phislot
Privacy Policy

This Privacy Policy applies to all personal data collected, processed, and stored by phislot (referred to herein as "phislot," "we," "us," or "our") in connection with the operation of the phislot online gaming platform accessible at phislot.vip, including all associated games, payment services, customer support functions, promotional activities, and related digital services (collectively, the "Platform").

phislot acts as the Data Controller for the personal data of individuals who register an account, make a deposit or withdrawal, participate in promotions, contact our support team, or otherwise interact with the Platform. As Data Controller, phislot determines the purposes and means by which your personal data is processed.

This Policy is incorporated by reference into the phislot Terms and Conditions. By registering a phislot account or using the Platform, you acknowledge that you have read and understood this Privacy Policy and that you consent to the collection and processing of your personal data as described herein.

phislot collects personal data in the following categories. We collect only what is necessary for the stated purposes and do not seek unnecessary information from our users.

phislot does not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, biometric data beyond identity verification requirements, or health data, unless you voluntarily provide such information in the context of a responsible gaming assessment or support interaction.

phislot collects personal data through the following channels and mechanisms:

• Direct collection from you: Information you provide during account registration, identity verification, payment setup, support interactions, promotional participation, and profile updates.
• Automated technical collection: Data collected automatically when you access the Platform, including IP addresses, device identifiers, session cookies, usage logs, and approximate geolocation data derived from your IP address.
• Payment processor data: Transaction reference data, payment status, and fraud indicators shared by GCash, Maya, GrabPay, QR Ph, and other payment processors when you initiate a deposit or withdrawal.
• Identity verification providers: Verification results, identity match scores, and document validity indicators from third-party KYC service providers engaged by phislot to meet PAGCOR compliance requirements.
• Fraud prevention services: Device fingerprint data, risk scores, and fraud indicators from third-party anti-fraud tools used to protect phislot accounts and the wider platform.
• Publicly available sources: In limited circumstances, phislot may verify information against publicly accessible databases (e.g. electoral rolls, adverse media databases) for AML compliance purposes.

phislot processes your personal data for the following purposes, each grounded in a legitimate legal basis under the Data Privacy Act of 2012:

• Account registration and management — Necessary for the performance of the contract between you and phislot (i.e., the Terms and Conditions you accept when registering). Includes maintaining your account, communicating account status, and processing your gaming activity.
• Identity and age verification (KYC) — Legal obligation under PAGCOR's Know Your Customer requirements for licensed online gaming operators. phislot is required to verify that all account holders are aged 21 or over and are identifiable natural persons.
• Payment processing and fraud prevention — Necessary for contract performance and for phislot's legitimate interests in protecting the security of the Platform, preventing fraudulent transactions, and ensuring that funds reach their rightful owners.
• Anti-money laundering (AML) monitoring and reporting — Legal obligation under Philippine anti-money laundering law (AMLA) and PAGCOR operational requirements. phislot is required to monitor transactions for suspicious activity and to file Suspicious Transaction Reports (STRs) with the Anti-Money Laundering Council (AMLC) where required.
• Responsible gaming monitoring — Legitimate interest in identifying and supporting players who may be exhibiting problem gambling behaviour, and in complying with PAGCOR's responsible gaming framework.
• Platform improvement and analytics — Legitimate interest in understanding how the Platform is used in order to improve its performance, usability, and game selection for Filipino players.
• Marketing communications — Consent. You may opt in to receive promotional offers, bonus notifications, and platform updates from phislot. Consent may be withdrawn at any time.
• Legal compliance and dispute resolution — Legal obligation and legitimate interest in complying with court orders, regulatory directives, and in resolving disputes between phislot and its users.

phislot may share your personal data with the following categories of third parties:

• Payment processors: GCash, Maya, GrabPay, QR Ph, BPI, BDO, Metrobank, Visa/Mastercard network processors — to facilitate deposits and withdrawals from your phislot account. These providers are engaged under data processing agreements and may only use your data for the specific payment transaction.
• Identity verification providers: Third-party KYC platforms engaged to verify your identity, age, and document authenticity as required by PAGCOR regulations.
• Game providers: Licensed game studios (e.g. JILI, Pragmatic Play, Evolution Gaming) that supply games to the phislot platform. Game providers receive only the data necessary to operate each game session (typically a session token and stake amount), not your full personal profile.
• Fraud prevention and cybersecurity providers: Third-party services engaged to detect fraudulent activity, unauthorised access, and platform abuse.
• Regulatory and law enforcement authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), Philippine law enforcement agencies, and courts of competent jurisdiction — where phislot is legally required or compelled to disclose information.
• Professional advisers: Lawyers, accountants, auditors, and other professional service providers engaged by phislot, subject to professional confidentiality obligations.
• Business successors: In the event of a merger, acquisition, or sale of all or substantially all of phislot's business, your data may be transferred to the acquiring entity. You will be notified of any such transfer and of any material changes to this Privacy Policy that result from it.

All third parties with whom phislot shares personal data are required to handle that data in accordance with applicable Philippine data protection law and phislot's data protection standards, and are restricted from using your data for any purpose other than the one for which it was shared.

The phislot Platform uses cookies and similar tracking technologies to deliver, operate, and improve the gaming experience for Filipino players. A cookie is a small text file placed on your device when you access the Platform.

phislot uses the following categories of cookies:

• Strictly necessary cookies: Essential for the Platform to function. These include session authentication cookies, security tokens, and load balancing cookies. They cannot be disabled without preventing the Platform from working correctly. No consent is required for these cookies.
• Functional cookies: Remember your preferences, such as your preferred language, last visited game category, and responsible gaming settings. Disabling these cookies will affect your user experience but will not prevent access to the Platform.
• Analytics cookies: Collect aggregated, anonymised data about how users navigate the Platform — which pages are most visited, where users encounter difficulties, and which games are most popular. This data helps phislot improve the Platform. Analytics data is not linked to individual account identities.
• Marketing cookies: Track whether you clicked on a phislot promotional link or advertisement, to help phislot understand which marketing channels are effective. These cookies are only set with your consent.

You can manage cookie preferences through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, or be notified when a new cookie is set. Please note that disabling certain categories of cookies may limit your ability to use some features of the phislot Platform.

phislot implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include, but are not limited to:

• 256-bit SSL/TLS encryption for all data in transit between your device and phislot servers.
• Encryption of sensitive data fields (including identity document data and payment references) at rest in phislot databases.
• Role-based access controls restricting internal access to personal data to authorised phislot personnel on a need-to-know basis.
• Multi-factor authentication requirements for phislot staff accessing systems that contain personal data.
• Regular third-party security audits and penetration testing of phislot platform infrastructure.
• Automated monitoring for anomalous access patterns, data exfiltration attempts, and security incidents.
• Incident response procedures for identifying, containing, and notifying affected parties of personal data breaches in compliance with Philippine NPC notification requirements.

phislot retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with our legal and regulatory obligations, or to resolve disputes and enforce our agreements. The following retention periods apply as general guidelines:

• Account and identity data: Retained for the duration of your active phislot account, plus a minimum of 5 years following account closure. This retention is required by PAGCOR's record-keeping obligations and by Philippine AML law (AMLA), which mandates transaction record retention for a minimum period of 5 years.
• Financial and transaction records: Retained for a minimum of 5 years from the date of each transaction, consistent with AMLA requirements and applicable tax record obligations.
• Gaming history: Retained for the duration of the account, plus 5 years following closure, for regulatory reporting and dispute resolution purposes.
• Support communications: Retained for 3 years following resolution of the relevant support interaction, for quality assurance and dispute purposes.
• Marketing preferences and consent records: Retained until you withdraw consent and for 3 years thereafter as evidence of consent management.
• Technical/session data: Typically retained for 90 days in active logs, then archived or deleted in accordance with phislot's data lifecycle management procedures.

Where personal data is no longer required, phislot will securely delete or anonymise it so that it can no longer be associated with any identified or identifiable individual.

Under the Data Privacy Act of 2012 and its Implementing Rules and Regulations, you have the following rights in relation to your personal data held by phislot. These rights are not absolute and are subject to applicable exemptions (for example, phislot may be required by law to retain certain data regardless of a deletion request).

To exercise any of the above rights, please contact phislot's Data Privacy Officer (DPO) at the email address provided in Section 15 of this Policy. phislot will respond to all verifiable data rights requests within 30 calendar days. We may require identity verification before processing your request to ensure that data is not disclosed to unauthorised parties.

phislot employs mandatory age verification at account registration and reserves the right to request documentary proof of age (e.g. a valid Philippine government-issued ID) at any time during the account lifecycle. Accounts for which satisfactory proof of age cannot be provided will be suspended and any funds held in those accounts will be withheld pending review.

If phislot becomes aware that personal data has been collected from a person under the age of 21 without appropriate authorisation, phislot will take immediate steps to delete that data and close the associated account. If you are a parent or guardian and you believe that your child has registered a phislot account, please contact our support team or Data Privacy Officer immediately.

phislot's primary servers and data storage infrastructure are located in the Asia-Pacific region. In order to provide the Platform's services, certain personal data may be transferred to and processed in jurisdictions outside of the Philippines — for example, when data is processed by a game provider or identity verification service headquartered in another country.

Where personal data is transferred internationally, phislot ensures that appropriate safeguards are in place to protect the data in accordance with the requirements of the Data Privacy Act of 2012, including:

• Contractual data protection clauses in agreements with third-party processors in other jurisdictions.
• Transfers to jurisdictions that the National Privacy Commission recognises as providing an adequate level of personal data protection.
• Adherence to the cross-border data flow standards applicable under PAGCOR's licensing framework.

phislot may send you promotional emails, SMS messages, and in-platform notifications about bonuses, new games, seasonal promotions, and platform features. All marketing communications from phislot are sent only with your consent, obtained either during account registration or subsequently through your account notification preferences.

You may withdraw consent for marketing communications at any time by:

• Clicking the "Unsubscribe" link in any phislot marketing email.
• Updating your notification preferences in your phislot account dashboard.
• Contacting phislot support via live chat or email at [email protected] and requesting removal from marketing lists.

Withdrawal of marketing consent does not affect the delivery of transactional communications that are necessary for the operation of your account, such as deposit confirmations, withdrawal notifications, security alerts, and regulatory notices. These communications will continue regardless of marketing preference settings.

The phislot Platform may reference or display content from third-party service providers (such as game studios, payment gateways, and identity verification services). While phislot exercises care in selecting third-party partners, phislot is not responsible for the privacy practices or data protection standards of third-party websites, applications, or services that are accessed outside of the phislot.vip domain.

This Privacy Policy applies solely to personal data collected and processed by phislot through the phislot Platform. If you interact with any third-party service through or in connection with phislot, you should review that third party's privacy policy to understand how they handle your data.

phislot reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, applicable laws, or regulatory requirements. The effective date displayed at the top of this document indicates when the current version took effect.

Where an amendment is material — meaning it significantly changes your rights or the way we use your data — phislot will notify you through your registered email address or via a prominent in-platform notification at least 14 days before the change takes effect. Your continued use of the phislot Platform following the effective date of the revised Privacy Policy constitutes your acknowledgement of the updated terms.

The most current version of this Privacy Policy is always accessible at phislot.vip/privacy-policy. Previous versions of the Policy are available upon request to our Data Privacy Officer.

phislot has appointed a Data Privacy Officer (DPO) responsible for overseeing compliance with this Privacy Policy and the Data Privacy Act of 2012. If you have any questions, concerns, or requests relating to this Privacy Policy or phislot's data processing practices, you may contact the DPO through the following channels:

phislot commits to responding to all privacy-related inquiries and data rights requests within 30 calendar days of receipt. Complex requests may take longer, in which case phislot will notify you of the expected completion date.

If you are unsatisfied with phislot's response to your privacy concern, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines. The NPC is the government authority responsible for enforcing the Data Privacy Act of 2012. Further information about filing a complaint with the NPC is available through official Philippine government channels.