phrich Privacy Policy

Last Updated: June 2026  |  Applies to all phrich accounts and visitors  |  Republic of the Philippines

Contents
  1. Introduction
  2. Data Controller
  3. Data We Collect
  4. How We Use Your Data
  5. Legal Bases for Processing
  6. Data Sharing & Disclosure
  7. Cookies & Tracking
  8. Data Retention
  9. Data Security
  10. Your Rights
  11. Children's Privacy
  12. Cross-Border Transfers
  13. Amendments
  14. Contact & Complaints
Your privacy matters to phrich. This Privacy Policy explains exactly what personal data phrich collects from registered players and site visitors, why we collect it, how we use it, and the rights you hold under the Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations. Please read this document carefully.

1. Introduction

This Privacy Policy ("Policy") is issued by phrich ("phrich," "we," "us," or "our"), operator of the online gaming platform accessible at phrich.club ("Platform"). This Policy applies to all personal data processed by phrich in connection with your registration, use of the Platform, customer support interactions, and any other touchpoint between you and phrich.

phrich is committed to protecting the personal data of all users — whether you are a registered player in Metro Manila, a visitor browsing from Cebu, or a prospective player in Davao who has not yet created an account. We process personal data in accordance with the Republic Act No. 10173 (Data Privacy Act of 2012, "DPA"), its Implementing Rules and Regulations, the National Privacy Commission ("NPC") issuances, PAGCOR data governance requirements, and applicable international best practices.

By accessing or using the phrich Platform, you acknowledge that you have read and understood this Policy. If you do not agree with any provision of this Policy, you must discontinue use of the Platform and contact us to arrange deletion of your account and associated data.

2. Data Controller

phrich is the data controller responsible for personal data processed through the Platform. As data controller, phrich determines the purposes and means of processing your personal data and is responsible for ensuring that processing is conducted lawfully, fairly, and transparently in accordance with the DPA.

phrich has appointed a Data Protection Officer ("DPO") in compliance with the DPA. Questions, requests, and complaints relating to data privacy may be directed to the DPO via the contact information provided in Section 14 of this Policy.

3. Personal Data We Collect

phrich collects the following categories of personal data:

  • Registration Data: Full legal name, date of birth, Philippine mobile number, email address, and residential address as provided during account creation. This information is required to create and verify your phrich account.
  • Identity Verification (KYC) Data: Government-issued identification documents (such as Philippine passport, SSS/UMID card, driver's license, or PhilSys ID), selfie photographs for liveness verification, and proof of address documents. KYC data is collected in compliance with PAGCOR requirements and the Anti-Money Laundering Act (AMLA).
  • Financial Transaction Data: GCash account reference numbers, PayMaya account references, BPI/BDO/Metrobank bank account numbers (last four digits), deposit and withdrawal amounts, transaction timestamps, and running account balance history.
  • Gaming Activity Data: Game titles played, bet amounts, win/loss outcomes, session start and end times, responsible gaming tool settings (deposit limits, session timers, cool-off periods), and self-exclusion status.
  • Device and Technical Data: IP address, browser type and version, operating system, device identifier, screen resolution, referring URL, and session cookies. This data is collected automatically when you access the Platform.
  • Communications Data: Records of support conversations (live chat logs, email correspondence), SMS OTP delivery records, and any feedback or complaint submissions.
  • Location Data: General geolocation inferred from IP address for the purpose of jurisdictional compliance and fraud prevention. phrich does not collect GPS-level precise location data without explicit consent.

phrich does not collect sensitive personal information beyond what is strictly necessary for identity verification and regulatory compliance (e.g., government ID numbers). We do not collect biometric data beyond liveness-check photographs required for KYC, and we do not collect financial account login credentials for your GCash or bank accounts.

4. How We Use Your Personal Data

phrich processes your personal data for the following purposes:

  • Account Creation and Management: To register, verify, and manage your phrich account, authenticate your identity at login, and maintain the integrity of the one-account-per-person policy.
  • Service Delivery: To provide access to games, process deposits and withdrawals, calculate winnings, apply bonuses, and deliver the core gaming service for which you registered.
  • Regulatory and Legal Compliance: To comply with PAGCOR licensing requirements, the Anti-Money Laundering Act (AMLA), the Data Privacy Act (DPA), PAGCOR responsible gaming obligations, and any applicable court orders or regulatory directives from Philippine authorities.
  • Fraud Prevention and Security: To detect and prevent unauthorized account access, fraudulent transactions, money laundering, bonus abuse, and other prohibited conduct as defined in the phrich Terms and Conditions.
  • Customer Support: To respond to your inquiries, resolve disputes, process responsible gaming requests, and improve the quality of the phrich support service.
  • Responsible Gaming: To enforce deposit limits, session timers, self-exclusion orders, and other responsible gaming tools you have activated, and to identify behavioral patterns that may indicate problem gambling in accordance with PAGCOR responsible gaming guidelines.
  • Marketing Communications: To send promotional offers, bonus notifications, and platform updates via SMS or in-platform notifications — but only where you have not opted out, and never to players subject to active responsible gaming restrictions.
  • Platform Improvement: To analyze aggregate usage patterns, identify technical issues, test new features, and improve the overall performance and user experience of the phrich Platform.

5. Legal Bases for Processing

Under the Data Privacy Act of 2012, phrich relies on the following lawful bases for processing personal data:

  • Contractual Necessity: Processing required to fulfill our obligations under the phrich Terms and Conditions — including account management, payment processing, and game delivery.
  • Legal Obligation: Processing required to comply with PAGCOR directives, AMLA requirements, court orders, and other mandatory Philippine legal obligations.
  • Legitimate Interests: Processing for fraud prevention, platform security, and responsible gaming monitoring, where such interests are not overridden by your rights and freedoms.
  • Consent: Processing for marketing communications, optional analytics cookies, and any other purposes not covered by the above bases — where you have given explicit, informed, and freely given consent that can be withdrawn at any time.

6. Data Sharing and Disclosure

phrich does not sell your personal data to third parties. We may share your data with the following categories of recipients only as necessary and on a need-to-know basis:

  • PAGCOR and Regulatory Authorities: phrich is required to submit player data, transaction records, and responsible gaming reports to PAGCOR on a periodic and on-demand basis. This is a mandatory regulatory obligation and cannot be refused.
  • Payment Service Providers: GCash (GXI), PayMaya (Voyager), BPI, BDO, Metrobank, and InstaPay network operators receive the minimum data necessary to process your deposits and withdrawals.
  • Game Providers: JILI Games, Pragmatic Play, PG Soft, Evolution Gaming, and other certified game providers receive anonymous session tokens required for game delivery. Game providers do not receive your full identity or payment data.
  • KYC and AML Service Providers: Third-party identity verification platforms that assist phrich in fulfilling KYC and AML obligations. These providers are bound by data processing agreements and may not use your data for any purpose other than verification.
  • Philippine Law Enforcement: phrich will disclose personal data to the Philippine National Police (PNP), National Bureau of Investigation (NBI), Anti-Money Laundering Council (AMLC), or other competent authorities when legally required to do so.

All third-party service providers that process personal data on behalf of phrich are bound by data processing agreements that require them to maintain appropriate security standards and process data only in accordance with phrich's instructions.

7. Cookies and Tracking Technologies

phrich uses the following categories of cookies and similar tracking technologies:

  • Strictly Necessary Cookies: Required for the Platform to function — session management, authentication tokens, CSRF protection, and load balancing. These cannot be disabled.
  • Functional Cookies: Remember your preferences such as language settings, game lobby filters, and responsible gaming tool configurations. These improve your experience but are not essential.
  • Analytics Cookies: Collect aggregate, anonymized data about Platform usage — page views, session duration, game popularity, and error rates — to help us improve the Platform. These are set only with your consent.

You may manage your cookie preferences through your browser settings. Disabling strictly necessary cookies will impair Platform functionality and may prevent login. phrich does not use third-party advertising cookies or cross-site tracking technologies.

8. Data Retention

phrich retains personal data for the following periods:

  • Active Account Data: Retained for the duration of your registered phrich account plus five (5) years following account closure, in compliance with PAGCOR record-keeping requirements and the AMLA's prescribed retention periods.
  • Transaction Records: Financial transaction records are retained for a minimum of ten (10) years from the date of the transaction, as required under the AMLA.
  • KYC Documents: Retained for five (5) years following account closure or the completion of the transaction for which verification was performed, whichever is later.
  • Support Communications: Live chat logs and email correspondence are retained for three (3) years from the date of the interaction.
  • Anonymous Analytics Data: Aggregate, anonymized analytics data that cannot be linked to an individual is retained indefinitely for Platform improvement purposes.

Upon expiry of the applicable retention period, phrich will securely delete or anonymize your personal data in accordance with NPC-approved data disposal procedures.

9. Data Security

phrich implements the following technical and organizational security measures to protect your personal data:

  • 256-bit SSL/TLS encryption for all data in transit between your device and the phrich Platform.
  • AES-256 encryption for sensitive data at rest, including KYC documents and financial records.
  • Role-based access controls ensuring that phrich staff can only access personal data necessary for their specific job function.
  • Regular penetration testing and vulnerability scanning of Platform infrastructure.
  • SMS OTP two-factor authentication for all account login and sensitive account actions.
  • Automated monitoring for suspicious login patterns, unusual transaction volumes, and potential account compromise indicators.

In the event of a personal data breach that is reasonably likely to result in risk to your rights and freedoms, phrich will notify the National Privacy Commission within 72 hours of becoming aware of the breach, and will notify affected players without undue delay as required by NPC Circular 16-03.

10. Your Rights Under the Data Privacy Act

As a data subject under the Republic Act No. 10173, you hold the following rights with respect to your personal data processed by phrich:

  • Right to Be Informed: The right to know what personal data phrich collects, why, and how it is used — as described in this Policy.
  • Right of Access: The right to request a copy of the personal data phrich holds about you, free of charge, once per calendar year.
  • Right to Rectification: The right to request correction of inaccurate or incomplete personal data. Identity changes require documentary proof.
  • Right to Erasure: The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to overriding legal retention obligations (AMLA, PAGCOR records requirements).
  • Right to Object: The right to object to processing based on legitimate interests, including direct marketing communications. Marketing opt-out requests will be honored within 24 hours.
  • Right to Data Portability: The right to receive a copy of your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract.
  • Right to Lodge a Complaint: The right to file a complaint with the National Privacy Commission if you believe phrich has violated your data privacy rights. NPC contact details are available at the NPC's official website.

To exercise any of the above rights, submit a written request to the phrich Data Protection Officer using the contact details in Section 14. phrich will respond to all rights requests within fifteen (15) business days of receipt.

11. Children's Privacy

The phrich Platform is strictly intended for adults aged 21 years and above. phrich does not knowingly collect personal data from individuals under the age of 21. If phrich discovers that personal data has been collected from a minor, the account will be immediately suspended, the data will be deleted, and the matter will be reported to PAGCOR in accordance with its responsible gaming obligations. If you believe a minor has registered on the phrich Platform, please contact support immediately.

12. Cross-Border Data Transfers

Some of phrich's service providers — including certain game providers and cloud infrastructure operators — may be located outside the Philippines. Where personal data is transferred to a jurisdiction that does not offer an equivalent level of data protection to the DPA, phrich will ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the NPC, or that the transfer is covered by an adequacy determination. phrich will not transfer personal data to any jurisdiction that poses an unacceptable risk to your privacy rights without your explicit consent, except where required by Philippine law.

13. Amendments to This Policy

phrich reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, regulatory requirements, or Platform features. Material changes will be communicated to registered players via SMS notification to the registered Philippine mobile number or via a prominent in-platform notice at least seven (7) days before the revised Policy takes effect. Continued use of the Platform following the effective date of any amendment constitutes acceptance of the revised Policy. The date of the most recent revision is displayed at the top of this page.

14. Contact and Complaints

For privacy-related inquiries, data subject rights requests, or to contact the phrich Data Protection Officer, please reach our support team via live chat on the Platform. Our team is available 24 hours a day, 7 days a week. Written requests may also be sent to the email address displayed in the footer of this page — note that the email address is displayed as plain text only and is not a clickable link.

If you are not satisfied with phrich's response to a privacy complaint, you have the right to escalate the matter to the National Privacy Commission of the Philippines. Further information about the phrich compliance framework and PAGCOR licensing is available on the About Us page.

How phrich Protects Your Privacy

A summary of the data protection commitments phrich makes to every registered player and site visitor.

256-Bit SSL Encryption

All data transmitted between your device and the phrich Platform is protected by 256-bit SSL/TLS encryption — the same standard used by Philippine banks. Your login credentials, payment details, and personal information are never sent in plain text.

DPA-Compliant Data Handling

phrich processes all personal data in strict compliance with the Republic Act No. 10173 (Data Privacy Act of 2012) and NPC regulations. A dedicated Data Protection Officer oversees all data processing activities and is available to handle your rights requests.

No Data Selling — Ever

phrich will never sell your personal data to advertising networks, data brokers, or any third party for commercial purposes. Your data is used solely for the delivery and improvement of the phrich service, regulatory compliance, and fraud prevention.

Your Rights, Respected

You have full rights of access, rectification, erasure, objection, and portability over your phrich personal data under the DPA. All rights requests are responded to within 15 business days. Marketing opt-outs are honored within 24 hours of receipt.

Questions About Your phrich Data?

Contact the phrich support team or Data Protection Officer anytime — 24/7 in English and Tagalog. We're here for every question, big or small.

24/7 Filipino Support PAGCOR Licensed DPA Compliant Terms & Conditions Responsible Gaming