phpopen Privacy Policy

1. Introduction

phpopen ("phpopen", "we", "us", "our") is committed to protecting the personal data of all individuals who access or use the phpopen platform at https://phpopen.club ("Platform"). This Privacy Policy explains what personal data phpopen collects, why we collect it, how we use and protect it, with whom we share it, and what rights you have as a data subject under Philippine law.

This Privacy Policy applies to all users of the phpopen Platform, including registered account holders ("Players") and visitors who browse the Platform without registering. By using the phpopen Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.

phpopen is the personal information controller in respect of data collected through the Platform. phpopen complies with the Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations, as well as the guidelines and circulars issued by the National Privacy Commission (NPC) of the Philippines.

2. Personal Data We Collect

phpopen collects the following categories of personal data, depending on your interaction with the Platform:

2.1 Registration and Account Data

• Full legal name
• Date of birth (to verify the 21+ age requirement)
• Email address
• Mobile number (used for 2FA and account recovery)
• Residential address
• Username and encrypted password
• Nationality and country of residence

2.2 Identity Verification (KYC) Data

• Copies of government-issued photo identification (Philippine passport, driver's license, UMID, SSS ID, or equivalent)
• Proof of address documents (utility bill, bank statement, or equivalent dated within 90 days)
• Selfie or video verification where required for enhanced KYC procedures
• Source of funds declarations for high-volume accounts as required by AML regulations

2.3 Financial and Transaction Data

• GCash mobile number or account reference
• PayMaya account reference
• Bank account details (BPI, BDO, Metrobank) where bank transfer is used
• Transaction history: deposit amounts, dates, payment methods, and references
• Withdrawal requests, amounts, and processing records

2.4 Gaming Activity Data

• Game session records: games played, wager amounts, wins, losses, session duration
• Bonus and promotion usage history
• Responsible gaming settings: deposit limits, self-exclusion requests, cooling-off periods
• Rewards program tier and point balances

2.5 Technical and Device Data

• IP address and approximate geolocation derived from IP
• Device type, operating system, and browser type
• Session timestamps and login/logout records
• Cookies and similar tracking technology data (see Section 9)

2.6 Communications Data

• Live Chat conversation transcripts
• Support ticket records
• Email correspondence with phpopen support or compliance teams

3. How We Collect Your Data

phpopen collects personal data through the following channels:

• Directly from you: When you register an account, complete KYC verification, make a deposit or withdrawal, contact support, or update your account settings on phpopen.
• Automatically: Through cookies, server logs, and analytics tools when you access or use the Platform, as described in Section 9.
• From third parties: From payment processors (GCash, PayMaya, BPI, BDO, Metrobank) when you initiate financial transactions; from identity verification service providers during KYC; and from fraud prevention and AML screening services as required by PAGCOR regulations.

4. Purposes of Processing

phpopen processes your personal data for the following purposes:

• Account management: Creating, maintaining, and securing your phpopen account; authenticating your identity on login.
• Age and identity verification: Confirming you are at least 21 years of age and verifying your identity as required by PAGCOR and Philippine AML regulations.
• Payment processing: Processing deposits and withdrawals via GCash, PayMaya, and Philippine bank transfers.
• Regulatory compliance: Fulfilling phpopen's obligations under PAGCOR licensing conditions, the Anti-Money Laundering Act (RA 9160 as amended), and other applicable Philippine law.
• Game provision: Delivering and personalising the games and services available on the Platform.
• Customer support: Responding to enquiries, resolving disputes, and providing assistance through Live Chat and email.
• Responsible gaming: Implementing deposit limits, self-exclusion, and other player protection tools; identifying and assisting players who may exhibit problem gambling behaviours.
• Security and fraud prevention: Detecting and preventing unauthorised account access, fraud, money laundering, and other prohibited conduct.
• Marketing communications: Sending promotional offers, bonus notifications, and platform updates to opted-in players. You may opt out at any time via your account settings.
• Platform improvement: Analysing aggregated, anonymised usage data to improve the performance and features of phpopen.

5. Legal Basis for Processing

phpopen processes personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual necessity: Processing necessary for the performance of the Player Account Agreement between you and phpopen — including account management, game provision, and payment processing.
• Legal obligation: Processing required to comply with phpopen's obligations under Philippine law, including PAGCOR regulations, the Anti-Money Laundering Act, and the Data Privacy Act itself.
• Legitimate interests: Processing for fraud prevention, security, and platform improvement, where such processing does not override your fundamental rights and freedoms.
• Consent: For marketing communications and non-essential cookies, where your explicit consent has been obtained and can be withdrawn at any time.

6. Sharing of Personal Data

phpopen does not sell your personal data to third parties. phpopen may share your personal data with the following categories of recipients only to the extent necessary for the stated purpose:

• Payment processors: GCash (Mynt — Globe Fintech Innovations, Inc.), PayMaya (Maya Bank), BPI, BDO, and Metrobank, for the purpose of processing your financial transactions.
• KYC and identity verification providers: Third-party identity verification services used to confirm the authenticity of documents you submit during KYC.
• AML screening services: Providers of anti-money laundering transaction monitoring and sanctions screening services.
• Game providers: Third-party game studios and platform providers whose games are available on phpopen, who may receive session data necessary to deliver their games.
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government authorities where disclosure is required by law or regulatory directive.
• IT and infrastructure providers: Cloud hosting and cybersecurity service providers who process data on phpopen's behalf under strict data processing agreements.

7. International Data Transfers

Some of phpopen's third-party service providers — including game studio operators and cloud infrastructure providers — may process data outside the Philippines. Where personal data is transferred internationally, phpopen ensures that appropriate safeguards are in place, including contractual clauses that provide data protection standards equivalent to those required under Philippine law, or transfers to jurisdictions recognised by the NPC as providing adequate data protection.

8. Data Retention

phpopen retains personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following minimum retention periods required by applicable Philippine law:

• KYC and identity documents: Minimum 5 years from account closure, as required by the Anti-Money Laundering Act.
• Financial transaction records: Minimum 5 years from the date of transaction.
• Game session records: Minimum 3 years from the date of the session.
• Account data (active accounts): For the duration of the account plus 5 years following closure.
• Support and communications records: 3 years from the date of the last communication.

Where retention beyond these minimum periods is required for the resolution of ongoing disputes, regulatory investigations, or legal proceedings, phpopen will retain the relevant data until the matter is concluded.

9. Cookies and Tracking Technologies

phpopen uses cookies and similar tracking technologies on the Platform for the following purposes:

• Strictly necessary cookies: Required for the Platform to function — including maintaining your login session, remembering your account preferences, and ensuring security. These cannot be disabled without affecting Platform functionality.
• Analytics cookies: Used to understand how players use phpopen — which pages are visited, session durations, and error rates — in aggregate and anonymised form. This data is used solely to improve the Platform.
• Marketing cookies: Used to deliver relevant promotional content to opted-in players. These are only placed with your explicit consent, which you can withdraw by updating your cookie preferences or account marketing settings.

You can manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will impair your ability to use the phpopen Platform, including the login process.

10. Your Data Subject Rights

Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phpopen:

• Right to be informed: The right to know how your personal data is collected, processed, and used — as described in this Privacy Policy.
• Right of access: The right to request a copy of the personal data phpopen holds about you.
• Right to rectification: The right to have inaccurate or incomplete personal data corrected. You can update most account information directly in your phpopen account settings.
• Right to erasure: The right to request deletion of your personal data where it is no longer necessary for the original processing purpose, subject to phpopen's legal retention obligations.
• Right to object: The right to object to processing based on legitimate interests, including the use of your data for direct marketing purposes.
• Right to data portability: The right to receive your personal data in a structured, commonly used format where technically feasible.
• Right to lodge a complaint: The right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines if you believe phpopen has processed your personal data in breach of the Data Privacy Act.

To exercise any of these rights, contact phpopen's Data Protection Officer via the support email listed on the Platform. phpopen will respond to data subject requests within 15 business days, subject to identity verification requirements.

11. Security Measures

phpopen implements the following technical and organisational security measures to protect your personal data:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the phpopen Platform
• Encrypted storage of passwords — phpopen stores only hashed, salted password representations, never plaintext passwords
• Access controls: personal data is accessible only to phpopen staff with a legitimate need to access it, subject to role-based permissions
• Multi-factor authentication available for all phpopen accounts and mandatory for administrative access
• Regular security assessments and penetration testing of the Platform
• Incident response procedures for data breaches, including NPC notification within 72 hours of discovery of a breach affecting 100 or more individuals

12. Children's Privacy

The phpopen Platform is strictly intended for persons aged 21 years and above. phpopen does not knowingly collect personal data from individuals under the age of 21. If phpopen discovers that personal data has been collected from a person under 21, that data will be immediately deleted and the associated account closed, with any deposits returned to the original funding source in accordance with PAGCOR regulations.

If you have reason to believe that a person under 21 has registered a phpopen account, please report this immediately to our support team via Live Chat.

13. Changes to This Privacy Policy

phpopen reserves the right to amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or PAGCOR regulatory requirements. Material changes will be communicated to registered players via email to the address on file and/or through a prominent notice on the Platform prior to the changes taking effect. The updated Privacy Policy will indicate its effective date.

Continued use of the phpopen Platform after notification of changes constitutes acceptance of the revised Privacy Policy. If you do not accept the revised Privacy Policy, you should close your phpopen account by contacting support.

14. Contact and Data Protection Officer

For questions, concerns, or requests relating to this Privacy Policy or phpopen's data processing practices, or to exercise your data subject rights, please contact us:

• Support (general): [email protected] (plain text — not a link)
• KYC / Data Subject Requests: [email protected] (plain text — not a link)
• Live Chat: Available 24/7 on the phpopen Platform

phpopen's designated Data Protection Officer is responsible for overseeing compliance with the Data Privacy Act of 2012. Contact details for the DPO are available upon request via the support channels above.

If your data subject rights request is not satisfactorily resolved by phpopen, you may escalate your complaint to the National Privacy Commission of the Philippines through their official government channels.