megaph Privacy Policy

1.1 This Privacy Policy is issued by megaph ("megaph," "we," "us," or "our"), the operator of the online gaming platform at https://megaph.club (the "Platform"). megaph is the personal information controller responsible for the processing of your personal data in connection with your use of the Platform, as defined under the Data Privacy Act of 2012 (Republic Act 10173, "DPA") and its Implementing Rules and Regulations.

1.2 megaph operates within the regulatory framework of the Philippine Amusement and Gaming Corporation (PAGCOR). In its capacity as a PAGCOR-supervised operator, megaph is subject to both data privacy obligations under the DPA and player data requirements under PAGCOR's applicable circulars and guidelines.

1.3 This Privacy Policy applies to all personal data collected, processed, or stored by megaph in connection with the Platform — including data collected during account registration, gameplay, payment transactions, customer support interactions, and marketing communications.

1.4 By registering an account on the megaph Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein, to the extent such processing is based on consent under applicable law.

2.1 megaph collects and processes the following categories of personal data about you:

2.2 megaph does not intentionally collect sensitive personal information (as defined under Section 3(l) of the DPA), such as health data, religious beliefs, or political opinions, except where such information is incidentally disclosed in a KYC document (e.g., religion noted on a Philippine ID). Such incidentally disclosed sensitive information is not extracted, processed, or retained beyond the KYC verification process.

3.1 Directly from You. The majority of personal data megaph holds is provided directly by you during: account registration; KYC identity verification; deposit and withdrawal requests; customer support interactions; completion of surveys or promotional forms; and communications with megaph staff via live chat, email, or other channels.

3.2 Automatically During Platform Use. When you access and use the megaph Platform, certain technical data is collected automatically by megaph's systems and third-party analytics tools, including: IP address; device and browser information; pages visited and features used; session start and end times; and gameplay interactions. This data is collected via cookies, server logs, and analytics SDKs as described further in Section 8 of this Policy.

3.3 From Payment Processors. When you make a deposit or withdrawal via GCash, PayMaya, or a Philippine bank transfer, megaph receives transaction confirmation data from the relevant payment processor, including the registered account name, transaction reference number, amount, and timestamp. megaph does not receive your full GCash PIN, full bank account number, or payment authentication credentials.

3.4 From Identity Verification Services. megaph may use third-party identity verification providers to assist with KYC document authentication. These providers process document images on megaph's behalf and return a verification outcome — they do not independently retain your documents beyond the scope of their contractual obligations with megaph.

3.5 From Regulatory Authorities. megaph may receive data about players from PAGCOR or other Philippine regulatory bodies in the context of licensing compliance, AML reporting, or enforcement matters.

4.1 megaph processes your personal data for the following purposes:

• Account creation and management — to register your megaph account, maintain your account profile, manage your login credentials, and enable your access to the Platform;
• Identity verification (KYC) — to verify your identity and age (21+) in compliance with PAGCOR licensing requirements and Philippine AML obligations;
• Payment processing — to process deposits via GCash, PayMaya, BPI, BDO, Metrobank, and other accepted Philippine payment channels, and to process withdrawal requests to your verified payment method;
• Gameplay delivery — to record game participation, calculate and credit winnings, manage your PHP balance, and provide access to the full megaph game library;
• Bonus and promotion management — to administer promotional offers, verify bonus eligibility, track wagering requirements, and prevent bonus abuse;
• Customer support — to respond to your enquiries, resolve complaints, and maintain records of support interactions;
• Fraud and crime prevention — to detect and investigate suspicious account activity, unauthorised access, bonus fraud, money laundering, and other prohibited conduct, in accordance with PAGCOR's AML framework;
• Responsible gaming compliance — to monitor gaming behaviour for indicators of problem gambling, enforce player-set limits, and manage self-exclusion requests in compliance with PAGCOR's responsible gaming guidelines;
• Legal and regulatory compliance — to fulfil megaph's obligations under PAGCOR licensing conditions, the DPA, the Anti-Money Laundering Act, and other applicable Philippine law;
• Platform improvement and analytics — to analyse usage patterns, optimise Platform performance, improve user experience, and develop new features (using aggregated or anonymised data where possible);
• Marketing communications — to send promotional offers, new game announcements, and bonuses to players who have opted in to receive such communications.

5.1 Under the Data Privacy Act of 2012, megaph processes your personal data on the following legal bases:

• Contractual necessity — processing required to enter into and perform the Terms and Conditions governing your megaph account, including account registration, payment processing, and game delivery;
• Legal obligation — processing required to comply with PAGCOR licensing conditions, the Anti-Money Laundering Act (RA 9160 as amended), the DPA, and other applicable Philippine statutes and regulations;
• Legitimate interests — processing for fraud prevention, security monitoring, and platform analytics, where megaph's interests do not override your fundamental privacy rights;
• Consent — processing for marketing communications and optional personalisation features, where you have provided freely given, specific, informed, and unambiguous consent, which you may withdraw at any time through your account settings or by contacting megaph's support team.

5.2 Where processing is based on consent, withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal, and does not affect processing carried out on other legal bases.

6.1 megaph does not sell or rent your personal data to third parties. megaph shares your personal data only in the following circumstances:

• Payment processors (GCash / G-Xchange Inc., PayMaya / Voyager Innovations, Philippine banks) — to process your deposit and withdrawal transactions. Each processor acts as a separate data controller for data processed through their own systems;
• KYC and identity verification providers — to assist with document authentication during the KYC process, acting as data processors under contractual agreements with megaph;
• Game content providers (including JILI Games, PG Soft, Pragmatic Play, and others) — who may receive session data necessary to deliver games and calculate outcomes, under data processing agreements;
• IT infrastructure and security providers — cloud hosting, cybersecurity, and fraud detection services acting as data processors under contractual data protection obligations;
• PAGCOR and Philippine regulatory authorities — where required by PAGCOR licensing conditions, the Anti-Money Laundering Council (AMLC), or other competent Philippine authorities, including in response to valid legal orders or subpoenas;
• Professional advisers — lawyers, auditors, and accountants retained by megaph, subject to professional confidentiality obligations;
• Business transfers — in the event of a merger, acquisition, or sale of all or substantially all of megaph's assets, your data may be transferred to the successor entity, which will be bound by this Privacy Policy or a substantially equivalent replacement.

6.2 All third parties with whom megaph shares personal data are required to handle it securely and in accordance with applicable data protection law and megaph's contractual instructions.

7.1 Some of megaph's service providers — particularly game content providers and certain cloud infrastructure partners — may process data outside the Philippines. Where personal data is transferred internationally, megaph ensures that adequate safeguards are in place as required by Section 21 of the DPA and the NPC's guidelines on cross-border data flows.

7.2 Safeguards for international transfers may include: contractual clauses incorporating the data protection obligations required by Philippine law; adherence to internationally recognised security standards equivalent to those required under the DPA; and, where applicable, adequacy determinations by the National Privacy Commission.

7.3 Players may request information about the specific safeguards in place for any international transfer of their personal data by contacting megaph's Data Protection Officer at the address provided in Section 15.

8.1 The megaph Platform uses cookies and similar tracking technologies to support Platform functionality, analyse usage, and — with your consent — deliver personalised content. The following cookie categories are used:

• Strictly Necessary Cookies — essential for the Platform to function, including session management, login authentication, and security tokens. These cookies cannot be disabled without affecting Platform operation;
• Performance and Analytics Cookies — used to understand how players interact with the Platform, which pages are visited most frequently, and where errors occur, enabling megaph to optimise performance. Data collected is aggregated and not linked to individual player identities;
• Functionality Cookies — used to remember your preferences, such as language settings and previously viewed game categories, to provide a more personalised experience;
• Targeting and Marketing Cookies — used only with your consent to track your visits to the Platform and show you relevant promotional content. You may opt out of these cookies at any time through your account settings or browser cookie controls.

8.2 Most mobile browsers allow you to manage cookie preferences through the browser settings menu. Disabling strictly necessary cookies may impair your ability to use the megaph Platform. Disabling performance or marketing cookies will not prevent Platform access.

8.3 megaph does not use cookies or tracking technologies to sell your browsing data to advertising networks or third-party marketers.

9.1 megaph retains your personal data for the periods set out in the table below, or longer where required by applicable Philippine law or PAGCOR regulations:

9.2 Upon expiry of the applicable retention period, personal data will be securely deleted or irreversibly anonymised in a manner that prevents re-identification, unless a legal obligation requires continued retention.

10.1 megaph implements technical and organisational security measures appropriate to the risk presented by processing your personal data, including:

• Encryption — all data in transit is encrypted using TLS 1.3 or higher; sensitive data at rest is encrypted using AES-256;
• Access controls — personal data is accessible only to megaph personnel who require it for their specific role, under a principle of least privilege;
• Two-factor authentication — player accounts support optional 2FA via SMS OTP; megaph's administrative systems require 2FA for all staff access;
• Penetration testing and vulnerability management — megaph's Platform infrastructure undergoes regular security assessments by qualified cybersecurity professionals;
• Incident response — megaph maintains a documented data breach response plan aligned with NPC notification requirements under the DPA;
• Staff training — all megaph personnel who handle personal data receive data privacy training as part of their onboarding and on an annual basis.

10.2 While megaph takes its security obligations seriously, no digital system can be guaranteed completely immune to breach. Players are encouraged to maintain strong, unique passwords for their megaph accounts and to enable 2FA as an additional layer of protection.

11.1 As a data subject under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by megaph:

12.1 The megaph Platform is strictly restricted to persons aged 21 years and above under PAGCOR regulations. megaph does not knowingly collect personal data from any person under the age of 21.

12.2 Where megaph discovers or reasonably suspects that personal data has been collected from a person under 21 years of age, megaph will: immediately suspend the relevant account; delete the personal data in question to the extent permitted by applicable law; and notify PAGCOR as required by applicable regulations.

12.3 If you believe that a person under the age of 21 has registered an account on the megaph Platform, please contact megaph's support team immediately. megaph takes all reports of underage access seriously.

13.1 megaph may send promotional communications — including new game announcements, bonus offers, reload promotions, and platform news — to players who have expressly opted in to receive such communications during registration or through their account settings.

13.2 Marketing communications are sent via SMS to your registered Philippine mobile number, and/or via email to your registered email address, depending on your stated preferences.

13.3 You may withdraw consent to receive marketing communications at any time by: updating your notification preferences in the megaph account settings dashboard; or contacting megaph's support team via live chat with an opt-out request.

13.4 Opting out of marketing communications will not affect your ability to receive service-related communications (such as account security alerts, withdrawal confirmations, and important policy updates) which megaph may send regardless of marketing preferences as these are based on contractual or legal necessity.

14.1 megaph may update this Privacy Policy from time to time to reflect changes in its data processing practices, applicable Philippine law, NPC guidance, or PAGCOR requirements. The updated Policy will be published on the megaph Platform with a revised effective date.

14.2 Where changes to the Policy are material — particularly changes that affect your rights or the purposes for which megaph processes your personal data — megaph will take reasonable steps to notify registered players via their registered mobile number or email address in advance of the changes taking effect.

14.3 Your continued use of the megaph Platform after the effective date of a revised Privacy Policy constitutes acknowledgment of the updated Policy. If you do not accept the changes, you may request account closure as described in megaph's Terms and Conditions.

15.1 megaph has designated a Data Protection Officer (DPO) as required under Section 21(d) of the Data Privacy Act. The DPO is responsible for overseeing megaph's compliance with the DPA, acting as the point of contact with the National Privacy Commission, and handling data privacy rights requests and complaints from players.

15.2 To exercise your data privacy rights, submit a privacy inquiry, raise a data-related concern, or lodge a complaint regarding megaph's data processing practices, please contact the megaph Data Protection Officer:

• Support Email: [email protected] (plain text — not a clickable link)
• Channel: Live chat on the megaph Platform (available 24/7)
• Reference: Please mark your message or chat subject as "DPO / Data Privacy Request" for prompt routing to the correct team

15.3 megaph will acknowledge all data privacy inquiries within 5 business days and provide a substantive response within 30 calendar days, or within the shorter period prescribed by the DPA for specific request types.

15.4 If you are not satisfied with megaph's response to your privacy inquiry or complaint, you have the right to escalate your concern to the National Privacy Commission (NPC) of the Philippines, which is the independent government body responsible for enforcing the Data Privacy Act. NPC contact details are available through the NPC's official Philippine government website.