phrus Privacy Policy – How We Protect Your Data

1. Introduction
2. Data Controller
3. Data We Collect
4. How We Collect Data
5. How We Use Your Data
6. Legal Basis
7. Data Sharing
8. Cookies & Tracking
9. Data Retention
10. Data Security
11. Your Rights
12. Children's Privacy
13. Responsible Gaming
14. Policy Changes
15. Contact & Complaints

Important Notice: This Privacy Policy ("Policy") describes how phrus ("phrus," "we," "us," "the Company") collects, uses, stores, and discloses personal information about you ("Player," "User," "you") when you access or use the phrus Casino platform at phrus.app. By registering an account or using the Platform, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data as described herein.

1 Introduction

1.1 phrus is committed to protecting the privacy and personal data of all players who use our online casino platform. We understand that trust is the foundation of any good relationship — and that trust starts with being completely transparent about how we handle your information.

1.2 This Policy applies to all personal data collected through the phrus website at phrus.app, our mobile platform, customer support channels, and any other services we provide. It covers data collected from players based in the Philippines and is designed to comply with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission.

1.3 This Policy should be read alongside our Terms & Conditions, which govern your use of the phrus Platform. Defined terms used in this Policy have the same meaning as in the Terms & Conditions unless otherwise stated.

2 Data Controller

2.1 phrus is the data controller responsible for the personal data collected through the Platform. As data controller, phrus determines the purposes and means of processing your personal data and is accountable for ensuring that such processing complies with applicable data protection laws.

2.2 phrus has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and the Philippine Data Privacy Act. You may contact our DPO at the address provided in Section 15 of this Policy.

3 Data We Collect

3.1 phrus collects the following categories of personal data:

Category	Examples	Purpose
Identity Data	Full legal name, date of birth, nationality, government-issued ID number	Account registration, KYC verification, age verification (21+)
Contact Data	Email address, mobile number, residential address (city, province)	Account communications, support, regulatory notices
Financial Data	GCash number, Maya account, bank account details, transaction history	Processing deposits and withdrawals, AML compliance
Gaming Data	Game history, wager amounts, win/loss records, session duration	Game provision, responsible gaming monitoring, dispute resolution
Technical Data	IP address, device type, browser, operating system, login timestamps	Security, fraud prevention, platform optimisation
Communications Data	Support chat logs, email correspondence, feedback submissions	Customer support, quality assurance, dispute resolution

3.2 phrus does not intentionally collect sensitive personal information beyond what is strictly necessary for identity verification and regulatory compliance. Where sensitive data (such as government ID numbers) is collected, it is handled with heightened security measures.

4 How We Collect Your Data

4.1 phrus collects personal data through the following means:

Direct collection: Information you provide when registering an account, completing KYC verification, making deposits or withdrawals, contacting customer support, or participating in promotions;
Automated collection: Technical data collected automatically when you access the Platform, including IP addresses, device identifiers, browser type, and session activity via cookies and similar technologies (see Section 8);
Third-party sources: Identity verification data from KYC service providers; fraud screening data from anti-money laundering (AML) compliance partners; payment confirmation data from GCash, Maya, and banking partners.

4.2 All third-party sources from which phrus receives personal data are contractually required to have obtained that data lawfully and to permit phrus to use it for the purposes described in this Policy.

5 How We Use Your Data

5.1 phrus uses your personal data for the following purposes:

To create and manage your phrus account and verify your identity and age (21+ requirement);
To process deposits and withdrawals via GCash, Maya, bank transfer, and debit card;
To provide, personalise, and improve the games and services available on the Platform;
To comply with our legal and regulatory obligations, including PAGCOR licensing requirements and AML/KYC regulations;
To detect, investigate, and prevent fraud, money laundering, cheating, and other prohibited conduct;
To monitor gaming activity for responsible gaming purposes and to enforce self-exclusion requests;
To communicate with you about your account, transactions, promotions, and policy updates;
To respond to customer support enquiries and resolve disputes;
To analyse Platform usage and improve our services, security, and user experience.

5.2 phrus will not use your personal data for any purpose that is incompatible with the purposes listed above without first obtaining your explicit consent or establishing another lawful basis for processing.

6 Legal Basis for Processing

6.1 phrus processes your personal data on the following legal bases under the Philippine Data Privacy Act of 2012:

Contractual necessity: Processing required to perform our contract with you — including account management, game provision, and payment processing;
Legal obligation: Processing required to comply with applicable laws and regulations, including PAGCOR requirements, AML obligations, and tax reporting;
Legitimate interests: Processing necessary for phrus's legitimate business interests, including fraud prevention, security, and Platform improvement, where these interests are not overridden by your rights;
Consent: Processing based on your freely given, specific, informed, and unambiguous consent — for example, for marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

7 Data Sharing & Disclosure

7.1 phrus does not sell, rent, or trade your personal data. We may share your data with the following categories of recipients only to the extent necessary for the purposes described in this Policy:

KYC and identity verification providers: To verify your identity and age in compliance with regulatory requirements;
Payment processors: GCash, Maya, and banking partners, to process deposits and withdrawals;
AML and fraud screening services: To detect and prevent money laundering and fraudulent activity;
Game software providers: To deliver game content and maintain game integrity;
IT and cloud infrastructure providers: To host and maintain the Platform securely;
Regulatory authorities: PAGCOR, the National Privacy Commission, law enforcement agencies, and courts, where required by law or regulatory obligation;
Professional advisers: Lawyers, auditors, and accountants, where necessary for legal or compliance purposes.

7.2 All third-party service providers who process personal data on behalf of phrus are bound by data processing agreements that require them to process data only on phrus's instructions and to implement appropriate security measures.

Cross-border transfers: Where personal data is transferred outside the Philippines, phrus ensures that appropriate safeguards are in place in accordance with the Data Privacy Act and NPC regulations, including contractual clauses that provide equivalent data protection standards.

8 Cookies & Tracking Technologies

8.1 phrus uses cookies and similar tracking technologies to operate and improve the Platform. Cookies are small text files stored on your device that help us recognise you, remember your preferences, and analyse how you use the Platform.

8.2 phrus uses the following types of cookies:

Strictly necessary cookies: Essential for the Platform to function — including session management, login authentication, and security. These cannot be disabled.
Functional cookies: Remember your preferences such as language settings and display options to improve your experience.
Analytics cookies: Collect anonymised data about how players use the Platform to help us identify improvements and fix issues.
Security cookies: Used to detect and prevent fraudulent activity, bot access, and unauthorised account access.

8.3 You may control non-essential cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. phrus does not use third-party advertising or behavioural tracking cookies.

9 Data Retention

9.1 phrus retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law and regulation.

9.2 The following retention periods apply as a general guide:

Account and identity data: Retained for the duration of your account and for a minimum of five (5) years after account closure, in compliance with AML and PAGCOR record-keeping requirements;
Transaction and financial data: Retained for a minimum of five (5) years from the date of the transaction;
Gaming history: Retained for a minimum of three (3) years for dispute resolution and regulatory audit purposes;
Communications data: Retained for two (2) years from the date of the communication;
Technical and log data: Retained for twelve (12) months for security and fraud prevention purposes.

9.3 When personal data is no longer required, phrus will securely delete or anonymise it in accordance with our data disposal procedures.

10 Data Security

10.1 phrus implements a comprehensive set of technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include:

TLS 1.3 encryption for all data in transit between your device and phrus servers;
AES-256 encryption for all sensitive data stored in our databases;
Multi-factor authentication for all administrative access to systems containing personal data;
Regular penetration testing and vulnerability assessments conducted by independent security specialists;
Role-based access controls ensuring that personal data is accessible only to authorised personnel with a legitimate need;
Continuous security monitoring and intrusion detection systems;
Regular staff training on data protection and information security.

10.2 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, phrus will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, and will notify affected players without undue delay where required by law.

Your role in security: While phrus takes extensive measures to protect your data, you also play an important role. Use a strong, unique password for your phrus account, never share your login credentials, and contact us immediately if you suspect unauthorised access to your account.

11 Your Data Subject Rights

11.1 Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by phrus:

Right to Access Right to Rectification Right to Erasure Right to Object Right to Data Portability Right to Withdraw Consent Right to File a Complaint

11.2 Right to Access: You have the right to request a copy of the personal data phrus holds about you, along with information about how it is being processed.

11.3 Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

11.4 Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations.

11.5 Right to Object: You may object to the processing of your personal data where phrus relies on legitimate interests as the legal basis, or where data is used for direct marketing purposes.

11.6 Right to Data Portability: You may request that phrus provide your personal data in a structured, commonly used, machine-readable format for transfer to another service provider.

11.7 To exercise any of these rights, please contact our Data Protection Officer using the details in Section 15. phrus will respond to all verified data subject requests within thirty (30) days. We may need to verify your identity before processing your request.

11.8 If you are not satisfied with phrus's response to a data subject rights request, you have the right to lodge a complaint with the National Privacy Commission of the Philippines.

12 Children's Privacy

12.1 The phrus Platform is strictly intended for adults aged 21 years and above. phrus does not knowingly collect personal data from persons under the age of 21. If we become aware that personal data has been collected from a person under 21, we will take immediate steps to delete that data and close the associated account.

12.2 If you believe that a minor has registered an account on phrus or that we have inadvertently collected data from a person under 21, please contact us immediately at the details provided in Section 15.

13 Responsible Gaming & Data Use

13.1 phrus uses gaming activity data — including session duration, wager frequency, deposit patterns, and win/loss history — to monitor for signs of problem gambling and to support our responsible gaming obligations. This data processing is carried out in the legitimate interests of player welfare and in compliance with PAGCOR responsible gaming requirements.

13.2 Where phrus identifies patterns of play that may indicate a gambling problem, we may use your contact data to reach out with responsible gaming information, deposit limit suggestions, or self-exclusion options. You may opt out of such communications while still benefiting from our responsible gaming monitoring tools.

13.3 Self-exclusion data is retained for the full duration of the exclusion period and for a minimum of five (5) years thereafter, to prevent re-registration during an active exclusion and to maintain regulatory records.

Need support? Visit our Responsible Gaming page for self-exclusion tools, deposit limits, and support resources. "Gambling is addictive. Know when to stop."

14 Changes to This Privacy Policy

14.1 phrus may update this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or Platform features. When material changes are made, we will notify registered players by email or via a prominent notice on the Platform at least fourteen (14) days before the changes take effect.

14.2 The date of the most recent update is displayed at the top of this Policy. We encourage you to review this Policy periodically. Your continued use of the Platform after the effective date of any update constitutes your acceptance of the revised Policy.

14.3 The current version of this Privacy Policy is always available at phrus.app/privacy-policy.

15 Contact & Complaints

15.1 For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact our Data Protection Officer:

phrus Casino — Data Protection Officer

Email: privacy at phrus.app

Live Chat: Available 24/7 via the Platform

Response Time: Within 30 days of verified request

15.2 If you are not satisfied with our response, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC). Information about how to file a complaint with the NPC is available on the NPC's official website.

15.3 For general support enquiries unrelated to data privacy, please contact our player support team at support at phrus.app or via 24/7 live chat on the Platform.

phrus Casino Privacy Policy

Six Ways phrus Protects Your Personal Information

Encrypted Data Storage

No Data Selling

Philippine Data Act Compliance

Full Transparency

Your Rights, Respected

Secure Transmission

Table of Contents