Summary: phyaya collects personal data to operate a legal, secure, and compliant online gaming platform for Filipino players. We process your data under Republic Act 10173 (Data Privacy Act of 2012) and in accordance with PAGCOR compliance requirements. We do not sell your personal data to third parties. This Policy explains exactly what we collect, why, and what your rights are.
This Privacy Policy ("Policy") describes how phyaya ("phyaya," "we," "us," or "our") collects, uses, stores, shares, and protects the personal information of players and visitors who access or use the phyaya online gaming platform at phyaya.vip and all associated subdomains, pages, and services (collectively, the "Platform").
phyaya is committed to protecting the privacy and personal data of all Filipino players in full compliance with the Republic Act 10173, otherwise known as the Data Privacy Act of 2012 ("DPA"), and its Implementing Rules and Regulations ("IRR"), as enforced by the National Privacy Commission of the Philippines ("NPC"). phyaya also processes personal data in accordance with PAGCOR's applicable player data requirements.
By registering for an account on phyaya, logging in, depositing funds, or otherwise using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein. If you do not agree with this Policy, you must not use the phyaya Platform.
This Policy should be read together with phyaya's Terms & Conditions and Responsible Gaming Policy, both of which are incorporated by reference into this document.
For the purposes of the Data Privacy Act of 2012, phyaya acts as the Personal Information Controller (PIC) in respect of all personal data collected through the Platform. As PIC, phyaya determines the purposes for which and the means by which personal data is processed.
In certain limited circumstances — for example, when phyaya engages third-party payment processors, KYC verification providers, or game software providers — those third parties may act as Personal Information Processors (PIPs) on phyaya's behalf. phyaya ensures that all PIPs are bound by data processing agreements that require them to process personal data only on phyaya's documented instructions and to apply security measures equivalent to those maintained by phyaya.
Contact details for phyaya's Data Protection Officer (DPO) are set out in Section 14 of this Policy.
phyaya collects the following categories of personal data in the course of operating the Platform and fulfilling its legal and regulatory obligations:
| Category | Examples | Required? |
|---|---|---|
| Identity Data | Full legal name, date of birth, gender, government ID number, copies of ID documents submitted for KYC | Mandatory |
| Contact Data | Email address, Philippine mobile number, residential address | Mandatory |
| Account Data | Username, encrypted password hash, account status, registration date, account preferences | Mandatory |
| Financial Data | GCash or PayMaya account references, bank account identifiers used for deposits/withdrawals, transaction history, account balance records | Mandatory |
| Transaction Data | Deposit amounts, withdrawal amounts and status, bonus activations, bet history, game session records, win/loss records | Mandatory |
| Technical Data | IP address, device type and OS, browser type and version, login timestamps, session duration, referral URL | Automatic |
| Behavioural Data | Game preferences, betting patterns, feature usage, responsible gaming tool usage, support interaction history | Automatic |
| Communications Data | Content of emails, live chat, or support tickets sent to phyaya; your responses to platform surveys or feedback forms | Where applicable |
Sensitive Personal Information: Government ID numbers and copies of identity documents collected for KYC constitute sensitive personal information under the DPA. phyaya applies heightened security and access controls to this category of data. It is used exclusively for identity verification and AML compliance purposes.
phyaya collects personal data through the following channels:
phyaya processes your personal data only for specific, legitimate purposes. The following table sets out the primary purposes for which phyaya processes personal data and the corresponding legal basis under the Data Privacy Act of 2012:
| Purpose | Legal Basis (DPA s. 12/13) |
|---|---|
| Account registration, authentication, and management | Performance of contract; Legitimate interest |
| KYC identity verification prior to withdrawal processing | Legal obligation (PAGCOR / AMLC compliance) |
| Processing deposits and withdrawals via GCash, PayMaya, and Philippine banks | Performance of contract |
| Anti-money laundering (AML) monitoring and suspicious transaction reporting under RA 9160 | Legal obligation |
| Responsible gaming monitoring, player protection interventions, and self-exclusion management | Legal obligation; Legitimate interest |
| Fraud prevention and platform security | Legitimate interest; Legal obligation |
| Player support and dispute resolution | Performance of contract; Legitimate interest |
| Platform personalisation and game recommendations | Consent; Legitimate interest |
| Marketing communications (with opt-in consent) | Consent |
| Regulatory reporting to PAGCOR and other competent Philippine authorities | Legal obligation |
| Statistical analysis and platform improvement | Legitimate interest (anonymised / aggregated data) |
phyaya does not use automated decision-making that produces legal or similarly significant effects against individual players without human review, except where automated systems are used to flag potential fraud or AML concerns — in which case a human compliance officer reviews all flags before any account action is taken.
phyaya does not sell your personal data to any third party. phyaya may share your personal data with third parties only in the following limited and controlled circumstances:
All third-party data processors engaged by phyaya are bound by written data processing agreements that prohibit use of phyaya player data for any purpose other than delivering the specific service for which they have been engaged, and require security standards consistent with phyaya's own.
phyaya retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law and PAGCOR regulations. The following general retention periods apply:
Upon expiry of the applicable retention period, phyaya will securely delete or anonymise your personal data such that it can no longer be associated with you as an identifiable individual.
phyaya implements organisational and technical security measures appropriate to the nature and sensitivity of the personal data it processes. These measures include:
Your role in security: phyaya's security measures protect data on our end, but you are also responsible for keeping your phyaya login credentials secure. Never share your password with anyone. Enable Two-Factor Authentication in your account settings. phyaya will never ask for your password.
phyaya uses cookies and similar technologies (local storage, session tokens) on the Platform for the following purposes:
phyaya does not use third-party advertising cookies or serve targeted advertising based on cross-site tracking. You may manage cookie preferences through your browser settings; however, disabling strictly necessary cookies will impair your ability to use the phyaya Platform.
phyaya primarily processes and stores personal data on servers located in the Philippines or in jurisdictions that maintain data protection standards recognised as adequate by the NPC. Where personal data is transferred outside the Philippines — for example, to game software providers or identity verification services located in other countries — phyaya ensures such transfers comply with Section 21 of the DPA by implementing appropriate safeguards, which may include:
By using phyaya, you acknowledge that certain limited categories of your personal data may be transferred to and processed in jurisdictions outside the Philippines, in accordance with the safeguards described in this Section.
Under the Data Privacy Act of 2012, you have the following rights in respect of your personal data held by phyaya. These rights can be exercised by contacting phyaya's Data Protection Officer using the details in Section 14.
You have the right to obtain confirmation from phyaya of whether it holds personal data about you, and to receive a copy of that data together with information about how it is being processed.
You have the right to request correction of inaccurate personal data phyaya holds about you. Certain corrections — particularly changes to registered identity details — may require supporting documentation for KYC integrity purposes.
You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected. Note that phyaya is legally required to retain certain data for minimum periods under AML law, which may limit the scope of deletion requests for active or recently closed accounts.
You have the right to object to processing of your personal data carried out on the basis of phyaya's legitimate interests, including profiling for game recommendations and behaviour-based responsible gaming interventions.
You have the right to receive a copy of personal data you have provided to phyaya in a structured, commonly used, and machine-readable format, where technically feasible.
Where phyaya processes your data based on your consent (e.g., for marketing communications), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
If you believe phyaya has processed your personal data in violation of the Data Privacy Act, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (privacy.gov.ph).
Exercising your rights: To submit a data subject rights request, contact phyaya's Data Protection Officer at [email protected] with the subject line "Data Subject Rights Request" and your full name, registered email address, and a description of your request. phyaya will acknowledge and respond within 15 business days as required by NPC regulations.
phyaya's Platform is strictly restricted to individuals aged 21 years and above in accordance with PAGCOR regulations governing casino-style gaming in the Philippines. phyaya does not knowingly collect personal data from individuals under the age of 21.
If phyaya discovers or is notified that an account has been registered by a person under 21 years of age, phyaya will immediately close the account, delete the personal data of the underage individual to the extent not required to be retained under applicable law, and review any transactions associated with the account in accordance with applicable PAGCOR and AML requirements.
If you believe a minor has registered on phyaya or has accessed your account, please contact phyaya's support team immediately at [email protected].
phyaya reviews and updates this Privacy Policy periodically to reflect changes in its data processing practices, changes in applicable Philippine law, NPC guidance, or PAGCOR requirements. The current version of this Policy, together with its effective date, is always published at phyaya.vip/privacy-policy.
Where a change to this Policy is material — meaning it significantly affects your rights or the way phyaya processes your personal data — phyaya will notify registered players via the email address on file at least 14 days before the change takes effect. For non-material changes (such as typographical corrections or minor clarifications), phyaya will update the Policy without specific advance notice.
Your continued use of the phyaya Platform after the effective date of any updated Policy constitutes your acceptance of the revised terms. If you do not accept the updated Policy, you should close your phyaya account and cease using the Platform.
For all privacy-related inquiries, data subject rights requests, or complaints relating to phyaya's handling of your personal data, please contact phyaya's designated Data Protection Officer (DPO):
phyaya is registered to operate in the Philippines and serves Filipino players in accordance with PAGCOR's regulatory framework and the National Privacy Commission's enforcement of the Data Privacy Act of 2012.
You also have the right to refer a complaint directly to the National Privacy Commission of the Philippines if you are not satisfied with phyaya's response to your privacy inquiry. The NPC can be reached through the official Philippine government channels at privacy.gov.ph (note: phyaya does not link to external sites; please search for the NPC directly via your browser).
Every data exchange between your device and phyaya — login, deposit, withdrawal, game session — is encrypted using 256-bit SSL/TLS. The same standard trusted by BPI, BDO, and the Philippines' leading digital banks for their own online platforms.
phyaya processes all player data in full compliance with the Philippines' Data Privacy Act of 2012 and under NPC oversight. Your rights to access, correction, deletion, and portability of your personal data are upheld as legal entitlements — not optional courtesies.
phyaya does not sell, rent, or trade your personal data to advertisers, data brokers, or any other commercial third party. The only entities that receive your data are those directly required to operate phyaya's licensed gaming services — payment processors, KYC verifiers, and regulators.
phyaya has appointed a Data Protection Officer (DPO) as required under the DPA. The DPO is responsible for overseeing all data processing activities, ensuring NPC compliance, and acting as the direct point of contact for data subject rights requests from Filipino players.
phyaya applies data minimisation principles — collecting only the personal data genuinely required for each processing purpose. Sensitive data like KYC documents is stored with AES-256 encryption at rest and access-controlled to authorised compliance staff only.
In the event of a data breach that poses a real risk to data subjects, phyaya is committed to notifying the National Privacy Commission within 72 hours and affected players without undue delay — consistent with NPC Circular 16-03 breach notification requirements.
Your privacy is protected under the Philippines Data Privacy Act. 3,200+ games, GCash payouts, and full regulatory compliance — all in your phyaya account.
21+ Only · RA 10173 Compliant · PAGCOR Framework · Responsible Gaming