ph465 Privacy Policy

This Privacy Policy ("Policy") describes how ph465 ("Company," "ph465," "we," "us," or "our") collects, uses, stores, shares, and protects the personal data of individuals who access or use the ph465 online gaming platform at ph465.co and all associated subdomains and mobile interfaces (collectively, the "Platform").

This Policy applies to all persons who interact with the Platform, including registered account holders, visitors who browse without registering, and individuals who contact ph465 through any support channel. It does not apply to third-party websites, payment processors, or game providers whose own privacy policies govern data collected through their respective interfaces — even where those interfaces are embedded or accessible within the ph465 Platform.

ph465 is committed to processing personal data in compliance with the Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 ("DPA"), and its Implementing Rules and Regulations ("IRR") as issued and updated by the National Privacy Commission ("NPC") of the Philippines. Where applicable, ph465 also complies with PAGCOR's data management requirements as a condition of its operating licence.

For the purposes of the Data Privacy Act of 2012, ph465 is the Personal Information Controller in respect of all personal data collected and processed through the Platform. As Personal Information Controller, ph465 determines the purposes for which personal data is used and the means by which it is processed.

ph465 has designated a Data Protection Officer ("DPO") responsible for overseeing compliance with the DPA and this Policy, handling data subject requests, and serving as the primary point of contact for the National Privacy Commission. Inquiries addressed to the DPO should be directed to the contact information provided in Section 12 of this Policy.

ph465 operates under the regulatory oversight of PAGCOR. Certain data processing activities — including player identity verification, transaction records, and gaming activity logs — are conducted as a direct obligation of ph465's PAGCOR licence and the Anti-Money Laundering Act of 2001 (RA 9160, as amended). These legal processing obligations take precedence over withdrawal of consent in the limited circumstances where they apply.

ph465 collects the minimum personal data necessary to provide our services safely, lawfully, and in compliance with regulatory requirements. The categories of personal data we collect are set out in the table below, together with the purpose and legal basis for collection.

ph465 does not collect sensitive personal information as defined under the DPA (such as health, political, or religious data) unless specifically required to do so for a clearly disclosed legal or regulatory purpose, such as processing a self-exclusion request that references a medical or psychological basis.

ph465 collects personal data through the following channels and methods:

• Direct Provision: Data you provide when registering an Account, completing KYC verification, making a deposit or withdrawal, contacting support, or responding to a promotion or survey.
• Automated Collection: Technical data collected automatically as you interact with the Platform, including IP address, browser/device information, page interaction patterns, and session logs — primarily via server logs and first-party cookies. See Section 10 for cookie details.
• Payment Processors: Transaction confirmation data provided by GCash, Maya, BPI, BDO, and other integrated payment providers when you execute a deposit or withdrawal. ph465 receives transaction reference identifiers and status updates but does not store your full payment credentials.
• Identity Verification Services: Where ph465 uses a third-party KYC processing service to assist with document verification and liveness checks, that service provider processes your ID image and selfie on ph465's behalf under a data processing agreement that satisfies DPA requirements.
• PAGCOR and Law Enforcement: In limited circumstances, ph465 may receive information from PAGCOR, the AMLC, or Philippine law enforcement authorities as part of regulatory oversight, investigation, or compliance processes.

ph465 processes your personal data on one or more of the following legal bases as defined under the Data Privacy Act of 2012:

1. Performance of a Contract: The majority of data processing at ph465 is necessary for the provision of the gaming platform services you have contracted for when creating an Account. This includes operating your Account, processing deposits and withdrawals, delivering game sessions, and managing bonuses.
2. Compliance with a Legal Obligation: ph465 is required by law to process certain data. PAGCOR regulations mandate player identity and age verification. The Anti-Money Laundering Act requires transaction monitoring and record retention. The DPA itself establishes obligations around data breach notification and subject rights fulfillment.
3. Legitimate Interests: ph465 processes limited data for legitimate business interests including fraud detection and prevention, platform security, and analytics to improve Platform performance — provided those interests are not overridden by your rights and freedoms. You may object to processing on this basis; see Section 11.
4. Consent: Where ph465 sends you direct marketing communications (such as promotional SMS about bonuses), we do so on the basis of your consent, which is obtained separately during registration or through opt-in settings. You may withdraw consent for direct marketing at any time without affecting the lawfulness of prior processing.

ph465 does not sell, rent, or trade your personal data to third parties for their own commercial purposes. We share personal data only in the following defined circumstances, and only to the extent necessary for the stated purpose:

• PAGCOR: As a PAGCOR-licensed operator, ph465 is obligated to submit periodic player data reports and to cooperate with any PAGCOR audit or investigation. Data disclosed to PAGCOR is governed by PAGCOR's own data governance policies as a government body.
• Anti-Money Laundering Council (AMLC): Transaction data meeting reportable thresholds under RA 9160 is submitted to the AMLC as legally required. Covered and suspicious transaction reports are filed without prior notice to the subject player.
• Payment Processors: GCash, Maya, BPI, BDO, Metrobank, UnionBank, and other integrated payment providers receive the transaction and identity data necessary to execute your deposit or withdrawal. Each processor operates under its own privacy policy and applicable BSP regulations.
• Game Providers: Certified game studios whose content is offered on the ph465 Platform may receive session and wager data necessary to operate the game and generate certified game results. Game provider data sharing is governed by content agreements that include data protection obligations consistent with the DPA.
• KYC and Identity Verification Providers: Third-party providers engaged to process identity documents and selfie verification images operate as personal information processors on ph465's behalf under formal data processing agreements.
• IT Infrastructure and Security Providers: Cloud hosting, cybersecurity, and system monitoring providers who process technical data in the course of providing Platform infrastructure services.
• Philippine Law Enforcement and Courts: Where required by a valid court order, subpoena, law enforcement request, or other compulsory legal process under Philippine law.

All third parties with whom ph465 shares personal data are required, through contractual or regulatory mechanisms, to maintain appropriate data protection standards consistent with the DPA and this Policy.

ph465 is a Philippine-focused platform operating primarily within the jurisdiction of the Republic of the Philippines. Where data processing involves infrastructure or service providers located outside the Philippines, ph465 ensures that appropriate safeguards are in place as required by Section 21 of the Data Privacy Act and NPC guidelines on cross-border data transfers.

Safeguards for international transfers may include standard contractual clauses approved by the NPC, binding corporate rules where the recipient is part of a corporate group, or transfer to jurisdictions that the NPC has assessed as providing adequate data protection. ph465 will not transfer personal data to a jurisdiction without an applicable safeguard in place.

Players who wish to know whether their specific data has been subject to an international transfer may submit a data access request as described in Section 11.

ph465 retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable Philippine law and regulatory obligation. The principal retention periods applicable to ph465 player data are:

• Account and Identity Data: For the duration of your active Account, plus a minimum of five (5) years after Account closure, as required by PAGCOR licensing terms and the Anti-Money Laundering Act.
• Financial and Transaction Records: A minimum of five (5) years from the date of each transaction, consistent with AML retention requirements under RA 9160.
• Gaming Activity Logs: A minimum of five (5) years from the date of each gaming session, as required by PAGCOR audit standards.
• KYC Documents: Retained for the same period as Account and Identity Data above, plus any additional period required by applicable law at the time of closure.
• Technical and Log Data: Up to twelve (12) months from collection for active security monitoring purposes; thereafter deleted or anonymised.
• Support Communications: Up to three (3) years from the date of the interaction, to support dispute resolution and quality assurance.
• Marketing Consent Records: For the duration of the consent plus a reasonable period to demonstrate compliance in the event of a complaint.

Upon expiry of the applicable retention period, ph465 will securely delete or permanently anonymise the relevant personal data in a manner that prevents reconstruction or identification.

ph465 implements a multi-layered security framework designed to protect your personal data against unauthorised access, disclosure, alteration, and destruction. Key technical and organisational security measures include:

• Encryption in Transit: All data transmitted between your browser or device and ph465 servers is encrypted using TLS 1.2 or higher (256-bit SSL). This applies to login, registration, payment, and all account management interactions.
• Encryption at Rest: Sensitive personal data — including KYC documents and financial records — is encrypted at rest in ph465's data storage infrastructure.
• Access Controls: Access to personal data within ph465's internal systems is restricted on a role-based, need-to-know basis. All internal access is logged and subject to regular review.
• OTP Authentication: Account login from new or unrecognised devices requires OTP verification via your registered Philippine mobile number, adding a second authentication factor beyond your password.
• Fraud and Anomaly Detection: Automated systems monitor account activity and transaction patterns for signs of fraud, account takeover attempts, and unusual behaviour consistent with AML indicators.
• Security Testing: ph465's Platform undergoes regular security assessments including vulnerability scanning and code reviews to identify and remediate security weaknesses before they can be exploited.

ph465 uses cookies and similar tracking technologies (such as browser local storage and session tokens) to operate and improve the Platform. Cookies are small text files stored on your device by your browser when you visit ph465.co. The categories of cookies ph465 uses are:

• Strictly Necessary Cookies: Required for the Platform to function. These include session authentication tokens, login state persistence cookies, and security cookies. These cannot be disabled without impacting Platform functionality. They do not require your consent under applicable guidelines.
• Functional Cookies: Enable enhanced functionality such as remembering your preferred language, game lobby filter settings, and whether you have acknowledged a specific notice. Stored for the duration of your browser session or up to twelve (12) months for persistent preferences.
• Analytics Cookies: First-party analytics cookies collect aggregate, anonymised data about how players navigate and interact with the Platform, which pages are most visited, and how performance can be improved. ph465 does not use third-party analytics platforms that send data to external advertising networks.
• Security and Fraud Detection Cookies: Help ph465 detect bot activity, multiple account creation attempts, and other fraud indicators. These are necessary for the security of the Platform and all players.

You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies will prevent you from logging in and using Platform features. ph465 does not use third-party advertising or retargeting cookies.

You may exercise any of the data subject rights described in the feature cards above — including access, rectification, erasure, objection, restriction of processing, and data portability — by submitting a request to ph465 through either of the channels set out in Section 12.

To protect your privacy, ph465 will require you to verify your identity before processing any data subject right request. Verification is typically completed by confirming details that only the registered account holder would know, or by providing a photograph of your registered ID for requests submitted by email.

ph465 will acknowledge your request within three (3) business days and provide a substantive response — fulfilling the request, partially fulfilling it, or providing written reasons for any refusal — within fifteen (15) business days of identity verification. Where the complexity or volume of requests necessitates an extension, ph465 will notify you and extend the response period by a further fifteen (15) business days, providing a reason for the extension.

ph465 will not charge a fee for processing data subject right requests unless the requests are manifestly unfounded, excessive, or repetitive, in which case a reasonable administrative fee may apply. ph465 will inform you of any applicable fee before processing the request.

For all data privacy inquiries, data subject right requests, or concerns about this Privacy Policy, please contact the ph465 Data Protection Officer through the following channels:

• Live Chat: Available 24 hours a day, 7 days a week, directly from ph465.co. This is the fastest channel for routine inquiries.
• Email: [email protected] — Please mark the subject line "DATA PRIVACY REQUEST" to ensure your message is routed to the DPO team. Responses within one (1) business day for initial acknowledgement.

Policy Updates. ph465 reserves the right to update this Privacy Policy to reflect changes in our data practices, applicable law, or regulatory guidance. Material changes — those that significantly affect how we use your personal data or your rights as a data subject — will be communicated via SMS to your registered mobile number and/or a prominent notice on the ph465.co website at least fourteen (14) calendar days before the change takes effect, unless a shorter notice period is required by law.

The "Last Updated" date at the top of this Policy reflects the most recent revision. The version of this Policy in effect at the time of your most recent consent or use of the Platform is the version that governs our data practices in respect of data collected at that time.

Your continued use of the ph465 Platform after the effective date of any revised Privacy Policy constitutes your acceptance of the updated Policy. If you do not agree with any change, you must cease using the Platform and close your Account before the updated Policy takes effect.