Privacy Policy

1. Introduction

php365 operates an online gaming platform accessible to Filipino players at php365.app. In the course of providing our services — including account registration, game access, payment processing, customer support, and promotional activities — we necessarily collect and process certain personal information about you.

We take our obligations under the Data Privacy Act of 2012 (DPA) seriously. This Policy is designed to be transparent about our data practices so that you can make informed decisions about your use of the php365 platform. If you have questions about anything in this Policy, please contact our Data Protection Officer (DPO) using the details in Section 13.

By registering a php365 account or using the Platform in any capacity, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.

2. Personal Data We Collect

2.1 Registration Data

When you create a php365 account, we collect:

• Full legal name
• Date of birth (to verify the 21+ age requirement)
• Residential address (including city, province, and postal code)
• Email address
• Mobile number
• Username and encrypted password

2.2 Identity Verification (KYC) Data

To comply with PAGCOR regulations and anti-money laundering (AML) requirements, we may request:

• Government-issued photo identification (e.g., Philippine passport, SSS ID, PhilSys National ID, driver's licence, UMID)
• Proof of residential address (e.g., utility bill, bank statement dated within 90 days)
• Proof of payment method ownership (e.g., screenshot of GCash or PayMaya account showing your name)
• Source of funds declaration for high-value accounts

2.3 Financial Data

When you make deposits or request withdrawals, we collect transaction records including amounts, timestamps, payment method references (e.g., GCash reference numbers, bank transaction IDs), and account balance history. We do not store full bank account numbers or complete debit card numbers on our servers.

2.4 Usage & Technical Data

We automatically collect certain technical data when you use the php365 Platform:

• IP address and approximate geolocation
• Device type, operating system, and browser version
• Session duration and login timestamps
• Pages visited, games played, and betting history
• Referral source (how you arrived at php365.app)

2.5 Communications Data

When you contact php365 customer support via live chat or email, we retain records of those communications, including the content of messages, timestamps, and the resolution of any issues raised. This data is used to improve our support quality and to maintain an accurate record of player interactions.

3. How We Use Your Personal Data

php365 uses your personal data for the following purposes:

Purpose	Data Used
Account creation and management	Registration data, KYC data
Identity verification and age confirmation (21+)	KYC data, date of birth
Processing deposits and withdrawals	Financial data, KYC data
Fraud prevention and AML compliance	All categories
Providing customer support	Registration data, communications data
Sending account notifications and security alerts	Email address, mobile number
Personalising your gaming experience	Usage data, betting history
Responsible gaming monitoring	Usage data, financial data
Regulatory reporting to PAGCOR	KYC data, financial data
Platform analytics and improvement	Technical data, usage data (aggregated)

php365 will not use your personal data for any purpose that is incompatible with the purposes listed above without first obtaining your explicit consent or as otherwise required by law.

4. Legal Basis for Processing

php365 processes your personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual necessity: Processing required to fulfil our obligations under the php365 Terms & Conditions, including account management, payment processing, and game provision.
• Legal obligation: Processing required to comply with PAGCOR regulations, AML laws, tax obligations, and other applicable Philippine legislation.
• Legitimate interests: Processing for fraud prevention, platform security, and responsible gaming monitoring, where these interests are not overridden by your rights.
• Consent: Processing for marketing communications and personalisation, where you have provided explicit consent. You may withdraw consent at any time by contacting our DPO.

5. Data Sharing & Disclosure

php365 does not sell your personal data to third parties. We may share your data with the following categories of recipients only to the extent necessary for the stated purpose:

• Payment processors: GCash, PayMaya, and partner banks receive transaction data necessary to process your deposits and withdrawals.
• KYC/AML service providers: Third-party identity verification platforms that assist us in meeting our regulatory obligations.
• Game software providers: Game studios and platform providers may receive anonymised or pseudonymised usage data for game performance and fairness auditing purposes.
• Regulatory authorities: PAGCOR and other competent Philippine government agencies, where disclosure is required by law or regulatory order.
• Law enforcement: Philippine law enforcement agencies, where disclosure is required by a valid legal process such as a court order or subpoena.
• IT and hosting providers: Cloud infrastructure and cybersecurity service providers who process data on our behalf under strict data processing agreements.

All third-party service providers engaged by php365 are contractually required to process personal data only in accordance with our instructions and to maintain appropriate security standards.

6. Data Retention

php365 retains personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following minimum retention periods:

• Account and KYC data: Retained for a minimum of five (5) years following account closure, as required by AML regulations.
• Financial transaction records: Retained for a minimum of five (5) years from the date of the transaction.
• Customer support communications: Retained for two (2) years from the date of the last interaction.
• Technical and usage logs: Retained for up to twelve (12) months, after which they are aggregated or deleted.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with our data disposal procedures.

7. Security Measures

php365 implements a range of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• SSL/TLS encryption: All data transmitted between your device and php365.app is encrypted using industry-standard TLS protocols.
• Password hashing: Account passwords are never stored in plain text. We use strong one-way hashing algorithms with salting to protect your credentials.
• Access controls: Access to personal data within php365 is restricted on a strict need-to-know basis. Staff with access to personal data are subject to confidentiality obligations.
• Two-factor authentication: php365 supports and encourages the use of two-factor authentication (2FA) on all player accounts.
• Regular security audits: Our platform and infrastructure undergo periodic security assessments and penetration testing by qualified third-party specialists.
• Data minimisation: We collect only the personal data that is strictly necessary for the stated purposes and do not retain data beyond the periods specified in Section 6.

While php365 takes all reasonable steps to protect your personal data, no online platform can guarantee absolute security. In the event of a personal data breach that is likely to result in harm to you, php365 will notify the National Privacy Commission (NPC) and affected players in accordance with the requirements of the Data Privacy Act of 2012.

8. Cookies & Tracking Technologies

php365 uses cookies and similar tracking technologies to operate and improve the Platform. A cookie is a small text file placed on your device when you visit php365.app. We use the following categories of cookies:

• Strictly necessary cookies: Essential for the Platform to function. These include session cookies that keep you logged in and security cookies that prevent fraudulent use. These cannot be disabled.
• Functional cookies: Remember your preferences such as language settings and display options to personalise your experience on php365.
• Analytics cookies: Collect anonymised data about how players use the Platform — such as which games are most popular and how long sessions last — to help us improve our services.
• Marketing cookies: Used to deliver relevant promotional content about php365 to you. These are only set with your consent.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the php365 Platform. For more information on managing cookies, refer to your browser's help documentation.

9. Your Data Privacy Rights

Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by php365:

• Right to be informed: You have the right to know what personal data php365 holds about you and how it is being processed.
• Right of access: You may request a copy of the personal data php365 holds about you at any time.
• Right to rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction.
• Right to erasure: You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations.
• Right to object: You have the right to object to the processing of your personal data for direct marketing purposes at any time.
• Right to data portability: You may request that php365 provide your personal data in a structured, commonly used, and machine-readable format.
• Right to lodge a complaint: If you believe php365 has violated your data privacy rights, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

To exercise any of the above rights, please contact our Data Protection Officer using the details provided in Section 13. php365 will respond to all verified data subject requests within fifteen (15) business days of receipt.

10. Children's Privacy

The php365 Platform is strictly intended for individuals who are 21 years of age or older, in accordance with Philippine gaming regulations. php365 does not knowingly collect personal data from individuals under the age of 21. If we become aware that personal data has been collected from an underage individual, we will immediately suspend the associated account and delete the data in question.

If you are a parent or guardian and believe that your child has registered on php365, please contact our support team immediately via live chat or by emailing our DPO so that we can take prompt action.

11. Cross-Border Data Transfers

php365 primarily stores and processes personal data within data centres located in Asia. In some cases, personal data may be transferred to and processed in countries outside the Philippines — for example, where we use cloud infrastructure or third-party service providers with operations in other jurisdictions.

Where such transfers occur, php365 ensures that appropriate safeguards are in place to protect your personal data, including contractual clauses that require the recipient to maintain data protection standards equivalent to those required under the Data Privacy Act of 2012. By using the php365 Platform, you consent to such transfers where they are necessary for the provision of our services.

12. Updates to This Policy

php365 may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or regulatory requirements. When we make material changes, we will notify you by posting a prominent notice on the php365 Platform and, where appropriate, by sending an email notification to your registered address.

The "Effective Date" at the top of this Policy indicates when the current version came into force. We encourage you to review this Policy periodically. Your continued use of the php365 Platform following the posting of an updated Policy constitutes your acceptance of the changes.

13. Contact & Data Protection Officer

If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by php365, please contact our designated Data Protection Officer:

• Data Protection Officer: php365 DPO
• Email: [email protected]
• Live Chat: Available 24/7 via the php365 Platform

For complaints that have not been resolved to your satisfaction by php365, you may contact the National Privacy Commission of the Philippines at privacy.gov.ph (please visit their official website directly for current contact details).