openph Privacy
Policy

This Privacy Policy governs the collection, processing, storage, sharing, and disposal of personal data by openph in connection with the operation of the openph online casino and sports betting platform accessible at openph.vip (the "Platform").

This Policy applies to all individuals who visit, register on, or interact with the Platform, including registered Players, former Players whose accounts have been closed, and individuals who visit the Platform without registering an account. It covers personal data processed through all access channels — desktop browsers, mobile browsers, and any future native application formats.

This Policy should be read alongside the openph Terms & Conditions, which are incorporated by reference. Where there is a conflict between this Privacy Policy and the Terms & Conditions on a data privacy matter, this Privacy Policy takes precedence.

For the purposes of the Data Privacy Act of 2012, openph is the personal information controller in respect of all personal data collected and processed through the Platform. openph determines the purposes for which personal data is processed and the means by which that processing is carried out.

openph has designated a Data Protection Officer (DPO) as required under Section 21 of the Data Privacy Act of 2012. The DPO is responsible for ensuring openph's compliance with data privacy obligations, handling data subject rights requests, and serving as the point of contact for the National Privacy Commission on data privacy matters.

openph collects the following categories of personal data in connection with the operation of the Platform and our obligations as a PAGCOR-regulated gaming operator:

openph collects personal data through the following channels and mechanisms:

• Direct provision by you: When you register an account on openph, complete KYC verification, make a deposit or withdrawal request, contact support, or update your account settings, you directly provide personal data to openph;
• Automatic collection: When you access and use the Platform, openph's systems automatically collect technical data including your IP address, device identifiers, browser information, and session activity logs. This collection is necessary for security, fraud prevention, and platform functionality purposes;
• Payment processors: When you transact via GCash, Maya, BPI, BDO, Metrobank, or other payment methods, openph receives transaction confirmation data from the relevant payment processor sufficient to credit or debit your Wallet;
• KYC verification partners: openph uses a third-party identity verification service to process KYC submissions. This service receives your ID document images and selfie, performs automated and manual verification checks, and returns a verification result to openph;
• Cookies and similar technologies: The openph Platform uses cookies and similar tracking technologies as described in Section 11 of this Policy;
• Regulatory and third-party sources: In limited circumstances, openph may receive personal data about you from PAGCOR, law enforcement agencies, or fraud prevention services as required by applicable law.

openph processes your personal data for the following specific, legitimate purposes:

• Account registration and management: To create and maintain your openph Account, authenticate your identity at login, and manage your account settings and preferences;
• KYC and age verification: To verify that you are at least 21 years of age and to confirm your identity as required by PAGCOR regulations and Philippine anti-money-laundering laws before enabling Real Money Play and withdrawals;
• Payment processing: To process your deposits and withdrawals through GCash, Maya, and other supported Philippine payment methods, and to maintain accurate transaction records;
• Game delivery and record-keeping: To operate, deliver, and log all gaming activity on your account, maintain accurate game result records, and calculate and credit winnings;
• Fraud prevention and security: To monitor your account for unauthorized access, detect and prevent fraud, collusion, and bonus abuse, and to protect the security and integrity of the Platform;
• AML compliance: To monitor transactions for activity that may indicate money laundering, terrorist financing, or other financial crimes as required under the Anti-Money Laundering Act (AMLA) of the Philippines and PAGCOR directives;
• Responsible gaming: To monitor gaming behaviour for signs of problem gambling and to apply responsible gaming tools — including deposit limits, session timers, and self-exclusion — in response to your requests or as required by regulation;
• Customer support: To respond to your inquiries, resolve disputes, and provide technical support through live chat and email channels;
• Marketing communications: To send you promotional offers, bonus notifications, and platform updates where you have provided valid consent for such communications. You may withdraw this consent at any time through your account settings;
• Legal compliance and regulatory reporting: To comply with our obligations under Philippine law, including PAGCOR licence conditions, tax reporting requirements, and any lawful request from a competent Philippine authority.

Under the Data Privacy Act of 2012, openph relies on the following legal bases for processing your personal data:

• Contractual necessity: Processing required to perform the contract between you and openph — including account management, payment processing, game delivery, and customer support — is based on contractual necessity under Section 12(b) of RA 10173;
• Legal obligation: Processing required to comply with PAGCOR licence conditions, the Anti-Money Laundering Act, the Data Privacy Act itself, tax laws, and other applicable Philippine legal obligations is based on legal compliance under Section 12(c) of RA 10173;
• Legitimate interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and service improvement is based on openph's legitimate interests under Section 12(f) of RA 10173, where those interests are not overridden by your rights and interests;
• Consent: Processing for marketing communications and non-essential cookies is based on your freely given, specific, informed, and unambiguous consent. You may withdraw consent for these processing activities at any time without affecting the lawfulness of processing before withdrawal.

openph does not sell your personal data to third parties under any circumstances. openph may share your personal data only in the following limited and controlled circumstances:

• Payment service providers: GCash (G-Xchange, Inc.), Maya (PayMaya Philippines, Inc.), BPI, BDO, Metrobank, and other payment facilitators — to process your deposits and withdrawals. These providers receive only the data necessary to complete your transaction;
• KYC and identity verification services: Third-party identity verification partners who process your government ID and selfie image for the purpose of age and identity verification. These partners are contractually bound to process your data only for the KYC purpose and to apply appropriate security measures;
• Game software providers: Third-party game studios and live dealer operators who supply games accessible through the openph Platform. These providers may receive your Player ID and game session data necessary to operate their games. They are not provided with your full identity or financial data;
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the Bureau of Internal Revenue (BIR), the National Privacy Commission (NPC), and law enforcement agencies — where disclosure is required by law, court order, or regulatory directive;
• Fraud prevention services: Industry-standard fraud detection and prevention platforms that assist openph in identifying unusual account activity and protecting players from unauthorized access;
• Cloud infrastructure providers: Data hosting and cloud service providers who store Platform data on behalf of openph. These providers operate as data processors under written data processing agreements that require them to implement appropriate security measures and process data only on openph's instructions.

Some of the third-party service providers openph uses to operate the Platform — including certain game software providers, cloud infrastructure providers, and fraud prevention services — may be located outside the Philippines. Where your personal data is transferred to a jurisdiction outside the Philippines, openph ensures that appropriate safeguards are in place to protect your data in accordance with RA 10173.

These safeguards include:

• Contractual data protection clauses requiring overseas recipients to apply data protection standards equivalent to those required under Philippine law;
• Transfer only to jurisdictions that the National Privacy Commission of the Philippines has determined provide an adequate level of data protection;
• Technical controls that limit the personal data transferred to overseas recipients to the minimum necessary for the specific service being provided.

openph will not transfer your sensitive personal information — including government ID data and financial account details — to overseas recipients except where strictly required for KYC verification by a provider operating under equivalent data protection standards.

openph retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law and regulatory obligations. The following retention periods apply:

When personal data is no longer required for the purposes for which it was collected and no legal retention obligation applies, openph will securely delete or irreversibly anonymize the data in accordance with our data disposal procedures.

openph implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• 256-bit SSL/TLS encryption: All data transmitted between your device and the openph Platform is encrypted using 256-bit SSL/TLS encryption, preventing interception during transmission;
• Encryption at rest: Sensitive personal data — including KYC documents and financial account details — is encrypted when stored on openph's servers using industry-standard encryption algorithms;
• Access controls: Access to personal data within openph's systems is restricted on a strict need-to-know basis. All staff access is logged, monitored, and subject to periodic review;
• Two-factor authentication: Internal system access by openph staff is protected by multi-factor authentication. Players are also offered 2FA for their account logins;
• Intrusion detection and monitoring: openph operates continuous security monitoring across its Platform infrastructure to detect and respond to unauthorized access attempts in real time;
• Penetration testing: The Platform undergoes periodic independent security testing to identify and remediate potential vulnerabilities before they can be exploited;
• Staff training: All openph staff who handle personal data receive data privacy and security training as part of their onboarding and on a regular ongoing basis.

The openph Platform uses cookies and similar tracking technologies to operate core platform functions, enhance your user experience, and — with your consent — deliver relevant promotional content. The following categories of cookies are used:

• Strictly necessary cookies: These cookies are essential for the Platform to function. They enable your login session to be maintained, your wallet balance to be displayed correctly, and security features to operate. These cookies cannot be disabled without preventing the Platform from functioning;
• Functional cookies: These cookies remember your preferences — such as your preferred game category, lobby display settings, and language preferences — so you don't need to re-enter them on each visit;
• Analytics cookies: These cookies collect aggregated, anonymized information about how players use the Platform, helping openph understand which features are popular and where the user experience can be improved. Analytics cookies are used only with your consent;
• Marketing cookies: These cookies track your activity on the Platform to enable openph to present you with promotional offers that are relevant to your gaming preferences. Marketing cookies are used only with your explicit consent.

You can manage your cookie preferences through your browser settings. Disabling strictly necessary cookies will impair or prevent the Platform from functioning. Disabling other cookie categories will not affect your ability to use the Platform's core features.

Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data processed by openph. You may exercise these rights by contacting openph's Data Protection Officer through the details in Section 15.

The openph Platform is strictly restricted to individuals who are at least 21 years of age, in compliance with the minimum legal gambling age under PAGCOR regulations and applicable Philippine law.

openph does not knowingly collect, store, or process personal data of individuals under 21 years of age. Age is verified during the registration process and confirmed through KYC identity document verification before any Real Money Play or withdrawal capability is enabled on an account.

If openph discovers that personal data has been collected from an individual who is under 21 years of age — including through an account created using false age information — openph will:

• Immediately close the account and disable all gaming activity;
• Refund any deposits made by the underage individual to the payment method used for deposit;
• Void any winnings generated by the underage individual;
• Delete all personal data collected in connection with the account within the timeframe required by law, subject to any retention obligations under PAGCOR regulations or AML laws;
• Report the incident to PAGCOR as required by our licence conditions.

openph may update this Privacy Policy from time to time to reflect changes in applicable law, PAGCOR regulatory requirements, the services openph offers, or our data processing practices. All changes will be published on this page with an updated "Last Reviewed" date.

Where a change to this Privacy Policy is material — meaning it significantly affects how openph processes your personal data or materially changes your rights — openph will notify you through your registered Philippine mobile number or via a prominent notice displayed on the Platform when you next log in. This notification will be provided at least 14 days before the change takes effect, except where a shorter period is required by law or regulatory directive.

Your continued use of the openph Platform after any update to this Privacy Policy constitutes your acknowledgment of the updated Policy. If you do not agree to the updated terms, you should stop using the Platform and may request Account closure in accordance with the Terms & Conditions.

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by openph, please contact our Data Protection Officer through the following channels:

openph aims to respond to all privacy-related inquiries and rights requests within 30 calendar days. When contacting the DPO, please include your registered openph Account mobile number (or username) and a clear description of your inquiry or request to help us respond efficiently.

This Privacy Policy was last updated on January 1, 2026. It supersedes all previous versions of the openph Privacy Policy. openph reserves all rights not expressly granted herein.