phbing Privacy Policy

1. Introduction and Scope

This Privacy Policy ("Policy") describes how phbing ("phbing," "we," "us," "our") collects, uses, stores, discloses, and protects personal data in connection with the phbing online gaming platform accessible at phbing.club and any related mobile-optimized interfaces (collectively, the "Platform").

phbing is committed to protecting the privacy and personal data of every Filipino player who uses the Platform. This Policy is drafted in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as administered by the National Privacy Commission (NPC) of the Philippines.

By registering a phbing account or accessing the Platform, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein. This Policy forms part of the phbing Terms & Conditions, which are incorporated by reference.

2. Data Controller Identity

For the purposes of the Data Privacy Act of 2012 and this Policy, the Data Controller responsible for your personal data is phbing, operating the Platform at phbing.club and serving the Philippine online gaming market.

All data protection inquiries, data subject rights requests, and privacy complaints should be directed to the phbing Data Protection Officer (DPO) via the contact details set out in Section 15 of this Policy. phbing's DPO is responsible for overseeing compliance with this Policy and applicable Philippine data privacy law.

3. Categories of Personal Data We Collect

phbing collects the following categories of personal data from players and prospective players:

phbing does not collect sensitive personal information as defined under the Data Privacy Act (such as health data, political opinions, religious beliefs, or biometric data) except where specifically required for identity verification or responsible gaming compliance purposes.

4. How We Collect Personal Data

phbing collects personal data through the following methods:

4.1 Direct Collection

You directly provide personal data when you: register a phbing account; complete the KYC verification process; make a deposit or request a withdrawal; contact phbing support; participate in promotions or surveys; or set responsible gaming preferences.

4.2 Automated Collection

phbing automatically collects technical and usage data when you access the Platform through standard web technologies including server logs, session identifiers, and cookies (see Section 9). This data is collected regardless of whether you are a registered account holder or an unregistered visitor.

4.3 Third-Party Sources

phbing may receive personal data from third parties in limited circumstances, including:

• Philippine payment processors (GCash, Maya, BPI, BDO, InstaPay) for transaction verification and fraud prevention;
• Identity verification service providers assisting with KYC document authentication;
• Game content providers who report gaming session outcomes directly to phbing's system;
• Regulatory authorities, law enforcement agencies, or gaming regulators where data sharing is required by law.

5. Purposes of Processing and Legal Basis

phbing processes your personal data only for specific, legitimate purposes. The following table outlines the primary processing activities and their legal basis under the Data Privacy Act of 2012:

6. Data Sharing and Disclosure

phbing does not sell your personal data. We share personal data only in the following limited circumstances and only to the extent necessary for the stated purpose:

• Payment processors: GCash, Maya, GrabPay, BPI, BDO, Metrobank, and InstaPay receive transaction-specific financial data required to execute deposits and withdrawals. These providers are contractually bound to handle your data securely and exclusively for payment purposes.
• Game content providers: PG Soft, Pragmatic Play, JILI, CQ9, and other licensed game suppliers receive minimal technical session data necessary to deliver game content. They do not receive your identity or financial data beyond what is inherent in session management.
• KYC verification partners: Identity verification service providers receive copies of submitted ID documents and selfie photographs solely for the purpose of authenticating your identity during the KYC process.
• Regulatory and law enforcement authorities: phbing will disclose personal data to PAGCOR, the NPC, the Anti-Money Laundering Council (AMLC), or other competent Philippine government authorities where required by law, court order, or lawful regulatory request.
• Fraud prevention networks: phbing may share data with industry fraud prevention services to identify patterns of fraudulent behaviour. Sharing is conducted under data processing agreements and on an aggregated or pseudonymised basis where possible.
• Professional advisers: phbing's lawyers, auditors, and accountants may access personal data on a need-to-know basis subject to professional confidentiality obligations.
• Business reorganisation: In the event of a merger, acquisition, or sale of all or part of phbing's business, personal data held by phbing may be transferred to the successor entity, subject to equivalent privacy protections.

All third parties with whom phbing shares personal data are required to implement appropriate technical and organisational security measures and to process such data only for the purposes for which it was shared.

7. Data Retention

phbing retains personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable Philippine law. The following general retention periods apply:

• Account and KYC data: Retained for the duration of the active account relationship and for a minimum of five (5) years following account closure, consistent with anti-money laundering record-keeping obligations under Philippine law.
• Transaction and financial data: Retained for a minimum of five (5) years from the date of each transaction, consistent with AMLC and tax record-keeping requirements.
• Gaming session data: Retained for a minimum of three (3) years for dispute resolution and regulatory audit purposes.
• Customer support communications: Retained for two (2) years from the date of resolution of the support interaction, or longer if the matter involves an unresolved dispute or legal claim.
• Technical and usage data: Retained for up to twelve (12) months from the date of collection in identifiable form; thereafter retained in anonymised or aggregated form for analytics purposes.
• Self-exclusion data: Retained for the duration of the exclusion period and for a minimum of five (5) years thereafter to prevent re-registration during the exclusion term.

Upon expiry of the applicable retention period, phbing securely destroys or anonymises personal data in accordance with its data disposal procedures.

8. Security Measures

phbing implements appropriate technical and organisational measures to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure. These measures include but are not limited to:

• Encryption in transit: All data transmitted between your device and phbing's servers is protected by 256-bit SSL/TLS encryption.
• Encryption at rest: Sensitive personal data fields including government ID numbers, financial account references, and passwords are encrypted or hashed in phbing's database. Passwords are stored using one-way cryptographic hashing — phbing staff cannot read your password.
• Access controls: Access to personal data within phbing is restricted to authorised personnel on a strict need-to-know basis. Access rights are reviewed regularly and revoked upon change of role or employment.
• Multi-factor authentication on new device logins: OTP verification is required when accessing your phbing account from an unrecognised device or browser, providing an additional layer of account protection.
• Vulnerability management: phbing conducts regular security assessments of the Platform and its underlying infrastructure to identify and remediate technical vulnerabilities.
• Incident response: phbing maintains a data breach response procedure. In the event of a personal data breach likely to result in harm to affected players, phbing will notify the NPC and affected data subjects in accordance with applicable Philippine notification requirements.

9. Cookies and Tracking Technologies

phbing uses cookies and similar tracking technologies to operate the Platform, maintain your login session, remember your preferences, and collect usage analytics. The following categories of cookies are used:

• Strictly necessary cookies: Required for the Platform to function. These include session cookies that maintain your login state and security tokens that protect against cross-site request forgery. These cookies cannot be disabled without impairing Platform functionality.
• Functional cookies: Store your preferences such as display language, responsible gaming settings, and notification configurations. These improve your experience but are not essential to core functionality.
• Analytics cookies: Collect anonymised or pseudonymised usage data to help phbing understand how the Platform is used and where improvements can be made. phbing uses first-party analytics tools; third-party analytics services are limited to those contractually bound to process data on phbing's behalf only.
• Fraud prevention cookies: Used to detect unusual access patterns, multiple account creation attempts, and other behaviours indicative of fraud or Terms violations.

phbing does not use third-party advertising or behavioural tracking cookies. You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will prevent you from logging in or using core Platform features.

10. Your Data Subject Rights

Under the Data Privacy Act of 2012, you have the following rights in relation to the personal data phbing holds about you:

To exercise any of the above rights, submit a written request to [email protected] with the subject line "Data Subject Rights Request." Include your registered Philippine mobile number and a description of your request. phbing will respond within thirty (30) calendar days of receiving a valid request. Identity verification will be required before phbing releases or modifies personal data in response to a rights request.

11. Marketing Communications and Opt-Out

phbing may send you promotional communications about phbing bonuses, new game launches, sports betting events, and platform updates where you have provided consent at registration or at a subsequent time. These communications may be delivered by SMS to your registered Philippine mobile number or by push notification within the Platform.

Your consent to receive marketing communications is entirely optional and does not affect your ability to register, deposit, play, or withdraw at phbing. You may withdraw consent and opt out of marketing communications at any time by:

• Updating your notification preferences in your phbing account settings;
• Replying "STOP" to any SMS promotional message from phbing; or
• Contacting phbing support at [email protected] and requesting removal from marketing lists.

Transactional communications — such as OTP messages, withdrawal confirmations, and KYC status notifications — are not marketing communications and cannot be opted out of while your account is active, as they are essential to account operation and security.

12. Minors and Age Restriction

The phbing Platform is strictly restricted to persons who are at least 21 years of age. phbing does not knowingly collect personal data from or provide services to any person under 21 years of age.

If phbing discovers or is credibly informed that an account has been registered by a person under 21, phbing will:

1. Immediately suspend the account pending investigation;
2. Void any gaming activity and bonuses associated with the account;
3. Securely delete any personal data collected from the minor, subject to overriding legal requirements to retain evidence of the incident; and
4. Report the matter to relevant regulatory or child protection authorities where required by Philippine law.

If you are the parent or guardian of a minor who you believe has registered on phbing, please contact [email protected] immediately. phbing will prioritise such reports and respond within 24 hours.

13. Cross-Border Data Transfers

phbing's primary data storage and processing infrastructure is aligned with Philippine data residency principles. Where data is processed by third-party service providers who operate infrastructure outside the Philippines — such as international game content providers or identity verification services — phbing ensures that such transfers comply with applicable Philippine data privacy requirements, including implementation of appropriate safeguards such as data processing agreements incorporating standard contractual clauses.

phbing does not transfer personal data to jurisdictions that do not provide an adequate level of data protection without first implementing appropriate safeguards and, where required by the NPC, obtaining prior authorisation for the transfer.

14. Amendments to This Policy

phbing reserves the right to amend this Privacy Policy at any time to reflect changes in applicable Philippine law, NPC guidance, or phbing's data processing practices. Material changes will be communicated to registered players via SMS notification to the registered mobile number and/or a prominent notice on the Platform prior to the effective date of the change.

Your continued use of the phbing Platform following the effective date of any amendment constitutes your acknowledgement of the revised Policy. The current effective version of this Policy is always available at phbing.club/privacy-policy. The effective date at the top of this document reflects the version currently in force.

15. Contact Information and Privacy Complaints

For all data privacy inquiries, data subject rights requests, and privacy-related complaints regarding phbing's handling of your personal data, please contact the phbing Data Protection Officer:

phbing's support team is available 24/7 and will acknowledge receipt of all data privacy correspondence within 48 hours. phbing targets a full response to data subject rights requests within thirty (30) calendar days. For complex requests, this period may be extended by a further thirty (30) days with prior notice to you.

If you are not satisfied with phbing's response to your privacy inquiry or complaint, you have the right to escalate the matter to the National Privacy Commission (NPC) of the Philippines through official Philippine government channels.

This Privacy Policy was last updated and became effective as of 1 January 2026. This version supersedes all prior versions of the phbing Privacy Policy.