Your privacy matters to phmasaya. This Policy explains exactly what personal data we collect, why we collect it, how we use and protect it, and what rights you have over your information under Philippine law.
phmasaya collects personal data only for defined, explicit, and legitimate purposes. We do not use your information for anything beyond what is stated in this Policy or required by applicable law.
We collect only the minimum data necessary for each purpose — account management, regulatory compliance, fraud prevention, and service improvement. No excessive or speculative data collection.
phmasaya does not sell, rent, or trade your personal information to third parties for their own independent marketing or commercial purposes. Your data is not a product at phmasaya.
phmasaya implements technical and organisational security measures — including 256-bit SSL encryption, access controls, and regular security reviews — to protect your data against unauthorised access or disclosure.
Under Republic Act No. 10173, you have genuine, exercisable rights over your personal data held by phmasaya. This Policy explains each right and how to exercise it — not just list them as formalities.
phmasaya's data practices comply with the Data Privacy Act of 2012 (RA 10173), National Privacy Commission (NPC) regulations, and any applicable data privacy requirements under PAGCOR's online gaming framework.
This Privacy Policy is issued by phmasaya, the operator of the online gaming platform accessible at phmasaya.vip (the "Platform," "Website," "phmasaya," "we," "us," or "our"). phmasaya acts as the Data Controller in respect of the personal data of registered users and visitors processed through the Platform.
phmasaya processes personal data in connection with the operation of an online gaming service offered to Philippine-based players, including but not limited to live casino, sports betting, slots, bingo, keno, and specialty game products. All data processing activities described in this Policy are carried out in connection with the lawful operation of this service.
This Privacy Policy applies to all personal data collected and processed through the phmasaya website and any associated communications channels, including email and live chat support. By accessing the Platform or registering an account, you acknowledge that you have read and understood this Policy.
Philippine Law Basis: phmasaya's data practices are designed to comply with Republic Act No. 10173, known as the Data Privacy Act of 2012 (DPA), and the implementing rules and regulations issued by the National Privacy Commission of the Philippines.
phmasaya collects the following categories of personal data about users of the Platform:
| Category | Examples of Data Collected | Collected At |
|---|---|---|
| Identity Data | Full legal name, date of birth, gender, government-issued ID type and number, photograph (for KYC) | Registration & KYC verification |
| Contact Data | Philippine mobile number, email address | Account registration |
| Financial Data | GCash account reference, Maya account reference, bank account name and last digits, transaction amounts, deposit and withdrawal history | Payment processing |
| Account Data | Username, account ID, login timestamps, session duration, game preferences, balance history, bonus redemptions | Platform use |
| Technical Data | IP address, device type, operating system, browser type and version, network carrier, approximate geolocation | Every session |
| Usage Data | Game history, bet amounts, bet outcomes, session time data, responsible gaming tool settings | Gameplay activity |
| Communications Data | Support chat transcripts, email correspondence, feedback submissions | Support interactions |
phmasaya does not intentionally collect or process sensitive personal information (as defined under RA 10173) beyond what is strictly required for identity verification and anti-money laundering compliance purposes — specifically, the collection of government-issued ID information and, where required, proof of source of funds documentation.
The majority of personal data phmasaya holds is provided directly by you in the course of your interaction with the Platform:
When you access and use the phmasaya Platform, certain technical and usage data is collected automatically through cookies, server logs, and analytics technologies. This includes your IP address, device identifiers, session timestamps, game activity logs, and page navigation data. This automatic collection is necessary for the secure and functional operation of the Platform.
phmasaya may receive data about you from the following third-party sources:
phmasaya processes personal data for the following defined purposes:
To create and maintain your phmasaya account; authenticate your identity at login; process deposits and withdrawals; credit game winnings; manage bonus allocations; and provide access to all Platform features and games you are entitled to use.
To verify that you meet the minimum age requirement of 21 years; to comply with PAGCOR's Know Your Customer requirements; to meet obligations under applicable anti-money laundering (AML) and counter-terrorism financing (CTF) legislation including Republic Act No. 9160 (Anti-Money Laundering Act) as amended; and to respond to lawful requests from regulatory authorities, law enforcement agencies, or courts of competent jurisdiction.
To detect and prevent fraudulent account activity, unauthorised access, money laundering, collusion, and other prohibited conduct outlined in the phmasaya Terms and Conditions; to monitor transactions for suspicious activity; and to protect the integrity of the Platform and the safety of all users.
To verify and process deposit and withdrawal transactions through approved payment channels; to reconcile account balances; to investigate disputed transactions; and to comply with payment industry requirements applicable to our payment service providers.
To operate and enforce player-set deposit limits, session time restrictions, cooling-off periods, and self-exclusion orders; to monitor gameplay patterns that may indicate problematic gambling behaviour and take appropriate protective action; and to fulfil phmasaya's responsible gaming obligations under applicable regulatory requirements.
To respond to your queries, complaints, and support requests; to investigate account issues; and to maintain records of communications for quality assurance, dispute resolution, and training purposes.
To analyse aggregate, anonymised usage data to understand how players navigate the Platform; to identify technical performance issues; to improve game library curation and promotional offers; and to enhance the overall user experience for Filipino players. Individual-level usage data used for analytics is subject to appropriate access controls and is not combined with externally purchased data sets.
Where you have provided explicit consent, phmasaya may send you promotional communications about new games, special offers, bonuses, and Platform updates via SMS to your registered mobile number or email. You may withdraw your consent to marketing communications at any time by contacting phmasaya support or updating your account preferences. Withdrawal of marketing consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
Under the Data Privacy Act of 2012 (RA 10173), phmasaya relies on the following legal bases for processing your personal data:
Note on Sensitive Data: Where phmasaya processes sensitive personal information (as defined under RA 10173, Section 3[l]), such as government-issued ID data required for KYC, this is processed only to the extent strictly necessary for legal compliance and regulatory obligations, and is subject to heightened access controls and security measures.
phmasaya does not sell your personal data. We share personal data with third parties only in the following limited and defined circumstances:
phmasaya engages third-party service providers who process personal data on our behalf under written data processing agreements, including:
All service providers engaged by phmasaya are contractually required to process personal data only for the specified service purpose and to maintain appropriate technical and organisational security measures.
phmasaya may disclose personal data to government agencies, law enforcement authorities, PAGCOR, the Anti-Money Laundering Council (AMLC), or courts of competent jurisdiction where required by law, court order, or where phmasaya has a good-faith belief that such disclosure is necessary to: comply with a legal obligation; protect the rights, property, or safety of phmasaya, its users, or the public; or investigate, prevent, or take action regarding suspected fraud, unlawful activity, or violations of the phmasaya Terms and Conditions.
In the event of a merger, acquisition, asset sale, or restructuring involving phmasaya, personal data held by phmasaya may be transferred to the successor entity, subject to the same privacy protections described in this Policy or equivalent protections required as a condition of the transfer.
No Unauthorised Third-Party Marketing: phmasaya does not share your personal data with third-party advertisers, data brokers, or marketing networks for their own independent marketing activities without your express prior consent.
phmasaya retains personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following retention standards:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account & Identity Data | Duration of account + 5 years post-closure | Legal & regulatory obligation |
| KYC Documents | Duration of account + 5 years post-closure | AMLA compliance (RA 9160) |
| Financial Transaction Records | 5 years from transaction date | AMLA & tax record requirements |
| Game History & Betting Records | 3 years from session date | Dispute resolution & regulatory audit |
| Support Communications | 2 years from last interaction | Quality assurance & dispute records |
| Marketing Consent Records | 3 years from consent or withdrawal | Legal compliance (consent audit trail) |
| Technical / Log Data | 12 months from collection | Security monitoring |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with phmasaya's data lifecycle management procedures. Data subject to an ongoing regulatory investigation or legal proceeding will be retained until the matter is resolved, regardless of the standard retention period.
phmasaya implements a combination of technical and organisational security measures designed to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Key security measures in place at phmasaya include:
Notwithstanding the above measures, no data transmission over the internet or electronic storage system can be guaranteed to be 100% secure. While phmasaya takes all reasonable precautions, you acknowledge that you transmit data to phmasaya at your own risk and should take appropriate steps to protect your own account credentials.
Cookies are small text files stored on your device by your web browser when you visit a website. phmasaya uses cookies and similar tracking technologies (such as web beacons and local storage) to operate and improve the Platform. Some cookies are essential to Platform functionality; others are used for analytics and performance purposes.
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Strictly Necessary | Maintain your login session, authentication tokens, security parameters, and session-state across pages | No — Platform will not function correctly without these |
| Functional | Remember your preferences (language, game lobby view, responsible gaming settings) | Yes — via browser settings |
| Analytics | Aggregate, anonymised data on Platform navigation patterns, page performance, and feature usage to improve phmasaya | Yes — via browser settings |
| Fraud Prevention | Device fingerprinting tokens used to detect suspicious access patterns and protect account security | No — required for Platform security |
You can manage and delete cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, or be notified when new cookies are set. Disabling strictly necessary or fraud prevention cookies will impair Platform functionality and may prevent you from accessing your phmasaya account. Disabling analytics or functional cookies will not affect your ability to play but may reset Platform preferences.
Under the Data Privacy Act of 2012 (RA 10173), you have the following rights in respect of personal data held by phmasaya. These rights are genuine and exercisable — not merely listed for formality.
You have the right to be told how your personal data is collected and used. This Privacy Policy fulfils that obligation.
You may request a copy of the personal data phmasaya holds about you and information about how it is processed.
You may request correction of inaccurate or incomplete personal data. Some corrections require re-verification of your identity.
You may request deletion of your data where there is no longer a lawful basis for retention. Regulatory retention obligations may limit this right.
You may object to processing based on phmasaya's legitimate interests, including for marketing purposes. Objections to marketing consent will be honoured immediately.
Where technically feasible, you may request your personal data in a structured, machine-readable format for transfer to another controller.
You have the right not to be subject to solely automated decisions that produce legal or similarly significant effects about you without human review.
If you believe phmasaya has not handled your data lawfully, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (privacy.gov.ph).
To exercise any of the above rights, please contact phmasaya's Data Protection Officer at [email protected] with the subject line "Data Subject Rights Request." phmasaya will respond within fifteen (15) business days of receiving your verified request, in accordance with NPC requirements.
To protect your personal data, phmasaya may require identity verification before processing any data subject rights request. phmasaya will not charge a fee for responding to reasonable data subject rights requests.
phmasaya does not knowingly collect personal data from individuals under 21 years of age. The phmasaya Platform is strictly an adults-only service. All registration requests require confirmation of age, and phmasaya conducts identity verification to confirm that account holders meet the minimum age requirement.
If phmasaya becomes aware that personal data has been collected from a person under 21 — whether through misrepresentation or otherwise — phmasaya will immediately close the relevant account, delete the associated personal data to the extent permitted by law, and, where required by applicable regulations, report the incident to the relevant regulatory authority.
phmasaya may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or regulatory requirements. The updated effective date will be prominently displayed at the top of this page whenever the Policy is revised.
For material changes — those that significantly affect how phmasaya processes your personal data or your rights as a data subject — phmasaya will provide advance notice by email to your registered address or via a prominent notice on the Platform, with a minimum notification period of fourteen (14) calendar days before the revised Policy takes effect, except where a shorter period is required by law.
Your continued use of the phmasaya Platform after the effective date of a revised Privacy Policy constitutes your acknowledgment of and agreement to the updated terms. If you do not agree with a material change to this Policy, your recourse is to request account closure in accordance with the phmasaya Terms and Conditions.
The current version of this Privacy Policy is always available at phmasaya.vip/privacy-policy.
phmasaya has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy and the Data Privacy Act of 2012. For all data privacy-related enquiries, requests, or complaints, please contact the phmasaya DPO using the details below:
phmasaya endeavours to respond to all privacy-related queries within fifteen (15) business days. For data subject rights requests (Section 10), verification of your identity will be required before phmasaya can process the request. Complex requests involving large volumes of data may require an extension of up to an additional fifteen (15) business days, of which phmasaya will notify you promptly.
National Privacy Commission: If you are not satisfied with phmasaya's response to your data privacy concern, you have the right to escalate your complaint to the National Privacy Commission of the Philippines. The NPC website is accessible at privacy.gov.ph (reference only — not a clickable link from this page). The NPC handles complaints from Filipino data subjects regarding violations of the Data Privacy Act of 2012.
phmasaya is built on transparency — about how your data is used, how games work, and how transactions are processed. One platform, PHP-native, built for Filipino players. 21+ only.
Questions about your data? Contact the phmasaya Data Protection Officer at [email protected] with the subject line "Privacy / DPO Enquiry." phmasaya responds within 15 business days to all verified data subject requests.