phtay Privacy Policy

1. Introduction

This Privacy Policy ("Policy") describes how phtay ("phtay," "we," "us," "our") collects, processes, stores, and protects the personal data of users ("you," "User," "Player") who access or use the phtay online gaming platform at phtay.net and its associated services, including the phtay Login portal and mobile interfaces.

phtay is committed to protecting the privacy and personal data of every Filipino player on our platform. We operate in full compliance with Republic Act No. 10173, the Data Privacy Act of 2012 ("DPA"), its Implementing Rules and Regulations ("IRR"), and the issuances of the National Privacy Commission ("NPC") of the Philippines.

By registering for a phtay account, using the phtay Login portal, or otherwise accessing phtay's services, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein. If you do not agree to this Policy, please do not use the phtay platform.

            Plain Language Summary: phtay collects your personal data to operate your account, verify your identity, process payments, and keep the platform safe. We do not sell your data. We protect it using bank-grade security. You have the right to access, correct, and delete your data at any time.
          

2. Data Controller

phtay acts as the Personal Information Controller ("PIC") with respect to the personal data collected through the phtay platform, as defined under Section 3(h) of the Philippine Data Privacy Act. As PIC, phtay determines the purposes and means of processing your personal data.

phtay has appointed a Data Protection Officer ("DPO") responsible for overseeing compliance with the DPA and this Policy. Contact details for the phtay DPO are provided in Section 14 of this Policy.

3. Personal Data We Collect

phtay collects the following categories of personal data from users of the phtay platform:

3.1 Identity and Registration Data

Full legal name as it appears on your Philippine government-issued ID;
Date of birth (to verify the 21+ age requirement);
Gender;
Nationality and country of residence;
Government-issued ID type and number (e.g., PhilSys National ID, passport, driver's license, SSS/GSIS ID, PRC ID, voter's ID);
Photograph or selfie submitted for identity verification.

3.2 Contact Data

Email address (used for phtay account communications and phtay Login);
Mobile phone number (used for SMS-based two-factor authentication and account notifications);
Residential address in the Philippines.

3.3 Financial Data

GCash or PayMaya/Maya account details (mobile number associated with the e-wallet);
Bank account details for bank transfer transactions (BPI, BDO, Metrobank, UnionBank, Landbank, PNB, Security Bank);
Debit card details (card number, expiry — stored in tokenized form only);
Transaction history including deposits, withdrawals, and gaming activity.

3.4 Gaming and Behavioral Data

Game play history, bet amounts, win/loss records, and session durations;
Bonus and promotion usage history;
Responsible gaming tool settings (deposit limits, self-exclusion status);
Customer support interaction records.

3.5 Technical Data

IP address and approximate geolocation;
Device type, operating system, and browser information;
Login timestamps and session activity logs;
Cookie and tracking data (see Section 11).

            Sensitive Personal Information: Government-issued ID numbers and financial account details are classified as sensitive personal information under the DPA. phtay applies heightened security measures to this category of data and processes it only to the extent strictly necessary for identity verification and payment processing.
          

4. How We Collect Your Data

phtay collects personal data through the following means:

Directly from you — when you register for a phtay account, complete KYC verification, make a deposit or withdrawal, contact phtay support, or use any phtay service;
Automatically — through cookies, web beacons, and server logs when you access the phtay platform (see Section 11);
From third parties — from identity verification service providers, payment processors (GCash, PayMaya, Philippine banks), and fraud prevention services, where necessary to verify your identity or process transactions;
From public sources — where permitted by law, from publicly available Philippine government databases for identity verification purposes.

5. How We Use Your Personal Data

phtay processes your personal data for the following purposes:

Purpose	Data Used
Account registration and phtay Login	Identity data, contact data
Identity verification (KYC)	Identity data, government ID, photograph
Processing deposits and withdrawals	Financial data, identity data
Providing gaming services	Gaming data, technical data
Fraud prevention and security	Technical data, financial data, gaming data
Anti-money laundering compliance	Identity data, financial data, transaction history
Responsible gaming monitoring	Gaming data, responsible gaming settings
Customer support	Contact data, account data, support records
Marketing and promotions	Contact data, gaming preferences (with consent)
Platform improvement and analytics	Technical data, behavioral data (aggregated/anonymized)

phtay does not use your personal data for automated decision-making that produces legal or similarly significant effects without human review, except where required by law (e.g., automated fraud screening).

6. Legal Basis for Processing

Under the Philippine Data Privacy Act, phtay processes your personal data on the following legal bases:

Contractual necessity — processing required to perform the phtay service agreement with you, including account management, payment processing, and game provision;
Legal obligation — processing required to comply with Philippine law, including the Anti-Money Laundering Act (RA 9160), PAGCOR regulations, and NPC requirements;
Legitimate interests — processing for fraud prevention, platform security, and responsible gaming monitoring, where these interests are not overridden by your privacy rights;
Consent — processing for marketing communications and non-essential cookies, where you have given explicit, informed consent that you may withdraw at any time.

7. Data Sharing & Disclosure

7.1 Third-Party Service Providers

phtay shares personal data with carefully selected third-party service providers ("Personal Information Processors") who process data on phtay's behalf under binding data processing agreements. These include:

Identity verification and KYC service providers;
Payment processors and e-wallet providers (GCash, PayMaya/Maya, Philippine banks);
Fraud detection and anti-money laundering screening services;
Cloud hosting and IT infrastructure providers;
Customer support platform providers;
Analytics providers (using anonymized or aggregated data only).

All third-party processors are contractually required to process personal data only as instructed by phtay, to maintain appropriate security measures, and to comply with the Philippine Data Privacy Act.

7.2 Regulatory and Legal Disclosure

phtay may disclose your personal data to Philippine government authorities, law enforcement agencies, or regulatory bodies (including PAGCOR, the Anti-Money Laundering Council, and the National Privacy Commission) where required by law, court order, or regulatory directive.

7.3 No Sale of Personal Data

            phtay does not sell, rent, or trade your personal data to any third party for their own marketing or commercial purposes. Your data is used exclusively to operate and improve the phtay platform and to comply with applicable Philippine law.
          

8. Data Retention

phtay retains your personal data for as long as necessary to fulfill the purposes described in this Policy, subject to the following retention periods:

Active account data — retained for the duration of your phtay account plus five (5) years after account closure, in compliance with Philippine anti-money laundering record-keeping requirements;
KYC and identity verification records — retained for a minimum of five (5) years after account closure as required by RA 9160;
Transaction records — retained for five (5) years in accordance with PAGCOR and AMLC requirements;
Customer support records — retained for three (3) years after the resolution of the relevant support interaction;
Marketing consent records — retained until consent is withdrawn, plus one (1) year for audit purposes;
Technical logs — retained for twelve (12) months for security and fraud investigation purposes.

Upon expiry of the applicable retention period, phtay will securely delete or anonymize your personal data in accordance with NPC-approved disposal methods.

9. Data Security

phtay implements comprehensive technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

Encryption: All data transmitted between your device and phtay's servers is encrypted using TLS 1.2 or higher. Sensitive data at rest (including financial account details) is encrypted using AES-256;
Access Controls: Access to personal data is restricted to phtay personnel and processors who require it to perform their functions, governed by role-based access controls and the principle of least privilege;
Two-Factor Authentication: phtay Login supports SMS-based 2FA to protect your account from unauthorized access;
Regular Security Audits: phtay conducts regular penetration testing and security audits of its platform and infrastructure;
Incident Response: phtay maintains a data breach response plan and will notify affected users and the National Privacy Commission within 72 hours of discovering a personal data breach, as required by NPC Circular 16-03.

            Your Role in Security: While phtay takes every reasonable measure to protect your data, you also play an important role. Always use a strong, unique password for your phtay Login, enable 2FA, and never share your credentials with anyone. If you suspect unauthorized access to your phtay account, contact our support team immediately.
          

10. Your Data Privacy Rights

Under the Philippine Data Privacy Act, you have the following rights with respect to your personal data held by phtay:

Right to be Informed — the right to know that phtay is collecting and processing your personal data, and the purposes for which it is processed (fulfilled by this Policy);
Right to Access — the right to request a copy of the personal data phtay holds about you, and information about how it is processed;
Right to Rectification — the right to request correction of inaccurate or incomplete personal data;
Right to Erasure or Blocking — the right to request deletion or blocking of your personal data where it is no longer necessary for the purposes for which it was collected, subject to phtay's legal retention obligations;
Right to Object — the right to object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation;
Right to Data Portability — the right to receive your personal data in a structured, commonly used, machine-readable format;
Right to Lodge a Complaint — the right to lodge a complaint with the National Privacy Commission of the Philippines if you believe phtay has violated your data privacy rights.

To exercise any of these rights, please contact phtay's Data Protection Officer using the contact details in Section 14. phtay will respond to all data subject requests within fifteen (15) business days of receipt, as required by the DPA IRR.

11. Cookies & Tracking Technologies

phtay uses cookies and similar tracking technologies on the phtay platform. Cookies are small text files stored on your device that help phtay recognize you, remember your preferences, and improve your experience.

11.1 Types of Cookies Used

Strictly Necessary Cookies: Essential for the phtay platform to function, including session management and phtay Login authentication. These cannot be disabled;
Functional Cookies: Remember your preferences such as language settings and responsible gaming tool configurations;
Analytics Cookies: Collect anonymized data about how users interact with the phtay platform to help us improve our services. Used only with your consent;
Security Cookies: Used for fraud detection and to protect the integrity of phtay Login sessions.

11.2 Managing Cookies

You can manage non-essential cookies through your browser settings or the phtay cookie preference center. Please note that disabling certain cookies may affect the functionality of the phtay platform. Strictly necessary and security cookies cannot be disabled as they are essential to the operation of the service.

12. Minors & Age Restriction

The phtay platform is strictly for persons aged 21 years and above. phtay does not knowingly collect personal data from persons under 21 years of age. If phtay discovers that personal data has been collected from a person under 21, that account will be immediately closed, all data will be deleted, and any deposits will be returned in accordance with applicable law.

If you are a parent or guardian and believe that a minor has registered for a phtay account, please contact our support team immediately at the contact details provided in Section 14.

13. Changes to This Privacy Policy

phtay reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable Philippine law, or NPC guidance. When material changes are made, phtay will notify registered users via email or a prominent notice on the phtay platform at least seven (7) days before the changes take effect.

The "Last Updated" date at the top of this Policy indicates when it was most recently revised. Your continued use of the phtay platform after the effective date of any revised Policy constitutes your acceptance of the updated terms.

14. Contact Our Data Protection Officer

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by phtay, please contact our Data Protection Officer:

phtay Data Protection Officer

Email: [email protected]

General Support: [email protected]

Live Chat: Available 24/7 via the phtay platform

Response Time: Within 15 business days for formal data subject requests

You also have the right to lodge a complaint directly with the National Privacy Commission of the Philippines if you believe your data privacy rights have been violated. The NPC can be reached through their official government channels.