Data Protection · RA 10173 Compliant · PAGCOR Regulated

php99 Privacy
Policy

Effective Date: 1 January 2026

Our Data Commitments

How php99 Approaches Your Privacy

php99 is bound by the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations. Here is what that means for you in practice.

Encrypted at Every Point

All data transmitted between your device and php99 servers is encrypted using 256-bit TLS — the same standard Philippine banks use for online transactions. Your personal details and financial information are never sent in plain text.

Data Minimization Principle

php99 collects only the information that is strictly necessary for account management, identity verification, financial processing, and regulatory compliance. We do not collect personal data speculatively or beyond our operational and legal requirements.

Your Rights Are Enforceable

Under the Philippine Data Privacy Act, you have enforceable rights over your personal data including access, correction, deletion, and objection to processing. php99 has established clear procedures to honour these rights and responds to verified requests within required timelines.

No Unauthorized Third-Party Sales

php99 does not sell, rent, or commercially trade your personal data with third parties. Information shared with service providers is governed by strict data processing agreements that prohibit unauthorized use.

Regulatory Compliance Built In

php99's data practices are designed to satisfy the concurrent requirements of PAGCOR licensing, the Anti-Money Laundering Act (RA 9160), the Data Privacy Act (RA 10173), and all applicable NPC Circulars from the National Privacy Commission.

Marketing Is Opt-In

php99 will not send you promotional communications without your explicit consent. You can withdraw marketing consent at any time from your Account settings or by contacting our support team, and your withdrawal will be actioned within 48 hours.

1. About This Policy
2. Data Controller
3. Data We Collect
4. How We Collect Data
5. Purpose & Legal Basis
6. Sharing Your Data
7. Data Retention
8. Security Measures
9. Cookies & Tracking
10. Your Privacy Rights
11. Marketing & Communications
12. Children's Privacy
13. Cross-Border Transfers
14. Regulatory Disclosures
15. Policy Changes
16. Contact & Complaints

Effective: 1 January 2026

Data Privacy Act Compliance: This Privacy Policy has been prepared in compliance with Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines, and its Implementing Rules and Regulations as administered by the National Privacy Commission (NPC). php99 is registered as a Personal Information Controller under the NPC's registration requirements.

01 About This Privacy Policy

1.1 This Privacy Policy describes the manner in which php99 ("the Company," "we," "us," "our") collects, processes, stores, uses, shares, and protects the personal information of individuals ("Data Subjects," "Players," "Users," "you") who access and use the php99 online casino platform at php99.org and any associated mobile-optimized interfaces.

1.2 This Policy applies to all personal data processed by php99 in connection with your account registration, identity verification, use of gaming services, financial transactions, customer support interactions, and participation in promotional programmes.

1.3 This Policy should be read together with the php99 Terms and Conditions and Responsible Gaming Policy, each of which forms part of your agreement with php99.

1.4 By creating a php99 account, completing the KYC verification process, or continuing to use the Platform after this Policy has been made available to you, you acknowledge that you have read and understood its contents and consent to the processing activities described herein where consent is the applicable legal basis for such processing.

02 Data Controller Identity

2.1 For the purposes of the Data Privacy Act of 2012 (RA 10173), php99 acts as the Personal Information Controller with respect to the personal data of its registered players and website visitors.

2.2 php99 operates under authorization from the Philippine Amusement and Gaming Corporation (PAGCOR) and is subject to both PAGCOR's data governance requirements and the oversight of the National Privacy Commission (NPC).

2.3 php99 has appointed a Data Protection Officer (DPO) who is responsible for overseeing the Company's compliance with data protection obligations. The DPO can be contacted through the details provided in Section 16 of this Policy.

2.4 Where php99 engages third-party vendors to process personal data on its behalf (such as payment processors, game software providers, and cloud infrastructure partners), such parties act as Personal Information Processors and are bound by data processing agreements that impose obligations no less stringent than those applicable to php99.

03 Categories of Personal Data We Collect

3.1 The personal data collected and processed by php99 falls into the following categories:

Identity Data

Full legal name, date of birth, nationality, government-issued identification number, gender, and physical address — collected to satisfy PAGCOR KYC requirements and Anti-Money Laundering Act compliance obligations.

Contact Data

Registered Philippine mobile number, email address, and correspondence address — used for account management, transaction notifications, support communications, and mandatory regulatory reporting.

Financial Data

GCash account details, PayMaya account details, bank account name and number (BDO, BPI, Metrobank, or other registered Philippine bank), transaction history, deposit and withdrawal records, account balances, and source of funds documentation submitted for enhanced due diligence.

Gaming Activity Data

Bet history, game session records, session durations, wager amounts, winnings and losses, game preferences, bonus participation records, and responsible gaming tool activation history.

Technical and Device Data

IP address, device type and model, operating system version, browser type, screen resolution, network carrier (Smart, Globe, DITO, etc.), session timestamps, referral URL, and platform navigation patterns.

Communications Data

Records of live chat interactions, support ticket content, email correspondence, and any other communications you initiate with the php99 support team or dispute resolution process.

Sensitive Personal Information

In limited circumstances, and only where required by applicable law or PAGCOR directive, php99 may process sensitive personal information as defined under Section 3(l) of the Data Privacy Act, including national identification numbers and financial information. Such processing is subject to heightened protection measures.

Data Category	Primary Purpose	Legal Basis
Identity Data	KYC verification, AML compliance	Legal obligation (RA 9160, PAGCOR)
Contact Data	Account management, notifications	Contract performance
Financial Data	Deposits, withdrawals, AML monitoring	Contract performance, legal obligation
Gaming Activity	Service delivery, responsible gaming	Contract performance, legitimate interest
Technical Data	Security, fraud prevention, analytics	Legitimate interest, consent
Communications	Support, dispute resolution, records	Contract performance, legal obligation

04 How We Collect Personal Data

4.1 php99 collects personal data through the following channels and methods:

Account Registration: Information provided directly by you when creating a php99 account, including your name, mobile number, and date of birth.
KYC Verification: Identity documents and supporting materials submitted during the verification process.
Financial Transactions: Data generated through deposit and withdrawal processing, including details passed from your GCash, PayMaya, or bank account in connection with a transaction.
Platform Usage: Automatically collected technical and behavioural data generated during your sessions on the php99 Platform.
Support Interactions: Information you provide when contacting our live chat support, submitting a support ticket, or communicating via email.
Third-Party Verification Services: Identity verification data returned from licensed identity bureau services used by php99 to cross-check your KYC documents against Philippine government records.
Cookies and Tracking Technologies: See Section 9 for a full description of our cookie and tracking practices.

05 Purposes of Processing & Legal Bases

5.1 php99 processes your personal data for the following purposes, each supported by a lawful basis under the Data Privacy Act:

Account Creation and Management: Establishing and administering your php99 player account. Legal basis: performance of contract.
Identity Verification (KYC): Verifying your identity in compliance with PAGCOR requirements and Republic Act No. 9160. Legal basis: compliance with a legal obligation.
Financial Transaction Processing: Processing deposits and withdrawals through Philippine payment channels. Legal basis: performance of contract.
Fraud Prevention and Security: Detecting and preventing unauthorized access, fraudulent transactions, and platform abuse. Legal basis: legitimate interest of php99 and the protection of other players.
Anti-Money Laundering Compliance: Monitoring transactions and filing reports as required by the Anti-Money Laundering Act. Legal basis: compliance with a legal obligation.
Responsible Gaming: Monitoring gaming patterns to identify indicators of problem gambling and applying player protection measures. Legal basis: compliance with PAGCOR responsible gaming directives; legitimate interest.
Customer Support: Responding to and resolving your support inquiries and complaints. Legal basis: performance of contract; legitimate interest.
Marketing Communications: Sending you promotional offers and platform updates where you have provided consent. Legal basis: consent (which may be withdrawn at any time).
Platform Improvement: Analyzing aggregated and anonymized usage data to improve the php99 Platform, game library, and user experience. Legal basis: legitimate interest.
Legal Proceedings: Establishing, exercising, or defending legal claims involving php99. Legal basis: legal obligation; legitimate interest.

06 Sharing Your Personal Data

6.1 php99 does not sell, rent, or commercially trade your personal data. Your information may be shared with the following categories of recipients only for the purposes described in Section 5 and subject to appropriate contractual safeguards:

PAGCOR and Philippine Regulatory Authorities: Disclosure required by our gaming license, including player transaction data, KYC records, and responsible gaming reports.
Anti-Money Laundering Council (AMLC): Mandatory suspicious transaction reports and covered transaction reports as required by RA 9160.
Payment Processors: GCash (Mynt — Globe Fintech Innovations), Maya Philippines Inc., and Philippine banking partners — solely for the purpose of processing your deposit and withdrawal transactions.
Identity Verification Services: Licensed third-party providers used to verify your KYC documents against Philippine government identity databases.
Game Software Providers: Third-party game developers whose products are delivered through the php99 Platform may receive technical session data necessary for game delivery and RNG certification.
Cloud Infrastructure Providers: Data storage and processing infrastructure partners operating under data processing agreements with php99.
Legal and Law Enforcement Authorities: Disclosure required by court order, subpoena, or lawful request from Philippine law enforcement or regulatory agencies.
Professional Advisers: Legal counsel, auditors, and accountants engaged by php99, subject to professional confidentiality obligations.

Important: All third-party recipients of php99 player data are required to process that data solely for the specified purpose, maintain appropriate security measures, and comply with the Data Privacy Act of 2012. php99 does not authorize processors to use your data for their own commercial purposes.

07 Data Retention

7.1 php99 retains personal data for no longer than is necessary for the purposes for which it was collected, subject to any longer retention period required by applicable law or regulatory direction.

7.2 Specific retention periods applicable to php99 player data:

KYC and Identity Documents: Retained for a minimum of five (5) years from the date of account closure or last transaction, as required by the Anti-Money Laundering Act and PAGCOR compliance standards.
Financial Transaction Records: Retained for a minimum of five (5) years from the date of each transaction.
Gaming Activity Records: Retained for three (3) years following account closure, or longer if required by an active regulatory investigation or legal proceeding.
Communications Data: Support interaction records are retained for two (2) years from the date of interaction.
Technical/Device Data: Log data and session records are retained for twelve (12) months.

7.3 Upon expiry of the applicable retention period, personal data will be securely deleted or anonymized so that it can no longer be associated with an identified or identifiable individual.

7.4 Where retention is required for the establishment, exercise, or defense of legal claims, data may be retained until the conclusion of the relevant proceedings, notwithstanding the expiry of the standard retention period.

08 Security Measures

8.1 php99 implements technical, organizational, and physical security measures commensurate with the risk and sensitivity of the personal data it processes. Our security programme includes:

Encryption: 256-bit TLS encryption for all data in transit; AES-256 encryption for sensitive data at rest.
Access Controls: Role-based access management ensuring that only authorized personnel access player data on a need-to-know basis.
Multi-Factor Authentication: MFA required for all php99 staff accessing systems containing player data.
Penetration Testing: Regular third-party security testing and vulnerability assessment of the php99 Platform infrastructure.
Monitoring: Continuous monitoring for unauthorized access attempts, anomalous data access patterns, and potential data breach indicators.
Staff Training: Mandatory data protection training for all php99 staff who handle personal data.
Incident Response: A documented data breach response procedure including NPC notification timelines as required by RA 10173.

8.2 In the event of a personal data breach that poses a real risk of serious harm to data subjects, php99 will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, and will notify affected individuals without undue delay where required by applicable NPC guidelines.

Your role in security: php99's security measures protect data in our custody. You are responsible for maintaining the security of your account credentials. Never share your php99 password or two-factor authentication codes with anyone, including persons claiming to be php99 staff.

09 Cookies & Tracking Technologies

9.1 The php99 Platform uses cookies and similar tracking technologies to support essential Platform functionality, maintain your session state, prevent fraud, and (with your consent) analyze platform usage and deliver relevant content.

9.2 The categories of cookies used on the php99 Platform are as follows:

Strictly Necessary Cookies: Required for core Platform functions including authentication, session management, and security. These cookies cannot be disabled as they are essential to the operation of the php99 service.
Functional Cookies: Enable enhanced features such as remembering your language preferences, game lobby layout, and account settings between sessions.
Analytical Cookies: Used to collect aggregated, anonymized data about how players use the php99 Platform, helping us identify areas for improvement. These cookies are only set with your consent.
Security and Fraud Prevention Cookies: Support php99's fraud detection systems by flagging unusual device or session behaviour patterns. These are treated as strictly necessary given the regulated nature of the Platform.

9.3 You may manage non-essential cookie preferences through the cookie settings interface accessible on the php99 Platform. Disabling functional or analytical cookies will not prevent you from using core Platform features.

9.4 php99 does not use third-party advertising cookies or tracking pixels for behavioural advertising purposes.

10 Your Privacy Rights Under Philippine Law

10.1 As a Data Subject under the Data Privacy Act of 2012, you have the following rights with respect to your personal data processed by php99:

Right to Be InformedYou have the right to be informed of how your data is being collected, processed, and used.

Right to AccessYou may request a copy of the personal data we hold about you and information about how it is processed.

Right to CorrectionYou may request correction of inaccurate, incomplete, or outdated personal data held in your php99 account.

Right to ErasureYou may request deletion of your personal data where retention is no longer necessary and no legal obligation requires continued storage.

Right to ObjectYou may object to processing of your data on grounds of legitimate interest, including direct marketing.

Right to Data PortabilityYou may request your personal data in a commonly used, machine-readable format for transfer to another service provider.

Right to Withdraw ConsentWhere processing is based on consent, you may withdraw that consent at any time without affecting prior lawful processing.

Right to DamagesYou are entitled to claim compensation for damages sustained due to inaccurate, incomplete, outdated, or unlawfully obtained personal data.

10.2 To exercise any of the above rights, contact the php99 Data Protection Officer using the details in Section 16. php99 will respond to verified requests within fifteen (15) working days, or within such other period as required by applicable NPC guidance.

10.3 php99 may decline requests where fulfilling them would conflict with a legal obligation (such as AML record-keeping requirements), where the request is manifestly unfounded or excessive, or where it would prejudice the rights of third parties.

11 Marketing & Communications

11.1 php99 may send you promotional communications including bonus offers, new game announcements, platform updates, and VIP programme notifications where you have given explicit consent to receive such communications at the time of account registration or subsequently.

11.2 You may withdraw marketing consent at any time by:

Updating your communication preferences in your php99 Account settings
Following the unsubscribe instructions in any php99 promotional email
Contacting the php99 support team via live chat or email to opt out

11.3 Withdrawal of marketing consent will be processed within forty-eight (48) hours. Following opt-out, you will continue to receive transactional communications essential to your account management, such as deposit confirmation messages, withdrawal notifications, KYC verification requests, and mandatory responsible gaming communications.

11.4 php99 does not share your contact details with third parties for the purpose of those parties marketing their own products or services to you.

12 Children's Privacy

12.1 The php99 Platform is intended exclusively for persons aged twenty-one (21) years and above, in accordance with Philippine law and PAGCOR licensing requirements. php99 does not knowingly collect personal data from individuals under the age of 21.

12.2 If php99 discovers that personal data of a person under the age of 21 has been collected, it will take immediate steps to close the relevant account and delete the associated personal data in accordance with applicable law and PAGCOR direction.

12.3 If you believe that a person under the age of 21 has created a php99 account, please contact our support team immediately so that the account can be investigated and appropriate action taken.

13 Cross-Border Data Transfers

13.1 The primary data processing infrastructure for php99 is located within the Philippines. In certain circumstances, personal data may be transferred to or accessed by service providers located outside the Philippines — including cloud infrastructure providers, game software developers, and international fraud prevention services.

13.2 Where personal data is transferred outside the Philippines, php99 ensures that such transfers are conducted only:

To countries that provide an adequate level of data protection as recognized by the National Privacy Commission, or
Where appropriate contractual safeguards are in place — including Standard Contractual Clauses or equivalent binding data processing agreements — that impose obligations consistent with the Data Privacy Act of 2012, or
Where the transfer is necessary for the performance of your contract with php99 (for example, international payment processing).

13.3 php99 maintains records of all cross-border data transfers and the safeguards applicable to each, available for review by the National Privacy Commission upon request.

14 Regulatory Disclosures

14.1 As a PAGCOR-licensed online gaming operator, php99 is subject to mandatory data disclosure requirements that exist independently of your personal consent. Specifically:

php99 is required to share player transaction records with PAGCOR for audit and regulatory supervision purposes.
php99 is legally required to file Covered Transaction Reports (CTRs) and Suspicious Transaction Reports (STRs) with the Anti-Money Laundering Council (AMLC) in circumstances defined by RA 9160.
php99 must comply with lawful data requests from Philippine law enforcement agencies, courts of competent jurisdiction, and other authorized regulatory bodies.

14.2 php99 is legally prohibited from informing you when a suspicious transaction report has been filed with the AMLC in connection with your account. This confidentiality obligation is imposed by RA 9160 and is not a policy choice of php99.

14.3 php99 will disclose data in response to legal process only to the extent required by that process. Where lawfully permitted, php99 will seek to notify you of a disclosure obligation before complying with it.

15 Changes to This Privacy Policy

15.1 php99 reserves the right to update or amend this Privacy Policy at any time to reflect changes in applicable law, NPC guidance, PAGCOR requirements, or our data processing practices.

15.2 Where a change is material, php99 will notify registered Account Holders by SMS to their registered Philippine mobile number and/or by email, and will post a notice on the php99 Platform, at least seven (7) calendar days before the change takes effect.

15.3 The effective date displayed at the top of this document indicates the version currently in force. The current version of the Privacy Policy is always accessible at php99.org/privacy-policy.

15.4 Your continued use of the php99 Platform after the effective date of any material amendment constitutes your acceptance of the revised Privacy Policy. If you do not accept the revised Policy, you should cease using the Platform and contact our support team to request account closure.

16 Contact & Complaints

16.1 For any questions, concerns, or requests relating to this Privacy Policy or your personal data, you may contact the php99 Data Protection Officer and support team through the following channels:

Live Chat: Available on all pages of the php99 Platform, 24 hours a day, 7 days a week
Email: [email protected] — please include "Privacy Request" in the subject line for data rights requests
Operations Timezone: Philippines Standard Time (PHT, UTC+8)

16.2 php99 will acknowledge receipt of a privacy request within three (3) business days and will respond substantively within fifteen (15) working days, or within any shorter period required by NPC Circular.

16.3 If you are not satisfied with php99's response to a privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines. The NPC oversees compliance with the Data Privacy Act and provides a formal complaints resolution mechanism for data subjects.

Document Reference: php99 Privacy Policy — Effective 1 January 2026. This document supersedes all previous versions of the php99 Privacy Policy and forms part of your agreement with php99 alongside the Terms & Conditions and Responsible Gaming Policy.

Play with Confidence

Your Data Is Protected — Enjoy php99 Responsibly

php99 takes your privacy as seriously as your gaming experience. With PAGCOR regulation, RA 10173 compliance, and 256-bit encryption, your personal data is in good hands. Ready to play?

Explore php99 Casino Terms & Conditions

21+ only · PAGCOR regulated · RA 10173 compliant · Play responsibly

21+ Only — php99 is available exclusively to players aged 21 and above as required by Philippine law and PAGCOR licensing conditions. | Responsible Gaming | Terms & Conditions

php99 PrivacyPolicy