Contents
1. Introduction 2. Data We Collect 3. How We Collect Data 4. Legal Basis for Processing 5. How We Use Your Data 6. Data Sharing & Disclosure 7. International Transfers 8. Data Retention 9. Cookies & Tracking 10. Data Security 11. Your Rights 12. Children's Privacy 13. Third-Party Services 14. Policy Amendments 15. Contact & DPO1. Introduction
This Privacy Policy ("Policy") describes how phsaya ("phsaya," "we," "us," "our"), the operator of the online gaming platform at phsaya.asia, collects, processes, stores, and shares personal data relating to registered users, visitors, and prospective players ("you," "your," "Data Subject") of our platform.
phsaya is committed to protecting your privacy and processing your personal data in full compliance with Republic Act No. 10173, the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC) of the Philippines. As a PAGCOR-regulated gaming operator, phsaya is additionally bound by PAGCOR's data handling and player protection requirements.
By registering for a phsaya account, accessing phsaya.asia, or using any service offered by phsaya, you acknowledge that you have read and understood this Policy, and you consent to the collection and processing of your personal data as described herein. If you do not agree with any provision of this Policy, you should discontinue use of phsaya's services immediately.
2. Data We Collect
phsaya collects the following categories of personal data in the course of providing its services:
| Category | Examples | Purpose |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, government ID number, ID document images | Account registration, KYC/AML compliance, age verification |
| Contact Data | Email address, Philippine mobile number, residential address | Account communication, OTP delivery, support, withdrawals |
| Financial Data | GCash/Maya account reference, bank account details (masked), transaction history, deposit/withdrawal records | Payment processing, AML monitoring, dispute resolution |
| Technical Data | IP address, device type, browser, operating system, session tokens, login timestamps | Security, fraud detection, platform optimization |
| Usage Data | Game history, betting patterns, session duration, pages visited, bonus redemption records | Platform improvement, responsible gaming monitoring, personalization |
| Communication Data | Support chat transcripts, email correspondence, survey responses | Support quality, dispute resolution, compliance records |
phsaya does not collect sensitive personal information beyond what is strictly necessary for identity verification and regulatory compliance. We do not collect racial or ethnic origin, political opinions, religious beliefs, or health data except where expressly required by applicable law.
3. How We Collect Data
3.1 Directly From You
The majority of personal data phsaya holds is provided directly by you during: account registration (name, email, mobile number); KYC verification (government ID upload, address confirmation); deposit and withdrawal transactions; customer support interactions; and voluntary survey or feedback participation.
3.2 Automatically
When you access phsaya.asia, we automatically collect technical data through server logs, cookies, and similar tracking technologies. This includes your IP address, device identifiers, browser type, session duration, and pages visited. See Section 9 (Cookies) for full details.
3.3 From Third Parties
phsaya may receive personal data from: payment processors (GCash, Maya, BPI, BDO, UnionBank) to verify transaction completions; identity verification service providers used in the KYC process; PAGCOR and law enforcement authorities where required by regulation or court order; and fraud prevention and AML screening services.
4. Legal Basis for Processing
phsaya processes your personal data on the following legal bases under the Data Privacy Act of 2012:
- Contractual Necessity: Processing required to fulfil our contractual obligations to you under the phsaya Terms & Conditions — including account management, payment processing, game delivery, and customer support.
- Legal Obligation: Processing required to comply with PAGCOR regulations, the Anti-Money Laundering Act (AMLA), the Data Privacy Act, and other applicable Philippine law — including mandatory KYC/AML procedures and transaction record-keeping.
- Legitimate Interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and business analytics, where these interests are not overridden by your data protection rights.
- Consent: Processing for marketing communications and non-essential cookies, where we rely on your freely given, specific, and informed consent, which you may withdraw at any time.
5. How We Use Your Data
phsaya uses collected personal data for the following purposes:
- Creating, managing, and securing your phsaya account, including login authentication and two-factor verification.
- Processing deposits and withdrawals via your chosen payment method (GCash, Maya, BPI, BDO, UnionBank, 7-Eleven Cliqq, USDT TRC20, Coins.ph).
- Conducting KYC identity verification and ongoing AML transaction monitoring as required by PAGCOR and the Anti-Money Laundering Council (AMLC).
- Delivering the gaming services you use, including game history, bet settlement, bonus crediting, and leaderboard participation.
- Sending transactional communications — deposit confirmations, withdrawal status updates, security alerts, account notifications — to your registered email and mobile number.
- Providing responsible gaming monitoring: detecting unusual betting patterns, enforcing deposit and session limits you have set, and facilitating self-exclusion requests.
- Investigating and resolving complaints, disputes, and support requests.
- Complying with regulatory reporting obligations to PAGCOR and applicable Philippine law enforcement authorities.
- Improving platform performance, game load times, and user experience based on aggregated and anonymised usage analytics.
- With your separate consent: sending promotional communications about phsaya bonuses, new game launches, and platform updates.
6. Data Sharing & Disclosure
phsaya does not sell, rent, or trade your personal data to third parties for their independent marketing purposes. We share personal data only in the following circumstances:
6.1 Service Providers
phsaya engages carefully selected third-party service providers — including payment processors, KYC verification platforms, cloud infrastructure providers, and customer support software vendors — who process data on our behalf under binding data processing agreements. These providers are contractually prohibited from using your data for any purpose other than delivering services to phsaya.
6.2 Regulatory & Legal Disclosure
phsaya will disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), or any competent Philippine court or law enforcement authority when required to do so by law, regulatory order, or valid legal process. phsaya will notify you of such disclosure where legally permitted to do so.
6.3 Business Transfers
In the event of a merger, acquisition, or sale of substantially all of phsaya's assets, your personal data may be transferred to the successor entity, subject to the same privacy protections described in this Policy. You will be notified of any such transfer via registered email.
6.4 Fraud Prevention
phsaya may share data with fraud prevention databases and identity verification networks where necessary to detect and prevent fraudulent activity, money laundering, or platform abuse — including sharing with PAGCOR's player protection registry.
7. International Data Transfers
Some of phsaya's third-party service providers — including cloud infrastructure and game content providers — may process data in jurisdictions outside the Republic of the Philippines. Where such transfers occur, phsaya ensures that appropriate safeguards are in place, including contractual clauses consistent with NPC standards and the Data Privacy Act's requirements for cross-border data transfers. phsaya does not transfer data to jurisdictions without adequate data protection frameworks without implementing additional contractual protections.
8. Data Retention
phsaya retains personal data for the minimum period necessary to fulfil the purposes for which it was collected, subject to the following minimum retention requirements:
- Account and KYC records: Retained for a minimum of five (5) years following account closure, as required by PAGCOR regulations and the Anti-Money Laundering Act.
- Financial transaction records: Retained for a minimum of five (5) years from the date of the transaction, per AMLC requirements.
- Customer support records: Retained for three (3) years from the date of the support interaction.
- Technical and usage logs: Retained for twelve (12) months, after which they are anonymised or deleted.
- Marketing consent records: Retained for the duration of your account and up to two (2) years following withdrawal of consent, as evidence of consent management.
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised in accordance with NPC guidelines.
9. Cookies & Tracking Technologies
phsaya.asia uses cookies and similar technologies to operate the platform, maintain your logged-in session, prevent fraud, and analyse usage patterns. The following cookie categories are used:
- Strictly Necessary Cookies: Essential for platform operation — session management, login state, security tokens. These cannot be disabled without breaking core functionality.
- Functional Cookies: Store your preferences such as language settings, display options, and recently played games. Disabling these reduces personalisation but does not break the platform.
- Analytics Cookies: Collect aggregated, anonymised data about how players navigate phsaya.asia. Used to improve platform performance and user experience. Require your consent.
- Security Cookies: Used to detect and prevent fraudulent activity, bot traffic, and account takeover attempts.
You may manage your cookie preferences at any time via your browser settings. Note that disabling strictly necessary cookies will prevent you from logging in to your phsaya account.
10. Data Security
phsaya implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
- 256-bit SSL/TLS encryption for all data transmitted between your device and phsaya's servers.
- Encryption of sensitive data fields (passwords, payment identifiers, government ID numbers) at rest using industry-standard algorithms.
- Role-based access controls ensuring that phsaya staff can only access personal data necessary for their specific job function.
- Mandatory two-factor authentication for all phsaya staff with access to production systems containing personal data.
- Regular third-party security audits and penetration testing of phsaya's platform infrastructure.
- Automated anomaly detection systems monitoring for unusual access patterns, credential-stuffing attempts, and data exfiltration signals.
In the event of a personal data breach that is likely to adversely affect your rights and freedoms, phsaya will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, and will notify affected Data Subjects without undue delay, as required by the Data Privacy Act and NPC Circular 16-03.
11. Your Rights as a Data Subject
Under the Data Privacy Act of 2012 and its Implementing Rules, you have the following rights with respect to your personal data held by phsaya:
Right to be Informed
You have the right to be informed of how your personal data is being collected and processed, the purposes of processing, and who your data is being shared with — which this Policy fulfils.
Right of Access
You may request a copy of the personal data phsaya holds about you. Requests will be fulfilled within fifteen (15) business days of verified identity confirmation.
Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. Account details may be updated directly via your phsaya dashboard or by contacting support.
Right to Erasure
You may request deletion of your personal data. This right is subject to phsaya's legal retention obligations under PAGCOR regulations and the Anti-Money Laundering Act — regulatory-required records cannot be erased during mandatory retention periods.
Right to Object
You may object to the processing of your personal data for direct marketing purposes at any time by contacting phsaya support or unsubscribing from marketing communications via the link in any phsaya email.
Right to Data Portability
You have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller where technically feasible.
Right to Lodge a Complaint
If you believe phsaya has not handled your personal data in accordance with the Data Privacy Act, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (privacy.gov.ph).
To exercise any of the above rights, contact the phsaya Data Protection Officer using the details in Section 15. phsaya will respond to all rights requests within fifteen (15) business days of identity verification.
12. Children's Privacy
phsaya's services are strictly intended for individuals aged 21 years and older in accordance with PAGCOR's age requirements for online gambling in the Philippines. phsaya does not knowingly collect, process, or store personal data from individuals under 21 years of age. If phsaya becomes aware that personal data has been collected from a person under 21, that data will be immediately deleted and the associated account permanently suspended. Parents or guardians who believe a minor may have created a phsaya account should contact support immediately.
13. Third-Party Services
phsaya.asia may contain references to third-party game providers and payment platforms. Once you interact directly with a third-party service (for example, completing a GCash payment through the GCash app), that party's own privacy policy governs the data they collect during that interaction. phsaya is not responsible for the privacy practices of third-party platforms and encourages you to review their policies independently.
14. Policy Amendments
phsaya reserves the right to amend this Privacy Policy at any time. Material changes — defined as changes that materially affect your rights or phsaya's data processing purposes — will be communicated via email to your registered address and/or via a prominent notice on phsaya.asia at least fourteen (14) days before the effective date of the change. Non-material clarifications or corrections may be updated without prior notice, with the "Last Updated" date revised accordingly. Continued use of phsaya's services following the effective date of any amendment constitutes your acceptance of the revised Policy.
15. Contact & Data Protection Officer
phsaya has appointed a Data Protection Officer (DPO) as required under the Data Privacy Act of 2012. For any data privacy concern, rights request, or inquiry regarding this Policy, please contact:
phsaya Data Protection Officer
Platform: phsaya.asia
Email (plain text): [email protected]
Subject line: [DATA PRIVACY REQUEST] – [Your Full Name]
Response time: 15 business days from identity verification
If you are not satisfied with phsaya's response to your data privacy concern, you may escalate your complaint to the National Privacy Commission of the Philippines.
Your Privacy at phsaya — Our Commitments
Six principles that guide how phsaya handles every piece of your personal data.
Data Privacy Act Compliance
phsaya processes all personal data in full compliance with Republic Act 10173 and the National Privacy Commission's guidelines. Your rights as a Philippine data subject are legally enforceable — not just policy promises.
256-Bit Encrypted Storage
Sensitive data fields — passwords, payment identifiers, and government ID details — are encrypted at rest and in transit. phsaya's security architecture is regularly audited by independent third-party penetration testers.
No Data Selling — Ever
phsaya does not sell, rent, or trade your personal data to any third party for marketing purposes. Your data is used exclusively to operate your phsaya account and fulfil our regulatory obligations under PAGCOR and Philippine law.
Minimum Retention Periods
phsaya retains data only as long as legally required or operationally necessary. Regulatory records are kept for the PAGCOR/AMLA-mandated five-year minimum; non-essential logs are anonymised or deleted within twelve months.
Full Data Subject Rights
phsaya honours all seven Data Privacy Act rights — access, rectification, erasure, portability, object, informed consent, and complaint — with a 15-business-day response commitment for verified requests.
72-Hour Breach Notification
In the unlikely event of a data breach affecting your rights, phsaya notifies the National Privacy Commission within 72 hours and affected players without undue delay — as required by the Data Privacy Act and NPC Circular 16-03.
Play on phsaya — Where Your Data Is Treated with Respect
PAGCOR-regulated, Data Privacy Act compliant, GCash-ready, and 3,500+ certified games. Join over one million Filipino players who trust phsaya with their entertainment — and their data.
Visit phsaya.asia to create your free account. Age and identity verification required. Play responsibly.