1Introduction & Scope
This Privacy Policy ("Policy") describes how phfairy ("we," "us," "our") collects, uses, stores, and discloses personal information in connection with the operation of the phfairy online casino and sports betting platform, accessible at phfairy.app (the "Platform"). It applies to all registered users and visitors of the Platform, including players located in Metro Manila, Cebu, Davao, and across the Philippines.
This Policy is incorporated into and should be read together with phfairy's Terms & Conditions. By creating a phfairy account or using any feature of the Platform, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data as described herein.
This Policy does not apply to the privacy practices of third-party game providers, payment processors, or other external services that may be accessed via the Platform. Please review the privacy notices of those services directly.
2Data Controller
For the purposes of applicable data protection law, phfairy acts as the data controller in respect of personal data collected through the Platform. As data controller, phfairy is responsible for determining the purposes and means of processing your personal information and for ensuring that such processing is carried out lawfully, fairly, and transparently.
Where phfairy engages third-party service providers to process personal data on its behalf (for example, payment processors, KYC verification providers, or cloud hosting infrastructure), those parties act as data processors and are subject to contractual obligations requiring them to process data only on phfairy's documented instructions and to maintain appropriate security measures.
3Information We Collect
phfairy collects the following categories of personal information in the course of operating the Platform and providing services to Filipino players:
3.1 Registration & Account Data
When you create a phfairy account, we collect information including:
- Full legal name;
- Date of birth (for age verification — players must be 21 or older);
- Residential address (including city/municipality, province, and ZIP code);
- Email address;
- Mobile phone number;
- Username and encrypted password.
3.2 Identity Verification (KYC) Data
To comply with applicable regulations and prevent fraud and money laundering, phfairy collects:
- Government-issued identification documents (e.g., Philippine passport, driver's license, SSS/UMID card, PhilSys National ID);
- Proof of residential address (e.g., utility bill, bank statement);
- Selfie photographs for identity matching;
- Source of funds documentation where required.
3.3 Financial & Transaction Data
- Deposit and withdrawal transaction records, including amounts, timestamps, and payment method identifiers;
- GCash, PayMaya, BPI, BDO, Metrobank, or USDT wallet/account identifiers (we do not store full bank account numbers or e-wallet PINs);
- Wagering history, game session records, and account balance history.
3.4 Technical & Usage Data
- IP address and approximate geolocation derived from IP;
- Device type, operating system, browser type and version;
- Session timestamps, page views, and in-platform navigation patterns;
- Game launch logs and in-game event data;
- Customer support chat transcripts and email communications.
3.5 Responsible Gaming Data
Where you use phfairy's responsible gaming tools — such as deposit limits, cooling-off periods, or self-exclusion requests — we record and retain these preferences and the dates of their activation and expiry as part of our player protection obligations.
| Data Category | Primary Purpose | Retention Period |
|---|---|---|
| Registration Data | Account creation, identity, login authentication | Duration of account + 5 years post-closure |
| KYC Documents | Age verification, anti-money-laundering compliance | 5 years from last transaction |
| Financial Transaction Records | Deposits, withdrawals, dispute resolution | 5 years from transaction date |
| Game & Wagering Logs | Game integrity, dispute resolution, RG monitoring | 3 years from session date |
| Technical & Usage Data | Fraud detection, security, platform improvement | Up to 12 months (aggregated analytics: longer) |
| Support Communications | Complaint resolution, quality assurance | 3 years from last interaction |
| RG Tool Preferences | Player protection compliance | Duration of exclusion period + 5 years |
4How We Collect Your Data
phfairy collects personal data through the following channels:
- Directly from you: information you provide during registration, KYC verification, payment transactions, responsible gaming tool configuration, customer support interactions, and any form submissions on the Platform;
- Automatically through platform use: technical data such as IP addresses, device identifiers, session logs, and in-platform behavior collected via server logs, cookies, and similar tracking technologies (see Section 7);
- From third-party service providers: identity verification results from KYC providers; fraud signals from anti-fraud systems; payment status updates from payment processors;
- From publicly available sources: where permitted by law, phfairy may supplement account data with information from publicly available databases for fraud detection or regulatory compliance purposes.
5Purposes of Processing & Legal Basis
phfairy processes your personal data for the following specific purposes. For each purpose, the applicable legal basis under data protection principles is identified:
- Account Registration and Management — processing is necessary for the performance of the contract between you and phfairy and to enable you to access and use the Platform;
- Identity and Age Verification (KYC) — processing is required to comply with phfairy's legal obligations under applicable gaming and anti-money-laundering regulations, including the obligation to verify that players are at least 21 years of age;
- Payment Processing — processing is necessary for the performance of the contract to facilitate deposits and withdrawals via GCash, PayMaya, and supported Philippine banking channels;
- Fraud Prevention and Platform Security — processing is in phfairy's and players' legitimate interests to detect, prevent, and investigate fraudulent activity, account compromise, and prohibited conduct;
- Regulatory and Legal Compliance — phfairy may be required to process and retain data to comply with applicable laws, respond to regulatory inquiries, or comply with court orders;
- Customer Support — processing is necessary to respond to queries, resolve disputes, and maintain service quality;
- Responsible Gaming Obligations — processing is necessary to comply with player protection requirements and to enforce self-exclusions and limit settings you have applied to your account;
- Platform Improvement and Analytics — aggregated and anonymized usage data is processed in phfairy's legitimate interests to improve Platform performance, game selection, and user experience;
- Marketing Communications — where you have given separate consent, phfairy may send you promotional offers, bonus notifications, and platform updates by email or in-platform messaging (see Section 13).
6Sharing Your Personal Data
phfairy does not sell your personal data to third parties. We share personal data only in the circumstances described below, and only to the minimum extent necessary for each purpose:
- Payment Processors: GCash (Mynt — Globe Fintech Innovations, Inc.), PayMaya (Maya Bank, Inc.), and partnered banking institutions receive transaction data necessary to process deposits and withdrawals. These providers operate under their own privacy notices and applicable Philippine financial regulations.
- KYC and Identity Verification Providers: Third-party services that assist phfairy in verifying player identity and age may receive copies of identification documents and related data. These providers are contractually bound to process data solely for verification purposes.
- Game Providers: Providers such as PG Soft, Pragmatic Play, and Jili Games receive anonymized session tokens and game event data necessary to deliver and authenticate game sessions. They do not receive your full personal profile.
- Cloud Infrastructure and Hosting Providers: phfairy uses reputable cloud infrastructure services to host Platform data. These providers act as data processors under contractual data processing agreements.
- Regulatory and Law Enforcement Authorities: phfairy will disclose personal data to PAGCOR, law enforcement agencies, or other competent authorities where required by applicable law or in response to a lawful demand.
- Anti-Fraud and Security Services: Aggregated fraud signals may be shared with industry anti-fraud networks to protect the Platform and its users from coordinated fraud schemes.
7Cookies & Tracking Technologies
phfairy uses cookies and similar tracking technologies on the Platform. Cookies are small text files stored on your browser or device that enable the Platform to function correctly, personalize your experience, and collect analytical data. The following categories of cookies are used:
- Strictly Necessary Cookies: Essential for the Platform to function. These include session authentication cookies that keep you logged in to your phfairy account across pages and security cookies that protect against cross-site request forgery. These cookies cannot be disabled without impairing Platform functionality.
- Functional Cookies: Enable the Platform to remember your preferences such as language settings, game lobby filter choices, and display options. Disabling these cookies may affect your experience but will not prevent access to the Platform.
- Analytical Cookies: Used to collect aggregated data about how players interact with the Platform — which games are played most, where users encounter errors, and how pages perform on different devices. This data is used to improve the phfairy experience and is not linked to individual identities.
- Security and Fraud Detection Cookies: Help identify suspicious patterns such as automated login attempts, device fingerprinting for fraud detection, and coordinated abuse from specific IP ranges.
Most browsers allow you to control cookie settings through browser preferences. You can configure your browser to refuse all cookies or to alert you when cookies are being set. Note that disabling strictly necessary cookies will affect your ability to use the phfairy Platform normally, including maintaining your login session.
8Data Retention
phfairy retains personal data for as long as necessary to fulfill the purposes described in this Policy and to comply with applicable legal and regulatory obligations. The specific retention periods by data category are set out in the table in Section 3 above.
Where you close your phfairy account, we will delete or anonymize personal data that is no longer required for legal, regulatory, or legitimate business purposes. However, certain data — particularly KYC documents, transaction records, and responsible gaming records — must be retained for defined periods under applicable law regardless of account closure.
Data held beyond the primary purpose period for legal or regulatory retention reasons is subject to restricted access controls and is not used for any operational purpose during the retention tail period.
9Data Security
phfairy implements a multi-layered security architecture to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:
- SSL/TLS Encryption: All data transmitted between your device and phfairy's servers is encrypted using current SSL/TLS standards, protecting your personal and financial information from interception in transit;
- Password Hashing: Passwords are stored using one-way cryptographic hashing. phfairy staff cannot read your actual password, and it is never transmitted in plaintext;
- Access Controls: Access to personal data within phfairy's systems is restricted to staff with a legitimate operational need. Role-based access controls and audit logging are in place;
- Two-Factor Authentication: phfairy recommends and supports 2FA for all player accounts as an additional layer of login security;
- Intrusion Detection: phfairy's infrastructure is monitored for unusual access patterns, unauthorized login attempts, and other security anomalies in real time;
- Vendor Security Assessment: Third-party processors and service providers are assessed for data security standards before being engaged by phfairy.
Despite these measures, no online platform can guarantee absolute security. You also bear responsibility for maintaining the security of your own device, browser, and phfairy login credentials.
10Your Data Rights
As a phfairy player, you have the following rights with respect to your personal data, subject to applicable law and certain limitations related to phfairy's legal and regulatory obligations:
- Right of Access: You may request a copy of the personal data phfairy holds about you, along with information about how it is processed;
- Right to Rectification: If any personal data held by phfairy is inaccurate or incomplete, you may request that it be corrected or updated. You can update many basic account details directly within your phfairy account settings;
- Right to Erasure ("Right to be Forgotten"): In certain circumstances, you may request deletion of your personal data. This right does not apply where phfairy is required to retain the data to comply with a legal obligation or to defend legal claims;
- Right to Restriction of Processing: You may request that phfairy restrict processing of your data in specific circumstances, such as where you contest the accuracy of the data or have objected to processing;
- Right to Data Portability: Where technically feasible and legally permitted, you may request a machine-readable copy of personal data you have provided to phfairy;
- Right to Object: You may object to processing based on legitimate interests, including the use of your data for direct marketing purposes;
- Right to Withdraw Consent: Where processing is based on your consent (e.g., marketing communications), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact phfairy through the 24/7 Live Chat within the Platform. phfairy will respond to verifiable data rights requests within a reasonable period and no later than required under applicable law. We may need to verify your identity before processing certain requests.
11Children & Minors
The phfairy Platform is strictly restricted to individuals who are at least 21 years of age, as required by Philippine law for casino-style gambling. phfairy does not knowingly collect personal data from any person under the age of 21 and takes active steps to prevent underage access through mandatory KYC age verification.
If phfairy becomes aware that personal data has been collected from a player who is under 21 years of age, that account will be immediately closed, all associated data will be deleted subject to any mandatory retention obligations, and any funds held in the account will be handled in accordance with applicable law.
12Cross-Border Data Transfers
phfairy may transfer your personal data to servers or service providers located outside the Philippines in connection with hosting, KYC processing, or game delivery infrastructure. Where such transfers occur, phfairy takes steps to ensure that an adequate level of data protection is maintained, including through:
- Entering into contractual data processing agreements with international service providers that impose data protection obligations equivalent to those applicable in the Philippines;
- Transferring data only to providers located in jurisdictions or operating under frameworks that provide an adequate standard of data protection;
- Applying encryption and access control standards to data in transit and at rest regardless of the geographic location of processing.
By using the phfairy Platform, you consent to the transfer of your personal data to jurisdictions outside the Philippines where this is necessary for the delivery of the service. phfairy will not transfer your data internationally to any jurisdiction in a manner that reduces the protections described in this Policy.
13Marketing Communications
phfairy may send you promotional communications including bonus offers, new game announcements, and platform updates by email or in-platform notification, subject to your communication preferences and consent.
You may opt out of marketing communications at any time by:
- Updating your communication preferences in your phfairy account settings;
- Clicking the "unsubscribe" link in any marketing email sent by phfairy;
- Contacting phfairy's support team via Live Chat and requesting removal from marketing lists.
Opting out of marketing communications does not affect the delivery of service-essential communications such as transaction confirmations, security alerts, KYC verification requests, or notifications about changes to Terms or this Policy. These operational communications are sent irrespective of marketing preferences.
14Third-Party Links
The phfairy Platform may contain references to game providers, payment services, or other third parties whose own privacy practices govern data collected through their respective services. phfairy is not responsible for the privacy practices, content, or security of any third-party services, and the inclusion of any reference to a third-party service does not constitute an endorsement of that party's privacy practices.
We encourage you to review the privacy notices of any third-party services you interact with through or alongside the phfairy Platform.
15Updates to This Policy
phfairy may update this Privacy Policy from time to time to reflect changes in our data processing practices, regulatory requirements, or Platform features. When we make material changes, we will notify registered players by email to the address on file and/or by displaying a prominent notice on the Platform, no less than seven (7) days before the updated Policy takes effect.
The "Last Updated" date displayed at the top of this page and in the page header reflects the most recent revision. Your continued use of the phfairy Platform after the effective date of a revised Policy constitutes your acceptance of the changes. If you do not agree with a revised Policy, you should cease using the Platform and request account closure before the effective date.
We encourage you to review this Policy periodically. Archived versions of prior Privacy Policies are available upon request from phfairy's support team.
16Contact & Complaints
If you have any questions about this Privacy Policy, wish to exercise a data right, or have a concern about how phfairy handles your personal information, please reach out through any of the following channels:
- 24/7 Live Chat: Available within the phfairy Platform after login — the fastest way to reach a support agent for both account and privacy queries;
- Email: [email protected] — for formal written privacy requests (displayed as plain text, not a clickable link);
- Response Commitment: phfairy aims to acknowledge formal privacy requests within 3 business days and to provide a substantive response within 30 days. Complex requests may require additional time, in which case phfairy will notify you of the extended timeline.
If you are not satisfied with phfairy's response to a privacy complaint, you may have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC) or another competent supervisory authority with jurisdiction over phfairy's data processing activities.