◈ [ DATA PROTECTION ] ◈ PHYATA PRIVACY FRAMEWORK
phyata Privacy Policy — How We Protect Your Data
phyata is committed to protecting the personal information of every Filipino player who uses our platform. This Privacy Policy explains exactly what data we collect, why we collect it, how we use it, and what rights you have under Philippine law.
Quick Navigation
Privacy at a Glance
What phyata Commits to Every Player
This summary is for convenience only. The full legal text below governs in all cases.
phyata processes all personal data in strict compliance with Republic Act No. 10173 — the Philippine Data Privacy Act of 2012 — and implementing rules enforced by the National Privacy Commission (NPC).
phyata does not sell, rent, or trade your personal information to third parties for marketing purposes. Data is shared only with service providers and regulators as required by law and described in this Policy.
As a PAGCOR-licensed operator, phyata is legally required to collect and retain certain player identification, transaction, and gaming data. This data handling is mandatory, not optional, under our regulatory obligations.
All personal data transmitted through the phyata Platform is encrypted using 256-bit SSL/TLS technology. Stored sensitive data is encrypted at rest. phyata undergoes periodic security reviews to maintain data protection standards.
Under the Philippine Data Privacy Act, you have enforceable rights to access, correct, object to, and request deletion of your personal data held by phyata, subject to applicable legal retention obligations.
phyata stores primary player data on servers located within the Philippines. Any cross-border data transfer is subject to adequate safeguards in compliance with NPC requirements and PAGCOR regulations.
01 Introduction & Scope
phyata is a PAGCOR-licensed online casino and sports betting platform operating at phyata.club and serving registered players throughout the Philippines, including Metro Manila, Cebu, Davao, and all other regions of the country.
This Policy applies to all personal information phyata collects from or about:
- Registered Players with active phyata Accounts;
- Prospective players who visit phyata.club without registering;
- Former Players whose data phyata is required to retain under applicable law;
- Any individual whose data phyata processes in connection with its operations.
phyata acts as the personal information controller for the data described in this Policy. phyata's Data Protection Officer can be contacted via the details in Section 14.
02 Definitions
- "Personal Information" — any information from which an individual can be directly or indirectly identified, as defined under RA 10173.
- "Sensitive Personal Information" — categories of personal information given heightened protection under RA 10173, including government-issued ID numbers, financial information, and health data.
- "Processing" — any operation performed on personal information, including collection, recording, storage, use, disclosure, and deletion.
- "Data Subject" — the natural person to whom personal information relates; in most cases, the registered Player.
- "NPC" — the National Privacy Commission of the Philippines, the regulatory authority for data privacy.
- "DPA" — Republic Act No. 10173, the Philippine Data Privacy Act of 2012, and its implementing rules and regulations.
- "KYC" — Know Your Customer identity verification, required under PAGCOR regulations and anti-money-laundering law.
- "Platform" — the phyata website, mobile web application, and all associated services at phyata.club.
03 Personal Data We Collect
3.1 Identity & Registration Data
When you register a phyata Account, we collect:
- Full legal name as appearing on your government-issued ID;
- Date of birth (for age verification — 21+ requirement under PAGCOR);
- Email address and mobile phone number;
- Residential address;
- Username and encrypted password.
3.2 KYC Verification Data
For identity verification and withdrawal processing, we collect:
- Copy of government-issued photo ID (SSS ID, UMID, Philippine passport, or driver's licence);
- Selfie photograph for facial comparison against ID document;
- Proof of address documentation where required;
- Source of funds documentation for high-value transactions, as required under AMLC regulations.
3.3 Financial Transaction Data
We collect records of all deposits and withdrawals, including:
- GCash, PayMaya, BPI, BDO, Metrobank transaction references;
- Cryptocurrency wallet addresses and transaction hashes for USDT and Bitcoin deposits;
- Transaction amounts, dates, and times;
- Payment method identifiers (partial card or account numbers where applicable).
3.4 Gaming Activity Data
phyata records all gaming activity on the Platform, including game sessions, bet amounts, results, and bonus usage. This data is retained as required by PAGCOR regulations and for the purposes described in Section 5.
3.5 Technical & Device Data
We automatically collect technical data when you access the Platform, including:
- IP address and approximate geolocation;
- Device type, operating system, and browser information;
- Session timestamps and page navigation logs;
- Cookie identifiers and similar tracking technologies (see Section 10).
3.6 Communications Data
If you contact phyata via live chat, email, or other channels, we retain records of those communications for quality assurance, dispute resolution, and compliance purposes.
04 How We Collect Your Data
phyata collects personal data through the following means:
- Direct provision: Information you provide when registering, completing KYC, depositing, or contacting support;
- Automated collection: Technical and device data collected through cookies, server logs, and similar technologies when you access the Platform;
- Third-party verification providers: Identity verification services used to process KYC documents;
- Payment processors: Transaction data from GCash, PayMaya, BPI, BDO, Metrobank, and cryptocurrency networks;
- Regulatory bodies: In limited circumstances, data received from PAGCOR or AMLC in connection with regulatory compliance obligations.
05 Purposes of Processing
phyata processes your personal data for the following purposes:
- Account management: Creating, maintaining, and securing your phyata Account;
- Age and identity verification: Verifying that you are 21 or older and confirming your identity as required by PAGCOR;
- Service delivery: Operating the Platform, processing bets and casino game rounds, managing your balance;
- Payment processing: Processing deposits and withdrawal requests across all supported payment methods;
- Regulatory compliance: Meeting PAGCOR licensing requirements, AMLC anti-money-laundering obligations, and BIR tax reporting requirements;
- Fraud prevention and security: Detecting and preventing fraudulent activity, account compromise, and platform abuse;
- Responsible gaming: Operating deposit limit, self-exclusion, and other responsible gaming tools as required by PAGCOR regulations;
- Customer support: Responding to enquiries, resolving disputes, and maintaining support records;
- Platform improvement: Analysing Platform usage patterns to improve performance, game selection, and user experience;
- Marketing communications: Sending promotional emails or messages, where you have provided consent and not withdrawn it.
06 Legal Basis for Processing
phyata processes personal data on the following legal bases under the Philippine Data Privacy Act:
- Contractual necessity: Processing required to perform our obligations under the phyata Terms & Conditions, including account management, payments, and service delivery;
- Legal obligation: Processing required to comply with PAGCOR licensing conditions, AMLC regulations, the DPA, and other applicable Philippine laws;
- Legitimate interests: Processing for fraud prevention, security monitoring, and Platform improvement, where our legitimate interests are not overridden by your privacy rights;
- Consent: Processing for marketing communications, where you have given clear and informed consent. You may withdraw consent at any time by contacting phyata support.
07 Data Sharing & Disclosure
phyata does not sell, rent, or trade your personal information. We share personal data only in the following circumstances:
7.1 Service Providers
phyata engages third-party service providers to support Platform operations, including KYC verification providers, payment processors, game software providers, cloud infrastructure operators, and fraud detection services. These providers are engaged under data processing agreements and are permitted to use your data only for the specific purposes for which they are engaged.
7.2 Regulatory Authorities
phyata is required to disclose player data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, the Bureau of Internal Revenue (BIR), and other competent government authorities upon lawful request or as required by applicable regulations.
7.3 Legal Requirements
We may disclose personal data where required by court order, subpoena, or other legal process, or where disclosure is necessary to protect the rights, property, or safety of phyata, its players, or third parties.
7.4 Business Transfer
In the event of a merger, acquisition, or sale of phyata's business assets, personal data may be transferred to the acquiring entity. You will be notified in advance of any such transfer and your rights under the DPA will be maintained.
08 Data Retention
phyata retains personal data for the minimum period necessary to fulfil the purposes for which it was collected, subject to applicable legal retention requirements:
- Account and KYC data: Retained for the duration of your Account plus a minimum of five (5) years following Account closure, as required by PAGCOR and AMLC regulations;
- Financial transaction records: Retained for a minimum of ten (10) years as required by anti-money-laundering regulations and BIR record-keeping requirements;
- Gaming activity logs: Retained for five (5) years from the date of each session, as required by PAGCOR;
- Support communications: Retained for three (3) years from the date of the final communication in each matter;
- Marketing consent records: Retained for the duration of your Account plus three (3) years.
Following expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with phyata's data disposal procedures.
09 Security Measures
phyata implements a range of technical and organisational security measures to protect your personal data against unauthorised access, loss, alteration, or disclosure:
- 256-bit SSL/TLS encryption for all data in transit;
- Encryption of sensitive data at rest, including KYC documents and financial identifiers;
- Role-based access controls limiting data access to authorised personnel on a need-to-know basis;
- Multi-factor authentication for internal system access;
- Continuous login and transaction monitoring with anomaly detection;
- Regular security assessments and penetration testing;
- Incident response procedures meeting NPC breach notification requirements.
10 Cookies & Tracking Technologies
phyata uses cookies and similar technologies on the Platform for the following purposes:
- Strictly necessary cookies: Required for core Platform functionality including login session management, security tokens, and load balancing. These cannot be disabled.
- Functional cookies: Remember your preferences including language settings, game view preferences, and bet history display options.
- Analytics cookies: Collect aggregated, anonymised information about how players navigate the Platform, used to improve the user experience.
- Marketing cookies: Used to measure the effectiveness of phyata's promotional campaigns, only where you have provided consent.
You may manage non-essential cookies through your browser settings. Note that disabling functional cookies may affect the performance of certain Platform features. phyata does not use third-party advertising cookies that track your activity across other websites.
11 Your Rights Under the Data Privacy Act
As a data subject under Republic Act No. 10173, you have the following rights with respect to your personal data held by phyata:
You may request a copy of all personal data phyata holds about you, including the categories of data, the purposes for which it is processed, and details of any third parties with whom it has been shared.
If any personal data phyata holds about you is inaccurate or incomplete, you have the right to request correction. Requests can be submitted via your account settings or through phyata support.
You may request deletion of your personal data where processing is no longer necessary, you have withdrawn consent, or processing is unlawful. This right is subject to phyata's legal retention obligations under PAGCOR and AMLC regulations.
You may object to processing of your personal data where phyata relies on legitimate interests as the legal basis. You may also object to direct marketing communications at any time, without restriction.
You may request a copy of your personal data in a structured, commonly used, machine-readable format where technically feasible, to facilitate transfer to another service provider.
You may request that phyata restrict processing of your personal data in certain circumstances — for example, while the accuracy of data is being contested, or where an objection to processing is pending review.
Where phyata makes decisions about you solely through automated processing that significantly affect you — such as automated account suspensions for fraud detection — you have the right to request human review of that decision.
If you believe phyata has violated your data privacy rights, you may lodge a complaint with the National Privacy Commission (NPC) of the Philippines. phyata recommends attempting internal resolution first via our Data Protection Officer.
12 Children's Privacy & Age Restrictions
If you believe phyata may have inadvertently collected personal data from an underage individual, please contact our Data Protection Officer immediately at the details provided in Section 14. We will investigate and take appropriate remedial action within 72 hours of notification.
13 Amendments to This Policy
phyata may update this Privacy Policy periodically to reflect changes in our data processing practices, regulatory requirements, or for other operational reasons. The updated Policy will be published on the phyata Platform with a revised effective date.
Where changes are material — affecting the nature or scope of data we collect or the rights you have — phyata will provide prior notice via email to your registered address or via a prominent notice on the Platform. Continued use of the Platform after the effective date of any amendment constitutes your acknowledgement of the revised Policy.
phyata recommends that you review this Policy periodically. The current version is always available at phyata.club/privacy-policy.
14 Contact Information & Data Protection Officer
phyata has appointed a Data Protection Officer (DPO) as required under the Philippine Data Privacy Act. To exercise your data subject rights, submit a data-related complaint, or ask questions about this Policy, please contact:
- Data Protection Officer — phyata
- Email: [email protected]
- Live Chat: Available 24/7 via the phyata Platform (PH Time) — request Data Privacy assistance
- Response Timeframe: phyata will acknowledge data subject requests within 5 business days and respond fully within 30 calendar days, or such shorter period as required by NPC regulations.
If you are not satisfied with phyata's response to a data privacy concern, you may escalate your complaint to the National Privacy Commission of the Philippines.
Your Privacy is Protected. phyata Is Ready.
PAGCOR-licensed, DPA-compliant, GCash-ready. 500+ games for Filipino players across Manila, Cebu, Davao, and beyond — starting from ₱50. 21+ only.
Must be 21 or older to register and play. Gambling involves risk. Play responsibly.
See also: Terms & Conditions | Responsible Gaming