php288 is committed to protecting your personal data. This Privacy Policy explains what information we collect when you use the php288 platform, why we collect it, how we use and protect it, who we share it with, and what rights you hold as a data subject under Philippine law.
This Privacy Policy ("Policy") describes how php288 ("php288," "the Company," "we," "our," "us") collects, processes, stores, protects, and uses the personal data of individuals ("Data Subjects," "you," "your") who access and use the php288 online gaming platform at php288.one ("the Platform"). This Policy applies to all players, registered account holders, visitors to the Platform, and any other persons whose personal data php288 processes in connection with the Platform's operations.
php288 is committed to processing personal data in a transparent, lawful, and responsible manner in full compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 ("DPA"), its Implementing Rules and Regulations ("IRR"), and the circulars and issuances of the National Privacy Commission ("NPC") of the Philippines. php288 also processes personal data in accordance with the requirements of the Philippine Amusement and Gaming Corporation ("PAGCOR"), the Anti-Money Laundering Council ("AMLC"), and other applicable Philippine regulatory authorities.
By registering an account on the php288 Platform, accessing the Platform, or otherwise providing your personal data to php288, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein. If you do not consent to this Policy, you must not use the Platform or provide your personal data to php288.
Note: This Policy should be read together with the php288 Terms & Conditions available at php288.one/terms-conditions, which governs all other aspects of your relationship with the Platform.
php288 acts as the Personal Information Controller ("PIC") within the meaning of the Data Privacy Act of 2012 with respect to personal data collected from Platform users. As PIC, php288 determines the purposes and means by which personal data is processed in connection with the Platform.
php288 operates under PAGCOR jurisdiction and conducts all personal data processing activities in accordance with PAGCOR's licensing conditions and the NPC's registration and compliance requirements. php288 has appointed a Data Protection Officer ("DPO") in accordance with Section 21 of the DPA and the NPC's advisory opinions on DPO designation requirements. The DPO's contact details are provided in Section 15 of this Policy.
Where php288 engages third parties to process personal data on its behalf — such as KYC verification providers, payment processors, and cloud infrastructure providers — those parties act as Personal Information Processors ("PIP") under written agreements that bind them to the data protection standards required under Philippine law.
php288 collects the minimum personal data necessary to operate the Platform, comply with its regulatory obligations, and deliver the gaming services you request. The categories of personal data collected are as follows:
Data Minimization: php288 applies the principle of data minimization — we collect only the personal data that is directly relevant and necessary for the specific processing purpose. We do not collect sensitive personal information (as defined under Section 3(l) of the DPA) except where strictly required by PAGCOR's KYC and AML compliance frameworks, and only with your explicit consent.
When you access the php288 Platform, certain technical and usage data is collected automatically through server logs, cookies, and similar tracking technologies. This includes your IP address, approximate geolocation derived from IP address, browser and device information, referring URL, pages visited on the Platform, and timestamps of access events. This data is used for security monitoring, fraud prevention, regulatory compliance, and Platform performance optimization.
php288 processes your personal data on the following legal bases as recognized under the Data Privacy Act of 2012:
| Processing Purpose | Legal Basis |
|---|---|
| Account registration, authentication, and management | Performance of contract (Sec. 12(b) DPA); Compliance with legal obligation |
| Identity verification and age verification (KYC / 21+ compliance) | Compliance with PAGCOR licensing requirement and Philippine law (Sec. 12(c) DPA) |
| Processing deposits and withdrawals; wallet management | Performance of contract (Sec. 12(b) DPA) |
| Anti-money laundering (AML) monitoring and reporting to AMLC | Compliance with Republic Act No. 9160 as amended (Sec. 12(c) DPA) |
| Fraud detection, prevention, and security monitoring | Legitimate interests of php288 and protection of players (Sec. 12(f) DPA) |
| Regulatory reporting to PAGCOR and other competent authorities | Compliance with legal obligation (Sec. 12(c) DPA) |
| Customer support and dispute resolution | Performance of contract; Legitimate interests (Sec. 12(b)(f) DPA) |
| Responsible gaming monitoring, limit enforcement, and self-exclusion | Compliance with PAGCOR responsible gaming requirements; Legitimate interests |
| Sending transactional communications (deposit confirmations, withdrawal alerts, OTPs) | Performance of contract (Sec. 12(b) DPA) |
| Sending marketing and promotional communications | Consent (Sec. 12(a) DPA) — subject to your opt-in and opt-out rights |
| Platform analytics, product improvement, and service optimization | Legitimate interests of php288 (Sec. 12(f) DPA) |
php288 does not sell, rent, or trade your personal data to any third party for commercial purposes. Personal data is disclosed only in the circumstances described below, and always subject to appropriate data protection safeguards:
php288 is legally obligated to disclose personal data to PAGCOR, the Anti-Money Laundering Council, the National Privacy Commission, courts of competent jurisdiction, and other Philippine government bodies when required by law, court order, or regulatory mandate. php288 fully cooperates with lawful government requests and does not require your consent for disclosures mandated by Philippine law.
php288 engages accredited third-party KYC service providers to conduct identity document verification and biometric matching in connection with the account registration and withdrawal verification processes. These providers process personal data under written data processing agreements and are bound by the same data protection standards that apply to php288.
Financial transaction data — including GCash mobile numbers, bank account details, and transaction amounts — is shared with payment gateway providers, GCash (operated by G-Xchange, Inc.), Maya (operated by PayMaya Philippines, Inc.), and banking partners to the extent necessary to process your deposits and withdrawals. These disclosures are governed by the payment providers' own privacy policies and applicable Philippine financial regulations.
Game providers whose titles are hosted on the php288 Platform — including JILI Games, PG Soft, Pragmatic Play, Evolution, and others — may receive technical session data necessary for game delivery, including session tokens and bet values. These providers do not receive personally identifiable player information beyond what is technically required to deliver the game service, and operate under confidentiality obligations.
php288 uses cloud hosting, content delivery, and technology infrastructure services to operate the Platform. These providers have access to the technical infrastructure on which player data is stored and processed. All such providers are engaged under data processing agreements that include binding data protection obligations consistent with Philippine DPA requirements.
No Sale of Data: php288 strictly prohibits the sale, rental, or commercial exchange of player personal data. Any php288 staff member or contractor who facilitates an unauthorized disclosure of player personal data is subject to disciplinary action and potential criminal liability under Section 25 et seq. of the Data Privacy Act of 2012.
php288 retains personal data for the minimum period necessary to fulfill the purposes for which it was collected, subject to the minimum retention periods mandated by applicable Philippine law and PAGCOR regulations. The following general retention periods apply:
Upon expiry of the applicable retention period, personal data is securely disposed of or anonymized in accordance with NPC-recognized disposal standards. Anonymized or aggregated data that cannot be used to identify you may be retained indefinitely for statistical and analytical purposes.
php288 implements technical, organizational, and administrative security measures designed to protect personal data against unauthorized access, accidental loss, destruction, alteration, disclosure, and unlawful processing. These measures include, without limitation:
In the event of a personal data breach that poses a real risk of serious harm to Data Subjects, php288 will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, as required by NPC Circular 16-03. Affected Data Subjects will be notified promptly where the breach likely affects their rights and freedoms, in accordance with NPC guidelines.
The php288 Platform uses cookies and similar tracking technologies (collectively, "Cookies") to provide core Platform functionality, ensure security, and analyze usage patterns. Cookies are small text files stored on your device when you access the Platform.
These Cookies are essential for the Platform to function and cannot be disabled. They include session authentication tokens, security tokens used for CSRF protection, and language and region preference settings. No consent is required for strictly necessary Cookies as they are required to deliver the service you have requested.
php288 uses first-party analytics Cookies to understand how players navigate and use the Platform, identify technical errors, and measure Platform performance. Analytics data is aggregated and does not identify you individually. These Cookies are activated on the basis of php288's legitimate interests in improving the Platform experience.
php288's anti-fraud and security systems use Cookies and device fingerprinting technologies to detect suspicious activity, identify bots, and flag unauthorized account access attempts. These Cookies are processed on the basis of php288's legitimate interest in maintaining Platform security and protecting players' accounts.
You can configure your browser to block or delete Cookies; however, blocking strictly necessary Cookies may prevent the Platform from functioning correctly. php288 does not use third-party advertising Cookies or behavioral advertising tracking technologies.
The php288 Platform is strictly prohibited from collecting personal data from, or providing gaming services to, any person under twenty-one (21) years of age, as mandated by PAGCOR's licensing conditions. php288 does not knowingly collect personal data from persons under 21.
Date of birth collected during registration is used to verify compliance with the 21+ minimum age requirement. Where php288 becomes aware that personal data has been collected from a person under 21, that account will be immediately suspended, all personal data associated with the minor's account will be securely deleted in accordance with applicable data protection requirements, and the matter will be reported to PAGCOR.
21+ Requirement: If you have reason to believe that a person under 21 has registered an account on the php288 Platform, please contact php288 support immediately at [email protected]. php288 takes the protection of minors from gambling services with the utmost seriousness.
Under the Data Privacy Act of 2012, you hold the following rights with respect to your personal data processed by php288. To exercise any of these rights, submit a written request to the php288 Data Protection Officer using the contact details in Section 15. php288 will respond to verified Data Subject requests within fifteen (15) working days of receipt.
Some of php288's service providers and game technology partners maintain infrastructure or personnel outside the Philippines. Where personal data is transferred outside the Philippines to third parties in connection with the delivery of Platform services, php288 ensures that such transfers are made in compliance with Section 21 of the DPA and the NPC's rules on cross-border data transfers.
php288 implements safeguards for cross-border transfers that may include: binding data processing agreements incorporating the NPC's standard data protection clauses, transfer to countries recognized by the NPC as providing adequate levels of data protection, or other approved mechanisms ensuring that transferred data receives equivalent protection to that afforded under Philippine law.
php288 may send you promotional communications — including bonus offers, new game announcements, special events, and platform updates — via SMS to your registered Philippine mobile number and via email to your registered email address. These communications are sent only where you have opted in to receiving marketing communications at the time of registration or subsequently through your account settings.
You may withdraw consent for marketing communications at any time by: (a) updating your communication preferences in your account settings; (b) clicking the unsubscribe link included in each marketing email; or (c) texting STOP in response to an SMS marketing message. Withdrawal of consent for marketing does not affect your receipt of transactional messages (such as deposit confirmations, withdrawal notifications, and OTPs), which are sent on the basis of contract performance rather than consent.
php288 does not engage in unsolicited bulk marketing and processes marketing-related personal data in accordance with the NPC's guidelines on consent-based direct marketing.
The php288 Platform may reference or link to third-party services such as GCash and Maya in the context of payment processing instructions. php288 is not responsible for the privacy practices of third-party services. When you interact with third-party payment platforms — for example, when completing a GCash transfer — you are subject to that platform's privacy policy and terms of service. php288 encourages you to review the privacy policies of any third-party services you use in connection with your php288 account.
php288 does not have control over, and accepts no responsibility for, the content, privacy policies, or practices of third-party websites or services that may be referenced on the Platform.
php288 reviews this Privacy Policy periodically and may update it to reflect changes in data processing practices, regulatory requirements, or Platform functionality. When material changes are made to this Policy, php288 will notify registered players by email to their registered address or through a prominent notice on the Platform prior to the changes taking effect. The effective date shown at the top of this Policy reflects the date of the most recent revision.
Your continued use of the php288 Platform following the effective date of any amendment constitutes your acknowledgment of the revised Policy. If you do not agree with material changes to the Policy, you should discontinue your use of the Platform and may close your account in accordance with the Terms & Conditions. php288 maintains an archive of previous Policy versions, available upon written request to the DPO.
For all privacy-related inquiries, Data Subject rights requests, breach notifications, and complaints concerning php288's processing of personal data, please contact the php288 Data Protection Officer through the following channels:
If you are not satisfied with php288's response to a Data Subject rights request or privacy complaint, you have the right to escalate the matter to the National Privacy Commission of the Philippines:
Response Commitment: php288 commits to acknowledging all DPO contact within two (2) business days and providing a substantive response to Data Subject rights requests within fifteen (15) working days as required by NPC Circular 2023-04 and related NPC issuances.
The Data Privacy Act of 2012 grants you meaningful rights over your personal data. Here is a quick reference guide to what those rights mean for php288 players.
You have the right to know what personal data php288 holds about you, why it was collected, how it is used, and who it may have been shared with. This Privacy Policy is part of how php288 fulfills this obligation — transparently, in plain language, before and during your use of the Platform.
Request a copy of the personal data php288 holds about you at any time. Submit your request to the DPO and php288 will provide you with a structured summary of your data, the processing purposes, and any disclosures made — all within fifteen (15) working days of receiving a verified request.
If any personal data php288 holds about you is inaccurate, outdated, or incomplete, you have the right to request correction. Basic account details can be updated directly through your php288 account settings. Identity-linked data requires submission of updated government documentation for security and PAGCOR compliance reasons.
Request deletion of personal data that php288 no longer needs for the purpose it was collected. This right is subject to php288's legal retention obligations — transaction records must be kept for five years under AMLC rules, and KYC data must be retained for five years post-account closure under PAGCOR requirements. Outside of those obligations, your erasure request will be honored promptly.
You can object to php288 processing your personal data for direct marketing purposes at any time, and your objection will be honored immediately. You can also object to processing based on legitimate interests; in that case, php288 will assess whether its legitimate interests override your rights and communicate the outcome within fifteen (15) working days.
Where technically feasible, you can request a machine-readable copy of the personal data you have provided to php288 — for example, your account registration data and transaction history. Portable data files are provided in JSON or CSV format. This right applies where processing is based on your consent or on a contract between you and php288.
Privacy protection at php288 is not a single policy document. It is a set of active, ongoing practices embedded in how the Platform is built and operated every day.
Every byte of data exchanged between your device and the php288 Platform — including your login credentials, personal details, and financial transaction data — travels over a 256-bit SSL-encrypted connection. The same level of encryption used by Philippine banks for online transactions. Whether you are on Globe LTE in Cebu or Converge fiber in Makati, your data is encrypted from origin to destination.
php288 has appointed a Data Protection Officer in compliance with the Data Privacy Act of 2012. The DPO is responsible for overseeing all personal data processing activities, managing Data Subject rights requests, coordinating breach response, and liaising with the National Privacy Commission. The DPO ensures php288's operations remain aligned with evolving NPC guidance and PAGCOR data governance requirements.
Sensitive personal data stored in php288's databases — including KYC document files, identity verification records, and financial account identifiers — is encrypted at rest using industry-standard algorithms. Passwords are never stored in plain text; they are hashed using cryptographic one-way functions so that even internal staff cannot access your credentials.
php288 employees access player personal data only on a strict need-to-know basis determined by their role. Access permissions are controlled through role-based access systems and are reviewed regularly. All staff with access to personal data undergo data privacy training aligned with NPC requirements. Access logs are maintained and audited to detect unauthorized access attempts.
In the event of a personal data breach, php288 follows the NPC's mandatory breach notification protocol — notifying the NPC within 72 hours of becoming aware of a breach that poses real risk of harm, and notifying affected players without undue delay. php288 maintains a documented Breach Management Policy and conducts annual breach response drills to ensure readiness.
php288 applies privacy by design principles — data protection considerations are integrated into Platform development from the earliest design stages, not added as an afterthought. This means minimum data collection by default, data minimization in all processing workflows, and privacy-preserving technical choices wherever operationally viable. PAGCOR compliance and NPC guidance are built into how the Platform is engineered, not bolted on externally.
Knowing how your data is handled is part of trusting any platform. php288 processes your personal data lawfully, transparently, and only for the purposes you would expect. Now explore the casino, knowing your privacy is protected.
500+ titles from certified providers
Baccarat, Dragon Tiger, 24/7 live
Read the full platform rules
Tools, limits, and support resources