1. Home
  2. Privacy Policy
Data Privacy Documentation

ph25 Privacy Policy

Effective: January 1, 2026 Last Updated: January 1, 2026 Jurisdiction: Philippines Governed by: RA 10173 (DPA)

This Privacy Policy explains how ph25 collects, uses, stores, shares, and protects your personal data when you use the ph25 platform. It applies to all players, account holders, and visitors to ph25.one and is issued in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

Contents
01Who We Are 02Data We Collect 03How We Collect Data 04How We Use Your Data 05Legal Bases for Processing 06Data Sharing & Disclosure 07Cookies & Tracking 08Data Retention 09Data Security 10Your Rights 11Children's Privacy 12Cross-Border Transfers 13Third-Party Services 14Changes to This Policy 15Contact & DPO
Document: ph25-PP-2026-v1.0 Controller: ph25 (Philippines) Regulation: RA 10173 · NPC Printable copy available in account settings.
Your privacy matters to ph25. We are committed to being transparent about how your personal data is handled and to processing it lawfully, fairly, and with respect for your rights under Philippine law. If you have questions after reading this policy, contact our Data Protection Officer at the details in Section 15.

01 Who We Are — Data Controller Identity

ph25 ("ph25," "we," "us," "our") is the operator of the online gaming platform accessible at ph25.one and its associated subdomains and mobile interfaces. ph25 operates in the Philippines under a license issued by the Philippine Amusement and Gaming Corporation (PAGCOR).

For the purposes of the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, "DPA") and its Implementing Rules and Regulations, ph25 is the Personal Information Controller in respect of the personal data it collects and processes in connection with its platform and services.

ph25 has designated a Data Protection Officer ("DPO") in compliance with the DPA. Contact details for the DPO are provided in Section 15 of this Policy. The DPO oversees ph25's data privacy compliance program and serves as the primary point of contact for data subjects exercising their rights under this Policy and the DPA.

02 Personal Data We Collect

ph25 collects personal data that you provide directly, that is generated by your use of the platform, and that is received from third parties in the course of delivering services to you. The categories of personal data ph25 collects are described in the table below.

Category Examples Purpose
Identity Data Full legal name, date of birth, gender, nationality Account creation, KYC verification, age verification (21+)
Contact Data Mobile number (+63), email address, residential address Account communications, OTP delivery, transaction notifications
Government ID Data PhilSys ID, UMID, SSS, Driver's License, Passport number and images KYC/AML identity verification as required by PAGCOR and AMLC
Financial Data GCash number, PayMaya account, BDO/BPI/Metrobank account details, transaction records Deposit processing, withdrawal disbursement, AML source-of-funds verification
Gaming Activity Data Game history, wagering records, bet amounts, win/loss data, session timestamps Platform operation, responsible gaming monitoring, dispute resolution, PAGCOR reporting
Technical Data IP address, device type, browser type and version, operating system, session tokens Platform security, fraud detection, geo-restriction enforcement
Usage Data Pages visited, features accessed, clickstream data, referral sources, session duration Platform improvement, user experience optimization, analytics
Communications Data Support chat transcripts, email correspondence, in-app messages Customer service, dispute resolution, quality assurance
Marketing Preferences Opt-in/opt-out status, communication channel preferences, bonus history Sending promotional communications where you have given consent
ph25 does not collect sensitive personal information as defined by the DPA (e.g., health data, racial or ethnic origin, religious beliefs, political affiliations) except where required by law or expressly disclosed and consented to by you.

03 How We Collect Your Data

ph25 collects personal data through the following means:

  • Direct provision by you: When you register a ph25 account, complete KYC verification, deposit or withdraw funds, contact customer support, or respond to a promotion, you provide personal data directly to ph25.
  • Automated collection through platform use: When you access ph25.one, our systems automatically collect technical and usage data through server logs, session tracking, and cookies (see Section 7).
  • Third-party payment processors: When you transact via GCash, PayMaya, or Philippine bank channels, transaction reference data is shared with ph25 by those payment processors to confirm and match your deposit or withdrawal.
  • Identity verification providers: ph25 may use third-party KYC and identity verification services that process your government ID documents and return a verification result to ph25.
  • Fraud and AML screening services: ph25 may receive data from third-party fraud screening and sanctions-list checking services as part of its legal AML obligations.
  • PAGCOR and government authorities: In limited circumstances, ph25 may receive data from PAGCOR or relevant Philippine government authorities in connection with regulatory inquiries, licensing requirements, or legal obligations.

04 How We Use Your Personal Data

ph25 processes your personal data for the following purposes:

  • Account Registration and Management: Creating and maintaining your ph25 account, authenticating your identity at login, and managing account settings and preferences.
  • KYC and Age Verification: Verifying that you are at least 21 years of age and establishing your identity as required by PAGCOR licensing conditions and Philippine AML legislation. ph25 cannot activate a full account without completing KYC verification.
  • Service Delivery: Enabling access to games, processing bets, calculating and crediting winnings, and operating the ph25 platform in its entirety.
  • Financial Transactions: Processing deposits and withdrawals via GCash, PayMaya, and Philippine bank transfers; maintaining complete and accurate transaction records as required by PAGCOR and AMLC.
  • Anti-Money Laundering Compliance: Conducting customer due diligence, source-of-funds verification, and suspicious transaction monitoring as required by the Anti-Money Laundering Act (RA 9160, as amended) and AMLC regulations applicable to PAGCOR licensees.
  • Responsible Gaming: Monitoring gaming patterns for indicators of problem gambling behavior; administering deposit limits, loss limits, cooling-off periods, and self-exclusion requests; maintaining self-exclusion registers.
  • Security and Fraud Prevention: Detecting and preventing fraudulent account activity, unauthorized access, bonus abuse, multi-accounting, collusion, and other integrity violations.
  • Customer Support: Responding to your inquiries, resolving disputes, and maintaining records of support interactions.
  • Platform Improvement: Analyzing aggregated usage data to improve game selection, navigation, performance, and overall user experience.
  • Marketing and Promotions: Sending you promotional communications about ph25 bonuses, new games, and platform features where you have given your express consent. You may withdraw consent at any time through your account settings.
  • Legal and Regulatory Compliance: Complying with applicable Philippine laws, PAGCOR licensing conditions, AMLC requirements, NPC data privacy obligations, and lawful orders from courts or government authorities.

05 Legal Bases for Processing

Under the Philippine Data Privacy Act, ph25 processes your personal data on the following legal bases:

  • Contract Performance: Processing necessary to fulfill the agreement between you and ph25 — including account operation, game access, and financial transactions — when you register and use the ph25 platform.
  • Legal Obligation: Processing required to comply with ph25's obligations under the Anti-Money Laundering Act, PAGCOR licensing conditions, the Data Privacy Act itself, National Privacy Commission regulations, and other applicable Philippine law.
  • Legitimate Interest: Processing for fraud prevention, platform security, responsible gaming monitoring, and platform improvement, where ph25's legitimate interests are not overridden by your fundamental rights and freedoms.
  • Consent: Processing for direct marketing communications and non-essential analytics cookies, where you have given specific, informed, and freely given consent. You may withdraw consent at any time.

06 Data Sharing & Third-Party Disclosure

ph25 does not sell your personal data to third parties. ph25 shares personal data only in the following circumstances and with the following categories of recipients:

  • Payment Service Providers: GCash (Mynt — Globe Fintech Innovations, Inc.), PayMaya (Maya Bank, Inc.), BDO Unibank, BPI (Bank of the Philippine Islands), Metrobank, and other Philippine payment processors — solely for the processing of deposits and withdrawals.
  • KYC and Identity Verification Providers: Third-party identity document verification services that process government ID images to return a verification outcome. These providers process data solely for the purpose of identity verification under ph25's instructions.
  • Game Content Providers: Licensed game software providers whose games are available in the ph25 lobby may receive limited technical and session data necessary to deliver their games and maintain RNG integrity.
  • Technology Infrastructure Providers: Cloud hosting, data storage, platform infrastructure, and IT security providers that process data solely for the purpose of operating ph25's technical infrastructure under data processing agreements.
  • PAGCOR: ph25 is required by its license to provide PAGCOR with player activity reports, financial summaries, and other data as specified in ph25's licensing conditions. Such disclosures are mandatory and lawful.
  • Anti-Money Laundering Council (AMLC): ph25 is required under the AMLA to submit Covered Transaction Reports (CTRs) and Suspicious Transaction Reports (STRs) to AMLC where legal thresholds or triggers are met.
  • National Privacy Commission (NPC): ph25 will cooperate with the NPC in all investigations and will notify the NPC of personal data breaches as required under the DPA.
  • Law Enforcement and Courts: Where ph25 is required by a valid court order, subpoena, or lawful direction from a Philippine government authority to disclose personal data, ph25 will comply with that legal obligation.
All third-party service providers who process personal data on ph25's behalf are engaged under written data processing agreements that require them to maintain the confidentiality and security of your data and to process it only for the specified purposes under ph25's instructions.

07 Cookies & Tracking Technologies

ph25 uses cookies and similar tracking technologies on ph25.one for the following purposes:

  • Strictly Necessary Cookies: Required for the platform to function. These include session authentication tokens, security cookies, and load-balancing cookies. These cannot be disabled as the platform cannot function without them.
  • Functional Cookies: Remember your preferences such as language settings, game lobby display preferences, and responsible gaming tool settings. These improve your experience but are not essential to platform operation.
  • Analytics Cookies: Collect aggregated data on how players navigate ph25.one — pages visited, features used, error occurrences — to help ph25 improve the platform. Analytics data is aggregated and does not personally identify individual players in analytical reports.
  • Security and Fraud Detection: Certain technical tokens are used to detect and prevent fraudulent login attempts, bot activity, and unauthorized account access.

ph25 does not use third-party advertising cookies or behavioral profiling for the purpose of displaying advertisements on external websites. You may manage cookie preferences through your browser settings. Disabling strictly necessary cookies will prevent the ph25 platform from functioning correctly.

08 Data Retention

ph25 retains your personal data only for as long as necessary for the purposes for which it was collected, subject to the following retention standards:

Data Category Retention Period Basis
Account registration data Duration of account + 5 years after closure PAGCOR licensing requirement
KYC / identity documents Duration of account + 5 years after closure AMLA compliance (RA 9160, s. 9)
Financial transaction records 5 years from transaction date AMLA compliance
Gaming activity / bet records 5 years from session date PAGCOR licensing; dispute resolution
Customer support records 3 years from interaction date Legitimate interest (dispute resolution)
Marketing consent records Until consent withdrawn + 1 year Proof of consent under DPA
Technical / server logs 90 days Security monitoring; fraud detection
Self-exclusion records Duration of exclusion + 5 years Responsible gaming obligations

Upon expiry of the applicable retention period, ph25 will securely destroy or irreversibly anonymize personal data so that it can no longer be linked to an individual data subject, unless continued retention is required by law or an ongoing legal dispute.

09 Data Security

ph25 implements organizational, technical, and physical security measures appropriate to the nature and sensitivity of the personal data it processes. These measures include, but are not limited to:

  • Transport Layer Security (TLS 1.2 / 1.3) encryption for all data transmitted between your device and ph25 servers;
  • Encryption of sensitive data fields at rest within ph25's database infrastructure;
  • Password hashing using industry-standard cryptographic functions — plain-text passwords are never stored;
  • Two-factor authentication (SMS OTP) available to all account holders and mandatory for certain high-value transactions;
  • Role-based access controls restricting ph25 staff access to personal data on a need-to-know basis;
  • Intrusion detection and security event monitoring on ph25's platform infrastructure;
  • Regular security assessments and penetration testing of the ph25 platform;
  • Formal incident response and data breach notification procedures aligned with NPC requirements under the DPA.
No digital platform can guarantee absolute security against all threats. You are responsible for maintaining the security of your own ph25 account credentials. Do not share your password or OTP with anyone, including individuals claiming to be ph25 staff.

10 Your Rights as a Data Subject

Under the Philippine Data Privacy Act, you have the following rights in respect of your personal data held by ph25. To exercise any of these rights, contact ph25's Data Protection Officer using the details in Section 15.

📋 Right to Be Informed
You have the right to be informed that your personal data is being processed, what data is collected, the purposes of processing, and your rights — as set out in this Privacy Policy.
👁️ Right of Access
You have the right to request a copy of the personal data ph25 holds about you, including information on how it is being processed. ph25 will respond to access requests within 15 business days.
✏️ Right to Rectification
If your personal data held by ph25 is inaccurate or incomplete, you have the right to request correction. Account details can be updated via your account settings; KYC corrections require DPO contact.
🗑️ Right to Erasure
You have the right to request deletion of your personal data where it is no longer necessary, where consent has been withdrawn, or where processing is unlawful — subject to ph25's overriding legal retention obligations.
🚫 Right to Object
You have the right to object to processing based on legitimate interests, including direct marketing communications. Objecting to marketing will result in immediate removal from all ph25 promotional communications.
📦 Right to Data Portability
Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.
⏸️ Right to Restrict Processing
You have the right to request that ph25 restrict the processing of your data in certain circumstances, for example while a rectification or objection request is being assessed.
⚖️ Right to Complain
If you believe your data rights have been violated, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines, the supervisory authority for data privacy matters in the Philippines.
How to Submit a Data Rights Request: Email ph25's Data Protection Officer at the address in Section 15, or submit a written request via the in-platform support system. Include your full name, registered mobile number, the right you are exercising, and sufficient information for ph25 to identify and process your request. ph25 will acknowledge receipt within 5 business days and respond within 15 business days, extendable to 30 business days for complex requests with notice to you.

11 Children's and Minors' Privacy

ph25 is an online gambling platform that is strictly restricted to individuals aged 21 years and older, as required by PAGCOR regulations governing online gambling in the Philippines. ph25 does not knowingly collect or process personal data from individuals under 21 years of age.

During account registration, ph25 requires date-of-birth declaration and, during KYC verification, government-issued identification confirming the player's age. Accounts that are found, at any time, to belong to individuals under 21 years of age will be immediately closed, all associated balances forfeited, and the incident reported to PAGCOR as required by ph25's license conditions.

If you believe that ph25 has inadvertently collected personal data from a person under 21 years of age, please contact ph25's DPO immediately at the details in Section 15.

12 Cross-Border Data Transfers

ph25's primary data processing infrastructure is located in the Philippines. Certain data may be processed by third-party service providers whose servers are located outside the Philippines, including but not limited to: cloud hosting providers, KYC verification services, and game content providers with data centers in other jurisdictions.

Where personal data is transferred outside the Philippines, ph25 ensures that appropriate safeguards are in place as required by Section 21 of the DPA and NPC guidelines on cross-border transfers. These safeguards include contractual clauses that require recipient organizations to maintain data protection standards consistent with the DPA, or transfer to jurisdictions that offer an adequate level of protection for personal data.

ph25 does not transfer your personal data to jurisdictions identified by the NPC as lacking adequate data protection frameworks without implementing supplementary safeguards and, where required, obtaining NPC authorization.

13 Third-Party Services & Links

The ph25 platform integrates third-party services including payment processors, identity verification providers, and game content providers. These third parties operate under their own privacy policies. ph25 is responsible for the handling of your data by these third parties only insofar as ph25 processes data as Personal Information Controller. Where a third party operates as an independent Personal Information Controller in its own right — such as GCash or PayMaya in connection with transactions conducted directly through their platforms — their respective privacy policies apply to the data they collect and hold.

ph25.one does not contain links to external websites, social media platforms, or third-party content destinations. If you navigate away from ph25.one to any third-party website, your data on that third-party website is subject to that website's own privacy policy, over which ph25 has no control.

14 Changes to This Privacy Policy

ph25 reserves the right to update or amend this Privacy Policy at any time. Material changes — meaning changes that affect your rights, the categories of data collected, or the purposes for which data is used — will be communicated to registered players via in-platform notification and/or email to your registered address at least 14 calendar days before the updated Policy takes effect.

Non-material changes — such as typographical corrections, clarifications of existing practices that do not affect your rights, or updates to reflect changes in ph25's corporate structure that do not affect data handling — may be published without prior notice and take effect upon publication.

The "Last Updated" date at the top of this Policy reflects the most recent amendment. We encourage you to review this Policy periodically. Your continued use of the ph25 platform after the effective date of a material amendment constitutes your acknowledgment of the updated Policy.

15 Contact & Data Protection Officer

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, wish to report a suspected data privacy breach, or wish to raise a concern about ph25's data handling practices, please contact ph25's Data Protection Officer:

Data Protection Officer
ph25 · Philippines Operations
[email protected]  (plain text — not a clickable link)
Please mark your subject line: "DATA PRIVACY REQUEST — [YOUR ACCOUNT NAME]" to ensure your inquiry reaches the DPO team directly.

ph25 acknowledges all data privacy inquiries within 5 business days and responds to formal data subject rights requests within 15 business days, extendable to 30 business days for complex requests. ph25 cooperates fully with the National Privacy Commission (NPC) and will provide required information to the NPC upon lawful request.

If you are not satisfied with ph25's response to your privacy concern, you have the right to lodge a complaint directly with the National Privacy Commission of the Philippines.

Our Data Commitments

How ph25 Protects Your Privacy

These are not aspirational statements — they are operational commitments that ph25 is legally accountable for under the Philippine Data Privacy Act and PAGCOR regulations.

🔐
DPA-Compliant Processing
Every data processing activity at ph25 is conducted under a documented legal basis as required by RA 10173. We do not process your data for undisclosed purposes or share it without legal authority to do so.
🛡️
No Selling of Personal Data
ph25 does not sell, rent, or trade your personal information to marketers, data brokers, or any third party for commercial purposes. Your data is used only for the purposes described in this Privacy Policy.
Designated Data Protection Officer
ph25 has a designated DPO as required by the NPC. The DPO oversees ph25's privacy compliance, manages data subject rights requests, and is the point of contact for the National Privacy Commission on data protection matters.
Breach Notification
In the event of a personal data breach that poses a real risk of serious harm, ph25 will notify affected individuals and the NPC within 72 hours of becoming aware, as required by the DPA and NPC Circular 16-03.
🗂️
Documented Retention Limits
ph25 does not retain personal data indefinitely. Documented retention schedules (see Section 8) ensure data is deleted or anonymized once the legal or operational need for it has passed, minimizing privacy risk over time.
⚖️
Accessible Rights Process
Your eight DPA data subject rights are actionable at ph25 — not theoretical. The DPO responds within 15 business days. You can escalate unresolved concerns to the NPC. ph25 cooperates with all legitimate NPC inquiries and directions.
Ready to Play?

Your Data Is Protected.
Now Let's Play at ph25.

ph25 takes your privacy seriously — DPA-compliant, PAGCOR-regulated, and with your data rights always accessible. Create your account, deposit via GCash, and access 500+ certified games. 21+ only.

Create ph25 Account Browse All Games

21+ only · PAGCOR licensed · RA 10173 compliant · Philippines residents only