Privacy Act. The following table summarizes the purposes for which phpcom processes your data and the legal basis for each:

phpcom does not sell, rent, or trade personal data to any third party. We share personal data only in the following limited circumstances and only to the extent necessary for the stated purpose:

6.1 Service Providers (Personal Information Processors)

phpcom engages carefully selected third-party service providers who process personal data on our behalf under written data processing agreements. These include: payment gateway operators (GCash, Maya, and banking partners), identity verification and KYC service providers, fraud screening and anti-money laundering platforms, game platform providers (JILI, PG Soft, Pragmatic Play, and others — limited to session data necessary for game operation), cloud infrastructure and hosting providers, and customer support platform providers. All service providers are contractually bound to process phpcom player data only for the specified purpose, maintain confidentiality, and implement security measures consistent with Philippine data privacy standards.

6.2 Regulatory and Legal Disclosure

phpcom is required by law and by its PAGCOR license to disclose certain player data to regulators and law enforcement authorities. This includes: disclosures to PAGCOR in the course of regulatory inspection, audit, or investigation; disclosures to the Anti-Money Laundering Council (AMLC) as required under Republic Act No. 9160 (AMLA) and its amendments; and disclosures in response to valid court orders, subpoenas, or lawful requests from Philippine law enforcement agencies. phpcom will notify affected Players of such disclosures where legally permitted to do so.

6.3 Business Transfers

In the event of a merger, acquisition, restructuring, or transfer of all or substantially all of phpcom's assets, personal data held by phpcom may be transferred to the acquiring entity. Such transfers will be subject to confidentiality obligations and the acquiring entity will be required to honor the commitments made in this Policy or provide Players with notice and the opportunity to exercise their data rights before any change in processing takes effect.

phpcom retains personal data for the minimum period necessary to fulfill the purposes described in this Policy, comply with legal and regulatory obligations, and resolve disputes. The following retention periods apply:

• Account and KYC data: Retained for the duration of the Player Account plus five (5) years following account closure, in compliance with PAGCOR recordkeeping requirements and AMLA obligations applicable to covered and suspicious transaction records.
• Financial transaction records: Retained for five (5) years from the date of the transaction, as required under AMLA and PAGCOR regulations.
• Gaming activity logs: Retained for three (3) years from the date of the session or wager, consistent with PAGCOR audit requirements.
• Customer support communications: Retained for two (2) years from the date of the support interaction, except where the content is relevant to an ongoing dispute or regulatory matter.
• Technical and security logs: Retained for twelve (12) months from the date of generation, unless flagged for security investigation.
• Marketing preference data: Retained until you withdraw consent or close your account, whichever is earlier.

Upon expiry of the applicable retention period, phpcom will securely delete or anonymize personal data so that it can no longer be associated with an identifiable individual. Anonymized and aggregated data may be retained indefinitely for platform analytics and regulatory reporting purposes.

phpcom implements a layered set of technical, administrative, and physical security measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction. Key measures include:

• Transport-layer encryption: All data transmitted between your device and phpcom is protected by 256-bit SSL/TLS encryption, the same standard used by Philippine banking institutions.
• Encryption at rest: Sensitive personal data stored in phpcom databases — including KYC document data and financial records — is encrypted at rest using AES-256 standard encryption.
• Access controls: Access to personal data within phpcom's systems is restricted on a strict need-to-know basis. Staff access is role-based, logged, and subject to regular review. No single employee has unrestricted access to the full scope of Player personal data.
• Password security: Player passwords are stored using one-way cryptographic hashing. phpcom staff cannot view your password in plain text at any time.
• OTP verification: Sensitive account actions — including withdrawals, password changes, and security setting updates — require OTP confirmation to your registered Philippine mobile number.
• Suspicious activity monitoring: phpcom's security systems monitor for anomalous login patterns and unauthorized access attempts, generating real-time alerts that are reviewed by the security team.
• Vendor security requirements: All third-party service providers who access phpcom player data are required to implement security measures no less stringent than those applied by phpcom internally.

Notwithstanding the foregoing measures, no data transmission over the internet or electronic storage system can be guaranteed to be 100% secure. phpcom will notify affected Players and the National Privacy Commission in the event of a personal data breach as required under Section 20(f) of the Data Privacy Act and NPC Circular 16-03.

The phpcom website uses cookies and similar tracking technologies to operate the platform, maintain secure sessions, and improve the user experience. The following categories of cookies are used:

9.1 Strictly Necessary Cookies

These cookies are essential for the phpcom platform to function and cannot be disabled. They include session authentication tokens that keep you logged in during an active session, security cookies that detect and prevent fraudulent login attempts, and cookies that preserve your account preferences across pages. These cookies do not collect personal data for marketing purposes and are always active.

9.2 Functional Cookies

Functional cookies remember preferences you have set — such as your chosen language, responsible gaming reminder intervals, and notification settings — so you do not need to re-enter them each session. They improve your phpcom experience without tracking you across other websites.

9.3 Analytics Cookies

phpcom uses analytics cookies to collect aggregated, anonymized data about how Players use the platform — which game categories are most accessed, typical navigation paths, and page load performance metrics. This data does not identify individual Players and is used solely to improve platform performance and content. You may opt out of analytics cookies through your browser settings without affecting core platform functionality.

9.4 Managing Cookies

You may configure your browser to decline all cookies, accept only specific categories, or delete existing cookies. Note that disabling strictly necessary cookies will prevent you from logging in to your phpcom account, as session authentication relies on secure cookie technology. Instructions for managing cookies are available in the help documentation of all major browsers.

Under the Data Privacy Act of 2012, you hold the following rights with respect to your personal data processed by phpcom. To exercise any of these rights, contact the phpcom Data Privacy Officer as described in Section 15:

phpcom will respond to data subject rights requests within fifteen (15) calendar days of receipt, unless the complexity of the request requires an extension, in which case you will be notified with an expected completion date. phpcom will not charge a fee for exercising these rights except where requests are manifestly unfounded or excessive.

If you believe phpcom has processed your personal data in violation of the Data Privacy Act, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC). The NPC's complaint procedures and contact information are available on the NPC's official government website.

The phpcom platform is strictly intended for individuals aged twenty-one (21) years and older, in compliance with PAGCOR regulations. phpcom does not knowingly collect or process personal data of individuals under 21 years of age. Age verification is a mandatory component of the phpcom KYC process, which must be completed before any withdrawal is processed.

If phpcom becomes aware that personal data has been collected from an individual under the age of 21 — whether through a fraudulent registration or otherwise — phpcom will immediately terminate the associated Player Account, forfeit all associated funds in accordance with the phpcom Terms & Conditions, delete the personal data collected in connection with that account to the extent permitted by law, and report the matter to PAGCOR in accordance with regulatory requirements.

If you are a parent or guardian and believe that a minor under your care has accessed or registered an account on phpcom, please contact our Data Privacy Officer immediately at [email protected]. phpcom will take prompt action to investigate and remediate the situation.

phpcom may transfer personal data to service providers or game technology partners located outside the Philippines in the ordinary course of platform operations — for example, where a game provider's servers are hosted in another jurisdiction, or where a cloud infrastructure provider maintains data centres in multiple countries.

Any cross-border transfer of personal data by phpcom will be conducted in compliance with Section 21 of the Data Privacy Act and the NPC's guidelines on cross-border data transfers. Specifically, phpcom will ensure that the recipient jurisdiction provides a level of data protection at least equivalent to that required under Philippine law, or — where the jurisdiction does not provide such protection — that appropriate contractual safeguards (such as standard contractual clauses or binding corporate rules) are in place before the transfer is executed.

phpcom will not transfer personal data to jurisdictions that the NPC has identified as providing inadequate data protection without the explicit consent of the Data Subject, except where the transfer is required by law or is necessary for the performance of a contract to which the Data Subject is a party.

The phpcom platform may contain references to or integrations with third-party services, including payment processors, game providers, and support communication platforms. phpcom does not control the data practices of these third parties. Each third-party service operates under its own privacy policy and data governance framework, which may differ materially from the practices described in this Policy.

phpcom recommends that Players review the privacy policies of any third-party service through which they provide personal information. phpcom accepts no responsibility or liability for the privacy or data security practices of third-party services accessed in connection with your use of the phpcom platform, even where those services are presented within or as part of the phpcom interface.

phpcom reserves the right to amend this Privacy Policy at any time to reflect changes in our processing practices, applicable Philippine law, NPC guidelines, or PAGCOR regulatory requirements. Where amendments are material — meaning they substantially affect how phpcom collects, uses, or discloses your personal data — phpcom will notify all registered Players via email to their registered email address and post a prominent notice on the phpcom Website at least fourteen (14) days before the amended Policy takes effect.

Minor amendments — such as clarifications that do not alter the substantive meaning of any provision — may be made effective immediately. The "Last Updated" date displayed at the top of this Policy reflects the date of the most recent amendment.

Your continued use of the phpcom platform after the effective date of an amended Policy constitutes your acknowledgment and acceptance of the updated practices described therein. If you do not accept the amended Policy, you must cease using the platform and may request account closure in accordance with Section 12 of the phpcom Terms & Conditions.

For all privacy-related inquiries, data subject rights requests, consent withdrawal requests, or concerns regarding phpcom's processing of your personal data, please contact the phpcom Data Privacy Officer through the following channels:

• Email: [email protected] — use the subject line "Data Privacy Request" for DPA-related correspondence
• Live Chat: Available 24/7 via the support icon in your phpcom account. For DPA matters, ask the agent to escalate your inquiry to the Data Privacy Officer.
• Response Time: phpcom aims to acknowledge all data privacy inquiries within 48 hours and provide a substantive response within fifteen (15) calendar days.

If you are not satisfied with phpcom's handling of your data privacy concern after exhausting phpcom's internal resolution process, you may escalate your complaint to the National Privacy Commission of the Philippines (NPC), which is the supervisory authority for data protection in the Philippines under the Data Privacy Act of 2012. The NPC's complaint procedures and contact channels are published on the official NPC government website.