Your Privacy Matters: At phhoy, we handle your personal data with the same care we put into our games. This Privacy Policy is written to be clear and honest. By using the phhoy platform, you agree to the data practices described here. If you have questions at any point, our support team is available 24/7.
1. Introduction
This Privacy Policy ("Policy") describes how phhoy ("phhoy," "we," "us," or "our") collects, uses, stores, discloses, and protects the personal information of users ("you," "Player," or "User") who access or use the phhoy online gaming platform available at https://phhoy.com (the "Platform").
phhoy operates in the Philippines and serves Filipino players across Metro Manila, Cebu, Davao, Quezon City, Makati, and beyond. We are committed to complying with applicable Philippine data privacy laws, including the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as administered by the National Privacy Commission (NPC).
This Policy applies to all personal information collected through the Platform, including information provided during registration, account use, customer support interactions, and any other engagement with phhoy's services. Please read this Policy carefully. If you do not agree with the practices described herein, you should not use the Platform.
This Policy should be read together with our Terms & Conditions, which govern your overall use of phhoy.
2. Personal Data We Collect
phhoy collects personal data that is necessary to provide you with a safe, compliant, and enjoyable gaming experience. The categories of personal data we collect include:
2.1 Identity & Contact Information
- Full legal name
- Date of birth (to verify the 21+ age requirement)
- Gender
- Nationality and country of residence
- Residential address (including barangay, city, province, and ZIP code)
- Email address
- Mobile phone number
2.2 Identity Verification Documents
- Copies of government-issued identification (e.g., Philippine passport, driver's license, SSS/UMID card, PhilSys National ID, Voter's ID)
- Proof of address documents (e.g., utility bills, bank statements)
- Selfie or live photo for biometric verification purposes
2.3 Financial Information
- GCash or PayMaya account details (mobile number linked to the e-wallet)
- Bank account details for BPI, BDO, Metrobank, or other linked banks
- Payment card details (card number, expiry — stored in tokenized form only)
- Transaction history, including deposits, withdrawals, and bonus credits
- Source of funds declarations where required by AML regulations
2.4 Gaming Activity Data
- Game history, including bets placed, games played, wins, and losses
- Session duration and frequency of play
- Bonus and promotion usage history
- Responsible gaming tool settings (deposit limits, self-exclusion status)
2.5 Technical & Device Data
- IP address and approximate geolocation
- Device type, operating system, and browser type
- Unique device identifiers
- Log data, including access times, pages viewed, and error reports
2.6 Communications Data
- Records of customer support interactions (live chat transcripts, email correspondence)
- Survey responses and feedback submitted to phhoy
- Marketing preferences and communication opt-in/opt-out records
3. How We Collect Your Data
phhoy collects personal data through the following means:
- Directly from you: When you register an account, complete KYC verification, make a deposit or withdrawal, contact customer support, or participate in promotions.
- Automatically: Through cookies, web beacons, and similar tracking technologies when you browse or use the Platform. See Section 7 (Cookies & Tracking) for more details.
- From third parties: From identity verification service providers, payment processors (such as GCash, PayMaya, and banking partners), fraud detection services, and analytics providers — all of whom are bound by confidentiality obligations.
- From public sources: Publicly available information such as sanctions lists, politically exposed persons (PEP) databases, and adverse media sources, as required for AML compliance.
4. How We Use Your Personal Data
phhoy uses your personal data only for legitimate, specified purposes. The table below summarizes the primary purposes for which we process your data:
| Purpose | Description |
|---|---|
| Account Management | Creating, maintaining, and securing your phhoy account; verifying your identity and age (21+). |
| Service Delivery | Processing deposits and withdrawals; providing access to games and promotions; delivering customer support. |
| Legal & Regulatory Compliance | Fulfilling KYC, AML, and CTF obligations; responding to requests from regulatory authorities including PAGCOR and the NPC. |
| Fraud Prevention & Security | Detecting and preventing fraudulent activity, unauthorized account access, and cheating. |
| Responsible Gaming | Monitoring gaming behavior to identify problem gambling indicators; enforcing self-exclusion and deposit limit settings. |
| Marketing & Personalization | Sending promotional offers, bonus notifications, and personalized game recommendations — only where you have consented. |
| Platform Improvement | Analyzing usage patterns to improve the Platform's performance, design, and game offerings. |
| Dispute Resolution | Investigating and resolving complaints, disputes, and legal claims involving your account. |
phhoy will not use your personal data for any purpose that is incompatible with the purposes listed above without first obtaining your consent or as otherwise permitted by law.
5. Legal Basis for Processing
Under the Data Privacy Act of 2012, phhoy processes your personal data on the following legal bases:
- Contractual necessity: Processing required to perform our contract with you — including account registration, game access, and payment processing.
- Legal obligation: Processing required to comply with applicable laws and regulations, including AML, KYC, and gaming regulatory requirements.
- Legitimate interests: Processing necessary for phhoy's legitimate business interests, such as fraud prevention, platform security, and service improvement — provided these interests are not overridden by your rights.
- Consent: Processing based on your freely given, specific, and informed consent — primarily for marketing communications and optional personalization features. You may withdraw consent at any time.
6. Sharing Your Personal Data
phhoy does not sell your personal data to third parties. We may share your data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data protection safeguards:
6.1 Service Providers
Third-party vendors who assist phhoy in delivering its services, including payment processors (GCash, PayMaya, BPI, BDO, Metrobank), identity verification providers, cloud hosting providers, customer support platforms, and analytics services. All service providers are contractually bound to process your data only on phhoy's instructions and in accordance with applicable privacy laws.
6.2 Regulatory & Law Enforcement Authorities
phhoy may disclose your personal data to PAGCOR, the National Privacy Commission, the Anti-Money Laundering Council (AMLC), law enforcement agencies, or other government bodies where required by law, court order, or regulatory directive.
6.3 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of all or part of phhoy's business, your personal data may be transferred to the relevant successor entity. You will be notified of any such transfer.
6.4 Fraud Prevention Networks
phhoy participates in industry fraud prevention networks and may share limited data (such as device identifiers and transaction patterns) with other gaming operators to detect and prevent coordinated fraud and bonus abuse.
No Data Sales: phhoy will never sell, rent, or lease your personal data to third parties for their own marketing purposes. Any data sharing is strictly limited to the purposes described in this Policy.
7. Cookies & Tracking Technologies
phhoy uses cookies, web beacons, and similar tracking technologies to enhance your experience on the Platform. Cookies are small text files stored on your device that allow us to recognize you, remember your preferences, and analyze how you use the Platform.
7.1 Types of Cookies We Use
- Essential Cookies: Required for the Platform to function properly. These cookies enable core features such as account login, session management, and secure transactions. You cannot opt out of essential cookies.
- Performance Cookies: Collect anonymous data about how visitors use the Platform, including which pages are visited most often and whether error messages are displayed. This helps us improve the Platform's performance.
- Functionality Cookies: Remember your preferences (such as language settings and display options) to provide a more personalized experience.
- Marketing Cookies: Track your activity across the Platform to deliver targeted promotions and measure the effectiveness of marketing campaigns. These cookies require your consent.
7.2 Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies, though doing so may affect the functionality of the Platform. To learn more about managing cookies, visit your browser's help section.
8. Data Retention
phhoy retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods include:
- Account data: Retained for the duration of your active account, plus seven (7) years following account closure, as required by Philippine AML regulations.
- Transaction records: Retained for seven (7) years from the date of the transaction, in accordance with financial record-keeping requirements.
- KYC documents: Retained for seven (7) years following account closure or the end of the business relationship.
- Marketing data: Retained until you withdraw consent or request deletion, whichever comes first.
- Technical logs: Retained for up to twelve (12) months for security and troubleshooting purposes.
After the applicable retention period expires, phhoy will securely delete or anonymize your personal data in accordance with industry best practices.
9. Data Security
phhoy takes the security of your personal data seriously and employs industry-standard technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction. Our security measures include:
- Encryption: All data transmitted between your device and phhoy's servers is encrypted using 256-bit SSL/TLS encryption.
- Secure storage: Personal data is stored on secure servers located in certified data centers with restricted physical and logical access controls.
- Access controls: Only authorized phhoy personnel with a legitimate business need can access your personal data, and all access is logged and monitored.
- Regular audits: phhoy conducts regular security audits and vulnerability assessments to identify and address potential risks.
- Incident response: phhoy maintains an incident response plan to quickly detect, contain, and remediate any data breaches.
While phhoy implements robust security measures, no system is completely immune to attack. You are responsible for maintaining the confidentiality of your account credentials and for notifying phhoy immediately if you suspect unauthorized access to your account.
10. Your Privacy Rights
Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data:
- Right to be informed: You have the right to know what personal data phhoy collects, how it is used, and with whom it is shared.
- Right of access: You may request a copy of the personal data phhoy holds about you.
- Right to rectification: You may request correction of inaccurate or incomplete personal data.
- Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
- Right to object: You may object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
- Right to data portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
- Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time.
To exercise any of these rights, please contact phhoy's Data Protection Officer using the contact details provided in Section 15. phhoy will respond to your request within fifteen (15) days, or as otherwise required by law. Note that certain requests may be subject to identity verification to protect your data from unauthorized access.
11. Protection of Minors
phhoy strictly prohibits the use of its Platform by persons under the age of 21. We do not knowingly collect personal data from minors. If phhoy becomes aware that a user is under 21 years of age, we will immediately suspend the account, void any winnings, and delete all associated personal data (except as required for regulatory reporting purposes).
If you are a parent or guardian and believe that your child has provided personal data to phhoy, please contact us immediately at [email protected] so that we can take appropriate action.
12. International Data Transfers
phhoy primarily stores and processes personal data within the Philippines. However, some of our service providers (such as cloud hosting and analytics providers) may be located outside the Philippines. Where personal data is transferred internationally, phhoy ensures that appropriate safeguards are in place, including:
- Standard contractual clauses approved by the National Privacy Commission
- Adequacy determinations recognizing equivalent data protection standards in the recipient country
- Binding corporate rules for intra-group transfers
By using the phhoy Platform, you consent to the transfer of your personal data to jurisdictions outside the Philippines where necessary to provide our services, subject to the safeguards described above.
13. Third-Party Services & Links
The phhoy Platform may contain links to third-party websites, services, or applications (such as payment processors or social media platforms). This Privacy Policy applies only to phhoy's own data practices. phhoy is not responsible for the privacy practices of third-party services, and we encourage you to review their privacy policies before providing any personal data.
When you use third-party payment methods such as GCash, PayMaya, BPI, or BDO to fund your phhoy account, those providers may collect and process your data in accordance with their own privacy policies. phhoy receives only the minimum data necessary to process your transaction.
14. Changes to This Privacy Policy
phhoy reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When material changes are made, phhoy will notify you via email or through a prominent notice on the Platform at least thirty (30) days before the changes take effect.
The date of the most recent revision is always displayed at the top of this Policy. Your continued use of the Platform after any changes have been posted constitutes your acceptance of the revised Policy. If you do not agree with the updated Policy, you must cease using the Platform and may request account closure.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or phhoy's data practices, please contact our Data Protection Officer:
Data Protection Officer
phhoy Online Gaming Platform
Email: [email protected]
General Support Email: [email protected]
Live Chat: Available 24/7 on the phhoy Platform
Response Time: We aim to respond to all privacy inquiries within 15 days.
You also have the right to lodge a complaint with the National Privacy Commission (NPC) if you believe phhoy has violated your data privacy rights. For more information, visit the NPC website or contact them directly.