phalaro is committed to protecting your personal data in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173). This Privacy Policy explains exactly what data we collect, why we collect it, how we use it, and the rights you have as a phalaro account holder and Philippine data subject.
These cards summarize phalaro's core privacy commitments. They are an overview only — please read the full policy below for complete details.
phalaro processes your personal data in full compliance with Republic Act No. 10173 (Philippine Data Privacy Act of 2012) and its Implementing Rules, as administered by the National Privacy Commission (NPC).
As a Philippine data subject, you have the right to be informed, to access, to object, to erasure, to rectification, and to data portability. phalaro honors all these rights subject to applicable legal obligations.
All data transmitted between your device and phalaro's servers is encrypted using industry-standard 256-bit SSL/TLS encryption — the same standard used by Philippine banks and leading financial institutions.
phalaro does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Data sharing is limited to legally required disclosures and necessary service providers.
phalaro only collects personal data that is necessary for account registration, KYC verification, payment processing, regulatory compliance, and service delivery. We do not collect data beyond what we need.
phalaro will notify you of material changes to this Privacy Policy via your registered email address at least 14 days before changes take effect. You are always informed — no silent policy updates.
This Privacy Policy ("Policy") applies to all personal information collected, processed, and stored by phalaro ("phalaro," "we," "us," or "our") in connection with your use of the phalaro online gaming platform accessible at phalaro.app, including all associated mobile-optimized interfaces, subdomains, and application programming interfaces.
phalaro recognizes that the protection of your personal data is a fundamental right under Philippine law. We take our data privacy obligations seriously — not merely as a compliance requirement, but as a core part of the trust relationship we maintain with every player across the Philippines, from Metro Manila to Cebu, from Davao to Iloilo.
By registering an account with phalaro, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein. If you do not agree with this Policy, you must not use phalaro's services.
phalaro is the personal information controller in respect of all personal data collected and processed via the phalaro Platform. As a PAGCOR-licensed online gaming operator, phalaro is registered with the National Privacy Commission (NPC) of the Philippines in compliance with the Data Privacy Act of 2012.
Personal Information Controller
Name: phalaro
Platform: phalaro.app
Jurisdiction: Republic of the Philippines
Regulator: Philippine Amusement and Gaming Corporation (PAGCOR)
Privacy Regulator: National Privacy Commission (NPC)
Data Protection Officer Email: [email protected]
phalaro collects the following categories of personal data in connection with your use of the Platform:
When you create a phalaro account, we collect: full legal name, date of birth, nationality, residential address, email address, and Philippine mobile number. This data is required to create and maintain your account.
To comply with PAGCOR regulations and the Anti-Money Laundering Act (AMLA), phalaro collects copies of your government-issued photo identification (such as PhilSys National ID, Passport, UMID, Driver's License, or Voter's ID), proof of address documents, and in certain cases, source-of-funds documentation. This data is required by law and cannot be waived.
phalaro collects information necessary to process deposits and withdrawals, including GCash account identifiers, PayMaya account details, bank account numbers and names, and transaction records. phalaro does not store complete credit or debit card numbers — card transactions are processed by certified PCI-DSS compliant payment processors.
phalaro maintains records of all gaming activity including game sessions, wagers placed, outcomes, bonuses used, and account balance history. This data is required for regulatory reporting to PAGCOR, responsible gaming monitoring, and dispute resolution.
When you access phalaro, we automatically collect: IP address, device type and identifier, browser type and version, operating system, screen resolution, session timestamps, and pages visited. This data is used for security monitoring, fraud detection, and platform optimization.
Records of your communications with phalaro's customer support team — including chat logs, email correspondence, and support ticket history — are retained for quality assurance, training, and dispute resolution purposes.
| Data Category | Collection Method | Required? |
|---|---|---|
| Identity & Registration | Provided by you at registration | Mandatory |
| KYC Documents | Uploaded by you when requested | Mandatory (regulatory) |
| Financial Data | Provided at deposit/withdrawal | Mandatory for transactions |
| Gameplay Records | Automatically generated | Mandatory (PAGCOR) |
| Device & Technical | Automatically collected | Necessary for service |
| Communications | From support interactions | Where applicable |
| Marketing Preferences | Provided by you via opt-in | Optional |
phalaro processes your personal data on the following lawful grounds as recognized under the Philippine Data Privacy Act of 2012:
phalaro uses your personal data solely for the following specified and legitimate purposes:
phalaro does not sell, rent, or trade your personal data to third parties. We may share your data only in the following limited circumstances:
phalaro is required to share certain player data with PAGCOR as a condition of its operating license. phalaro also complies with lawful requests from the Anti-Money Laundering Council (AMLC), Philippine National Police (PNP), National Bureau of Investigation (NBI), and courts of competent jurisdiction, where supported by proper legal process.
Financial data necessary to process your transactions is shared with phalaro's certified payment processing partners, including GCash, PayMaya, and banking partners. These processors are contractually bound to process your data solely for transaction purposes and in compliance with PCI-DSS and Philippine data privacy standards.
To fulfill its KYC obligations, phalaro may engage certified third-party identity verification service providers. These providers process your identity documents and verification data under strict data processing agreements that prohibit secondary use of your information.
phalaro engages cloud hosting, security, and analytics service providers who may process technical and operational data on phalaro's behalf. All such providers are subject to data processing agreements that limit data use to specified services and require compliance with the Philippine Data Privacy Act.
Live casino and slot game providers may receive anonymized session data for game performance monitoring. No personally identifiable information is shared with game content providers beyond what is technically necessary to authenticate and deliver the game session.
phalaro retains your personal data for the following periods, after which data is securely deleted or anonymized:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account & Identity Data | 5 years after account closure | PAGCOR licensing requirement |
| KYC Documents | 5 years after account closure | AMLA compliance obligation |
| Financial Transaction Records | 5 years from transaction date | AMLA & BIR compliance |
| Gameplay Records | 5 years from session date | PAGCOR reporting obligation |
| Communications & Support Logs | 3 years from interaction date | Dispute resolution |
| Device & Technical Logs | 12 months from collection | Security & fraud prevention |
| Marketing Consent Records | Duration of consent + 1 year | Proof of lawful processing |
Where legal proceedings or regulatory investigations are active or anticipated, data may be retained beyond the standard periods until resolution of the relevant matter.
phalaro implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, and destruction. These measures include:
phalaro uses cookies and similar tracking technologies to operate and improve the Platform. The following categories of cookies are used:
These cookies are essential for the Platform to function and cannot be disabled. They are used to maintain your login session, remember your security preferences, and enable core platform functionality such as deposit and withdrawal workflows.
phalaro uses anonymized analytics cookies to understand how players interact with the Platform — which games are most popular, where players encounter issues, and how to improve the user experience. This data does not identify you personally.
These cookies remember your preferences such as language settings, preferred game lobby view, and display options to provide a more personalized experience within phalaro.
phalaro uses security cookies for fraud detection and prevention, including recognizing trusted devices, detecting anomalous login patterns, and implementing CSRF protection.
You may control non-essential cookies through your browser settings. Disabling strictly necessary cookies will prevent you from logging in to your phalaro account. A full cookie policy with specific cookie names, purposes, and expiry periods is available upon request from phalaro's Data Protection Officer.
Under the Philippine Data Privacy Act of 2012, you have the following rights in respect of your personal data held by phalaro:
To know what personal data we hold about you, why we process it, and how long we retain it.
To request a copy of the personal data phalaro holds about you, in a readable format.
To request correction of inaccurate or outdated personal data in your phalaro account.
To request deletion of your personal data, subject to legal retention obligations under PAGCOR and AML regulations.
To object to the processing of your data for direct marketing or where processing is based on legitimate interests.
To receive your personal data in a structured, machine-readable format for transfer to another service where technically feasible.
To exercise any of these rights, submit a written request to phalaro's Data Protection Officer at [email protected]. phalaro will acknowledge your request within three (3) business days and respond substantively within fifteen (15) business days from receipt of a complete and verified request.
phalaro may request additional verification of your identity before processing a data subject request to protect against unauthorized access to another person's data. Some requests may be refused or limited where fulfillment would conflict with phalaro's legal obligations under PAGCOR regulations or Philippine AML law — in which case phalaro will explain the specific legal basis for any limitation.
If you believe phalaro has not adequately addressed your data privacy concern, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines at privacy.gov.ph.
If you believe that a minor has registered an account with phalaro using false information, please contact phalaro's Data Protection Officer immediately at [email protected] or phalaro's security team at [email protected]. phalaro will investigate the matter on a priority basis and take appropriate action without delay.
Parents and guardians who share devices with minors are advised to use parental control software and to supervise device access to prevent minors from accessing online gambling platforms, including phalaro.
phalaro primarily processes and stores personal data within the Philippines. In limited circumstances, data may be processed by service providers operating from other countries — for example, cloud infrastructure providers with data centers in the Asia-Pacific region.
Any cross-border transfer of Philippine personal data by phalaro is conducted only where:
No personal data is transferred to jurisdictions with materially weaker data protection standards without appropriate contractual safeguards. Details of specific cross-border transfers and the applicable safeguards are available from phalaro's Data Protection Officer upon written request.
In the event of a personal data breach that poses a real risk of serious harm to affected data subjects, phalaro will:
If you suspect that your phalaro account has been compromised or that your personal data has been accessed without authorization, please contact phalaro's security team immediately at [email protected]. Change your password immediately and enable two-factor authentication if not already active.
phalaro may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or regulatory requirements. Material changes — defined as changes that meaningfully affect your rights or the way we process your personal data — will be communicated to you by email to your registered address at least fourteen (14) days before the changes take effect.
Non-material clarifications or corrections may be updated without advance notice. The version number and effective date at the top of this Policy will always reflect the current version. Continued use of phalaro following the effective date of any amendment constitutes acceptance of the updated Policy.
Prior versions of this Privacy Policy are available upon request from the Data Protection Officer.
phalaro has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with the Philippine Data Privacy Act of 2012 and this Privacy Policy. The DPO is your primary point of contact for all data privacy matters.
Data Protection Officer
phalaro Data Protection Officer
Email: [email protected]
Response Time: 3 business days (acknowledgement)
15 business days (substantive response)
General Player Support
For account and service inquiries
Email: [email protected]
Available: 24/7
Languages: English and Filipino
For formal complaints regarding phalaro's data privacy practices that have not been resolved through our internal process, you may lodge a complaint with the National Privacy Commission (NPC) of the Philippines. Information about the NPC complaints process is available on the NPC's official website.
phalaro protects your personal data under Philippine law while giving you access to the best online casino experience in the Philippines. 500,000+ Filipino players trust phalaro. Now you know exactly why. 21+ only — play responsibly.
Must be 21 or older. PAGCOR regulated. RA 10173 Data Privacy Act compliant.