Your privacy matters to phmanalo. This Privacy Policy describes in detail how phmanalo collects, uses, discloses, stores, and protects the personal information of Players and visitors who use the phmanalo platform located at phmanalo.com. Please read this document carefully. By creating an account or using the phmanalo platform, you acknowledge that you have read and understood this Privacy Policy.
This Privacy Policy ("Policy") governs the collection, processing, storage, and disclosure of personal data by the phmanalo online gaming platform ("phmanalo", "we", "us", "our") in connection with the services offered at phmanalo.com and all associated sub-domains and mobile web interfaces (collectively, the "Platform").
phmanalo is committed to protecting the privacy and personal data of all individuals who interact with the Platform, including registered Players, prospective registrants, and general visitors. phmanalo processes personal data in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Republic of the Philippines and its Implementing Rules and Regulations (IRR), as well as all applicable orders and circulars issued by the National Privacy Commission (NPC) of the Philippines.
This Policy applies to all personal data collected by phmanalo in the context of providing its online gaming and entertainment services to Filipino players. It covers personal data collected via the Platform, through customer support interactions, via marketing communications, and through third-party payment processors and identity verification service providers engaged by phmanalo in connection with its operations.
This Policy should be read in conjunction with the phmanalo Terms and Conditions and the Responsible Gaming Policy, both of which are available on the Platform. Defined terms used but not defined in this Policy carry the meanings assigned to them in the phmanalo Terms and Conditions.
For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:
| "Personal Data" | Any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. |
| "Processing" | Any operation or any set of operations performed upon personal data including, but not limited to, collection, recording, organisation, storage, updating, modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of data. |
| "Data Subject" | An individual whose personal data is collected, processed, and stored by phmanalo — primarily registered Players and Platform visitors. |
| "Personal Information Controller" | phmanalo, in its capacity as the entity that controls the collection, holding, processing, or use of personal data as described in this Policy. |
| "Sensitive Personal Information" | Personal data about an individual's age and date of birth, financial information, government-issued identification numbers (such as SSS, UMID, TIN, PhilSys ID numbers), and any other data specifically designated as sensitive under RA 10173. |
| "DPO" | Data Protection Officer — the designated officer at phmanalo responsible for ensuring compliance with applicable data privacy laws and this Policy. |
| "Third-Party Service Provider" | Any external entity engaged by phmanalo to perform specific services in connection with Platform operations, including payment processors, KYC verification providers, game studios, and cloud infrastructure providers. |
phmanalo collects the minimum personal data necessary to provide its services, fulfil its legal obligations, and maintain the security and integrity of the Platform. The following categories of personal data are collected by phmanalo:
phmanalo collects personal data through the following channels:
phmanalo processes personal data only for specified, legitimate purposes and only to the extent necessary for those purposes. The following table sets out the primary purposes for which phmanalo processes personal data and the corresponding legal basis under RA 10173:
| Purpose of Processing | Legal Basis |
|---|---|
| Account registration and management | Performance of the service contract between phmanalo and the Player; consent provided at registration. |
| Age verification (21+ requirement) and KYC identity verification | Compliance with PAGCOR regulatory requirements and RA 10173; legitimate interest in maintaining a secure, legally compliant gaming environment. |
| Processing deposits and withdrawals | Performance of the service contract; compliance with financial reporting and AML obligations under RA 9160 (AMLA). |
| Fraud prevention and security monitoring | Legitimate interest in protecting the Platform, Players, and third parties from fraud, money laundering, and unauthorised access. |
| Responsible gaming programme management | Compliance with PAGCOR responsible gaming guidelines; player protection obligations. |
| Customer support services | Performance of the service contract; legitimate interest in resolving player queries efficiently. |
| Direct marketing communications (opt-in only) | Freely given, specific consent provided by the Player at registration or through subsequent marketing preferences settings. |
| Platform analytics and service improvement | Legitimate interest in improving Platform functionality and the Player experience. |
Marketing communications: phmanalo will only send promotional emails, SMS messages, or in-Platform notifications to Players who have opted in to receive marketing communications. You may withdraw your consent to receive marketing at any time by updating your communication preferences within your Account settings or by contacting phmanalo support.
phmanalo does not sell, rent, or otherwise commercially transfer your personal data to third parties for their own marketing or commercial purposes. phmanalo will share your personal data only in the following circumstances:
phmanalo engages trusted third-party service providers to support its operations. These providers process personal data only on phmanalo's instructions and in accordance with data processing agreements that impose obligations consistent with RA 10173. Categories of service providers include payment processors (GCash, Maya, BPI, BDO, UnionBank, and other payment networks), identity verification providers, cloud infrastructure providers, cybersecurity and fraud detection services, and customer support platform providers.
phmanalo may disclose personal data to PAGCOR, the National Privacy Commission, the Anti-Money Laundering Council (AMLC), the Bureau of Internal Revenue (BIR), or other competent Philippine government authorities where such disclosure is required by applicable law, regulation, or lawful order. phmanalo will notify affected Players of any such disclosure to the extent permitted by law.
In the event of a merger, acquisition, or sale of phmanalo or its business assets, personal data held by phmanalo may form part of the transferred assets. Players will be notified of any such transfer and of any material changes to the applicable privacy policy as a result.
phmanalo does not transfer personal data outside of the Philippines except where necessary to engage service providers whose infrastructure operates across multiple jurisdictions, and only under data processing agreements that ensure equivalent data protection standards. Where cross-border data transfers occur, phmanalo takes appropriate safeguards as required by applicable Philippine data privacy law.
phmanalo uses cookies and similar tracking technologies on the Platform to maintain session authentication, enable security features, analyse Platform usage, and personalise your gaming experience. A cookie is a small text file stored on your device when you access the Platform.
| Cookie Type | Purpose |
|---|---|
| Strictly Necessary | Essential for login session management, security token handling, and basic Platform functionality. Cannot be disabled without affecting core Platform functions. No consent required. |
| Functional | Remember your preferences (language settings, game lobby filters, responsible gaming tool configurations) to improve your experience on return visits. |
| Analytics | Collect anonymised usage data to help phmanalo understand how the Platform is used, identify technical issues, and improve performance. Requires your consent. |
| Security & Fraud Prevention | Detect and prevent unauthorised access, fraudulent activity, and security threats to the Platform and Player accounts. |
You may manage your cookie preferences through your browser settings at any time. Disabling strictly necessary cookies will prevent you from logging in to your phmanalo Account. Disabling all other cookies will not affect your ability to access and use the Platform but may result in a reduced personalised experience.
phmanalo retains personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with applicable legal and regulatory obligations, and to resolve any disputes or enforce phmanalo's legal rights. The following general retention periods apply:
| Data Category | Retention Period |
|---|---|
| Account registration data | Duration of Account plus 5 years following Account closure, or as required by applicable law. |
| KYC identity verification documents | Duration of Account plus 5 years following Account closure (AMLA compliance requirement). |
| Financial transaction records | 5 years from the date of each transaction, in compliance with RA 9160 (AMLA) record-keeping obligations. |
| Gaming activity logs | Duration of Account plus 2 years following Account closure. |
| Customer support communications | 3 years from the date of the relevant communication. |
| Technical and device logs | 90 days from collection, unless retained for a longer period in connection with a security incident or legal proceeding. |
| Marketing communications data | Until consent is withdrawn plus 1 year for audit trail purposes. |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with phmanalo's data disposal procedures.
phmanalo implements appropriate technical and organisational security measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include, without limitation:
Your role in security: phmanalo's security measures are most effective when combined with strong personal security practices on your end. Keep your phmanalo Account password unique and confidential. Enable two-factor authentication if available. Never share your OTP with anyone — phmanalo staff will never ask for your OTP. If you suspect your Account has been accessed without your authorisation, contact phmanalo support via live chat immediately.
As a Data Subject under the Data Privacy Act of 2012 (RA 10173) of the Philippines, you have the following rights in relation to your personal data processed by phmanalo. To exercise any of these rights, please contact phmanalo's Data Protection Officer using the contact details in Section 15.
You have the right to request a copy of the personal data phmanalo holds about you, together with information about how it is being processed.
You may request correction of inaccurate or incomplete personal data that phmanalo holds about you. Account details can also be updated directly within your Account settings.
You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to phmanalo's legal retention obligations under RA 9160, tax laws, and PAGCOR regulations.
You may object to the processing of your personal data for direct marketing purposes at any time. To stop receiving marketing communications, update your preferences in Account settings.
You may request a copy of your personal data in a structured, commonly used, machine-readable format where technically feasible, to allow you to transfer the data to another service provider.
You may request restriction of processing of your personal data in certain circumstances — for example, while a rectification request is being assessed, or where you have objected to processing pending verification of phmanalo's legitimate grounds.
phmanalo will respond to all valid data rights requests within thirty (30) days of receipt. Where requests are complex or numerous, phmanalo may extend this period by a further thirty (30) days, with notification to the Data Subject. phmanalo may request additional identity verification before processing a data rights request to ensure that personal data is not disclosed to an unauthorised party.
If you are not satisfied with phmanalo's response to a data rights request, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines, the supervisory authority responsible for data privacy enforcement under RA 10173.
Strictly 21 years and above. The phmanalo Platform is not intended for, and does not knowingly collect personal data from, individuals under 21 years of age. Access to the Platform by persons under 21 is strictly prohibited in accordance with PAGCOR regulations and Philippine law governing casino-type gaming activities. phmanalo's KYC process requires age verification as a mandatory prerequisite for Real Money Play, and phmanalo will immediately close any Account found to belong to an individual below the minimum age requirement, with any deposited balance returned subject to verification.
If you are a parent or guardian and you believe that a minor under your care has provided personal data to phmanalo or has accessed the Platform, please contact phmanalo immediately via the contact details in Section 15. phmanalo will investigate and take appropriate steps to remove the relevant data and close the Account.
In connection with phmanalo's responsible gaming programme, phmanalo processes certain gaming activity data to support the operation of responsible gaming tools available to Players. This includes monitoring of gaming session frequency, deposit volumes, loss patterns, and self-exclusion status. This processing is conducted in the legitimate interest of player protection and in compliance with PAGCOR responsible gaming guidelines.
Responsible gaming tool configurations — including deposit limits, session reminders, and self-exclusion records — are retained for the duration of the relevant restriction period and for a minimum of two (2) years thereafter. Self-exclusion records are retained for the full exclusion period plus six (6) years to maintain an audit trail and prevent circumvention of self-exclusion through re-registration.
phmanalo's responsible gaming data processing is not used for any commercial profiling or marketing purposes. This data is used exclusively for player protection purposes and regulatory compliance. For more information about the responsible gaming tools available on the Platform, please visit the Responsible Gaming page on the phmanalo website.
The phmanalo Platform integrates with third-party services including payment gateways, game software providers, and identity verification systems. These third-party services are subject to their own separate privacy policies, which phmanalo encourages you to review. phmanalo is not responsible for the data practices of third-party service providers operating independently of phmanalo's instructions.
phmanalo's Platform does not include outbound links to third-party websites unrelated to phmanalo's services. Where integration with third-party payment systems (GCash, Maya, BPI, BDO, UnionBank, and others) requires redirection to the relevant payment provider's interface, that redirection is clearly indicated and the relevant payment provider's own privacy terms apply to the data you provide directly to their systems.
phmanalo may update or modify this Privacy Policy from time to time to reflect changes in applicable law, regulatory requirements, phmanalo's data processing practices, or the services available on the Platform. Material changes to this Policy will be communicated to registered Players via email notification to the registered Account email address and/or via a prominent notice displayed on the phmanalo Platform, at least seven (7) days prior to the effective date of the revised Policy — except where immediate changes are required by law or regulatory directive.
The "Last Updated" date at the top of this Policy will be revised to reflect the date of the most recent modification. Your continued use of the phmanalo Platform following the effective date of any amendment constitutes your acknowledgement of the revised Policy. phmanalo encourages you to review this Policy periodically to stay informed about how your personal data is being handled.
If you have any questions, concerns, or requests regarding this Privacy Policy or phmanalo's personal data processing activities, or if you wish to exercise any of your data rights under RA 10173, please contact phmanalo's Data Protection Officer (DPO) through any of the following channels:
Every data transmission between your device and phmanalo is protected with 256-bit TLS encryption — the same standard used by Philippine commercial banks. Your personal details and financial information are fully secured in transit and at rest.
phmanalo's data processing practices are fully aligned with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines. You have clear legal rights over your personal data, and phmanalo is committed to honouring every one of them promptly and transparently.
phmanalo does not sell, rent, or commercially trade your personal data to any third party for their own marketing or commercial purposes. Your data is used only to operate your Account, process your transactions, and provide the phmanalo service to you.
phmanalo collects only the personal data that is genuinely necessary to provide its services, fulfil legal obligations, and maintain Platform security. We do not collect data speculatively or for undefined future purposes. Every data point we hold has a clear, documented reason.
phmanalo sends promotional communications only to Players who have explicitly opted in. You can withdraw your marketing consent at any time from within your Account settings — no hoops to jump through, no waiting period. Your preference takes effect immediately.
phmanalo has a designated Data Protection Officer (DPO) responsible for overseeing all aspects of data privacy compliance. For any data rights requests or privacy concerns, you can contact the DPO directly at [email protected] and receive a response within 5 business days.
phmanalo is built on transparency, security, and respect for every Filipino player's personal data. Register with confidence knowing your information is handled with the care it deserves. For players aged 21 and above only.