pisoph Privacy Policy

1.1  pisoph ("pisoph", "we", "us", "our") is committed to safeguarding the privacy and personal data of every person who interacts with the pisoph platform at pisoph.club. This Privacy Policy sets out in clear terms how pisoph collects, uses, stores, shares, and protects personal data, and what rights you hold as a data subject under Philippine law.

1.2  This Privacy Policy applies to:

• All registered pisoph account holders and prospective applicants who commence the registration process;
• Visitors to the pisoph.club website, including those who have not created an account;
• Individuals who contact pisoph through any channel, including live chat, email, or social media.

1.3  This Privacy Policy should be read together with the pisoph Terms & Conditions and the pisoph Responsible Gaming Policy, both of which are incorporated herein by reference.

1.4  pisoph operates as a PAGCOR-licensed online gaming platform. As such, certain data collection, retention, and disclosure obligations are imposed upon pisoph by Philippine gaming regulations, the Anti-Money Laundering Act of 2001 (RA 9160, as amended), and PAGCOR licensing requirements. These regulatory obligations take precedence over any general data minimisation preferences a User may have.

2.1  For the purposes of the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, pisoph acts as the Personal Information Controller (PIC) in respect of all personal data collected through the pisoph.club platform.

2.2  pisoph has designated a Data Protection Officer (DPO) who is responsible for overseeing pisoph's data protection compliance programme and who acts as the point of contact for data privacy concerns. To contact pisoph's DPO, please use the email address provided in Section 16 of this Policy and address your correspondence to the attention of the Data Protection Officer.

2.3  pisoph's contact details for data privacy matters:

3.1  pisoph collects the following categories of personal data, the extent of which varies depending on your level of account activity and the Services you access:

3.2  pisoph does not collect sensitive personal information (as defined under the Philippine DPA) beyond what is strictly necessary for identity verification and compliance with PAGCOR's KYC requirements. Where biometric data (such as a facial liveness check image) is collected during KYC, it is processed solely for identity verification and is not retained beyond the verification process unless required by applicable law.

4.1  pisoph collects your personal data through the following means:

• Directly from you: Information you provide during account registration, KYC document submission, deposit and withdrawal requests, responsible gaming tool settings, and any communication you initiate with pisoph support.
• Automatically through your use of the platform: Technical and device data, including IP address, session logs, and gameplay data, is collected automatically through standard web server logging and analytics technologies when you access pisoph.club.
• Through cookies and similar technologies: pisoph uses cookies and comparable tracking technologies on pisoph.club for session management, fraud prevention, and platform performance measurement. See Section 11 for detail on cookie practices.
• From payment providers: When you conduct a deposit or withdrawal via GCash, Maya, or a Philippine bank, pisoph receives transaction confirmation data from those payment processors sufficient to credit or debit your pisoph wallet correctly.
• From PAGCOR and regulatory sources: pisoph may receive information about a User from PAGCOR or other Philippine regulatory bodies in connection with licensing audits, responsible gaming cross-platform exclusion lists, or AML investigations.

5.1  pisoph processes your personal data on one or more of the following legal bases as set out under the Philippine Data Privacy Act of 2012:

• Contractual necessity: Processing is necessary for the performance of the pisoph Terms & Conditions contract to which you are a party — including account creation, identity verification, payment processing, game delivery, and customer support.
• Legal obligation: Processing is required to comply with applicable Philippine laws and regulations, including PAGCOR licensing requirements, the Anti-Money Laundering Act (RA 9160), and the Data Privacy Act (RA 10173) itself.
• Legitimate interests: Processing is necessary for pisoph's legitimate interests in fraud prevention, responsible gaming oversight, platform security, and improving the pisoph product — provided those interests are not overridden by your rights and freedoms.
• Consent: For specific processing activities — such as sending promotional communications or personalising game recommendations — pisoph relies on your explicit consent, which you may withdraw at any time without affecting the lawfulness of prior processing.

6.1  pisoph uses the personal data we collect for the following purposes:

• Account management: Creating, maintaining, and securing your pisoph account, including login authentication, OTP delivery, and session management.
• KYC and age verification: Verifying that you meet the 21+ minimum age requirement under PAGCOR regulations and confirming your identity before enabling real-money features on the platform.
• Payment processing: Processing deposits and withdrawals via GCash, Maya, Philippine banks, and other accepted payment channels, and maintaining accurate balance records in Philippine Peso.
• AML compliance: Monitoring transaction patterns, conducting enhanced due diligence where required by AML thresholds, and filing reports with the Anti-Money Laundering Council (AMLC) as mandated by Philippine law.
• Responsible gaming: Monitoring gameplay patterns for indicators of problem gambling behaviour, enforcing responsible gaming limits you set, and implementing self-exclusion requests.
• Fraud prevention and security: Detecting and preventing fraudulent account activity, unauthorised access, bonus abuse, and other prohibited conduct defined in the pisoph Terms & Conditions.
• Customer support: Responding to your queries, complaints, and dispute submissions via live chat and email.
• Marketing communications: Sending you promotional offers, bonus notifications, and game updates, where you have opted in to receive such communications. You may opt out at any time.
• Platform improvement: Analysing aggregated and anonymised usage data to improve game selection, platform performance, and user experience for pisoph players.
• Regulatory reporting: Providing PAGCOR, the National Privacy Commission (NPC), and other Philippine authorities with data as required by law.

7.1  pisoph may share your personal data with the following categories of recipients, strictly for the purposes described in this Policy:

• PAGCOR: pisoph is required to provide player data, transaction records, and responsible gaming information to PAGCOR as part of our licensing obligations and periodic regulatory audits.
• Anti-Money Laundering Council (AMLC): Transaction data and suspicious activity reports are submitted to the AMLC as required under RA 9160, without prior notice to the account holder where the law mandates confidentiality.
• National Privacy Commission (NPC): In the event of a data breach or upon regulatory request, pisoph will report to and cooperate with the NPC in accordance with the Data Privacy Act.
• Payment processors: GCash (G-Xchange, Inc.), Maya (Voyager Innovations, Inc.), and Philippine banking institutions receive the minimum transaction data necessary to process deposits and withdrawals.
• KYC verification providers: pisoph uses third-party identity verification service providers to process government-issued ID documents and perform liveness checks during the KYC process. These providers act as subprocessors and are contractually bound to process data only on pisoph's instructions.
• Game content providers: Certified game studios whose products are offered on the pisoph platform may receive session-level gameplay data for the purpose of game integrity auditing and dispute resolution, subject to data processing agreements.
• IT and infrastructure providers: Cloud hosting and cybersecurity service providers who support the pisoph platform's technical operations, acting as subprocessors under contractual data protection obligations.
• Law enforcement and courts: pisoph will disclose personal data to Philippine law enforcement authorities or courts where required to do so by a valid legal order, warrant, or subpoena under Philippine law.

7.2  All third-party subprocessors engaged by pisoph are subject to data processing agreements that require them to maintain appropriate technical and organisational security measures and to process personal data only for the purposes authorised by pisoph.

8.1  Some of pisoph's technology infrastructure and service providers operate servers or facilities outside the Philippines. Where personal data is transferred outside the Philippines, pisoph takes steps to ensure that appropriate safeguards are in place consistent with the requirements of the Philippine Data Privacy Act and NPC issuances on cross-border data transfers.

8.2  These safeguards may include:

• Contractual clauses that impose data protection obligations equivalent to those under Philippine law on the recipient;
• Transfers to jurisdictions that the NPC has recognised as providing an adequate level of data protection;
• Binding corporate rules where applicable within the pisoph group of companies.

8.3  By using the pisoph platform, you acknowledge that your personal data may be transferred to and processed in countries outside the Philippines where pisoph or its subprocessors maintain infrastructure. pisoph will only permit such transfers where the safeguards described above are in place.

9.1  pisoph retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law. The following retention periods apply as a general guide:

9.2  On expiry of the applicable retention period, pisoph will securely delete or anonymise the relevant personal data in accordance with NPC-approved disposal procedures.

10.1  pisoph implements a layered set of technical and organisational security measures designed to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These include:

• 256-bit TLS/SSL encryption for all data transmitted between your device and the pisoph platform.
• Password hashing using industry-standard one-way cryptographic algorithms. pisoph never stores your password in plain text.
• Multi-factor authentication (OTP) for account login from new or unrecognised devices, delivered to your registered Philippine mobile number.
• Access controls restricting pisoph personnel access to personal data on a strict need-to-know basis, with role-based permissions and audit trails.
• Regular security assessments including penetration testing and vulnerability scanning of the pisoph platform.
• Encrypted data storage for financial and KYC data at rest, using AES-256 or equivalent standards.
• Incident response procedures enabling pisoph to detect, contain, and report data breaches within the timeframes prescribed by the NPC under the Philippine DPA.

11.1  pisoph uses cookies and similar tracking technologies on pisoph.club. A cookie is a small text file stored on your device by your browser. pisoph uses the following categories of cookies:

• Strictly necessary cookies: Essential for the platform to function correctly — session tokens, authentication state, and security tokens. These cannot be disabled without preventing you from using the platform.
• Functional cookies: Remember your preferences and settings — such as your last visited game category, language preference, and responsible gaming limit display settings.
• Analytics cookies: Collect anonymised data about how users navigate pisoph.club, which pages are visited most, and how the platform performs across different devices and Philippine network conditions. This data informs platform improvement decisions.
• Fraud prevention cookies: Support pisoph's fraud detection systems by tracking unusual patterns of device or session behaviour consistent with account takeover or bonus abuse.

11.2  pisoph does not use third-party advertising or behavioural retargeting cookies. Your pisoph browsing activity is not shared with external advertising networks.

11.3  You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will impair or prevent your ability to use the pisoph platform. Disabling analytics cookies will not affect your gameplay experience.

12.1  As a data subject under the Philippine Data Privacy Act of 2012 (RA 10173), you hold the following rights in respect of your personal data processed by pisoph. You may exercise any of these rights by contacting pisoph's Data Protection Officer using the details in Section 16.

12.2  pisoph will not charge a fee for responding to data subject requests in the ordinary course. Where requests are manifestly unfounded or excessive, pisoph reserves the right to charge a reasonable administrative fee or refuse the request, with written explanation, as permitted under the DPA's IRR.

13.1  The pisoph platform is strictly prohibited for persons under 21 years of age, consistent with PAGCOR's minimum age requirement for Philippine-licensed online gaming. pisoph does not knowingly collect personal data from individuals under 21.

13.2  If pisoph becomes aware that personal data has been collected from a person under the age of 21, pisoph will immediately close the relevant account, delete the associated personal data (subject to any mandatory retention obligations for fraud investigation purposes), and report the incident to PAGCOR as required by our licensing terms.

14.1  The pisoph platform integrates with third-party services including payment gateways (GCash, Maya), game content providers, and KYC verification tools. Each of these third parties operates under its own privacy policy and terms of service, which are separate from this Policy.

14.2  When you transact via GCash, Maya, or a Philippine bank, your interactions with those services are governed by their respective privacy policies. pisoph receives only the minimum data necessary to process your transaction and does not have visibility into the broader data practices of those payment providers.

14.3  pisoph takes reasonable steps to ensure that third-party subprocessors maintain data protection standards consistent with Philippine law. However, pisoph is not responsible for the privacy practices of independent third parties acting outside their role as pisoph subprocessors.

15.1  pisoph may update this Privacy Policy from time to time to reflect changes in our data processing practices, changes in Philippine law or NPC guidance, or improvements to our platform. The "Last Revised" date at the top of this page indicates when the Policy was most recently updated.

15.2  Where changes to this Policy are material — meaning they significantly affect how we use your personal data or the rights available to you — pisoph will provide at least seven (7) calendar days' advance notice via email to your registered address and/or a prominent notice on the pisoph platform upon your next login.

15.3  Your continued use of the pisoph platform following the effective date of any updated Privacy Policy constitutes your acknowledgement of the updated Policy. If you do not accept the updated Policy, please discontinue using the platform and contact pisoph support to request account closure and data handling instructions.

16.1  For any data privacy query, subject access request, correction request, erasure request, or complaint regarding pisoph's handling of your personal data, please contact pisoph's Data Protection Officer using the details below:

16.2  If you are not satisfied with pisoph's response to a data privacy concern after following our internal process, you have the right to escalate your complaint to the National Privacy Commission of the Philippines (NPC). The NPC accepts complaints from Philippine data subjects and provides a formal adjudication mechanism under RA 10173.

16.3  For concerns related to pisoph's PAGCOR licensing obligations, responsible gaming practices, or AML compliance, you may also contact PAGCOR through its official public-facing channels. pisoph cooperates fully with PAGCOR's oversight functions and will not obstruct any legitimate regulatory inquiry.