pisoph Privacy Policy

1. Who We Are (Data Controller)

pisoph is a Philippines-focused online casino and sports betting platform operating under a licence issued by the Philippine Amusement and Gaming Corporation (PAGCOR). pisoph acts as the Data Controller for all personal data collected through the pisoph platform at pisoph.org.

pisoph has designated a Data Protection Officer (DPO) as required under Republic Act 10173. Inquiries regarding this Privacy Policy or the exercise of your data rights may be directed to the pisoph DPO via the contact details in Section 14 of this Policy.

2. Personal Data We Collect

pisoph collects the following categories of personal data, limited to what is necessary for the purposes described in this Policy:

3. How We Collect Your Data

pisoph collects personal data through the following channels:

• Direct Provision: Data you provide when registering a pisoph account, completing KYC verification, making a deposit or withdrawal, contacting support, or participating in a promotion.
• Automated Collection: Technical and usage data collected automatically when you access the pisoph platform, including IP address, device identifiers, browser cookies, and session activity logs.
• Third-Party Sources: Identity verification data from KYC/AML service providers; fraud risk data from fraud prevention services; payment confirmation data from GCash, Maya, and banking partners.
• Regulatory Sources: Information received from PAGCOR or law enforcement authorities pursuant to lawful requests or regulatory obligations.

4. Legal Basis for Processing

pisoph processes your personal data on the following legal bases under Republic Act 10173 and its Implementing Rules and Regulations:

• Contractual Necessity: Processing required to perform the contract between pisoph and you as a registered player — including account management, payment processing, and game delivery.
• Legal Obligation: Processing required to comply with PAGCOR licensing conditions, Anti-Money Laundering Act obligations (Republic Act 9160, as amended), and other applicable Philippine laws.
• Legitimate Interest: Processing for fraud prevention, security monitoring, and platform integrity, where such processing does not override your fundamental rights.
• Consent: Where processing is not required by contract or law, pisoph will seek your explicit consent. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

5. How pisoph Uses Your Personal Data

pisoph uses collected personal data for the following purposes:

• Creating, managing, and securing your pisoph account;
• Processing deposits and withdrawals via GCash, Maya, BPI, BDO, Metrobank, and other payment channels;
• Conducting identity verification (KYC) and age verification as required by PAGCOR regulations;
• Complying with Anti-Money Laundering Act obligations, including customer due diligence and transaction monitoring;
• Detecting and preventing fraud, cheating, collusion, and other prohibited conduct;
• Providing and improving customer support services;
• Sending transactional communications — login alerts, withdrawal confirmations, security notifications — via SMS to your registered mobile number;
• Sending promotional communications where you have provided consent, and honouring opt-out requests promptly;
• Monitoring gaming behaviour for responsible gaming purposes, including flagging patterns that may indicate problem gambling;
• Generating anonymised and aggregated statistical reports for internal business analysis and regulatory reporting.

6. Data Sharing & Disclosure

pisoph does not sell your personal data. pisoph may share your data with the following categories of recipients in the circumstances described:

• Payment Processors: GCash, Maya, BPI, BDO, Metrobank, InstaPay, PESONet, and other payment service providers for the purpose of processing deposits and withdrawals.
• KYC & Identity Verification Partners: Third-party providers used to verify your identity and age as required by PAGCOR. These providers act as data processors under contractual obligations consistent with RA 10173.
• Fraud Prevention Services: Third-party risk assessment providers engaged to detect and prevent fraudulent activity, accessed on a need-to-know basis.
• PAGCOR and Regulatory Authorities: pisoph is required by law to report certain transactions and player information to PAGCOR, the Anti-Money Laundering Council (AMLC), and other relevant government bodies.
• Law Enforcement: pisoph will disclose personal data to law enforcement authorities where required by valid legal process, court order, or applicable Philippine law.
• Corporate Transactions: In the event of a merger, acquisition, or sale of assets, player data may be transferred to the acquiring entity, subject to equivalent privacy protections.

All third-party data processors engaged by pisoph are required to comply with the data protection obligations of RA 10173 and to process personal data only on documented instructions from pisoph.

7. International Data Transfers

Where pisoph transfers personal data outside the Philippines — for example, to internationally based KYC providers or fraud prevention services — pisoph ensures that such transfers are made only to recipients in countries with adequate data protection standards, or under contractual safeguards that impose data protection obligations equivalent to those required under RA 10173.

pisoph does not transfer personal data to third countries without appropriate legal safeguards in place and will not transfer data to a recipient whose privacy practices are inconsistent with the standards required by Philippine law.

8. Data Retention

pisoph retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply as a general guide:

• Account and KYC data: Retained for the duration of the account relationship and for a minimum of 5 years following account closure, as required by PAGCOR and AMLC obligations.
• Transaction records: Retained for a minimum of 5 years from the date of the transaction in accordance with Anti-Money Laundering Act requirements.
• Support communications: Retained for 3 years from the date of the interaction.
• Technical and usage logs: Retained for 12 months from collection, after which they are anonymised or deleted.

Upon expiry of the applicable retention period, pisoph will securely delete or anonymise your personal data so that it can no longer be associated with you.

9. Cookies & Tracking Technologies

pisoph uses cookies and similar tracking technologies on the pisoph platform. The following types of cookies may be set:

• Essential Cookies: Required for the pisoph platform to function — including session management, login state, and security tokens. These cannot be disabled without impairing platform functionality.
• Analytical Cookies: Used to understand how players interact with the platform — pages visited, session duration, error logs. Data is aggregated and does not identify individual players.
• Functional Cookies: Remember your preferences such as language settings, game category selections, and display preferences.
• Security Cookies: Used for fraud detection and device fingerprinting to identify suspicious login attempts.

You may manage cookie preferences through your browser settings. Note that disabling essential cookies will affect your ability to use the pisoph platform. pisoph does not use third-party advertising cookies or cross-site tracking technologies for marketing profiling purposes.

10. Your Data Rights Under RA 10173

As a data subject under the Philippine Data Privacy Act of 2012 (Republic Act 10173), you have the following rights in relation to your personal data held by pisoph:

• Right to Be Informed: The right to know that pisoph is processing your personal data and the purposes for which it is being used — as set out in this Privacy Policy.
• Right to Access: The right to request a copy of the personal data pisoph holds about you and information about how it is being processed.
• Right to Rectification: The right to request correction of inaccurate or incomplete personal data.
• Right to Erasure (Right to be Forgotten): The right to request deletion of your personal data where processing is no longer necessary or lawful, subject to pisoph's legal retention obligations.
• Right to Object: The right to object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
• Right to Damages: The right to claim compensation for damages sustained as a result of inaccurate, incomplete, outdated, or unlawfully obtained personal data.

To exercise any of these rights, contact the pisoph Data Protection Officer via live chat on the pisoph platform or by email at the address in Section 14. pisoph will respond within 30 calendar days of receiving a verifiable request.

11. Children & Minors

pisoph strictly prohibits the use of its platform by persons under 21 years of age, in accordance with PAGCOR regulations. pisoph does not knowingly collect personal data from persons under 21. If pisoph discovers that personal data has been collected from a person under the required age, that data will be immediately deleted and the account closed.

If you believe that a minor has accessed or registered on the pisoph platform, please notify the support team immediately via live chat.

12. Security Measures

pisoph implements appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include:

• SSL/TLS encryption for all data transmissions to and from the pisoph platform;
• Password hashing using industry-standard one-way algorithms — pisoph staff cannot view your password in plain text;
• Access controls limiting personal data access to authorised personnel on a strict need-to-know basis;
• Automated monitoring systems that detect and alert on suspicious access patterns;
• Regular security reviews and internal audits of data handling practices;
• Data breach response procedures in compliance with the NPC Circular on Personal Data Breach Management.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, pisoph will notify the National Privacy Commission and affected data subjects within the timeframes required under RA 10173.

13. Changes to This Privacy Policy

pisoph may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or PAGCOR regulatory obligations. Where changes are material, pisoph will notify registered players via SMS to your registered Philippine mobile number or via a platform notification, at least 7 days before the revised policy takes effect.

Continued use of the pisoph platform following the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. If you do not accept the revised policy, you must cease using the platform and may close your account by contacting the support team.

14. Contact & Data Protection Officer

For any questions, concerns, or requests regarding this Privacy Policy or the exercise of your data rights, you may contact the pisoph Data Protection Officer through the following channels:

• Live Chat: Available 24/7 on the pisoph platform — average response time 3–5 minutes. Ask to speak with the Data Protection Officer for privacy-specific matters.
• Email: [email protected] — mark the subject line "Data Privacy Request" for DPO escalation.

If you believe your data privacy rights have been violated and pisoph has not satisfactorily addressed your concern, you have the right to file a complaint with the National Privacy Commission of the Philippines through their official government channels.