ph saya Privacy Policy

1. Introduction

ph saya ("we," "us," "our," or "the Platform") is committed to protecting the privacy and personal data of every player who accesses our online gaming services at phsaya.co. This Privacy Policy ("Policy") describes how ph saya collects, uses, discloses, retains, and safeguards personal information provided by or collected from users ("you," "Player," or "Data Subject") in connection with your registration, account use, transactions, and interactions with the ph saya platform.

This Policy is issued in compliance with the Data Privacy Act of 2012 (Republic Act 10173), its Implementing Rules and Regulations, and the guidelines issued by the National Privacy Commission (NPC) of the Philippines. By registering an account with ph saya or continuing to use our services, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein.

This Policy should be read alongside the ph saya Terms & Conditions and Responsible Gaming Policy, which together govern your use of the Platform.

2. Personal Data We Collect

ph saya collects the following categories of personal data in the course of providing and improving our services:

2.1 Identity and Contact Data. Full legal name; date of birth; nationality; government-issued identification number (e.g., SSS, PhilHealth, passport, driver's licence); registered Philippine mobile number; email address; residential address including barangay, city or municipality, province, and postal code.

2.2 Financial Data. GCash mobile number; PayMaya account details; bank account information for BDO, BPI, Metrobank, or other linked payment methods; deposit and withdrawal transaction history; account balance history; records of bonus issuances and wagering activity.

2.3 Gaming Activity Data. Game session records; wager amounts; game outcomes; bonus usage records; login and logout timestamps; responsible gaming tool usage (deposit limits set, self-exclusion elections, cooling-off periods activated).

2.4 Technical and Device Data. IP address; device identifier; browser type and version; operating system; screen resolution; network connection type; geolocation data (country and region level); session cookies and tracking identifiers.

2.5 Communications Data. Records of live chat interactions with ph saya support agents; support ticket history; any written correspondence submitted to ph saya; records of promotional offers accepted or declined.

2.6 KYC Verification Data. Copies of government-issued identification documents uploaded during the account verification process; proof of address documents; selfie or liveness check imagery where required for advanced verification.

3. How We Collect Personal Data

ph saya collects personal data through the following means:

• Direct provision: Information you enter during account registration, the KYC verification process, deposit and withdrawal requests, support interactions, and promotional opt-ins.
• Automated collection: Technical and device data collected automatically through cookies, web beacons, session tracking software, and server logs when you access and use the Platform.
• Third-party sources: Identity verification data received from third-party KYC service providers; payment data received from GCash, PayMaya, and banking partners in the course of processing transactions; fraud-detection signals from third-party security providers.
• PAGCOR and regulatory reporting: Information received from PAGCOR or other Philippine regulatory authorities in connection with compliance and licensing obligations.

4. Purpose of Processing

ph saya processes your personal data for the following specific, legitimate purposes:

1. Creating and managing your ph saya account, including authentication and login security;
2. Conducting identity verification (KYC) and age verification as required by PAGCOR regulations and the Anti-Money Laundering Act (Republic Act 9160, as amended);
3. Processing deposits, withdrawals, and account transactions via GCash, PayMaya, and banking partners;
4. Providing gaming services, personalising the gaming experience, and maintaining game integrity;
5. Administering bonus offers, loyalty programs, and VIP tier management;
6. Detecting, investigating, and preventing fraud, money laundering, collusion, and other prohibited conduct;
7. Providing customer support and resolving disputes or complaints;
8. Complying with legal, regulatory, and reporting obligations under PAGCOR licensing conditions and Philippine law;
9. Monitoring responsible gaming indicators and activating player protection measures where warranted;
10. Improving Platform performance, game content, and user experience through anonymised analytics;
11. Sending account-related communications, promotional messages where you have opted in, and security notifications.

5. Legal Basis for Processing

ph saya processes your personal data on the following lawful bases under Republic Act 10173:

5.1 Contractual Necessity. Processing is necessary to perform the contract established between you and ph saya upon account registration — specifically to create and manage your account, process transactions, and deliver gaming services.

5.2 Legal Obligation. Processing is necessary to comply with PAGCOR licensing conditions, the Anti-Money Laundering Act, the Data Privacy Act, and other applicable Philippine laws and regulations.

5.3 Legitimate Interests. Processing is carried out in pursuit of ph saya's legitimate business interests, including fraud prevention, platform security, responsible gaming monitoring, and service improvement, where those interests are not overridden by your rights and interests.

5.4 Consent. Where ph saya relies on your consent as the legal basis for processing — such as for direct marketing communications — you have the right to withdraw that consent at any time by contacting customer support or updating your account notification preferences.

6. Disclosure and Data Sharing

ph saya does not sell your personal data to third parties. We may disclose your personal data to the following categories of recipients where necessary and proportionate:

• Payment processors and financial partners: GCash, PayMaya, BDO, BPI, Metrobank, and other payment service providers, solely for the purpose of processing your transactions;
• KYC and identity verification providers: Third-party service providers engaged to conduct identity verification and document authentication as required by PAGCOR regulations;
• Game technology providers: Game studios and platform providers whose software operates within ph saya, where necessary for game delivery, RNG certification, and technical support;
• Regulatory and law enforcement authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, and other Philippine government bodies, where disclosure is required by law or regulatory mandate;
• Fraud and security providers: Third-party cybersecurity and fraud detection services engaged to protect the Platform and its players;
• Professional advisers: Legal counsel, auditors, and consultants, subject to professional confidentiality obligations, where necessary for the conduct of ph saya's business.

All third-party service providers engaged by ph saya are contractually required to handle personal data in accordance with the Data Privacy Act and to implement appropriate technical and organisational security measures.

7. Data Retention

ph saya retains your personal data for as long as is necessary to fulfil the purposes set out in this Policy, subject to the following minimum retention periods:

• Account and identity data: Retained for a minimum of five (5) years following account closure, in compliance with PAGCOR licensing conditions and anti-money laundering record-keeping requirements;
• Transaction and financial data: Retained for a minimum of five (5) years following the transaction date, as required by the AMLC and Bureau of Internal Revenue record-keeping rules;
• Gaming activity data: Retained for three (3) years following the relevant gaming session or event;
• Customer support records: Retained for three (3) years following resolution of the relevant support interaction;
• Technical and device data: Retained for twelve (12) months from collection, unless required for longer periods in connection with a security investigation or regulatory matter.

Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised in accordance with ph saya's data destruction procedures.

8. Data Security

ph saya implements industry-standard technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, and destruction. These measures include 256-bit SSL/TLS encryption for all data transmitted between your device and our servers; encrypted storage of sensitive personal data at rest; role-based access controls limiting staff access to personal data on a need-to-know basis; two-factor authentication for internal system access; continuous monitoring of platform infrastructure for security anomalies; and regular security assessments and penetration testing.

In the event of a personal data breach that poses a real risk of serious harm to affected individuals, ph saya will notify the National Privacy Commission and affected Data Subjects within 72 hours of becoming aware of the breach, in accordance with NPC Circular 16-03.

9. Your Rights as a Data Subject

Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by ph saya:

• Right to be Informed: The right to be informed of the processing of your personal data — fulfilled in part by this Privacy Policy;
• Right to Access: The right to obtain a copy of your personal data held by ph saya and information about how it is being processed;
• Right to Rectification: The right to have inaccurate or incomplete personal data corrected or updated;
• Right to Erasure or Blocking: The right to request deletion or blocking of personal data that is unlawfully processed, no longer necessary for the purpose for which it was collected, or in respect of which consent has been withdrawn and no other legal basis applies;
• Right to Data Portability: The right to receive a copy of your personal data in a structured, commonly used, machine-readable format where technically feasible;
• Right to Object: The right to object to the processing of your personal data where processing is based on legitimate interests or for direct marketing purposes;
• Right to Damages: The right to claim compensation for any damage suffered as a result of inaccurate, incomplete, outdated, false, or unlawfully obtained personal data held by ph saya.

To exercise any of the above rights, please submit a written request to ph saya's Data Protection Officer at the contact details provided in Section 14. ph saya will respond to verified requests within thirty (30) calendar days of receipt.

10. Cookies and Tracking Technologies

ph saya uses cookies and similar tracking technologies to operate the Platform, maintain session state, prevent fraud, and analyse usage patterns. The categories of cookies deployed include strictly necessary cookies (essential to platform operation and not subject to opt-out), functional cookies (enabling personalisation features and preferences), and analytical cookies (used to understand aggregate Platform usage through anonymised data). ph saya does not deploy third-party advertising cookies. You may configure your browser to refuse or delete cookies, but doing so may impair certain Platform functionality.

11. Minors and Under-21 Protection

The ph saya Platform is strictly for persons aged 21 years or older. ph saya does not knowingly collect personal data from individuals under 21 years of age. If ph saya becomes aware that personal data has been collected from a person under the minimum age, that account will be closed immediately, all wagers will be voided, and all personal data associated with the account will be securely deleted. Persons who become aware that a minor has registered an account should notify ph saya immediately at [email protected].

12. Cross-Border Data Transfers

Where ph saya engages service providers located outside the Philippines — such as game technology providers or cloud infrastructure partners — personal data may be transferred to those jurisdictions. ph saya ensures that any cross-border transfer of personal data is conducted in accordance with Section 21 of the Data Privacy Act and its Implementing Rules, and that recipient parties are contractually bound to provide a level of data protection equivalent to that required under Philippine law. Players with concerns about specific cross-border transfers may submit enquiries to the Data Protection Officer.

13. Changes to This Privacy Policy

ph saya reserves the right to update or amend this Privacy Policy at any time. Material changes will be communicated to registered players via the mobile number or email address on file, or by a prominent notice posted on the Platform prior to the effective date of the change. The "Last Updated" date at the top of this Policy reflects the most recent revision. Your continued use of the Platform following notification of a material change constitutes acceptance of the revised Policy.

14. Contact & Data Protection Officer

ph saya has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy and the Data Privacy Act. You may direct data privacy enquiries, rights requests, or complaints to the ph saya DPO at:

ph saya Data Protection Officer
Email: [email protected] (plain text — not a link)
Available: Monday to Friday, 9:00 AM – 6:00 PM Philippine Standard Time
Response time: Within 30 calendar days of receipt of a verified written request

If you are unsatisfied with ph saya's response to a data privacy complaint, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC). Information about filing a complaint with the NPC is available through official Philippine government channels.