phpera Privacy Policy

1. Identity of the Personal Information Controller

The Personal Information Controller (PIC) responsible for processing your personal data is phpera, the operator of phpera.app. phpera has designated a Data Protection Officer (DPO) as required under Section 21 of RA 10173. The DPO may be contacted via the details set out in Section 13 of this Policy. phpera's processing activities are registered with the National Privacy Commission where required under NPC Registration Regulations.

2. Personal Data We Collect

phpera collects personal data in the following categories, depending on how you interact with the Platform:

1. 2.1 Registration Data — Philippine mobile number, email address, chosen username, and date of birth. This data is mandatory for account creation.
2. 2.2 Identity Verification (KYC) Data — Full legal name, date of birth, nationality, and a copy of a valid Philippine government-issued identification document (PhilSys National ID, passport, driver's license, SSS ID, UMID, or equivalent). KYC data is required before phpera processes any withdrawal.
3. 2.3 Financial Data — Payment method details including GCash account number or mobile number, Maya account details, bank account numbers (BPI, BDO, UnionBank), and cryptocurrency wallet addresses (USDT TRC20). phpera does not store credit or debit card numbers on its own servers.
4. 2.4 Transaction Data — Records of all deposits, withdrawals, bets placed, games played, winnings, and bonus usage on your phpera account.
5. 2.5 Technical Data — IP address, device type, operating system, browser type and version, session timestamps, and geolocation data (country/region level) collected automatically when you access the Platform.
6. 2.6 Communication Data — Records of your interactions with phpera's customer support team via live chat, email, or other channels, including the content of communications.
7. 2.7 Responsible Gaming Data — Self-exclusion requests, deposit limit settings, loss limit settings, and any disclosures you make to phpera in the context of responsible gaming support.

3. How phpera Uses Your Personal Data

phpera processes your personal data for the following purposes:

• Account management — creating, maintaining, and administering your phpera account, including processing your phpera login, verifying your identity, and managing your wallet balance.
• Transaction processing — processing deposits via GCash, Maya, BPI, BDO, UnionBank, 7-Eleven Cliqq, USDT TRC20, and Coins.ph, and processing withdrawals to your registered payment method.
• KYC and regulatory compliance — verifying your identity and age (21+) as required by PAGCOR regulations and conducting anti-money laundering checks as required by RA 9160 (Anti-Money Laundering Act) and AMLC regulations.
• Game delivery and fairness — delivering game content, recording bets and outcomes, resolving disputes, and ensuring the integrity of games played on phpera.
• Customer support — responding to your support requests, resolving account issues, and communicating about your phpera account.
• Fraud prevention and security — detecting, investigating, and preventing unauthorized account access, bonus abuse, money laundering, and other prohibited conduct.
• Responsible gaming — implementing deposit limits, session limits, self-exclusion, and other responsible gaming tools requested by or applied to your account.
• Legal obligations — complying with applicable Philippine laws, regulations, and lawful orders of courts or government authorities including PAGCOR and AMLC.
• Platform improvement — analyzing aggregated and anonymized Platform usage data to improve phpera's features, game selection, and user experience.
• Marketing communications — sending you promotional offers, bonus notifications, and gaming updates via SMS or email, subject to your communication preferences. You may opt out at any time.

4. Legal Bases for Processing

1. 4.1 Contract performance — processing necessary to perform phpera's contractual obligations to you under the Terms and Conditions, including account management, game delivery, and payment processing.
2. 4.2 Legal obligation — processing required for compliance with Philippine laws including RA 10173, RA 9160 (AMLA), PAGCOR regulations, and any lawful court or government order.
3. 4.3 Legitimate interests — processing necessary for phpera's legitimate interests in fraud prevention, security monitoring, platform improvement, and responsible gaming enforcement, where these interests are not overridden by your privacy rights.
4. 4.4 Consent — processing for marketing communications, where we rely on your consent. You may withdraw consent at any time by updating your communication preferences in your phpera account settings or by contacting support.

5. Data Sharing and Disclosure

phpera does not sell your personal data. phpera may share personal data with the following categories of recipients, strictly for the purposes described in this Policy:

• Payment service providers — GCash (Globe Fintech Innovations), Maya (Voyager Innovations), BPI, BDO, UnionBank, and other payment processors, for the purpose of processing your deposits and withdrawals.
• KYC verification providers — third-party identity verification services engaged by phpera to conduct KYC checks, under strict contractual data processing agreements.
• Game studios and providers — licensed game providers whose games are available on phpera (including Jili Games, PG Soft, Pragmatic Play, and evolution gaming studios for live dealer tables), to the extent necessary for game delivery and dispute resolution.
• Fraud prevention and security services — third-party fraud detection and cybersecurity service providers engaged by phpera under contractual data processing obligations.
• Regulatory and law enforcement authorities — PAGCOR, AMLC, the National Privacy Commission (NPC), Philippine National Police (PNP), NBI, and other competent Philippine authorities where disclosure is required by law, court order, or regulatory directive.
• Professional advisers — lawyers, auditors, and other professional advisers engaged by phpera, subject to professional confidentiality obligations.

6. International Data Transfers

1. 6.1 Some of phpera's service providers (including game studios and certain technical infrastructure providers) may be located outside the Philippines. Where personal data is transferred to recipients outside the Philippines, phpera ensures that appropriate safeguards are in place as required by NPC regulations, including contractual clauses that provide an equivalent level of data protection to that afforded under RA 10173.
2. 6.2 By using the Platform and accepting this Policy, you acknowledge and consent to such transfers where necessary for phpera to provide its services to you.

7. Data Security

1. 7.1 phpera implements technical and organizational security measures appropriate to the risk presented by the processing of your personal data, including: 256-bit SSL/TLS encryption for data in transit; AES-256 encryption for sensitive data at rest; role-based access controls limiting staff access to personal data on a need-to-know basis; regular penetration testing and vulnerability assessments by independent third parties; and multi-factor authentication for phpera staff accessing production systems.
2. 7.2 In the event of a personal data breach that is reasonably likely to result in serious harm to affected data subjects, phpera will notify the NPC within seventy-two (72) hours of becoming aware of the breach, and will notify affected Players without undue delay, as required by RA 10173 and NPC Circular 16-03.
3. 7.3 While phpera takes all reasonable steps to protect your personal data, no security system is impenetrable. phpera cannot guarantee absolute security against all possible threats. You are also responsible for maintaining the security of your phpera account credentials.

8. Data Retention

1. 8.1 phpera retains personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable law.
2. 8.2 Transaction records and KYC documentation are retained for a minimum of five (5) years following the end of the relevant transaction or business relationship, as required by RA 9160 (AMLA) and AMLC implementing regulations.
3. 8.3 Account data for active phpera accounts is retained for the duration of the account relationship. Upon account closure, phpera will delete or anonymize personal data within a reasonable period, subject to the retention obligations in clause 8.2 and any other applicable legal retention requirements.
4. 8.4 Self-exclusion records are retained for a minimum period sufficient to prevent a self-excluded player from re-registering during the exclusion period, even after the exclusion has been lifted.

9. Cookies and Tracking Technologies

1. 9.1 phpera uses the following categories of cookies and similar technologies on the Platform: Strictly necessary cookies (required for phpera login session management, security, and basic Platform functionality — these cannot be disabled without affecting Platform use); Analytics cookies (first-party analytics cookies used to understand how the Platform is used in aggregate, to improve features and performance — data is anonymized before analysis); and Fraud prevention tokens (device fingerprinting and session integrity tokens used to detect unauthorized access and fraudulent activity).
2. 9.2 phpera does not use third-party advertising cookies or behavioral profiling cookies for marketing purposes on the Platform.
3. 9.3 You can manage cookie settings through your browser preferences. Disabling strictly necessary cookies may affect your ability to use the phpera Platform, including the phpera login function.

10. Your Data Subject Rights

Under the Data Privacy Act of 2012 and its IRR, you have the following rights regarding your personal data held by phpera:

• Right to be informed — the right to know what personal data phpera collects about you and how it is processed. This Policy fulfills phpera's obligation to inform.
• Right of access — the right to request a copy of the personal data phpera holds about you, and information about how it is used.
• Right to correction — the right to request correction of inaccurate, incomplete, or outdated personal data in your phpera account.
• Right to erasure or blocking — the right to request deletion or blocking of your personal data where it is no longer necessary for the purpose for which it was collected, or where processing is unlawful, subject to phpera's legal retention obligations under AMLA and other applicable laws.
• Right to data portability — the right to receive a copy of your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller where technically feasible.
• Right to object — the right to object to processing of your personal data for direct marketing purposes or where processing is based on legitimate interests. phpera will cease such processing unless compelling legitimate grounds override your objection.
• Right to lodge a complaint — the right to file a complaint with the National Privacy Commission (NPC) if you believe phpera has processed your personal data in violation of RA 10173. The NPC's contact information is publicly available on the NPC's official website.

To exercise any of the above rights, contact phpera's Data Protection Officer using the contact details in Section 13. phpera will respond to rights requests within fifteen (15) business days of receipt of a verified request.

11. Children's Privacy

The phpera Platform is strictly restricted to persons who are at least twenty-one (21) years of age. phpera does not knowingly collect personal data from individuals under 21 years of age. If phpera becomes aware that personal data has been collected from a minor, such data will be deleted immediately and the associated account will be closed. If you have reason to believe that a minor has registered an account on phpera, please contact our support team immediately.

12. Changes to This Privacy Policy

1. 12.1 phpera reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or the structure of the Platform. The "Last updated" date at the top of this Policy will be revised accordingly.
2. 12.2 Where changes are material, phpera will provide advance notice to registered Players via email or on-Platform notification before the changes take effect. Continued use of the Platform following the effective date of any updated Policy constitutes your acknowledgment of the changes.

13. Contact & Data Protection Officer

For questions about this Privacy Policy, to exercise your data subject rights, or to contact phpera's Data Protection Officer, please use the following channels:

• Live chat: Available 24/7 at phpera.app — average response under 5 minutes.
• Email: [email protected] — mark your subject line "Privacy / DPO Request".
• Written correspondence: Addressed to the Data Protection Officer, phpera — address on file with the National Privacy Commission.

If you are not satisfied with phpera's response to your privacy concern, you have the right to escalate your complaint directly to the National Privacy Commission (NPC) of the Philippines.