Table of Contents
Privacy at a Glance
Six principles that guide how phrich handles your personal data. These highlights do not replace the full policy below.
Your Data is Secured
phrich uses TLS 1.3 encryption for all data in transit and AES-256 encryption for data at rest. Your personal information, payment details, and account credentials are never stored or transmitted in plain text. Security infrastructure is reviewed and updated continuously.
Collected for Clear Purposes
phrich collects only the personal data that is genuinely necessary for account registration, identity verification, payment processing, regulatory compliance, and delivering the best possible gaming experience. We do not collect data speculatively or for undisclosed purposes.
Philippine Law Compliant
phrich processes personal data in accordance with Republic Act No. 10173, the Data Privacy Act of 2012 (DPA), and the implementing rules and regulations issued by the National Privacy Commission (NPC) of the Philippines. PAGCOR's data handling requirements are also fully observed.
No Sale of Personal Data
phrich does not sell, rent, or trade your personal information to third-party marketers or data brokers. Data shared with third parties is limited to what is strictly necessary for regulated operations — such as KYC verification providers, payment processors, and PAGCOR — and only under appropriate data agreements.
You Control Your Preferences
phrich members can review and update their personal information through the account settings dashboard at any time. Marketing communications can be opted out of at any time. Requests relating to data access, correction, deletion, and portability are handled in accordance with the DPA's prescribed timelines.
Retained Only as Needed
phrich retains personal data only for as long as it is needed for the purposes for which it was collected, or as required by Philippine law and PAGCOR regulations. When data is no longer needed, it is securely deleted or anonymized in accordance with phrich's data retention schedule.
Data Controller
For the purposes of the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, the data controller responsible for personal information collected and processed through the phrich platform is:
phrich
Online Gaming Platform — phrich.net
Operated under PAGCOR regulatory framework, Philippines
Data Privacy Contact: [email protected]
phrich has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act and this Privacy Policy. Any data privacy concerns, requests, or complaints may be directed to phrich's DPO via the contact information provided in Section 14 of this Policy.
Personal Data We Collect
phrich collects the following categories of personal data from members and platform users. Data collection occurs at registration, during account verification, throughout the normal course of platform use, and in connection with customer support interactions.
| Data Category | Specific Data Points | When Collected |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, government-issued ID type and number, ID photographs, selfie photographs | Registration & KYC verification |
| Contact Data | Philippine mobile number, email address, residential address, city, province | Registration |
| Financial Data | GCash account number (masked), PayMaya account reference, bank account details (masked), transaction history, deposit and withdrawal records | First deposit & ongoing transactions |
| Gaming Data | Game history, bet amounts, win/loss records, session durations, preferred game categories, bonus usage history | Continuous during account use |
| Technical Data | IP address, device type and identifier, browser type and version, operating system, screen resolution, session timestamps, page navigation data | Every platform visit |
| Communications Data | Live chat transcripts, email correspondence, support ticket contents, complaint records | When contacting support |
| Marketing Preferences | Email marketing opt-in status, SMS notification preferences, preferred communication language | Registration & account settings |
phrich does not collect sensitive personal information beyond what is expressly required for identity verification, regulatory compliance, and fraud prevention. Full payment card numbers are never stored by phrich — card processing is handled by certified payment service providers.
How We Collect Personal Data
phrich collects personal data through the following means:
3.1 Information You Provide Directly
The majority of personal data phrich holds about you is information you have provided voluntarily, including data entered during account registration, KYC document submission, customer support interactions, promotional entries, and preference settings updated in your account dashboard.
3.2 Automated Technical Collection
When you access the phrich platform, technical data including your IP address, device identifier, browser characteristics, and session navigation data is automatically collected by our servers and analytics systems. This data is collected even if you do not have a registered phrich account — it is used for platform security, fraud detection, and performance monitoring purposes.
3.3 Third-Party Sources
phrich may receive personal data about you from third-party sources in the following circumstances:
- KYC and Identity Verification Providers: Third-party identity verification services may provide phrich with confirmation results and risk signals arising from their verification of your submitted identity documents.
- Payment Processors: GCash, PayMaya, and bank partners may share transaction confirmation data and fraud alerts with phrich in connection with deposits and withdrawal requests.
- PAGCOR and Government Agencies: phrich may receive information from PAGCOR or relevant Philippine government agencies in connection with regulatory compliance obligations, such as self-exclusion lists or AML notifications.
Legal Basis for Processing
Under the Philippine Data Privacy Act of 2012, phrich processes personal data on the following legal bases:
- Contractual Necessity: Processing your identity, contact, financial, and gaming data is necessary to create and administer your phrich account, execute deposits and withdrawals, and deliver the gaming services you have contracted with phrich to receive.
- Legal Obligation: phrich is legally required to process certain personal data in order to comply with PAGCOR licensing conditions, the Anti-Money Laundering Act (Republic Act No. 9160, as amended), and other applicable Philippine laws. This includes mandatory KYC verification and the retention of transaction records.
- Legitimate Interests: phrich processes technical data and gaming data on the basis of its legitimate interests in platform security, fraud prevention, responsible gaming monitoring, and service improvement — provided such processing does not override your rights and interests.
- Consent: Where phrich processes your data for marketing communications and optional personalization features, this processing is based on your freely given consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.
How We Use Your Personal Data
phrich uses your personal data for the following specific purposes:
5.1 Account Administration
phrich uses your identity and contact data to create and manage your account, authenticate your login, process password resets, deliver account notifications, and respond to customer support enquiries.
5.2 Identity Verification and Regulatory Compliance
phrich processes identity data and document photographs to verify your eligibility to hold a phrich account, confirm that you meet the 21+ age requirement, satisfy PAGCOR's KYC requirements, and comply with Philippine AML obligations. This is a mandatory processing activity that cannot be opted out of.
5.3 Payment Processing
Financial data is processed to execute your deposit and withdrawal requests, to reconcile transaction records, to detect and prevent payment fraud, and to comply with financial reporting requirements under applicable Philippine law.
5.4 Responsible Gaming Monitoring
phrich monitors gaming data and session behavior to identify patterns that may indicate problem gambling, to enforce self-imposed account limits, and to trigger responsible gaming interventions where appropriate under PAGCOR's responsible gaming guidelines. This processing is in your interest and is a condition of phrich's PAGCOR licence.
5.5 Fraud Prevention and Security
Technical data, gaming data, and payment data are analyzed by phrich's fraud detection systems to identify and prevent unauthorized account access, money laundering, bonus abuse, and other prohibited conduct as described in phrich's Terms & Conditions.
5.6 Platform Improvement
Aggregated and anonymized technical and gaming data may be used by phrich to analyze platform usage patterns, improve game selection and user experience, test new features, and optimize platform performance. This analysis does not involve decision-making based on individual player profiles.
5.7 Marketing Communications
Where you have opted in to marketing communications, phrich may use your contact data and marketing preferences to send you information about new games, promotions, reload bonuses, and special events. You can opt out of marketing communications at any time by updating your notification preferences in the account settings dashboard or by contacting phrich support.
Data Sharing & Disclosure
phrich does not sell or rent personal data to any third party. phrich may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data processing agreements:
- PAGCOR and Philippine Regulatory Authorities: phrich is obligated to share player data with PAGCOR and other relevant Philippine government agencies upon lawful request, as required by phrich's operating licence and applicable law. This includes sharing self-exclusion registrations and AML reports where required.
- KYC and Identity Verification Service Providers: phrich engages certified third-party identity verification services to process submitted identity documents. These providers act as data processors under agreements that restrict their use of your data to verification purposes only.
- Payment Service Providers: GCash, PayMaya, partner banks (BPI, BDO, Metrobank, UnionBank), and other payment processors receive the minimum data necessary to execute your requested transactions. These providers are bound by their own regulatory and contractual obligations regarding data security.
- Game Software Providers: Third-party game providers (such as JILI, Pragmatic Play, and PG Soft) may receive your account identifier and gaming session data necessary to deliver and record game outcomes. These providers do not receive your full identity or payment data.
- Fraud Prevention and Security Services: phrich may share technical and behavioral data with specialist fraud prevention service providers to protect the platform and its members.
- Professional Advisers: phrich's legal advisers, auditors, and accountants may access personal data strictly as necessary in the performance of their professional services, under binding confidentiality obligations.
No Third-Party Marketing: phrich does not share, sell, or license your personal data to third-party marketing companies, data aggregators, or advertising networks. Your contact information will not be used to send you promotional material from any party other than phrich.
Data Retention
phrich retains personal data in accordance with the following schedule, subject to any longer retention periods required by applicable Philippine law or PAGCOR regulations:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account Identity & KYC Data | 5 years from account closure | AMLA requirement; PAGCOR licensing conditions |
| Financial Transaction Records | 5 years from date of transaction | AMLA, BIR, and PAGCOR regulatory requirements |
| Gaming History | 3 years from account closure | PAGCOR licence conditions; dispute resolution |
| Customer Support Records | 3 years from closure of support case | Legitimate interest; dispute resolution |
| Marketing Preferences | Until opt-out or account closure | Consent-based; withdrawn on request |
| Technical / Log Data | 13 months from collection | Security monitoring; fraud prevention |
Upon expiry of applicable retention periods, phrich will securely delete or anonymize personal data in accordance with its internal data disposal procedures. Anonymized data (from which no individual can be identified) may be retained indefinitely for statistical and analytical purposes.
Data Security
phrich implements and maintains technical, organizational, and procedural measures designed to protect personal data against unauthorized access, accidental loss, destruction, or disclosure. These measures include, but are not limited to:
- TLS 1.3 Encryption: All data transmitted between your device and phrich servers is encrypted using TLS 1.3 protocol, ensuring that login credentials, payment information, and account data cannot be intercepted in transit.
- AES-256 Data Encryption at Rest: Sensitive personal data stored in phrich databases is encrypted using AES-256 encryption, an industry-standard algorithm used by financial institutions and government agencies globally.
- Access Controls: Access to personal data within phrich's systems is restricted on a strict need-to-know basis. Staff access is controlled through role-based permissions, multi-factor authentication, and activity logging.
- Intrusion Detection: phrich's security infrastructure includes continuous intrusion detection and monitoring systems designed to identify and respond to unauthorized access attempts in real time.
- Penetration Testing: phrich regularly engages independent security specialists to conduct penetration testing and vulnerability assessments of its platform and infrastructure.
- Data Breach Response: phrich maintains a documented data breach response plan. In the event of a personal data breach, phrich will notify affected individuals and the National Privacy Commission within the timelines prescribed by the Data Privacy Act.
While phrich employs robust security measures, no online platform can guarantee absolute security against all threats. Players should also take responsibility for protecting their own account credentials by using strong, unique passwords and enabling two-factor authentication on their phrich account.
Cookies & Tracking Technologies
9.1 What Are Cookies
Cookies are small text files placed on your device when you visit the phrich platform. phrich uses cookies and similar tracking technologies to maintain your login session, remember your language preferences, protect against cross-site request forgery, analyze platform performance, and deliver a personalized gaming experience.
9.2 Types of Cookies Used by phrich
- Strictly Necessary Cookies: These cookies are essential for the phrich platform to function correctly. They maintain your authenticated session, prevent request forgery, and enable core platform features. These cookies cannot be disabled without impairing your ability to use the platform.
- Performance and Analytics Cookies: phrich uses analytics cookies to collect aggregated, anonymized data about how users navigate the platform — which pages are visited most frequently, where users exit the platform, and how long sessions typically last. This data is used solely to improve the platform experience.
- Functional Cookies: Functional cookies remember your preferences such as preferred game lobby view, notification settings, and interface customizations. Disabling these cookies may result in your preferences not being saved between sessions.
9.3 Managing Cookies
You can manage cookie settings through your browser's privacy settings. Blocking all cookies may impair the functionality of the phrich platform, including your ability to stay logged in during a gaming session. phrich does not use third-party advertising cookies or cross-site tracking technologies.
Your Privacy Rights
Under the Philippine Data Privacy Act of 2012, you have the following rights in relation to your personal data held by phrich. phrich will respond to valid rights requests within the timelines prescribed by the NPC's implementing rules.
Right to Access
Request a copy of the personal data phrich holds about you and information about how it is used.
Right to Rectification
Request correction of inaccurate or incomplete personal data in your phrich account.
Right to Erasure
Request deletion of your personal data where retention is no longer legally required.
Right to Object
Object to processing based on legitimate interests, including direct marketing.
Right to Portability
Receive a structured copy of your personal data in a machine-readable format.
Right to Withdraw Consent
Withdraw consent for marketing and optional processing at any time without penalty.
To exercise any of these rights, contact phrich's Data Protection Officer using the details in Section 14. phrich may need to verify your identity before processing rights requests to prevent unauthorized data disclosure. Certain rights may be subject to limitations where retention is required by PAGCOR regulations or Philippine law — phrich will explain any applicable limitations at the time of your request.
If you believe phrich has not handled your personal data lawfully, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. Filing a complaint with the NPC is free of charge and may be done through the NPC's official channels.
Minors & Age Restriction
21+ Only: The phrich platform is strictly prohibited to persons under 21 years of age. phrich does not knowingly collect personal data from individuals under 21. If phrich discovers that an account has been registered by a person under the minimum age, the account will be closed immediately, all data will be deleted to the extent permitted by law, and the matter may be reported to PAGCOR as required by phrich's licensing conditions.
If you are a parent or guardian and believe that a person under 21 in your care has registered an account with phrich or submitted personal data to the platform, please contact phrich immediately at [email protected]. phrich will investigate and take appropriate action promptly.
phrich's mandatory KYC age verification process — requiring submission of a Philippine government-issued photo ID — is specifically designed to prevent underage access to real-money gaming services. This verification is completed before any deposit or gaming activity is permitted.
International Data Transfers
phrich's primary data processing infrastructure is located within the Philippines. Some third-party service providers engaged by phrich — including certain game software providers, cloud infrastructure services, and fraud prevention platforms — may process personal data in jurisdictions outside the Philippines.
Where personal data is transferred internationally, phrich ensures that adequate safeguards are in place in accordance with the requirements of the Data Privacy Act and NPC guidelines. These safeguards may include contractual clauses equivalent to those recognized by the NPC, the recipient jurisdiction's recognition as providing adequate data protection under NPC assessment, or other approved transfer mechanisms.
phrich will not transfer personal data to a jurisdiction that the NPC has determined does not provide an adequate level of protection without implementing appropriate additional safeguards and, where required, obtaining NPC authorization for the transfer.
Policy Amendments
phrich reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, NPC guidance, PAGCOR regulatory requirements, our data processing practices, or the services we offer. The "Last Updated" date at the top of this page will be revised whenever material changes are made.
Where amendments are material — meaning they substantively change how phrich collects, uses, or shares your personal data — phrich will provide advance notice to registered account holders via the email address associated with their account or via a prominent notification on the platform, at least 14 days before the amended Policy takes effect.
Your continued use of the phrich platform after the effective date of any amended Privacy Policy constitutes your acknowledgement of the changes. If you do not agree with any amendment to this Policy, you should cease using the platform and may request account closure as described in the phrich Terms & Conditions.
Contact & Complaints
For any questions, concerns, or requests relating to this Privacy Policy or phrich's data processing practices, please contact phrich's Data Protection Officer:
Live Chat Support
Available 24/7 from your phrich account dashboard. Quote "data privacy" at the start of your chat.
NPC Complaints
Unresolved data privacy complaints may be escalated to the Philippine National Privacy Commission (NPC).
phrich aims to respond to all data privacy requests within 30 calendar days of receipt, in accordance with the timelines prescribed by the Data Privacy Act. Complex requests involving large volumes of data or requiring consultation with PAGCOR may take up to 60 days, in which case phrich will notify you of the extension and its reason.
Your Privacy. Your Game. phrich.
phrich is built on transparency — from our Terms & Conditions to this Privacy Policy. Create your account knowing exactly how your data is protected, or explore the phrich Casino lobby as a returning member.