phgl Privacy
Policy

phgl takes the privacy and security of your personal data seriously. We operate as a PAGCOR-regulated online gaming platform serving Filipino players across Manila, Cebu, Davao, Quezon City, Makati, and throughout the Philippines. In doing so, we necessarily collect and process personal data about the players who register accounts and use our services.

This Privacy Policy has been prepared in compliance with the Philippine Data Privacy Act of 2012 (Republic Act 10173), its Implementing Rules and Regulations, and relevant issuances of the National Privacy Commission (NPC). It is intended to give you clear, honest information about how phgl handles your personal data — because you have a right to know, and we have an obligation to tell you.

Please read this Privacy Policy carefully. If you do not agree with how phgl processes your personal data as described herein, you should not register a phgl Account or use the phgl Platform. By creating a phgl Account, you acknowledge that you have read and understood this Privacy Policy.

For the purposes of the Philippine Data Privacy Act of 2012 and this Privacy Policy, the Personal Information Controller (PIC) responsible for your personal data is:

phgl has appointed a Data Protection Officer (DPO) in accordance with Section 21 of RA 10173. The DPO is responsible for ensuring phgl's compliance with data privacy obligations, responding to data subject requests, and serving as the point of contact for the National Privacy Commission.

phgl collects only personal data that is necessary for the specific purposes described in this Policy. We do not collect personal data excessively or without legitimate justification. The categories of personal data phgl collects are set out in the table below:

phgl collects personal data through the following channels:

• Direct Provision: You provide data directly to phgl when you register a phgl Account, submit KYC documents, make a deposit or withdrawal request, contact phgl support, or participate in a promotion.
• Automated Technical Collection: When you access and use the phgl Platform, technical data (IP address, device identifiers, session data) is automatically collected by phgl's servers and analytics infrastructure as a standard part of operating a web-based service.
• Payment Processors: When you make a deposit or withdrawal via GCash, Maya, or a Philippine bank, phgl receives transaction confirmation data from the relevant payment processor, including transaction reference numbers and amounts. phgl does not store full payment credentials.
• Identity Verification Partners: phgl may use authorized third-party KYC verification service providers to assist with identity document verification. These providers process identity data under phgl's instructions and are bound by confidentiality obligations.
• Cookies and Tracking Technologies: phgl uses cookies and similar technologies as described in Section 8 of this Policy to collect usage and technical data about how the Platform is accessed and used.

Under the Philippine Data Privacy Act of 2012, phgl processes your personal data on the following legal bases, as applicable to each processing activity:

• Contractual Necessity (Section 13(b), RA 10173): Processing of identity data, contact data, financial data, and gaming data is necessary for the performance of the contract between you and phgl — specifically, to operate your Account, process transactions, and provide gaming services.
• Legal Obligation (Section 13(c), RA 10173): Processing required for KYC verification, anti-money laundering reporting, and PAGCOR audit compliance is carried out to fulfil phgl's legal obligations under PAGCOR licensing conditions, the Anti-Money Laundering Act (RA 9160, as amended), and applicable PAGCOR issuances.
• Legitimate Interests (Section 13(f), RA 10173): Processing of technical data and usage data for fraud prevention, platform security, and analytics is carried out on the basis of phgl's legitimate interest in protecting the security and integrity of the Platform and its players.
• Consent (Section 13(a), RA 10173): Where phgl processes your personal data for optional purposes — such as sending you promotional SMS notifications or targeted marketing communications — we will seek your specific, informed, freely given consent. You may withdraw this consent at any time.

phgl uses your personal data for the following specific purposes:

• Account Management: Creating and maintaining your phgl Account, verifying your identity and age (21+), processing your login credentials and OTP authentication, and managing your Account settings and preferences.
• Service Delivery: Operating the phgl gaming platform, processing your wagers and game sessions, crediting winnings to your Account, calculating and displaying your balance, and providing access to all phgl game categories.
• Payment Processing: Processing your GCash, Maya, bank transfer, and USDT deposits and withdrawals; verifying that payment accounts are registered in your name; maintaining records of all financial transactions for regulatory and dispute resolution purposes.
• Regulatory Compliance: Conducting KYC verification as required by PAGCOR; complying with anti-money laundering (AML) and counter-terrorism financing (CTF) obligations; reporting suspicious transactions to the Anti-Money Laundering Council (AMLC) where legally required; retaining records as required by PAGCOR's licensing conditions.
• Responsible Gaming: Monitoring gaming behaviour to identify potential signs of problem gambling; enforcing deposit limits and self-exclusion elections; complying with PAGCOR's responsible gaming requirements.
• Security and Fraud Prevention: Detecting and preventing unauthorized Account access, fraudulent transactions, bonus abuse, multi-accounting, and other conduct prohibited under phgl's Terms and Conditions.
• Customer Support: Responding to your enquiries, resolving disputes and complaints, processing Account recovery requests, and maintaining records of support interactions for quality assurance.
• Communications (with consent): Sending you promotional offers, bonuses, and news about phgl via SMS or email — only where you have provided explicit consent and only until you withdraw that consent.
• Platform Improvement: Analysing aggregated, anonymised usage data to improve the phgl Platform's user experience, performance, and game offering.

phgl does not sell your personal data to third parties. phgl shares your personal data only in the following circumstances and only to the extent necessary for the relevant purpose:

• Payment Processors: GCash (Globe Fintech Innovations), Maya (PayMaya Philippines), Philippine banks (BPI, BDO, Metrobank), and cryptocurrency network validators — solely to process your deposit and withdrawal transactions.
• KYC Verification Providers: Authorized identity verification service providers engaged by phgl to assist with government ID document verification, subject to confidentiality obligations and processing only under phgl's instructions.
• Game Providers: Certified game technology providers (including JILI, PG Soft, Pragmatic Play, Evolution Gaming, and others) may receive your Account identifier and session data as necessary to deliver game sessions. Game providers do not receive your identity documents, financial account details, or contact information.
• Regulatory and Law Enforcement Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Bureau of Investigation (NBI), or other Philippine government authorities — where phgl is legally required to disclose data by law, court order, or regulatory requirement.
• Professional Advisers: Legal counsel, auditors, and compliance consultants engaged by phgl — under strict confidentiality obligations and only to the extent necessary for the relevant engagement.
• Business Transfers: In the event of a merger, acquisition, or sale of phgl's business or assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections as set out in this Policy.

phgl uses cookies and similar tracking technologies (local storage, session storage, pixel tags) on the phgl Platform. These technologies serve the following purposes:

• Essential Cookies: Strictly necessary for the operation of the phgl Platform — including maintaining your login session, preventing CSRF attacks, and enabling the game lobby to function. These cannot be disabled without breaking Platform functionality.
• Security Cookies: Used to detect and prevent fraudulent access attempts, identify unusual login patterns, and support phgl's device fingerprinting for Account security purposes.
• Performance and Analytics Cookies: Used to collect aggregated data about how players navigate the phgl Platform, which pages are most visited, and where players encounter difficulties. This data is used to improve the Platform. Where analytics tools are used, data is processed in aggregated, anonymised form where possible.
• Preference Cookies: Used to remember your settings and preferences on the phgl Platform, such as your preferred language, game lobby view, and notification preferences.

You may control non-essential cookies through your browser settings. Note that disabling essential or security cookies will prevent you from logging in and using the phgl Platform. phgl does not use third-party advertising cookies or behavioural tracking cookies for cross-site advertising purposes.

phgl retains your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable Philippine law and PAGCOR regulations. The general retention periods applied by phgl are as follows:

After the applicable retention period, personal data is securely deleted or anonymised in accordance with phgl's data destruction procedures. Where anonymisation is applied, the resulting anonymised data set may be retained indefinitely for analytical purposes as it no longer constitutes personal data under RA 10173.

phgl implements appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption in Transit: All data transmitted between your device and phgl's servers is encrypted using TLS 1.3. The phgl Platform is served exclusively over HTTPS, enforced via HTTP Strict Transport Security (HSTS).
• Encryption at Rest: Sensitive personal data — including government ID images, financial account numbers, and KYC documents — is encrypted at rest using industry-standard AES-256 encryption.
• Access Controls: Access to personal data within phgl's systems is restricted on a need-to-know basis. Personnel with access to sensitive personal information are subject to background checks, confidentiality obligations, and regular access reviews.
• Data Minimization: phgl collects and retains only personal data that is necessary for the specified purposes. Payment card data is not stored by phgl — payment processing is handled by PCI-DSS compliant payment processors.
• Incident Response: phgl maintains a documented Personal Data Breach Response Protocol. In the event of a data breach that is likely to give rise to a real risk of harm to affected individuals, phgl will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay, as required by NPC Circular 16-03.

The Philippine Data Privacy Act of 2012 grants you specific rights with respect to your personal data. phgl is committed to facilitating the exercise of these rights. Your rights are as follows:

To exercise any of the rights above, contact phgl's Data Protection Officer at [email protected]. phgl will respond to verified data subject requests within thirty (30) calendar days of receipt, as required by NPC regulations. Identity verification will be required before phgl processes any data subject request, to protect your data from unauthorized access.

The phgl Platform is strictly restricted to persons aged 21 years and above, in accordance with PAGCOR's licensing conditions for online casino gaming in the Philippines. phgl does not knowingly collect personal data from any person under the age of 21.

As part of the phgl Account registration and KYC verification process, phgl verifies the age of each Account applicant using government-issued identification. Accounts found to have been registered by persons under 21 years of age will be immediately suspended and all personal data associated with the Account will be processed only to the extent necessary to fulfil phgl's legal obligations, including reporting to PAGCOR where required.

phgl primarily processes and stores personal data within the Philippines. In limited circumstances, personal data may be transferred to or processed by third-party service providers located in other countries — for example, where a certified game technology provider operates data centres outside the Philippines, or where phgl uses internationally-hosted KYC verification infrastructure.

Where cross-border data transfers occur, phgl ensures that appropriate safeguards are in place as required by Section 21 of RA 10173 and relevant NPC guidelines. These safeguards may include contractual clauses binding the recipient to data protection standards equivalent to those required under Philippine law, or reliance on an adequacy determination where applicable.

phgl maintains a record of all cross-border data transfers and the safeguards applied. You may request information about cross-border transfers of your personal data by contacting phgl's Data Protection Officer.

phgl reserves the right to amend this Privacy Policy at any time to reflect changes in applicable Philippine privacy law, NPC issuances, PAGCOR regulatory requirements, changes in phgl's data processing activities, or other legitimate business reasons.

Material amendments — meaning changes that significantly affect your privacy rights or phgl's data processing activities — will be communicated to registered phgl Account holders via SMS or in-Platform notification at least seven (7) calendar days before the amended Policy takes effect. Non-material amendments, such as typographical corrections or clarifications that do not change the substance of phgl's data processing practices, may be made without advance notice.

The current version of this Privacy Policy, including its effective date, is always available at phgl.one/privacy-policy. Your continued use of the phgl Platform following the effective date of any amendment constitutes your acknowledgment of the amended Privacy Policy.

For all privacy-related enquiries, data subject rights requests, complaints, or concerns about how phgl handles your personal data, please contact phgl's Data Protection Officer:

If you are not satisfied with phgl's response to your data privacy concern, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. The NPC is the supervisory authority responsible for the enforcement of RA 10173 in the Philippines.

This Privacy Policy was last reviewed and updated on January 1, 2026. phgl reserves all rights not expressly granted herein. This document is governed by the laws of the Republic of the Philippines.