maryph Privacy Policy

1. Data Controller

maryph (referred to as "maryph", "we", "us", or "our") is the data controller responsible for the personal information collected through the maryph Platform accessible at maryph.app. As data controller, maryph determines the purposes and means of processing your personal data and is accountable for its protection under the Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules and regulations.

By registering an account on maryph or continuing to use our Platform, you acknowledge and consent to the collection and processing of your personal data as described in this Privacy Policy.

2. Personal Data We Collect

maryph collects the following categories of personal data, depending on how you interact with our Platform:

maryph does not collect full credit card numbers, CVV codes, or full bank account numbers directly. Payment credentials are handled by certified third-party payment processors.

3. How We Collect Your Data

maryph collects personal data through the following means:

3.1 Direct Collection

Information you provide directly when registering an account, completing identity verification, contacting support, participating in promotions, or updating your account settings on maryph.

3.2 Automated Collection

Technical data collected automatically when you access the maryph Platform, including IP addresses, device identifiers, browser type, session timestamps, and navigation patterns — collected via server logs, cookies, and similar tracking technologies.

3.3 Third-Party Sources

maryph may receive data from:

• Payment service providers (e.g., GCash, PayMaya, BPI, BDO, Metrobank) for transaction verification.
• Identity verification and anti-fraud service providers used during KYC processes.
• PAGCOR and other regulatory bodies where required by law.

4. Purpose and Legal Basis for Processing

maryph processes your personal data for the following purposes, each supported by a lawful basis under the Data Privacy Act of 2012:

• Account Registration and Management — Necessary for the performance of our contract with you to provide access to maryph Gaming Services.
• Identity Verification (KYC) — Required by PAGCOR regulations and Philippine anti-money laundering laws (Republic Act No. 9160, as amended).
• Processing Deposits and Withdrawals — Necessary for contract performance and compliance with financial regulations.
• Fraud Prevention and Security — Legitimate interest in protecting the Platform, other users, and maryph from fraudulent or criminal activity.
• Responsible Gaming — Legitimate interest and legal obligation to monitor for problem gambling indicators and enforce responsible gaming policies.
• Customer Support — Necessary for the performance of our service contract and legitimate interest in resolving user issues.
• Marketing Communications — Based on your consent, provided separately and revocable at any time.
• Legal and Regulatory Compliance — Compliance with applicable Philippine laws, PAGCOR directives, court orders, and law enforcement requests.

5. Sharing Your Personal Data

maryph does not sell, rent, or trade your personal data to third parties for their own commercial purposes. We share your data only in the following limited circumstances:

5.1 Service Providers

maryph engages trusted third-party service providers who process data on our behalf under strict data processing agreements, including: payment processors (GCash, PayMaya, BPI, BDO, Metrobank), identity verification providers, fraud detection platforms, cloud hosting infrastructure, and customer support platforms.

5.2 Regulatory and Law Enforcement Authorities

maryph is required to disclose data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), or other government bodies upon lawful demand. We will notify you of such disclosures where we are legally permitted to do so.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of maryph's business, personal data may be transferred to the acquiring entity, subject to the same privacy protections as described in this Policy.

5.4 Responsible Gaming Partners

With your consent, or as required under our responsible gaming obligations, limited gaming activity data may be shared with NCPG Philippines or other responsible gaming organizations to facilitate problem gambling assistance.

6. Data Retention

maryph retains your personal data for as long as necessary to fulfil the purposes outlined in this Policy, and thereafter as required by Philippine law. The following general retention periods apply:

• Account and Identity Data: Retained for the duration of your active account, plus a minimum of five (5) years following account closure, as required by anti-money laundering regulations.
• Financial Transaction Records: Retained for a minimum of five (5) years in compliance with AMLC requirements.
• Gaming Activity Records: Retained for three (3) years following the date of each session, subject to regulatory requirements.
• Communications and Support Records: Retained for two (2) years following the resolution of the relevant matter.
• Technical and Log Data: Retained for twelve (12) months from collection.

Upon expiry of the applicable retention period, personal data will be securely deleted, anonymised, or archived in a manner that prevents identification of the individual.

7. Security Measures

maryph implements industry-standard technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These measures include:

• Transport Layer Security (TLS/SSL) encryption for all data transmitted between your device and the maryph Platform.
• Encryption of sensitive data fields at rest within our database infrastructure.
• Role-based access controls limiting employee access to personal data on a strict need-to-know basis.
• Two-factor authentication (2FA) for Platform accounts and internal administrative systems.
• Regular third-party security audits and penetration testing of the maryph Platform.
• Incident response procedures for prompt notification and remediation of data breaches.

Despite our best efforts, no security system is impenetrable. maryph cannot guarantee the absolute security of your data. You also bear responsibility for maintaining the security of your maryph login credentials.

8. Cookies and Tracking Technologies

maryph uses cookies and similar tracking technologies on the Platform for the following purposes:

• Essential Cookies: Required for the Platform to function, including maintaining your login session and security tokens. These cannot be disabled.
• Analytics Cookies: Used to understand how users navigate the Platform, which pages are visited most, and where errors occur — to improve the maryph user experience. Data is aggregated and anonymised where possible.
• Functional Cookies: Remember your preferences, such as language settings and display options, to personalise your maryph experience.
• Security Cookies: Detect and prevent fraudulent login attempts, bot activity, and suspicious session patterns.

You may manage or disable non-essential cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the maryph Platform. maryph does not use third-party advertising cookies or sell cookie data to advertisers.

9. Your Data Privacy Rights

Under the Data Privacy Act of 2012 (Republic Act No. 10173), you have the following rights with respect to your personal data held by maryph:

• Right to be Informed: The right to know what personal data we hold about you, the purposes for which it is processed, and with whom it is shared.
• Right of Access: The right to request a copy of the personal data maryph holds about you.
• Right to Rectification: The right to request correction of inaccurate or incomplete personal data.
• Right to Erasure: The right to request deletion of your personal data where we no longer have a lawful basis to retain it, subject to our legal retention obligations.
• Right to Object: The right to object to processing based on legitimate interests, including direct marketing communications.
• Right to Data Portability: The right to receive your personal data in a structured, machine-readable format for transfer to another controller, where technically feasible.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting prior lawful processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines if you believe your data rights have been violated.

To exercise any of these rights, contact maryph's Data Protection Officer using the details in Section 13 of this Policy. maryph will respond within fifteen (15) business days of receiving a verified request.

10. Children and Minors

The maryph Platform is strictly intended for persons aged 21 years and above. maryph does not knowingly collect personal data from individuals under the age of 21. If we become aware that personal data has been collected from a minor, we will immediately delete the account and all associated data, and report the incident to PAGCOR as required by applicable regulations.

If you believe a minor has accessed or registered on the maryph Platform, please notify us immediately via our support channels so we can take prompt action.

11. Cross-Border Data Transfers

maryph's primary data infrastructure is located in the Philippines. Some service providers (such as cloud hosting or security providers) may process data in other jurisdictions. Where data is transferred outside the Philippines, maryph ensures that:

• Receiving jurisdictions provide an adequate level of data protection as recognised under Philippine law, or
• Appropriate contractual safeguards (e.g., data processing agreements incorporating standard contractual clauses) are in place to protect your personal data.

maryph will not transfer your personal data to jurisdictions that do not provide adequate protection without your explicit consent or unless required by law.

12. Updates to This Privacy Policy

maryph may update this Privacy Policy from time to time to reflect changes in our data practices, applicable law, or regulatory requirements. When material changes are made, we will notify registered users via the email address or mobile number on file, or through a prominent notice on the maryph Platform, at least fourteen (14) days prior to the changes taking effect.

The most current version of this Privacy Policy is always available at maryph.app/privacy-policy. Your continued use of the Platform following notification of changes constitutes your acceptance of the revised Policy.

13. Contact and Data Protection Officer

maryph has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act of 2012 and this Privacy Policy. To exercise your data rights, submit a privacy inquiry, or report a concern, contact us through the following channels:

• Live Chat: 24/7 via the maryph Platform (in-app)
• Email (Data Privacy): [email protected] — subject line: "Privacy Request"
• Response Time: Within 15 business days for data subject requests; within 2 hours for general support

For complaints regarding maryph's handling of your personal data that are not resolved to your satisfaction, you may escalate to the National Privacy Commission (NPC) of the Philippines through their official channels at privacy.gov.ph.