21+ Only. phplus is intended for adults aged 21 and above. Real-money gaming. Please gamble responsibly.
🔒 Data Privacy

Privacy Policy

Document Version: 2.3  |  Effective Date: 01 January 2026  |  Governing Law: Republic of the Philippines (RA 10173)

👁️
Access
View your data
✏️
Rectify
Correct errors
🗑️
Erasure
Request deletion
🚫
Object
Oppose processing
📦
Portability
Export your data
⚖️
Complain
File with NPC
🛡️ Our Commitments

How phplus Protects Your Privacy

Before reading the full policy, here are six core commitments phplus makes to every Filipino player regarding their personal data.

🇵🇭
Governed by Philippine Law

phplus processes all player data in full compliance with Republic Act 10173 — the Data Privacy Act of 2012 — and the implementing rules set by the National Privacy Commission (NPC). Your rights as a Filipino data subject are fully respected and enforceable.

🎯
Data Collected Only for Clear Purposes

phplus collects only the personal data necessary to operate your account, process payments, comply with PAGCOR and AML regulations, and provide support. We do not collect personal data speculatively or for purposes beyond what is stated in this Policy.

🔐
Encrypted Storage & Transmission

All personal data stored by phplus is encrypted at rest. All data transmitted between your device and phplus servers uses 256-bit SSL/TLS encryption. Access to personal data within phplus is restricted to authorised personnel on a strict need-to-know basis.

🚫
No Selling of Personal Data

phplus does not sell, rent, or trade your personal data to third-party advertisers, data brokers, or marketing companies. Your data is never a product. The only third parties who receive your data are those required to deliver phplus's services — payment processors, game providers, and regulatory bodies.

⚙️
Your Rights Are Actionable

Philippine data subjects have statutory rights under RA 10173 including the right to access, rectify, erase, and port their data. phplus has a dedicated Data Subject Request process and a registered Data Protection Officer (DPO) to handle all privacy-related requests promptly.

📋
Transparent Data Breach Notification

In the unlikely event of a personal data breach affecting phplus players, phplus will notify affected individuals and the National Privacy Commission within the timeframes required by Philippine law. We will communicate clearly about what happened, what data was affected, and the steps being taken.

🔒
Document Version & Status
phplus Privacy Policy — Version 2.3 — In Force
Effective: 01 January 2026  ·  Governing Law: RA 10173 (Philippines)  ·  NPC Registered
Section 01

1. Introduction

phplus ("we," "us," "our") is committed to protecting the privacy and personal data of every individual who uses the phplus Platform at phplus.biz. This Privacy Policy ("Policy") explains in clear terms what personal data we collect from Filipino players and other users, how we use it, to whom we may disclose it, how long we keep it, and what rights you have over it under Philippine law.

This Policy is issued in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations (IRR) as administered by the National Privacy Commission (NPC) of the Philippines. phplus is registered as a Personal Information Controller (PIC) with the NPC.

By creating a phplus account, making a deposit, or otherwise using the Platform, you acknowledge that you have read this Policy and consent to the collection and processing of your personal data as described herein. If you do not consent, you must not use phplus.

Plain-language commitment: phplus collects your data to run your account and comply with Philippine law — not to sell it, profile it for advertising, or share it beyond what is necessary. This Policy explains exactly how that works.
Section 02

2. Who We Are (Data Controller)

For the purposes of the Data Privacy Act of 2012, phplus — operating the Platform at phplus.biz — acts as the Personal Information Controller (PIC) in respect of all personal data collected from Philippine-based users of the Platform.

phplus has appointed a Data Protection Officer (DPO) as required under the DPA IRR. The DPO is responsible for overseeing phplus's data protection compliance, handling data subject requests, and serving as the primary point of contact with the National Privacy Commission.

Registered business contact details and the DPO's contact information are available on request via the support channels listed in Section 16 of this Policy. Players may request the registered business address in writing for formal correspondence related to data privacy matters.

Section 03

3. Scope of This Policy

3.1  This Policy applies to all personal data collected by phplus in connection with the operation of the phplus Platform, including data collected from:

  • Registered phplus account holders (players)
  • Individuals who have submitted a registration application not yet completed
  • Visitors to the phplus.biz website who have not registered an account
  • Individuals who contact phplus support via live chat or email

3.2  This Policy does not apply to the privacy practices of third-party game providers, payment processors, or any other third-party services accessible through or linked from the phplus Platform. Those entities operate under their own privacy policies.

3.3  This Policy should be read alongside the phplus Terms & Conditions, which contain additional provisions regarding account data, verification, and retention obligations.

Section 04

4. Personal Data We Collect

phplus collects the following categories of personal data from players and users of the Platform:

4.1 Identity Data

  • Full legal name (as it appears on a valid Philippine government-issued ID)
  • Date of birth
  • Gender (optional, collected during account setup)
  • Government ID type and reference number (collected during KYC verification)
  • Selfie or live photograph (collected during identity verification where required)

4.2 Contact Data

  • Philippine mobile number (primary account identifier and OTP delivery channel)
  • Email address (for account communications and promotional messages where consent is given)
  • Residential address within the Philippines

4.3 Financial Data

  • GCash account number or mobile number associated with GCash
  • Maya account details (mobile number or account identifier)
  • Bank account details (BPI, BDO, Metrobank, or other approved banks) where used as deposit or withdrawal method
  • Transaction history (deposits, withdrawals, amounts, dates, payment method)
  • Source-of-funds documentation where required under AML obligations

4.4 Gaming Activity Data

  • All bets placed, games played, wins, losses, and associated timestamps
  • Session durations and login/logout timestamps
  • Bonus claims, promotional interactions, and wagering progress
  • Responsible gaming tool activations (deposit limits, self-exclusion, cooling-off periods)

4.5 Technical Data

  • IP address at time of each login and significant transaction
  • Device type, operating system version, and browser type
  • Approximate geolocation data derived from IP address (not GPS-level precision)
  • Session tokens and authentication logs
  • Cookies and similar tracking data (see Section 7)

4.6 Communications Data

  • Live chat transcripts (retained for quality assurance and dispute resolution)
  • Email correspondence with phplus support
  • Complaint records and resolution outcomes
Sensitive Personal Data: Under RA 10173, certain categories of data — including government ID numbers and financial account details — are classified as sensitive personal information and receive additional processing safeguards under Philippine law. phplus handles all such data under the heightened protections required by the DPA IRR.
Section 05

5. How We Collect Personal Data

phplus collects personal data through the following channels:

  • Directly from you — when you register an account, complete identity verification, make a deposit or withdrawal, contact support, or participate in a promotion
  • Automatically — when you use the Platform, our servers and analytics systems collect technical data including IP address, device information, session data, and game activity logs
  • From payment processors — GCash, Maya, and banking partners may share transaction confirmation data with phplus as part of payment processing and fraud prevention workflows
  • From identity verification services — phplus uses accredited third-party identity verification providers to validate government IDs and cross-reference against Philippine watchlists as required by PAGCOR and AML regulations
  • From PAGCOR's Exclusion Register — phplus checks registering players against the PAGCOR exclusion database as part of the onboarding process
Section 06

6. Purposes of Processing & Legal Basis

The table below sets out the purposes for which phplus processes personal data and the corresponding legal basis under the Data Privacy Act of 2012:

Purpose Data Categories Legal Basis (RA 10173)
Account registration and management Identity, Contact Performance of contract
Age and identity verification (KYC) Identity, Government ID Legal obligation (PAGCOR/AML)
Processing deposits and withdrawals Financial, Identity Performance of contract
AML monitoring and reporting Financial, Identity, Gaming Legal obligation (RA 9160)
Providing game access and recording outcomes Gaming Activity Performance of contract
Fraud detection and account security Technical, Financial Legitimate interest / Legal obligation
Responsible gaming monitoring Gaming Activity, Financial Legal obligation (PAGCOR) / Legitimate interest
Customer support and dispute resolution Communications, Identity Performance of contract / Legitimate interest
Regulatory reporting to PAGCOR / AMLC All categories as required Legal obligation
Promotional communications (marketing) Contact Consent (opt-in required)
Platform analytics and improvement Technical, Gaming Activity (aggregated) Legitimate interest

phplus does not process personal data for any purpose not listed in the table above without first obtaining your express consent or identifying a valid legal basis under RA 10173.

Section 07

7. Cookies & Similar Tracking Technologies

7.1  phplus uses cookies and similar browser-based tracking technologies on the phplus.biz website. Cookies are small text files placed on your device when you visit the Platform. They enable phplus to recognise your session, maintain your login state, and deliver a consistent user experience.

7.2  phplus uses the following categories of cookies:

  • Strictly Necessary Cookies: Required for core Platform functionality, including session management, login authentication, and payment processing flow. These cannot be disabled without rendering the Platform unusable.
  • Functional Cookies: Remember your preferences such as language settings, notification preferences, and game display options. Disabling these may affect your experience.
  • Analytics Cookies: Used to understand how players navigate the Platform in aggregate — pages visited, session duration, device type. This data is anonymised and used solely to improve the Platform. Analytics cookies require your consent.
  • Security Cookies: Support fraud detection, bot prevention, and suspicious login activity monitoring. These are strictly necessary for the security of your Account.

7.3  phplus does not use third-party advertising cookies or behavioural targeting cookies. The Platform does not serve targeted advertisements based on your phplus activity to external advertising networks.

7.4  You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will prevent you from using the Platform. For analytics cookies, you may withdraw consent at any time through your phplus Account Settings.

Section 08

8. Disclosure & Sharing of Personal Data

8.1  phplus does not sell, rent, or trade your personal data to any third party. phplus shares personal data only in the circumstances described below, and only to the minimum extent necessary for the stated purpose:

  • Payment processors and banking partners (GCash, Maya, BPI, BDO, Metrobank, and other approved payment partners) — to process deposits and withdrawals in connection with your Account.
  • Identity verification providers — accredited third-party KYC services used to validate your identity documents and cross-reference with Philippine regulatory watchlists as required by PAGCOR and the AMLC.
  • Game content providers — third-party studios and platforms whose games are offered on phplus may receive your player ID and game session data necessary to deliver the game and record outcomes. No identifiable financial data is shared with game providers.
  • PAGCOR — phplus is required to provide player data, gaming activity records, and KYC documentation to PAGCOR upon request and as part of routine regulatory reporting obligations.
  • Anti-Money Laundering Council (AMLC) — phplus is required to file Suspicious Transaction Reports (STRs) and Covered Transaction Reports (CTRs) with the AMLC as mandated by Republic Act 9160.
  • Philippine law enforcement and courts — phplus will disclose personal data to the National Bureau of Investigation (NBI), Philippine National Police (PNP), or any competent Philippine court when required by valid legal process.
  • Technology and infrastructure providers — cloud hosting, IT security, and operational software providers that support the Platform, all bound by data processing agreements consistent with RA 10173 requirements.

8.2  All third-party service providers engaged by phplus who process personal data on phplus's behalf are bound by contractual obligations to handle that data in accordance with RA 10173 and this Policy.

8.3  In the event that phplus undergoes a corporate restructuring, merger, or acquisition, player data may be transferred to the successor entity subject to the same privacy protections as those described in this Policy. Affected players will be notified before any such transfer takes effect.

Cross-border transfers: Some phplus technology infrastructure and game content providers operate servers outside the Philippines. Any transfer of personal data outside the country is made only where an appropriate legal basis under the DPA IRR exists — either through equivalent privacy protection standards, contractual clauses, or player consent.
Section 09

9. Data Retention

9.1  phplus retains personal data for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, and reporting obligations.

9.2  The following minimum retention periods apply to the main categories of personal data held by phplus:

Data Category Minimum Retention Period Basis
Account identity and KYC records 5 years from account closure AML (RA 9160) and PAGCOR requirements
Transaction records (deposits/withdrawals) 5 years from transaction date AML (RA 9160)
Gaming activity logs 2 years from session date PAGCOR requirements / Dispute resolution
Live dealer game recordings 90 days from session date Dispute resolution
Support chat transcripts 2 years from conversation date Legitimate interest / Quality assurance
Marketing consent records Until withdrawal of consent + 1 year Consent management obligations
Technical logs (IP, session) 12 months from log date Security and fraud prevention

9.3  Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised. Where data is retained beyond the minimum period — for example, because a live legal dispute or regulatory investigation requires it — phplus will document the justification and update the relevant data subject where practicable.

Section 10

10. Data Security Measures

10.1  phplus implements a range of technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration, including:

  • 256-bit SSL/TLS encryption on all data transmitted between Player devices and phplus servers
  • Encryption at rest for all databases containing personal data and financial records
  • Role-based access controls ensuring phplus staff access only the personal data necessary for their specific function
  • Multi-factor authentication required for all internal phplus system access
  • Regular penetration testing and vulnerability assessments conducted by independent security firms
  • Security incident response procedures with defined escalation paths and NPC breach notification protocols
  • Data minimisation — phplus does not store payment instrument details (card numbers, full GCash credentials) on its own servers; these are tokenised by payment processors

10.2  While phplus takes all reasonable and required security measures, no internet-based system can guarantee absolute security. Players are encouraged to use strong unique passwords, enable 2FA on their phplus Account, and report any suspicious activity immediately.

10.3  Data Breach Response: In the event of a personal data breach, phplus will comply with the breach notification obligations under the DPA IRR — notifying the NPC within 72 hours of becoming aware of a breach, and notifying affected data subjects without undue delay where the breach is likely to result in high risk to individual rights.

Section 11

11. Your Rights Under RA 10173

As a data subject under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phplus:

  • Right to be Informed: To know what personal data phplus collects about you, why it is collected, how it is processed, and to whom it is shared. This Policy is the primary means through which phplus fulfils this right.
  • Right of Access: To request and receive a copy of the personal data phplus holds about you, along with information about how it is being processed.
  • Right to Rectification: To request correction of any inaccurate, incomplete, or outdated personal data phplus holds about you. Note that correction of KYC-verified identity data requires re-verification.
  • Right to Erasure or Blocking: To request deletion or blocking of your personal data where it is no longer necessary for the purpose it was collected, or where you have withdrawn consent — subject to phplus's legal retention obligations under AML and PAGCOR regulations.
  • Right to Data Portability: To receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible.
  • Right to Object: To object to the processing of your personal data for specific purposes, including direct marketing. Where the processing is based on legitimate interest, phplus will evaluate whether that interest overrides your rights in the specific circumstances.
  • Right to Lodge a Complaint: To file a complaint with the National Privacy Commission (NPC) of the Philippines if you believe phplus has violated your rights under RA 10173. The NPC's contact details are publicly available through the Philippine government's official channels.

To exercise any of the above rights, please contact the phplus Data Protection Officer as described in Section 16. phplus will respond to verified data subject requests within fifteen (15) business days of receipt. We may request proof of identity before processing any request to protect against fraudulent data access claims.

Exercising Your Rights: Some rights — particularly erasure and restriction — may be limited where phplus has a legal obligation to retain data under Philippine AML law or PAGCOR regulations. phplus will explain any such limitation clearly in its response to your request.
Section 12

12. Children's Privacy & Underage Players

12.1  The phplus Platform is strictly prohibited for use by individuals under the age of 21 years, in accordance with Philippine law and PAGCOR regulations. phplus does not knowingly collect personal data from individuals under the age of 21.

12.2  Age verification is a mandatory step during the phplus account registration process. If phplus discovers that an Account has been registered by an individual under the age of 21, the Account will be immediately suspended, all data will be secured, and the matter will be reported to PAGCOR as required by regulation.

12.3  If you believe that a minor has registered a phplus Account, please contact phplus support immediately with all available details. phplus will investigate and take appropriate action within 24 hours of receiving such a report.

Section 13

13. Marketing Communications

13.1  phplus may send you promotional communications — including information about new games, bonuses, tournaments, and special offers — via SMS to your registered Philippine mobile number or email to your registered email address.

13.2  Marketing communications are sent only where you have provided explicit opt-in consent during account registration or subsequently through your Account Settings. Consent to receive marketing communications is entirely voluntary and separate from your consent to this Policy.

13.3  You may withdraw consent to receive marketing communications at any time by:

  • Updating your notification preferences in Account Settings → Communications
  • Replying STOP to any phplus SMS (where applicable)
  • Contacting phplus support via live chat or email to request removal from marketing lists

13.4  Withdrawal of marketing consent does not affect your ability to use the phplus Platform or receive transactional communications related to your Account (e.g., deposit confirmations, withdrawal notifications, account security alerts).

13.5  phplus does not share your contact details with third-party advertisers for the purpose of those advertisers sending you their own marketing communications.

Section 14

14. Third-Party Game Providers

14.1  The phplus Platform integrates games from third-party studios and providers. When you launch a game from a third-party provider through phplus, a session token and your anonymised player ID are transmitted to that provider's server to deliver the game experience and record outcomes.

14.2  Third-party game providers integrated into phplus do not receive your full identity data, mobile number, email address, or financial account details through the Platform's standard integration. They receive only the minimum data necessary to operate the game session.

14.3  phplus is not responsible for the privacy practices of third-party game providers in relation to any data those providers may collect independently outside the Platform integration. Players who interact directly with third-party provider websites or applications outside of phplus should review those providers' independent privacy policies.

Section 15

15. Changes to This Privacy Policy

15.1  phplus reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or regulatory requirements. Material changes — meaning changes that significantly affect your rights or the way we process your data — will be communicated to registered players via SMS to their registered mobile number at least seven (7) days before taking effect.

15.2  The most current version of this Policy is always available at phplus.biz/privacy-policy. The version number and effective date at the top of this document will be updated to reflect the current in-force version.

15.3  Your continued use of the phplus Platform after the effective date of any revised Policy constitutes your acceptance of the updated terms. If you do not accept the changes, you must close your Account before the new version takes effect.

Section 16

16. Contact Us & Data Protection Officer

For any questions, concerns, or requests relating to this Privacy Policy or your personal data held by phplus — including the exercise of your rights under RA 10173 — please contact:

Data Protection Officer — phplus

Support & DPO Contact (Live Chat): Available 24/7 on all pages of phplus.biz. For data privacy requests, please identify your enquiry as a "Data Subject Request" at the start of your chat so it can be routed to the DPO team.

Support & DPO Email: [email protected] (plain text — not a clickable link) — use subject line "Data Subject Request – [Your Name]"

Response Time: phplus will acknowledge all data subject requests within 48 hours and provide a substantive response within 15 Philippine business days.

NPC Complaints: If you are not satisfied with phplus's response to your data subject request, you have the right to file a complaint with the National Privacy Commission of the Philippines. NPC contact details are available through the official Philippine government portal.

This Privacy Policy was last reviewed and updated on 01 January 2026. phplus — phplus.biz. All rights reserved.

🔐 Your Data Is Safe

Secure Account. Fair Games.
That's the phplus Promise.

Your privacy and your data are protected under Philippine law at every step. Create your phplus account with confidence — knowing exactly how your information is handled and what rights you have over it.

Create Your Account Explore the Games

🔞 21+ only. Data processed in compliance with RA 10173 — Data Privacy Act of 2012.
phplus operates in compliance with Philippine gaming regulations administered by PAGCOR.