Privacy Policy

This Privacy Policy applies to all personal data processed by ph38 ("ph38", "we", "us", "our") in connection with your use of ph38.club and all associated services, games, and communications (collectively, the "Platform").

ph38 is the data controller in respect of personal data collected from users of the Platform. As data controller, ph38 determines the purposes and means of processing personal data and is responsible for ensuring that such processing is carried out in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and other applicable Philippine data privacy issuances by the National Privacy Commission (NPC).

ph38 collects personal data in several categories depending on the nature of your interaction with the Platform. The following table summarises the categories of personal data we collect:

ph38 does not collect sensitive personal information as defined under the DPA — such as government-issued identification numbers used for tax or social security purposes — except where strictly necessary for KYC compliance and mandatory regulatory reporting, and only to the minimum extent required for those purposes.

ph38 collects personal data through the following means:

• Direct Collection: Data you provide when registering for a ph38 Account, completing KYC verification, making deposits or withdrawals, contacting our support team, or submitting any form on the Platform.
• Automated Collection: Technical data collected automatically when you access the Platform, including IP addresses, device identifiers, browser information, and session data collected via cookies and similar tracking technologies.
• Third-Party Sources: Identity and fraud verification data received from KYC and identity verification service providers; payment verification data from payment processors (GCash, Maya, Philippine banks); and risk and fraud detection data from specialist third-party providers.
• Regulatory Sources: In certain circumstances, ph38 may receive data from regulatory authorities, law enforcement agencies, or other licensed gaming operators as required by applicable law, including for the administration of self-exclusion registers.

ph38 processes your personal data on the following legal grounds under the Data Privacy Act of 2012:

• Contractual Necessity: Processing required to provide you with a ph38 Account and gaming services, process transactions, manage your account, and fulfil the Terms and Conditions you agreed to upon registration.
• Legal Obligation: Processing required to comply with applicable Philippine laws and regulations, including the Data Privacy Act, Anti-Money Laundering Act, PAGCOR regulatory requirements, and mandatory reporting obligations.
• Legitimate Interests: Processing for fraud prevention, security monitoring, responsible gaming risk detection, platform analytics, and improving the ph38 experience — where these interests are not overridden by your data protection rights.
• Consent: Processing for marketing communications, promotional notifications, and personalised offers — where we have obtained your explicit consent, which you may withdraw at any time.

ph38 uses the personal data we collect for the following purposes:

• Account Management: Creating and maintaining your ph38 Account, verifying your identity and age (21+), processing deposits and withdrawals, and managing your account settings and preferences.
• Gaming Services: Providing access to games, recording game sessions, calculating results and payouts, administering bonuses and promotions, and maintaining your gaming history.
• Regulatory Compliance: Conducting KYC verification, complying with AMLC reporting requirements, meeting PAGCOR licensing obligations, and responding to lawful requests from Philippine regulatory and law enforcement authorities.
• Security & Fraud Prevention: Detecting and preventing unauthorised account access, fraudulent transactions, bonus abuse, collusion, money laundering, and other prohibited activities.
• Responsible Gaming: Monitoring gaming behaviour for signs of problematic gambling, administering voluntary and mandatory self-exclusion, and providing responsible gaming tools and support.
• Customer Support: Responding to your enquiries, resolving disputes, processing complaints, and maintaining records of our communications with you.
• Marketing (with consent): Sending promotional offers, bonus notifications, new game announcements, and other marketing communications where you have opted in.
• Platform Improvement: Analysing aggregated and anonymised usage data to improve the ph38 Platform, optimise performance on Philippine mobile networks, and develop new features.

ph38 does not sell your personal data. ph38 may share your personal data with third parties only in the following limited circumstances:

• Payment Processors: GCash (Mynt), Maya (Voyager Innovations), BPI, BDO, Metrobank, and other Philippine financial institutions — solely to process deposits and withdrawals on your behalf. Each processor operates under its own privacy policy.
• KYC Providers: Third-party identity verification and age verification service providers engaged by ph38 to conduct mandatory Know Your Customer checks.
• Game Providers: The game studios and content providers whose games are available on the ph38 Platform (e.g., JILI, PG Soft, Pragmatic Play, Evolution). These providers receive only the technical session data necessary to deliver game functionality.
• Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government agencies — where disclosure is required by law or regulatory order.
• Technology Service Providers: Cloud hosting providers, cybersecurity vendors, analytics platforms, and customer support software providers engaged by ph38 under data processing agreements that require them to handle your data only as instructed by ph38 and in compliance with the DPA.
• Business Transfers: In the event of a merger, acquisition, or sale of all or part of ph38's business, personal data may be transferred to the acquiring entity. Users will be notified in advance of any such transfer that materially affects their data rights.

ph38 uses cookies and similar tracking technologies on ph38.club. Cookies are small data files stored on your device that help the Platform function correctly and improve your experience.

You can manage cookie preferences through your browser settings. Note that disabling non-essential cookies may affect the functionality of certain features on the ph38 Platform. Essential cookies cannot be disabled as they are strictly necessary for the Platform to operate.

ph38 retains personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable Philippine law. The following general retention periods apply:

• Account & KYC Data: Retained for the duration of your ph38 Account and for a minimum of five (5) years following account closure, in compliance with PAGCOR licensing requirements and AMLC obligations under the Anti-Money Laundering Act.
• Transaction Records: Financial transaction records are retained for a minimum of five (5) years from the date of each transaction, consistent with Philippine AML record-keeping requirements.
• Gaming History: Game session logs and betting history are retained for a minimum of three (3) years from the date of each session, or longer where required by regulatory obligations or active dispute resolution.
• Communications: Customer support communications and dispute records are retained for three (3) years from the date of closure of each support case.
• Marketing Data: Marketing preference records are retained until you withdraw consent or request erasure, subject to any applicable legal hold obligations.

Upon expiry of the applicable retention period, ph38 will securely delete or anonymise your personal data in a manner that prevents reconstruction or re-identification.

ph38 implements technical and organisational security measures designed to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:

• Encryption in Transit: All data transmitted between your browser and ph38's servers is encrypted using Transport Layer Security (TLS) with 256-bit encryption — the same standard used by Philippine banks and major financial institutions.
• Encryption at Rest: Sensitive personal data stored in ph38's databases — including passwords (stored as salted cryptographic hashes, never in plain text) and financial identifiers — is encrypted at rest.
• Access Controls: Access to personal data within ph38's systems is restricted on a strict need-to-know basis. Staff with access to personal data are subject to confidentiality obligations.
• Security Monitoring: ph38 operates continuous security monitoring and anomaly detection systems to identify and respond to potential data breaches or unauthorised access attempts.
• Penetration Testing: ph38's systems undergo regular security assessments and penetration testing by qualified security professionals.

Under the Philippine Data Privacy Act of 2012, you have the following rights in relation to your personal data held by ph38. To exercise any of these rights, please contact ph38's Data Protection Officer at [email protected].

ph38 will respond to all valid data subject requests within 30 calendar days of receipt. We may request additional information to verify your identity before processing a request. In cases where a request cannot be fulfilled (e.g., due to a legal retention obligation), ph38 will explain the reason in writing.

The ph38 Platform is strictly intended for individuals aged 21 years and above. ph38 does not knowingly collect or process personal data from any person under the age of 21. All account registrations are subject to mandatory age verification as part of the KYC process.

If ph38 becomes aware that personal data has been collected from a person under the age of 21, such data will be immediately and permanently deleted, the associated Account will be closed, and any funds in the Account will be handled in accordance with applicable regulatory requirements. If you believe that a minor has registered on ph38.club, please contact us immediately at [email protected].

With your consent, ph38 may send you promotional emails and SMS notifications about new games, bonuses, promotions, and platform updates. These communications are sent only to registered ph38 players who have opted in to receive marketing messages.

You may withdraw your consent to receive marketing communications at any time by:

• Updating your communication preferences in Account Settings → Notifications;
• Clicking the "Unsubscribe" link in any ph38 marketing email; or
• Contacting ph38 support at [email protected] and requesting removal from marketing lists.

Withdrawing consent to marketing communications does not affect your ability to continue using your ph38 Account or to receive essential transactional communications such as deposit confirmations, withdrawal notifications, and security alerts. Transactional communications are sent regardless of marketing consent status, as they are necessary for the operation of your Account.

ph38 reserves the right to update or amend this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, or our data processing practices. When we make material changes to this Policy, we will:

• Update the "Last Updated" date at the top of this Policy;
• Notify registered users by email to their registered email address; and
• Display a prominent notice on the ph38 Platform for a reasonable period following the update.

The current version of this Privacy Policy is always available at ph38.club/privacy-policy. We encourage all users to review this Policy periodically. Your continued use of the ph38 Platform after the effective date of any amendment constitutes your acknowledgment of the updated Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data by ph38, please contact our Data Protection Officer:

If you are not satisfied with ph38's response to your data privacy concern, you have the right to lodge a formal complaint with the National Privacy Commission of the Philippines (NPC). Information about filing a complaint with the NPC is available on the NPC's official website.