Section 01
Scope & Applicability
This Privacy Policy applies to all personal data processed by phpruby in connection
with the phpruby Casino platform accessible at phpruby.org, including all associated
gaming services, account management functions, payment processing, customer support
communications, and promotional activities.
This Policy applies to all individuals who interact with phpruby, including:
- Registered players holding an active or closed phpruby Account.
- Individuals who visit phpruby.org without registering.
- Individuals who contact phpruby via live chat, email, or any other support channel.
- Former players whose data phpruby is required to retain under applicable law.
By accessing the phpruby Platform or registering an Account, you acknowledge that you
have read and understood this Privacy Policy and consent to the processing of your
personal data as described herein. If you do not agree with this Policy, you should
not use the phpruby Platform.
Section 02
Data Controller
For the purposes of the Philippine Data Privacy Act of 2012 (RA 10173) and its
Implementing Rules and Regulations, phpruby Casino is the Personal Information
Controller (PIC) in respect of the personal data collected through the phpruby Platform.
Data Controller: phpruby Casino
Platform: phpruby.org
Contact: [email protected] (plain text — not a clickable link)
Regulatory Framework: Philippine Data Privacy Act (RA 10173), NPC Implementing Rules, PAGCOR Online Gaming Regulations
phpruby has designated a Data Protection Officer (DPO) responsible for overseeing
compliance with RA 10173 and this Privacy Policy. Data subject requests and
privacy-related inquiries may be directed to phpruby's support team, which will route
them to the DPO where appropriate.
Section 03
Personal Data We Collect
phpruby collects the following categories of personal data. The specific data collected
from any individual depends on how they interact with the phpruby Platform.
| Data Category |
Examples |
When Collected |
| Identity Data |
Full legal name, date of birth, nationality, government-issued ID number and document scan |
Registration; KYC verification |
| Contact Data |
Email address, mobile number, residential address |
Registration; account updates |
| Financial Data |
GCash account number, Maya number, bank account details, deposit and withdrawal history |
Deposit/withdrawal processing; KYC |
| Gaming Data |
Game history, bet amounts, win/loss records, session duration, bonus usage |
Ongoing platform use |
| Technical Data |
IP address, device type, browser, operating system, session tokens |
Site visits; login sessions |
| Communication Data |
Live chat transcripts, email correspondence, support ticket content |
Support interactions |
| Preference Data |
Favourite games, notification settings, marketing consent flags |
Account settings; platform use |
phpruby does not intentionally collect sensitive personal data such as health information,
religious beliefs, or political affiliations. If you voluntarily disclose such information
in a support communication, phpruby will handle it with appropriate care and will not
use it for purposes beyond resolving the support matter.
Section 04
How We Collect Your Data
phpruby collects personal data through the following means:
- Direct submission: Data you provide when you register an Account, complete KYC verification, make a deposit or withdrawal, contact support, or update your account settings.
- Automated collection: Technical data collected automatically when you visit phpruby.org or use the Platform, including through cookies, session tracking, and server logs. See Section 10 for details on cookies.
- Payment processors: Limited transaction data received from third-party payment processors such as GCash, Maya, and banking partners in connection with deposit and withdrawal processing.
- Identity verification services: Data received from third-party KYC and identity verification providers used to confirm player identity and age during the verification process.
- Regulatory and fraud prevention sources: Data received from PAGCOR, financial intelligence units, or fraud prevention databases as part of phpruby's anti-money laundering and regulatory compliance obligations.
Section 05
How phpruby Uses Your Personal Data
phpruby uses personal data collected from players and visitors for the following purposes:
- Account management: Creating, maintaining, and managing your phpruby Account, including verifying your identity and age, processing your login credentials, and managing your wallet balance.
- Payment processing: Processing deposit and withdrawal transactions via GCash, Maya, bank transfers, and other accepted payment methods, including identity verification required by payment partners.
- Regulatory compliance: Meeting phpruby's obligations under PAGCOR regulations, Philippine anti-money laundering laws (AMLA, RA 9160 as amended), RA 10173, and any other applicable Philippine legislation.
- Customer support: Responding to support queries, resolving disputes, and investigating complaints submitted through live chat, email, or other communication channels.
- Responsible gaming: Monitoring gaming activity to identify patterns that may indicate problem gambling, enforcing deposit limits, processing self-exclusion requests, and complying with responsible gaming requirements.
- Security and fraud prevention: Detecting, investigating, and preventing fraudulent activity, unauthorized Account access, money laundering, and other prohibited conduct.
- Platform improvement: Analysing aggregated and anonymised usage data to improve the phpruby Platform, optimise game selection, and enhance the player experience.
- Marketing communications: Sending promotional emails, bonus notifications, and platform updates to players who have opted in to marketing communications. Players may opt out at any time via Account settings or by contacting support.
Section 06
Legal Bases for Processing
Under RA 10173, phpruby processes personal data on the following lawful bases:
- Consent (Section 12(a), RA 10173): Where you have provided explicit, informed, and freely given consent — for example, for marketing communications or optional platform features.
- Contractual necessity (Section 12(b)): Processing required to fulfil our contractual obligations to you under the phpruby Terms & Conditions — including Account management, payment processing, and game delivery.
- Legal obligation (Section 12(c)): Processing required to comply with Philippine legal requirements, including PAGCOR regulations, AMLA obligations, and tax reporting requirements.
- Legitimate interests (Section 12(f)): Processing necessary for phpruby's legitimate interests — such as fraud prevention, platform security, responsible gaming monitoring, and internal analytics — provided those interests are not overridden by your rights and interests.
Withdrawing Consent: Where phpruby processes your data based on consent, you may withdraw that consent at any time by updating your Account settings or contacting support at
[email protected]. Withdrawal of consent does not affect the lawfulness of processing that occurred before withdrawal, and does not affect processing conducted on other lawful bases.
Section 07
Sharing Your Personal Data
phpruby does not sell, rent, or trade your personal data to third parties for
their own commercial or marketing purposes. phpruby may share your personal data
with the following categories of third parties only to the extent necessary for
the stated purpose:
- Payment service providers: GCash (GXI), Maya (Voyager Innovations), BPI, BDO, UnionBank, and other payment partners, for the purpose of processing deposit and withdrawal transactions.
- Identity verification providers: Third-party KYC and age verification services engaged to confirm player identity during registration and withdrawal processes.
- Game providers: Licensed game suppliers who power games available on the phpruby Platform. These providers may receive limited gameplay data necessary to deliver, log, and settle game rounds.
- Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and any other Philippine government authority where disclosure is required by law or court order.
- Fraud prevention and security providers: Third-party service providers engaged to assist in fraud detection, cybersecurity monitoring, and risk assessment.
- Professional advisers: Legal counsel, auditors, and other professional advisers engaged by phpruby under obligations of confidentiality.
- Business transferees: In the event of a merger, acquisition, or sale of substantially all of phpruby's assets, personal data may be transferred to the acquiring entity subject to the same privacy protections described in this Policy.
All third parties with whom phpruby shares personal data are required to maintain appropriate data protection standards consistent with RA 10173 and are contractually prohibited from using your data for any purpose beyond the scope for which it was shared.
Section 08
International Data Transfers
Some of phpruby's third-party service providers — including cloud infrastructure providers,
game suppliers, and fraud prevention services — may process personal data outside of the
Philippines. Where such transfers occur, phpruby ensures that appropriate safeguards are
in place to protect your personal data, including:
- Contractual data protection clauses consistent with NPC requirements.
- Transfers only to recipients in countries or organizations that provide an adequate level of data protection.
- Technical and organizational security measures appropriate to the nature of the data transferred.
By using the phpruby Platform, you acknowledge that your personal data may be transferred
to and processed in countries other than the Philippines, subject to the safeguards described above.
Section 09
Data Retention
phpruby retains personal data for as long as is necessary for the purposes for which it
was collected, or as required by applicable Philippine law. The following general retention
periods apply:
| Data Category |
Retention Period |
Basis |
| Account registration data |
Duration of account + 5 years after closure |
PAGCOR regulatory requirement |
| KYC identity documents |
Duration of account + 5 years after closure |
AMLA and PAGCOR obligations |
| Transaction records |
5 years from transaction date |
AMLA (RA 9160 as amended) |
| Gaming history |
5 years from session date |
PAGCOR record-keeping rules |
| Support communications |
3 years from last interaction |
Legitimate interests; dispute resolution |
| Marketing preference data |
Until opt-out or account closure |
Consent |
| Technical / log data |
13 months |
Security and fraud prevention |
Upon expiry of the applicable retention period, phpruby will securely delete or anonymise
your personal data so that it can no longer be associated with your identity.
Section 10
Cookies & Tracking Technologies
phpruby uses cookies and similar tracking technologies on the phpruby.org website.
Cookies are small text files stored on your device that help the Platform function
correctly and enable phpruby to improve the player experience.
- Essential cookies: Required for the Platform to function. These include session authentication tokens, security cookies, and cookies that remember your login state. These cookies cannot be disabled without affecting Platform functionality.
- Functional cookies: Remember your preferences — such as preferred language, game filters, and notification settings — to personalise your experience on subsequent visits.
- Analytics cookies: Used to collect aggregated data about how players navigate the Platform, which games are most accessed, and where players encounter friction. This data is used to improve the Platform and is anonymised where possible.
- Security cookies: Used to detect suspicious activity and prevent unauthorised access to your Account, including CSRF protection and fraud detection signals.
Cookie Management: You may manage or disable non-essential cookies through your browser settings. Note that disabling certain cookies may affect Platform functionality, including the ability to stay logged in to your phpruby Account. phpruby does not use third-party advertising cookies or tracking pixels for behavioral advertising purposes.
Section 11
Security Measures
phpruby implements a range of technical and organisational security measures to protect
your personal data against unauthorized access, accidental loss, disclosure, alteration,
or destruction:
- Encryption in transit: All data transmitted between your device and phpruby servers is encrypted using TLS 1.2 or higher (256-bit SSL). The phpruby login page and all authenticated areas enforce HTTPS.
- Encryption at rest: Sensitive data — including identity documents, financial data, and password hashes — is encrypted at rest using industry-standard encryption algorithms.
- Access controls: Internal access to personal data is restricted on a strict need-to-know basis. phpruby staff do not have access to player passwords, which are stored as salted cryptographic hashes.
- Two-factor authentication: phpruby's internal systems require multi-factor authentication for staff accessing player data. Players are also encouraged to enable 2FA on their phpruby Accounts.
- Penetration testing and audits: phpruby conducts periodic security assessments to identify and remediate vulnerabilities in Platform infrastructure.
- Incident response: phpruby maintains a documented data breach response plan. In the event of a breach that is likely to result in risk to your rights, phpruby will notify affected individuals and the NPC within 72 hours of discovering the breach.
Your Role in Security: While phpruby takes extensive measures to secure your data, account security is a shared responsibility. Use a strong, unique password for your phpruby Account, enable two-factor authentication, and never share your credentials with anyone. See Section 3 of the phpruby
Terms & Conditions for full account security obligations.
Section 12
Your Data Subject Rights
Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the following
rights in respect of your personal data held by phpruby. phpruby will respond to
verified data subject requests within thirty (30) calendar days of receipt.
Right to Access (Section 16(c), RA 10173)
You have the right to request a copy of the personal data phpruby holds about you and to receive information about how it is processed. phpruby will provide this information in a structured, commonly used format.
Right to Rectification (Section 16(d))
You have the right to request correction of inaccurate or incomplete personal data held by phpruby. Most contact and preference data can be updated directly in your Account settings without a formal request.
Right to Erasure (Section 16(f))
You have the right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent, or where processing is unlawful. This right is subject to phpruby's legal retention obligations — data phpruby is required to retain under PAGCOR or AMLA rules cannot be deleted until the applicable retention period expires.
Right to Object (Section 16(e))
You have the right to object to processing of your personal data on grounds of legitimate interests or for direct marketing purposes. Upon receipt of a valid objection to marketing, phpruby will cease marketing communications without delay.
Right to Data Portability (Section 18)
You have the right to receive a copy of your personal data in a structured, machine-readable format and to request that phpruby transmit that data to another service provider where technically feasible.
Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time via your Account settings or by contacting phpruby support. Withdrawal does not affect prior lawful processing.
Exercising Your Rights: To submit a data subject request, contact phpruby at
[email protected] with the subject line "Data Subject Request" and a description of the right you wish to exercise. phpruby may require identity verification before processing certain requests to protect against unauthorized access to your data.
Section 13
Minors & Age Policy
Strictly 21 and Above: The phpruby Platform is not intended for, and must not be used by, individuals under the age of twenty-one (21). phpruby does not knowingly collect personal data from individuals under 21. If phpruby discovers that personal data has been collected from an underage individual, that data will be deleted and the associated Account will be permanently closed in accordance with phpruby's Terms & Conditions and PAGCOR regulatory requirements.
If you are a parent or guardian and believe your child has registered on the phpruby
Platform, please contact phpruby support immediately at [email protected].
phpruby will investigate the matter promptly and take appropriate action including
Account closure and data deletion.
Section 14
Changes to This Privacy Policy
phpruby may update this Privacy Policy from time to time to reflect changes in
applicable law, platform functionality, or data processing practices. The updated
Policy will be published on the phpruby Platform with a revised effective date.
For material changes — those that significantly affect your rights or how phpruby
uses your personal data — phpruby will provide advance notice via the Platform or
by email to your registered email address. Continued use of the phpruby Platform
after the effective date of an update constitutes acceptance of the revised Privacy Policy.
We encourage you to review this Policy periodically. The "Last Updated" date at the
top of this page indicates when the most recent revision was made.
Section 15
Contact & Complaints
For any questions, concerns, or requests relating to this Privacy Policy or
phpruby's data processing practices, please contact phpruby using the following:
- Email: [email protected] — subject line: "Privacy Inquiry" or "Data Subject Request"
- Live Chat: Available 24/7 on the phpruby Platform
- Platform: phpruby.org
If you are not satisfied with phpruby's response to a privacy complaint, you have
the right to lodge a complaint with the National Privacy Commission (NPC) of the
Philippines, the independent regulatory body responsible for enforcing RA 10173.
The NPC's contact details and complaint procedures are published on the NPC's official
government website.
Effective Date: This Privacy Policy is effective as of January 1, 2026 and supersedes all previous versions of the phpruby Privacy Policy.