234ph Privacy Policy

The data controller responsible for the processing of your personal data in connection with the 234ph platform is the operator of 234ph, a PAGCOR-licensed online gaming operator accessible at https://234ph.vip. References to "234ph," "we," "us," or "the Company" in this Privacy Policy refer to this entity in its capacity as data controller.

As required by the Data Privacy Act of 2012 and the National Privacy Commission's guidelines, 234ph has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy and applicable data protection law. Queries, complaints, and requests relating to the exercise of your data subject rights may be directed to the 234ph support team, which will route privacy-specific matters to the DPO for handling.

234ph collects personal data from you at various points in your relationship with the Platform. The categories of personal data collected are as follows:

2.1 Registration and Identity Data

• Full legal name as it appears on your government-issued identification document.
• Date of birth — collected to verify that you meet the minimum age requirement of 21 years under PAGCOR regulation.
• Philippine mobile number — used for account verification, SMS OTP authentication, and communication.
• Email address — used for account notifications, promotional communications (where consented), and correspondence.
• Chosen username and hashed account password.
• Residential address — collected for KYC compliance and regulatory reporting purposes.

2.2 Identity Verification (KYC) Data

• Photographs or scanned copies of valid Philippine government-issued identification documents (PhilSys, UMID, passport, driver's license, or equivalent).
• Selfie photographs submitted for document-matching purposes as required by PAGCOR's KYC standards.
• Source-of-funds documentation where required for large transactions under Anti-Money Laundering Act obligations.

2.3 Financial Transaction Data

• Deposit and withdrawal records, including amounts, timestamps, and payment method references (e.g., GCash reference numbers, bank transaction IDs).
• Payment account identifiers — the GCash or PayMaya number, or bank account number associated with your 234ph account for withdrawal processing. Full bank account details are not stored; only masked references are retained where technically necessary.
• Transaction history for all wagers placed, game outcomes, and bonus transactions within your 234ph account.

2.4 Technical and Usage Data

• IP address — collected at login and during sessions for fraud detection, geographic compliance verification, and security monitoring.
• Device information — including device type, operating system, and browser type — collected for technical compatibility and security purposes.
• Session logs — including login timestamps, session duration, pages visited, and features accessed within the Platform.
• Cookies and similar tracking technologies — see Section 9 of this Policy for full details on 234ph's use of cookies.

2.5 Responsible Gaming Data

• Deposit limit settings, session timer preferences, cooling-off period requests, and self-exclusion status as configured by you or applied by 234ph under its responsible gaming obligations.
• Responsible gaming interaction history — including dates on which limits were set, modified, or removed — retained to ensure the integrity of responsible gaming protections.

2.6 Communications Data

• Records of live chat conversations, email exchanges, and support ticket interactions between you and the 234ph support team, retained for quality assurance, training, and dispute resolution purposes.
• Your marketing communication preferences, including whether you have opted in or out of promotional emails and SMS notifications.

234ph processes your personal data only where a lawful basis exists under the Data Privacy Act of 2012. The following table sets out the primary purposes for which 234ph processes your personal data and the corresponding legal basis for each:

234ph does not sell, rent, or trade your personal data. Disclosure to third parties is limited to the following circumstances and categories of recipients, each of whom is bound by appropriate confidentiality and data security obligations:

• PAGCOR: 234ph is legally required to submit player data, transaction records, and gaming activity reports to PAGCOR as part of its ongoing licensing obligations. This disclosure is mandatory and cannot be refused or restricted.
• Anti-Money Laundering Council (AMLC): Transactions meeting statutory reporting thresholds under RA 9160, or flagged as suspicious, are reported to the AMLC as required by law. Such disclosures are mandatory obligations and do not require your consent.
• KYC and Identity Verification Providers: 234ph uses third-party identity verification service providers to assist with document authentication and biometric matching. These providers process your KYC data on our behalf under a data processing agreement and are prohibited from using your data for any purpose other than identity verification for 234ph.
• Payment Processing Partners: Transaction data is shared with GCash (operated by Mynt — Globe Fintech Innovations, Inc.), PayMaya (operated by PayMaya Philippines, Inc.), and participating banks (BPI, BDO, Metrobank) as strictly necessary to process deposit and withdrawal instructions you initiate.
• Technology and Infrastructure Providers: 234ph engages hosting, cloud infrastructure, and cybersecurity service providers who may have access to personal data in the course of providing their services. All such providers operate under data processing agreements imposing binding obligations consistent with this Privacy Policy.
• Law Enforcement and Courts: 234ph will disclose personal data in response to a valid subpoena, court order, or lawful request from Philippine law enforcement authorities or other competent government bodies.
• Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of 234ph's assets, your personal data may be transferred to the successor entity, provided that the successor is bound by obligations no less protective than those set out in this Privacy Policy.

234ph retains personal data for the minimum period necessary to fulfil the purpose for which it was collected, subject to mandatory retention requirements under Philippine law. The general retention framework applied by 234ph is as follows:

• Active Account Data: Retained for the duration of your account with 234ph, plus a minimum of five (5) years following account closure, consistent with PAGCOR's record-keeping requirements.
• KYC and Identity Documents: Retained for a minimum of five (5) years from the date of verification or from the date of account closure, whichever is later, as required by PAGCOR and AMLC regulations.
• Financial Transaction Records: Retained for a minimum of five (5) years from the date of the transaction, consistent with RA 9160 record retention obligations applicable to covered institutions.
• Support and Communication Records: Retained for three (3) years from the date of the interaction, for dispute resolution and quality assurance purposes.
• Responsible Gaming Records: Retained for a minimum of five (5) years to ensure the integrity of self-exclusion and limit-setting histories, consistent with PAGCOR responsible gaming standards.
• Marketing Preference Records: Retained for the period during which your marketing preferences are active, plus one (1) year following any opt-out, as a record of your consent withdrawal.

Upon expiry of the applicable retention period, personal data is securely deleted from 234ph's production systems or rendered permanently anonymous such that it can no longer be associated with an identifiable individual. Where deletion is technically constrained by backup schedules, data held in backup systems is overwritten during the next scheduled backup cycle following the deletion trigger date.

234ph implements technical and organizational security measures appropriate to the nature and sensitivity of the personal data we process. These measures include, but are not limited to:

• Encryption in Transit: All data transmitted between your device and the 234ph platform is protected by SSL/TLS (minimum TLS 1.2) encryption. Your login credentials and financial data are never transmitted in plaintext.
• Encryption at Rest: Sensitive personal data stored in 234ph's systems — including identity documents and financial records — is encrypted at rest using AES-256 or equivalent encryption standards.
• Access Controls: Access to personal data within 234ph's systems is restricted to staff who require access for legitimate operational purposes, enforced through role-based access controls, multi-factor authentication for administrative access, and audit logging of all data access events.
• Password Hashing: Account passwords are stored in hashed form using a strong one-way cryptographic algorithm. 234ph staff cannot retrieve or view your account password in its original form.
• Intrusion Detection and Monitoring: 234ph's infrastructure is subject to continuous security monitoring and intrusion detection to identify and respond to potential security incidents in real time.
• Third-Party Security Audits: 234ph's security controls and game systems are subject to periodic independent security audits and penetration testing. Findings are remediated within risk-prioritized timelines.

Despite these measures, no online service can guarantee absolute security against all threats. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, 234ph will notify the National Privacy Commission and, where required, affected individuals, within the timeframes prescribed by NPC Circular 16-03 and its subsequent issuances.

Under the Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations, you have the following rights with respect to your personal data held by 234ph:

• Right to be Informed: The right to be notified of the purposes for which your personal data is collected, processed, and used — as set out in this Privacy Policy.
• Right of Access: The right to obtain a copy of the personal data 234ph holds about you and information about how it is being processed. Requests for access will be fulfilled within thirty (30) days of receipt of a valid request.
• Right to Rectification: The right to request correction of any inaccurate or incomplete personal data held by 234ph. Corrections that affect KYC records may require submission of updated identification documentation.
• Right to Erasure or Blocking: The right to request deletion or blocking of your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent (for consent-based processing), or where the processing is unlawful. This right is subject to 234ph's legal obligations — data that must be retained under PAGCOR, AMLA, or other applicable legal requirements cannot be deleted during the mandatory retention period.
• Right to Object: The right to object to the processing of your personal data on grounds relating to your particular situation, including objection to processing for direct marketing purposes. Where you object to direct marketing, 234ph will cease such processing immediately.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used, machine-readable format, where technically feasible and where the processing is based on consent or contract.
• Right to File a Complaint: The right to lodge a complaint with the National Privacy Commission (NPC) if you believe that 234ph has processed your personal data in violation of RA 10173. Information on the NPC's complaint procedures is available on the NPC's official website.

To exercise any of the above rights, please contact the 234ph support team, referencing "Data Subject Rights Request" in your communication. 234ph may require you to verify your identity before processing a rights request, to ensure that data is not disclosed to or modified on behalf of an unauthorized person.

If 234ph determines that personal data has been collected from a person who does not meet the minimum age requirement, that Account will be suspended immediately, the data will be deleted consistent with applicable legal obligations, and any deposits made will be returned to the originating payment method after completion of any required regulatory reporting.

If you are a parent or guardian and believe that a minor has created a 234ph account using false information, please contact 234ph's support team immediately. We take these reports seriously and will investigate and act on them promptly.

234ph uses cookies and similar technologies on its platform for the purposes described below. A cookie is a small text file stored on your device by your web browser when you visit a website.

• Essential Cookies: Required for the platform to function correctly. These include session cookies that maintain your logged-in state, security tokens, and load balancing cookies. These cookies cannot be disabled without affecting platform functionality.
• Functional Cookies: Store your preferences such as language settings, remembered username, and display settings to improve your experience on return visits. These cookies do not track activity on other websites.
• Analytics Cookies: Used to collect aggregate, anonymized information about how players interact with the 234ph platform — including pages visited, time on page, and navigation paths. This data is used to improve platform design and user experience. Where analytics cookies require consent, they are deployed only following affirmative opt-in.
• Security and Fraud Prevention Cookies: Used to identify and prevent fraudulent activity, including detecting account sharing, automated bot activity, and geographic compliance violations.

You may manage cookie preferences through your browser settings. Disabling essential cookies will affect your ability to access and use the 234ph platform. Disabling analytics cookies does not affect your gaming experience. Note that 234ph does not use third-party advertising or behavioral tracking cookies.

234ph's primary data processing infrastructure is located within the Philippines. Where 234ph engages service providers located outside the Philippines — including cloud infrastructure providers or KYC technology vendors — any transfer of personal data to those providers is governed by data processing agreements that include appropriate safeguards consistent with RA 10173 and NPC guidelines on cross-border data transfer.

In all cases, cross-border transfers of personal data are limited to what is strictly necessary for the provision of the relevant service, and recipient parties are prohibited from using transferred data for any purpose other than the specific service being provided to 234ph.

234ph may update this Privacy Policy from time to time to reflect changes in our data processing practices, regulatory requirements, or the Platform's features. When material changes are made — those that significantly affect your rights or how your data is used — 234ph will notify registered Players via email or in-Platform notification at least seven (7) days before the changes take effect.

The current version of this Privacy Policy, bearing the effective date shown at the top of this document, supersedes all prior versions. Your continued use of the 234ph platform following the effective date of any amendment constitutes your acknowledgment of the revised Policy. If you disagree with any change, you should cease using the Platform and contact support to request account closure.