phmasaya is committed to protecting the personal data of every Filipino player who uses our Platform. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and the rights you hold over your own information under Philippine law.
phmasaya processes all personal data in full compliance with the Philippine Data Privacy Act of 2012 (Republic Act 10173) and its Implementing Rules and Regulations, overseen by the National Privacy Commission (NPC).
All personal data stored by phmasaya is protected by AES-256 encryption at rest and TLS 1.3 encryption in transit. Your identity documents, financial records, and account details are never stored in plain text.
phmasaya does not sell, rent, or trade your personal data to any third party for commercial purposes. Data sharing is strictly limited to operational partners bound by data processing agreements and to regulatory authorities as required by Philippine law.
As a data subject under RA 10173, you have the right to access, correct, erase, and port your personal data held by phmasaya. You may also object to certain processing activities and file complaints with the National Privacy Commission.
phmasaya collects only the personal data that is necessary for a specific, legitimate purpose — account management, payment processing, KYC compliance, or responsible gaming obligations. We do not collect data speculatively or beyond operational need.
phmasaya retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by PAGCOR regulations and Philippine anti-money laundering laws. Data no longer required is securely deleted or anonymised.
This Privacy Policy ("Policy") is issued by phmasaya ("phmasaya," "we," "us," or "our"), the operator of the online gaming platform accessible at phmasaya.net ("the Platform"). phmasaya acts as the Data Controller with respect to personal data collected from individuals who register for, access, or use the Platform ("you," "the Player," or "Data Subject").
phmasaya operates under a license issued by the Philippine Amusement and Gaming Corporation (PAGCOR) and is subject to the requirements of the Philippine Data Privacy Act of 2012 (Republic Act 10173), its Implementing Rules and Regulations (IRR), and the issuances of the National Privacy Commission (NPC). This Policy is designed to fulfil phmasaya's disclosure obligations under Section 16 of RA 10173 and to ensure that all players are fully informed about how their personal data is handled.
phmasaya collects personal data through direct submission by the player, automated collection during Platform use, and from third-party sources where permitted by law. The categories of personal data we collect are described below:
2.1 Registration and Identity Data
2.2 Identity Verification (KYC) Data
2.3 Financial and Payment Data
2.4 Gaming and Behavioural Data
2.5 Technical and Device Data
phmasaya processes your personal data only where a lawful basis exists as defined under RA 10173. The applicable legal bases for phmasaya's processing activities are:
| Processing Purpose | Legal Basis |
|---|---|
| Account registration and management | Contractual necessity (fulfilment of the player account agreement) |
| KYC identity verification | Legal obligation (PAGCOR licensing conditions; RA 9160 AML obligations) |
| Processing deposits and withdrawals | Contractual necessity |
| Fraud prevention and security monitoring | Legitimate interest; legal obligation |
| Responsible gaming monitoring | Legal obligation (PAGCOR responsible gaming requirements) |
| Personalised game recommendations | Consent (via Platform preferences settings) |
| Marketing communications | Consent (opt-in at registration or via account settings) |
| Regulatory reporting to PAGCOR or NPC | Legal obligation |
| Platform analytics and service improvement | Legitimate interest (anonymised or aggregated data only where possible) |
phmasaya uses the personal data it collects for the following specific purposes, each tied to a lawful basis described in Section 3:
phmasaya does not sell your personal data to any third party. phmasaya may share your personal data with the categories of third parties described below, strictly on a need-to-know basis and subject to appropriate data protection safeguards:
5.1 Regulatory and Law Enforcement Authorities
phmasaya is legally obligated to share player data with PAGCOR, the Anti-Money Laundering Council (AMLC), the National Bureau of Investigation (NBI), the Philippine National Police (PNP), or any other competent Philippine authority when required to do so by law, court order, or regulatory directive. In such cases, phmasaya will not notify the player prior to disclosure where notification is prohibited by law or where doing so would obstruct an official investigation.
5.2 Payment Processing Partners
To process your deposits and withdrawals, phmasaya shares necessary transaction data with payment service providers including GCash (Globe Fintech Innovations), Maya (Voyager Innovations), GrabPay Philippines, BPI, BDO, and other providers as applicable. These providers operate under their own privacy policies and are bound by contractual data processing terms with phmasaya.
5.3 Identity Verification Service Providers
phmasaya uses third-party KYC and identity verification platforms to process identity documents and selfies submitted during the verification process. These providers are bound by strict data processing agreements and are not permitted to use your data for any purpose other than identity verification for phmasaya.
5.4 Game Providers
Game providers such as JILI, Pragmatic Play, PG Soft, and Evolution Gaming receive session-level data necessary to facilitate gameplay (e.g., player session tokens, bet amounts, and game outcomes). These providers do not receive personally identifiable information beyond what is technically necessary for the game session. All game providers are contractually bound to comply with applicable data privacy requirements.
phmasaya retains personal data for the minimum period necessary to fulfil the purposes for which it was collected, subject to retention obligations imposed by Philippine law. The following retention periods apply:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years post-closure | PAGCOR licensing conditions |
| KYC identity documents | Duration of account + 5 years post-closure | RA 9160 AML requirements |
| Financial transaction records | 5 years from transaction date | RA 9160; PAGCOR requirements |
| Gaming session records | 3 years from session date | PAGCOR reporting; dispute resolution |
| Support interaction records | 3 years from interaction date | Dispute resolution; quality assurance |
| Marketing consent records | Until consent is withdrawn + 1 year | RA 10173 consent documentation |
| Technical / device logs | 12 months from collection | Security monitoring; fraud prevention |
Upon expiry of the applicable retention period, phmasaya will securely delete or irreversibly anonymise the personal data. Where a legal hold is in place (e.g., pending litigation or regulatory investigation), data may be retained beyond the standard period until the hold is lifted.
As a data subject under the Philippine Data Privacy Act of 2012, you hold the following rights with respect to personal data phmasaya holds about you. phmasaya will respond to valid data subject requests within fifteen (15) working days of receipt.
To exercise any of the above rights, please contact phmasaya's Data Protection Officer at [email protected] with the subject line "Data Subject Request." You may be required to verify your identity before the request is actioned.
The phmasaya Platform uses cookies and similar tracking technologies to provide, maintain, and improve the Platform. A cookie is a small text file placed on your device when you visit a website. phmasaya uses the following categories of cookies:
You can manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will affect Platform functionality. phmasaya does not use third-party advertising networks or cross-site tracking tools.
phmasaya implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:
The phmasaya Platform is strictly intended for individuals aged 21 years and above, in accordance with PAGCOR regulations governing online gaming in the Philippines. phmasaya does not knowingly collect personal data from persons under the age of 21.
Age verification is conducted during the account registration process through date-of-birth submission and is further confirmed through identity document verification (KYC). Any account found to belong to a person under the age of 21 will be immediately closed. In such cases, phmasaya will handle any data collected from underage individuals strictly in accordance with RA 10173 and will not process such data for any commercial purpose.
Parents and guardians who believe a minor may have registered on the phmasaya Platform are encouraged to contact phmasaya support immediately at [email protected] or via the 24/7 live chat to facilitate account investigation and closure.
Certain game providers and service partners used by phmasaya operate infrastructure outside of the Philippines. Where personal data is transferred to a third party located in a foreign jurisdiction, phmasaya ensures that such transfers comply with Section 21 of RA 10173, including one or more of the following safeguards:
phmasaya does not transfer your identity documents or Philippine government ID data outside the Philippines except where strictly required for KYC processing by a Philippines-connected service provider.
phmasaya reserves the right to amend this Privacy Policy at any time to reflect changes in Philippine law, NPC issuances, PAGCOR requirements, or phmasaya's operational practices. Material changes will be communicated to registered players via the contact details on their account at least seven (7) days before the revised Policy takes effect.
The updated Policy will be posted on the phmasaya Platform with a revised "Last Updated" date. Continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you may close your phmasaya account and request data erasure in accordance with Section 7.
phmasaya has designated a Data Protection Officer (DPO) responsible for overseeing compliance with RA 10173 and this Privacy Policy. The DPO is your primary point of contact for all data privacy matters, including data subject requests, privacy complaints, and queries about this Policy.
This Privacy Policy was last reviewed and updated on January 1, 2026, Version 2.4. It supersedes all previous versions of the phmasaya Privacy Policy.
phmasaya handles your data with the same care we bring to your gaming experience. PAGCOR-licensed, RA 10173-compliant, and built for Filipino players who deserve both great games and genuine data protection.
GCash & Maya Deposits · 3,500+ Games · 24/7 Filipino Support · Instant Withdrawals · 21+ Only