Last Updated: May 2026
Scope of This Policy: This Privacy Policy applies to all personal data collected by phtayacom through the phtayacom website, mobile platform, customer support channels, and any related services. By registering an account or using phtayacom, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.
01 Introduction
phtayacom ("phtayacom," "we," "us," "our") is committed to protecting the privacy and personal data of all players and visitors who use our platform. We take our obligations under the Republic Act No. 10173 — Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations seriously, and we process personal data only in accordance with the principles of transparency, legitimate purpose, and proportionality.
This Privacy Policy describes the types of personal information phtayacom collects, the purposes for which it is processed, the parties with whom it may be shared, the security measures we apply to protect it, and the rights available to you as a data subject under Philippine law.
phtayacom acts as the Personal Information Controller (PIC) for all personal data collected through the platform. Where third-party service providers process data on our behalf, they act as Personal Information Processors (PIPs) and are bound by data processing agreements consistent with the DPA.
02 Data We Collect
phtayacom collects personal data through several channels — directly from you during registration and account use, automatically through your interaction with the platform, and from third parties such as payment processors and identity verification services. The categories of data we collect include:
| Category |
Examples |
Source |
| Identity Data |
Full legal name, date of birth, nationality, government-issued ID number (PhilSys, passport, driver's license, UMID) |
Provided by you during registration and KYC |
| Contact Data |
Email address, mobile number, residential address (city, province, barangay) |
Provided by you during registration |
| Financial Data |
GCash number, PayMaya account, bank account details (BPI, BDO, Metrobank), transaction history, deposit and withdrawal records |
Provided by you; collected via payment processors |
| Gaming Data |
Game history, bet amounts, win/loss records, session durations, responsible gaming settings |
Automatically generated by platform activity |
| Technical Data |
IP address, device type, browser type and version, operating system, screen resolution, time zone |
Automatically collected via cookies and server logs |
| Usage Data |
Pages visited, features used, click patterns, session timestamps, referral source |
Automatically collected via analytics tools |
| Communications Data |
Support chat transcripts, email correspondence, feedback submissions |
Collected when you contact phtayacom support |
Sensitive Personal Information: phtayacom may collect sensitive personal information as defined under the DPA — including government ID numbers and financial account details — solely for the purposes of identity verification, fraud prevention, and regulatory compliance. Such data is handled with heightened security controls and is never used for marketing purposes.
03 How We Use Your Data
phtayacom processes your personal data only for specific, legitimate purposes. We do not sell your personal data to third parties. The primary purposes for which we use your data are:
- Account Management: To create, maintain, and administer your phtayacom account, including verifying your identity and age during registration and KYC.
- Service Delivery: To provide access to games, process bets, calculate and pay out winnings, and manage your phtayacom wallet balance.
- Payment Processing: To facilitate deposits and withdrawals via GCash, PayMaya, BPI, BDO, Metrobank, Visa, and Mastercard, and to verify the ownership of payment methods.
- Regulatory Compliance: To fulfill our obligations under PAGCOR regulations, the Anti-Money Laundering Act (AMLA), and the Data Privacy Act of 2012, including transaction monitoring and suspicious activity reporting.
- Fraud Prevention and Security: To detect, investigate, and prevent fraudulent activity, unauthorized account access, collusion, and other prohibited conduct.
- Responsible Gaming: To monitor gaming behavior, enforce deposit and loss limits, process self-exclusion requests, and identify players who may be at risk of problem gambling.
- Customer Support: To respond to your inquiries, resolve disputes, and improve the quality of our support services.
- Platform Improvement: To analyze usage patterns, conduct A/B testing, and improve the performance, design, and features of the phtayacom platform.
- Marketing Communications: To send you promotional offers, bonus notifications, and platform updates — only where you have provided consent or where we have a legitimate interest, and always with an easy opt-out option.
04 Legal Basis for Processing
Under the Data Privacy Act of 2012, phtayacom processes your personal data on the following legal bases:
- Contractual Necessity:
Processing your account registration, deposits, withdrawals, and game participation requires handling your personal data as an essential part of delivering the phtayacom service.
- Legal Obligation: Certain processing activities — including KYC verification, AML transaction monitoring, and age verification — are required by Philippine law and PAGCOR regulations, regardless of your consent.
- Legitimate Interests: phtayacom processes some data on the basis of legitimate interests, including fraud detection, platform security, and improving our services, provided these interests are not overridden by your rights and freedoms.
- Consent: Where we send you direct marketing communications or use non-essential cookies, we rely on your explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.
05 Data Sharing & Disclosure
phtayacom does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share your data only in the following circumstances and only to the extent necessary:
- Payment Processors: GCash, PayMaya, BPI, BDO, Metrobank, Visa, and Mastercard receive transaction data necessary to process your deposits and withdrawals.
- Identity Verification Providers: Third-party KYC and age verification services receive identity documents and biometric data solely for the purpose of verifying your eligibility to use phtayacom.
- Regulatory Authorities: phtayacom is required by law to disclose certain data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine government authorities upon lawful request.
- Technology and Hosting Providers: Cloud infrastructure, database, and platform technology providers who process data on our behalf under strict data processing agreements.
- Fraud Prevention Networks: Industry fraud prevention services that help identify and block fraudulent accounts and transactions across the online gaming sector.
- Professional Advisors: Legal counsel, auditors, and compliance consultants who are bound by professional confidentiality obligations.
No Unauthorized Disclosure: phtayacom will never disclose your personal data to unauthorized third parties, other players, or any party not listed above. Any employee or contractor who accesses personal data without authorization is subject to disciplinary action and may face legal liability under the DPA.
06 Cookies & Tracking Technologies
phtayacom uses cookies and similar tracking technologies to operate the platform, remember your preferences, analyze usage, and deliver relevant content. The types of cookies we use include:
- Strictly Necessary Cookies: Essential for the platform to function. These include session authentication cookies, security tokens, and load-balancing cookies. They cannot be disabled without breaking core platform functionality.
- Functional Cookies: Remember your preferences such as language settings, display options, and responsible gaming limits you have set.
- Analytics Cookies: Collect anonymized data about how players use phtayacom — which pages are visited most, where players drop off, and how features are used — to help us improve the platform.
- Marketing Cookies: Used only with your consent to track your interaction with phtayacom promotions and deliver relevant bonus offers. You may opt out at any time via your account settings.
You can manage your cookie preferences through your browser settings. Note that disabling strictly necessary cookies will impair your ability to use phtayacom. For analytics and marketing cookies, you may withdraw consent at any time without affecting your account access.
07 Data Retention
phtayacom retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our standard retention periods are as follows:
- Account and Identity Data: Retained for the duration of your account and for a minimum of 5 years after account closure, in compliance with PAGCOR and AMLC record-keeping requirements.
- Financial Transaction Records: Retained for a minimum of 5 years from the date of each transaction, as required by the Anti-Money Laundering Act.
- Gaming History: Retained for 3 years from the date of each gaming session, or longer if required for dispute resolution or regulatory investigation.
- Support Communications: Retained for 2 years from the date of the last interaction, unless the matter is subject to ongoing legal proceedings.
- Marketing Consent Records: Retained for the duration of your consent and for 1 year after withdrawal of consent, as evidence of compliance.
Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with phtayacom's data disposal procedures.
08 Data Security
phtayacom implements industry-standard technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, and destruction. Our security framework includes:
- Transport Layer Security (TLS 1.2 or higher) encryption for all data transmitted between your device and phtayacom servers.
- AES-256 encryption for sensitive data stored in our databases, including financial account details and government ID numbers.
- Multi-factor authentication (MFA) for all phtayacom staff who access personal data systems.
- Role-based access controls ensuring that employees can only access personal data necessary for their specific job function.
- Regular penetration testing and vulnerability assessments conducted by independent security firms.
- 24/7 security monitoring and intrusion detection systems on all production infrastructure.
Data Breach Response: In the event of a personal data breach that poses a real risk of serious harm to affected players, phtayacom will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, and will notify affected players without undue delay, in accordance with NPC Circular 16-03.
09 Your Data Subject Rights
Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phtayacom. To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond within 15 business days of receiving a verified request.
📋
Right to Be Informed
You have the right to know what personal data phtayacom collects about you, why it is collected, and how it is used — which is the purpose of this Privacy Policy.
🔍
Right to Access
You may request a copy of the personal data phtayacom holds about you, including your account data, transaction history, and gaming records.
✏️
Right to Rectification
If any personal data phtayacom holds about you is inaccurate or incomplete, you have the right to request correction. Some corrections may require supporting documentation.
🗑️
Right to Erasure
You may request deletion of your personal data where it is no longer necessary for the purposes collected, subject to phtayacom's legal retention obligations under PAGCOR and AMLC rules.
🚫
Right to Object
You may object to the processing of your personal data for direct marketing purposes at any time. You may also object to processing based on legitimate interests where your rights override those interests.
📦
Right to Data Portability
You may request your personal data in a structured, commonly used, machine-readable format for transfer to another service provider, where technically feasible.
10 Children's Privacy
phtayacom is strictly an adult platform. In accordance with Philippine law and PAGCOR regulations, phtayacom does not knowingly collect personal data from individuals under the age of 21 years. Age verification is conducted during the registration and KYC process for all new accounts.
If phtayacom becomes aware that personal data has been collected from a person under 21 years of age, the account will be immediately suspended, all data will be deleted to the extent permitted by law, and the matter will be reported to the relevant authorities where required. If you believe a minor has registered on phtayacom, please contact us immediately at [email protected].
11 Cross-Border Data Transfers
phtayacom primarily stores and processes personal data within the Philippines. Where it is necessary to transfer personal data to service providers or infrastructure located outside the Philippines — for example, cloud hosting or fraud prevention services — phtayacom ensures that such transfers comply with Section 21 of the Data Privacy Act and NPC guidelines on cross-border data transfers.
Specifically, phtayacom requires that all recipients of cross-border data transfers provide an adequate level of data protection through contractual safeguards, including standard data protection clauses approved by the NPC, or by operating in a jurisdiction recognized as providing adequate protection under Philippine law.
12 Updates to This Privacy Policy
phtayacom may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or regulatory requirements. Material changes will be communicated to registered players via email or a prominent notice on the phtayacom platform at least seven (7) days before taking effect.
The "Last Updated" date at the top of this page indicates when the most recent revision was made. We encourage you to review this Privacy Policy periodically. Your continued use of phtayacom after any update constitutes your acknowledgment of the revised policy.
13 Contact & Data Protection Officer
phtayacom has appointed a Data Protection Officer (DPO) in accordance with Section 21(c) of the Data Privacy Act of 2012. If you have any questions, concerns, or complaints regarding this Privacy Policy or the handling of your personal data, please contact our DPO:
phtayacom Data Protection Officer
Email:
[email protected]
Subject line:
Data Privacy Request — [Your Full Name]
Response time: Within 15 business days of receipt of a verified request
If you are not satisfied with phtayacom's response to your privacy concern, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines, which is the supervisory authority responsible for enforcing the Data Privacy Act of 2012.