- 1. Introduction
- 2. Data Controller
- 3. Data We Collect
- 4. How We Collect Data
- 5. Purposes of Processing
- 6. Legal Basis
- 7. Data Sharing
- 8. International Transfers
- 9. Data Retention
- 10. Cookies & Tracking
- 11. Data Security
- 12. Your Rights
- 13. Minors & Under-21
- 14. Third-Party Links
- 15. Policy Amendments
- 16. Contact & DPO
1 Introduction
This Privacy Policy ("Policy") describes how viphp ("we", "us", "our", "the Platform") collects, uses, stores, discloses, and protects the personal data of individuals ("you", "the Player", "the User") who access or use the online gaming platform available at viphp.org and any related browser-based services operated under the viphp brand.
viphp is committed to protecting the privacy and personal data of all users, with particular regard to Filipino players across Metro Manila, Cebu, Davao, and every other region of the Philippines. This Policy is designed to be clear and readable — not buried in inaccessible legal jargon — because we believe Filipino players deserve to understand exactly how their personal information is handled.
This Policy should be read together with the viphp Terms & Conditions, which govern your use of the platform more broadly. By creating a viphp account or using the platform in any manner, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.
2 Data Controller
For the purposes of the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, "DPA") and its Implementing Rules and Regulations, viphp acts as the personal information controller ("PIC") in respect of the personal data processed through the viphp platform.
As a personal information controller, viphp determines the purposes for which and the means by which personal data is processed. viphp has designated a Data Protection Officer ("DPO") to oversee compliance with the DPA and to serve as the point of contact for data subjects exercising their rights. Contact details for the DPO are provided in Section 16 of this Policy.
Certain data processing functions — including payment processing by GCash, PayMaya, BPI, BDO, and Metrobank; game delivery by licensed providers such as JILI, Pragmatic Play, and PG Soft; and fraud screening by third-party security services — are carried out by personal information processors acting under viphp's instructions and subject to data processing agreements that impose equivalent data protection obligations.
3 Categories of Personal Data We Collect
The following table describes the categories of personal data that viphp collects from players in the course of operating the platform:
| Category | Examples | Required? |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, government ID type and number (UMID, Passport, Driver's License, PhilHealth ID, VOTERID, etc.), selfie photograph | Yes — for KYC |
| Contact Data | Philippine mobile number, email address, registered residential address | Yes — for account |
| Account Data | Username, encrypted password hash, account tier, VIP level, loyalty points balance, preferences | Yes — for account |
| Financial Data | GCash account reference, PayMaya reference, bank account details (BPI/BDO/Metrobank), deposit history, withdrawal history, transaction amounts in PHP | Yes — for payments |
| Gameplay Data | Game sessions, bet amounts, win/loss records, game titles played, RNG audit logs, sports bets placed | Yes — for operations |
| Technical Data | IP address, device type, browser type and version, operating system, screen resolution, session timestamps, cookie identifiers | Yes — automatic |
| Communication Data | Live chat transcripts, email correspondence with viphp support, complaint records | When you contact us |
| Marketing Data | Marketing communication preferences, promotion participation history, bonus claim records | Optional |
viphp does not intentionally collect sensitive personal information (as defined under Section 3(l) of the DPA) unless required by applicable law. Where the submission of a government-issued ID reveals sensitive information such as medical conditions or religious affiliation incidentally, such information is not recorded or processed for any purpose other than age and identity verification.
4 How We Collect Your Personal Data
viphp collects personal data through the following channels and mechanisms:
- Direct submission — account registration: You provide your name, date of birth, mobile number, and email address when creating your viphp account.
- Direct submission — KYC verification: You upload your government-issued Philippine ID and a selfie photograph when completing identity verification prior to your first withdrawal.
- Direct submission — payment transactions: Your GCash, PayMaya, or bank account reference details are captured when you initiate a deposit or withdrawal through the viphp cashier.
- Direct submission — support interactions: Any personal data you voluntarily share during live chat sessions, email correspondence, or complaint submissions is recorded as part of the support record.
- Automated collection — platform usage: viphp's servers automatically record technical data including IP addresses, device identifiers, browser information, session durations, and page navigation paths each time you access the platform.
- Automated collection — cookies and tracking technologies: viphp uses session cookies and functional cookies to maintain your login state, record your preferences, and ensure the correct delivery of platform features. See Section 10 for full cookie details.
- Third-party data: Where applicable, viphp may receive personal data from third-party payment processors (e.g., GCash transaction confirmation data), fraud prevention partners, and identity verification services to supplement the information you provide directly.
5 Purposes of Processing
viphp processes your personal data for the following specific, legitimate purposes:
| Purpose | Description | Data Used |
|---|---|---|
| Account Management | Creating and maintaining your viphp player account, authenticating your login, managing your session and preferences. | Identity, Contact, Account |
| KYC & Age Verification | Verifying that you are at least 21 years of age and confirming the accuracy of the identity information you provided during registration. | Identity |
| Payment Processing | Processing GCash, PayMaya, BPI, BDO, Metrobank, and USDT deposits and withdrawals in Philippine Peso, and maintaining transaction records. | Identity, Financial |
| Legal Compliance | Meeting obligations under Philippine anti-money laundering law (R.A. 9160 as amended), PAGCOR regulatory requirements, and tax reporting where applicable. | Identity, Financial, Gameplay |
| Fraud Prevention | Detecting and preventing multi-accounting, bonus abuse, unauthorized access, payment fraud, and other prohibited conduct on the viphp platform. | Technical, Financial, Account |
| Customer Support | Responding to your support requests, resolving complaints, and maintaining records of interactions for quality assurance purposes. | Communication, Identity |
| Responsible Gaming | Monitoring for signs of problem gambling behavior, applying deposit limits and self-exclusion restrictions, and providing responsible gaming support. | Financial, Gameplay, Account |
| Platform Improvement | Analyzing aggregated usage data to improve game selection, cashier performance, load times, and overall user experience on viphp. | Technical (aggregated/anonymized) |
| Marketing | Sending promotional offers, bonus notifications, and event updates to players who have opted in to marketing communications from viphp. | Contact, Marketing |
6 Legal Basis for Processing
Under the Philippine Data Privacy Act of 2012, viphp processes personal data based on one or more of the following lawful grounds for each processing purpose:
- Contractual necessity: Processing required for the performance of your viphp account agreement — including account creation, payment processing, and game delivery — is based on the contractual relationship between you and viphp established upon account registration.
- Legal obligation: Processing required to comply with Philippine laws, including the Anti-Money Laundering Act (R.A. 9160 as amended by R.A. 10365), PAGCOR regulatory obligations, and the National Telecommunications Commission's requirements, is based on our legal obligations under applicable law.
- Consent: Processing for marketing communications and optional profiling for personalized offers is based on your freely given, specific, and informed consent. You may withdraw consent at any time without prejudice to your account access.
- Legitimate interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and anonymized analytics is based on viphp's legitimate interests in operating a safe, compliant, and commercially viable gaming platform, balanced against your rights and interests as a data subject.
7 Data Sharing & Disclosure
viphp does not sell, rent, or trade your personal data to third parties for their own commercial purposes. We share personal data only in the following circumstances and with the following categories of recipients:
- Game providers: JILI Technology, Evolution Gaming, Pragmatic Play, PG Soft, Spade Gaming, and other licensed game providers receive the minimum data necessary to deliver game sessions and settle winnings (typically a pseudonymous player identifier and session token).
- Payment processors: GCash, PayMaya, BPI, BDO, Metrobank, and USDT processing partners receive the payment data necessary to process deposits and withdrawals on your behalf. These providers are independently regulated and subject to their own data protection obligations.
- Identity verification services: Third-party KYC and identity verification providers may process government ID images and selfie photographs solely for the purpose of age and identity verification on viphp's behalf.
- Fraud prevention and security partners: We may share technical data (IP address, device fingerprint, transaction patterns) with licensed fraud prevention services to detect and prevent financial crime and account abuse.
- Regulatory authorities: viphp is required by Philippine law to disclose certain player transaction data to PAGCOR, the Anti-Money Laundering Council (AMLC), and other competent authorities upon lawful request. We comply with all lawful disclosure obligations.
- Legal and professional advisors: viphp may share personal data with legal counsel, auditors, and compliance consultants under confidentiality obligations where necessary for the defence of legal claims or regulatory proceedings.
8 International Data Transfers
Some of the third-party service providers engaged by viphp — particularly game providers and infrastructure partners — may process personal data on servers located outside of the Philippines. Where personal data is transferred internationally, viphp takes the following steps to ensure equivalent protection:
- International transfers are conducted only to recipients located in jurisdictions that the National Privacy Commission recognizes as providing adequate data protection, or pursuant to approved contractual mechanisms (standard contractual clauses) that impose binding data protection obligations on the receiving entity.
- International game providers (JILI, Pragmatic Play, Evolution, PG Soft) are licensed operators subject to certification and audit requirements from their respective licensing authorities, which include data security standards.
- viphp retains primary responsibility for personal data processed on your behalf and will remain accountable for any international processing conducted under its instructions.
9 Data Retention
viphp retains personal data for as long as is necessary to fulfill the purposes for which it was collected, subject to the following minimum retention periods mandated by Philippine law and regulatory obligations:
| Data Category | Retention Period | Basis |
|---|---|---|
| KYC & Identity Documents | Minimum 5 years from account closure | AMLC / PAGCOR requirements |
| Financial Transaction Records | Minimum 5 years from transaction date | R.A. 9160 (AMLA) |
| Gameplay & Betting Records | Minimum 3 years from date of activity | PAGCOR licensing obligations |
| Account Registration Data | Duration of account + 5 years post-closure | Contractual / Legal |
| Customer Support Records | 3 years from last interaction | Legal dispute / NPC guidelines |
| Marketing Preferences | Until consent withdrawal + 1 year | Consent-based processing |
| Technical / Log Data | 12 months from collection | Fraud prevention / Security |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymized so that it can no longer be attributed to an identifiable individual. Where data must be retained beyond the standard retention period due to an ongoing legal proceeding, regulatory investigation, or dispute, the data will be preserved until the matter is concluded and the applicable post-resolution retention period has elapsed.
10 Cookies & Tracking Technologies
viphp uses cookies and similar tracking technologies to operate the platform effectively and to provide a consistent, personalized experience to Filipino players. A cookie is a small text file placed on your device by the viphp website when you visit it. Cookies do not contain executable code and cannot access other information stored on your device.
The following categories of cookies are used on the viphp platform:
- Strictly Necessary Cookies: These cookies are essential for the operation of the viphp platform. They manage your login session, maintain your authenticated state, and ensure the correct functioning of the cashier and game delivery systems. These cookies cannot be disabled without significantly impairing your ability to use viphp.
- Functional Cookies: These cookies remember your preferences — such as your selected language, currency display settings, and game lobby view — so that viphp can deliver a consistent experience across sessions.
- Analytics Cookies: viphp uses anonymized analytics tools to understand how players navigate the platform — which pages are visited most frequently, where players encounter difficulties, and how long sessions last. This data is aggregated and cannot be used to identify individual players.
- Security Cookies: Short-lived cookies used by viphp's fraud detection system to assess session risk and detect unusual login patterns that may indicate unauthorized account access.
viphp does not deploy third-party advertising cookies or cross-site tracking technologies. You may manage or delete cookies through your browser settings. Please note that disabling strictly necessary cookies will impair platform functionality and may prevent you from accessing your viphp account.
11 Data Security Measures
viphp implements and maintains comprehensive technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, and unlawful disclosure. These measures include:
- 256-bit SSL/TLS encryption applied to all data transmitted between your device and the viphp platform.
- Password hashing using industry-standard one-way hashing algorithms with unique salt values — viphp staff cannot read your password.
- Two-factor authentication (2FA) via OTP to your registered Philippine mobile number, available to all account holders and strongly recommended for all active viphp players.
- Role-based access controls restricting access to player personal data to only those viphp staff members whose specific job function requires it, governed by a principle of least privilege.
- Encrypted data storage for sensitive fields including KYC document images and financial data, stored at rest using AES-256 encryption.
- Regular security audits and penetration testing conducted by independent third-party security assessors to identify and remediate vulnerabilities in the viphp platform.
- Incident response procedures including a documented data breach response plan that meets the 72-hour notification requirement to the National Privacy Commission prescribed under the DPA's Implementing Rules.
12 Your Data Subject Rights
As a data subject under the Philippine Data Privacy Act of 2012, you have the following rights in respect of your personal data processed by viphp. You may exercise any of these rights at any time by submitting a written request to the viphp Data Protection Officer at [email protected].
viphp will acknowledge data subject requests within 5 business days and provide a substantive response within 15 business days of receipt. Where a request requires additional time due to complexity, viphp will notify you of the extension and the reasons for it.
If you are not satisfied with viphp's response to a data subject rights request, or if you believe viphp has processed your personal data in breach of the DPA, you have the right to lodge a complaint with the Philippine National Privacy Commission (NPC). Information about filing complaints with the NPC is available on the NPC's official website.
13 Minors & Under-21 Policy
If viphp becomes aware that personal data has been collected from a person under 21 years of age — whether through incomplete age verification, the provision of false information, or any other means — that data will be deleted promptly upon discovery, the associated account will be closed, and any deposits made by the underage individual will be handled in accordance with the viphp Terms & Conditions.
Parents and guardians who become aware that their child under 21 has accessed the viphp platform or submitted personal data to viphp should contact the viphp Data Protection Officer immediately at [email protected] with a written request for data deletion. viphp will take prompt action upon receipt of such a request.
14 Third-Party Links
The viphp platform may contain references or links to the websites of third-party game providers, payment services, or other entities. These third-party websites operate independently of viphp and are governed by their own privacy policies. viphp is not responsible for the privacy practices, data security measures, or content of any third-party websites accessed from the viphp platform.
We encourage you to review the privacy policy of any third-party service you use in connection with your viphp gaming activity — particularly GCash, PayMaya, and your banking institution — to understand how your financial data is processed on their end.
15 Amendments to This Policy
viphp reserves the right to update or amend this Privacy Policy from time to time. Where changes are material — particularly changes that affect the categories of data collected, the purposes for which data is processed, your data subject rights, or our data sharing practices — viphp will provide advance notice by posting a notification on the viphp homepage or delivering an in-platform or email notification to registered players.
The effective date at the top of this Policy indicates the version currently in force. We encourage you to review this Policy periodically so that you remain informed about how viphp handles your personal data. Your continued use of the viphp platform following any amendment to this Policy constitutes your acknowledgment of the updated version.
Historical versions of the viphp Privacy Policy may be obtained upon written request submitted to [email protected].
16 Contact & Data Protection Officer
For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by viphp, please contact us through the following channels. All data subject rights requests should be submitted in writing for accurate tracking and response:
Data Protection Officer (DPO): viphp Data Privacy Office
Email: [email protected] — Subject line: "Data Privacy Request"
Live Chat: Available 24/7 on viphp.org — average response under 3 minutes
Response Time: Acknowledgment within 5 business days; substantive response within 15 business days
If you wish to escalate a privacy concern or file a formal complaint that viphp has not resolved to your satisfaction, you may contact the Philippine National Privacy Commission (NPC), which has regulatory authority over personal data processing activities in the Philippines.