s5ph Privacy Policy
How We Handle Your Personal Information

This Privacy Policy ("Policy") describes how s5ph ("s5ph", "we", "us", "our") collects, uses, stores, discloses, and protects the personal information of users ("you", "User", "Player") who access or use the s5ph online gaming platform at s5ph.net and any associated mobile-optimized interfaces (collectively, the "Platform").

s5ph is committed to protecting the privacy and personal data of all Filipino players who use our Platform. We operate in full compliance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC) of the Philippines.

By registering an account on s5ph or otherwise using the Platform, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein. This Policy should be read together with our Terms & Conditions and Responsible Gaming Policy.

For the purposes of the Data Privacy Act of 2012 and this Policy, s5ph acts as the Personal Information Controller (PIC) in respect of the personal data you provide when using the Platform. As PIC, s5ph determines the purposes and means of processing your personal information.

s5ph has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with this Policy and applicable data privacy laws. You may contact the DPO directly for any privacy-related concerns using the contact details provided in Section 14 of this Policy.

Where s5ph engages third-party service providers to process personal data on its behalf, those providers act as Personal Information Processors (PIPs) and are contractually bound to process your data only in accordance with s5ph's instructions and applicable law.

s5ph collects the following categories of personal data from users of the Platform:

s5ph does not collect sensitive personal information (as defined under RA 10173) beyond what is strictly necessary for identity verification and regulatory compliance. We do not collect information about your race, religion, health condition, or political affiliations.

s5ph collects personal data through the following means:

• Direct Collection: Information you provide when registering an account, completing identity verification, contacting customer support, or participating in promotions.
• Automated Collection: Technical and usage data collected automatically when you access the Platform, including through cookies, web beacons, and server logs.
• Payment Processors: Transaction confirmation data received from GCash, PayMaya/Maya, and partner banks when you make deposits or withdrawals.
• Identity Verification Providers: Verification results from third-party KYC (Know Your Customer) service providers used to confirm your identity and age.
• Fraud Prevention Services: Risk signals and device fingerprint data from fraud detection partners used to protect the integrity of the Platform.
• Regulatory Sources: Information received from PAGCOR or other regulatory bodies in connection with compliance obligations, including self-exclusion registers.

s5ph processes your personal data on the following legal bases under the Data Privacy Act of 2012:

• Contractual Necessity: Processing required to create and manage your account, process deposits and withdrawals, and deliver gaming services as described in our Terms & Conditions.
• Legal Obligation: Processing required to comply with Philippine law, including Anti-Money Laundering Act (AMLA) obligations, PAGCOR regulatory requirements, and NPC directives.
• Legitimate Interest: Processing for fraud prevention, platform security, responsible gaming monitoring, and service improvement — where these interests are not overridden by your privacy rights.
• Consent: Processing for marketing communications and non-essential cookies, where you have given explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

s5ph will not use your personal data for purposes incompatible with those stated in this Policy without first obtaining your consent or establishing another lawful basis for processing.

s5ph does not sell your personal data to third parties. We may share your personal data with the following categories of recipients only to the extent necessary for the stated purpose:

• Payment Service Providers: GCash, PayMaya/Maya, BPI, BDO, Metrobank, UnionBank, Landbank, PNB, Security Bank, and other partner banks — to process your deposits and withdrawals in PHP.
• Identity Verification Providers: Third-party KYC and age-verification service providers engaged to confirm your identity and eligibility to use the Platform.
• Fraud Prevention & Security Partners: Service providers that help s5ph detect and prevent fraudulent activity, money laundering, and unauthorized access.
• IT Infrastructure Providers: Cloud hosting, database, and technical support providers who process data on s5ph's behalf under strict data processing agreements.
• Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government agencies, where disclosure is required by law or regulatory directive.
• Law Enforcement: Philippine law enforcement agencies, where disclosure is required by a valid court order, subpoena, or applicable law.
• Professional Advisers: Lawyers, auditors, and accountants engaged by s5ph, subject to professional confidentiality obligations.

s5ph retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law and regulatory obligations. The following general retention periods apply:

• Account Data: Retained for the duration of your account and for a minimum of five (5) years following account closure, in compliance with AMLA record-keeping requirements.
• Transaction Records: Retained for a minimum of five (5) years from the date of the transaction, as required by the Anti-Money Laundering Act.
• Identity Verification Documents: Retained for the duration of your account and for five (5) years following account closure.
• Gaming History: Retained for a minimum of three (3) years for responsible gaming monitoring and dispute resolution purposes.
• Technical & Log Data: Retained for up to twelve (12) months for security and fraud investigation purposes.
• Marketing Consent Records: Retained until you withdraw consent, plus a reasonable period thereafter for compliance documentation.

Upon expiry of the applicable retention period, s5ph will securely delete or anonymize your personal data in accordance with NPC guidelines.

s5ph implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:

• Encryption: All data transmitted between your device and the s5ph Platform is encrypted using industry-standard TLS (Transport Layer Security) protocols. Passwords are stored using strong one-way hashing algorithms.
• Access Controls: Access to personal data is restricted to authorized s5ph personnel and service providers on a strict need-to-know basis. All access is logged and audited.
• Secure Infrastructure: The Platform is hosted on secure, regularly audited infrastructure with firewalls, intrusion detection systems, and regular vulnerability assessments.
• Data Minimization: s5ph collects only the personal data that is necessary for the stated purposes and does not retain data beyond the applicable retention period.
• Staff Training: All s5ph personnel with access to personal data receive regular data privacy and security training.

While s5ph takes all reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for notifying s5ph immediately of any suspected unauthorized access to your account.

s5ph uses cookies and similar tracking technologies to operate and improve the Platform. Cookies are small text files stored on your device when you visit the Platform. We use the following categories of cookies:

• Strictly Necessary Cookies: Essential for the Platform to function. These include session authentication cookies and security tokens. These cookies cannot be disabled without affecting Platform functionality.
• Functional Cookies: Remember your preferences such as language settings, game preferences, and responsible gaming limits you have set.
• Analytics Cookies: Help us understand how players use the Platform — which pages are visited most, where players encounter issues, and how we can improve the overall experience. Data collected is aggregated and anonymized where possible.
• Security & Fraud Prevention Cookies: Used to detect and prevent fraudulent activity, bot access, and unauthorized account access.

You may manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. s5ph does not use cookies to serve third-party advertising.

Under the Data Privacy Act of 2012, you have the following rights in relation to your personal data held by s5ph:

• Right to Be Informed: The right to be informed of how your personal data is collected, used, and processed — as set out in this Policy.
• Right of Access: The right to request a copy of the personal data s5ph holds about you, along with information about how it is processed.
• Right to Rectification: The right to request correction of inaccurate or incomplete personal data held by s5ph.
• Right to Erasure / Right to be Forgotten: The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to s5ph's legal retention obligations.
• Right to Object: The right to object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interest.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format, where technically feasible.
• Right to Lodge a Complaint: The right to lodge a complaint with the National Privacy Commission (NPC) if you believe your data privacy rights have been violated.

To exercise any of the above rights, please contact s5ph's Data Protection Officer using the contact details in Section 14. s5ph will respond to all verified requests within thirty (30) days, or within such extended period as permitted by applicable law.

s5ph implements age verification procedures during the registration process to prevent access by persons under 21. If s5ph becomes aware that personal data has been collected from a person under 21 without verifiable parental or guardian consent, s5ph will take immediate steps to delete that data and close the associated account.

If you are a parent or guardian and believe that your child under 21 has provided personal data to s5ph, please contact our Data Protection Officer immediately using the contact details in Section 14 so that we can take appropriate action.

s5ph primarily processes and stores personal data within the Philippines. Where it is necessary to transfer personal data to service providers or infrastructure located outside the Philippines — for example, cloud hosting providers or international fraud prevention services — s5ph ensures that such transfers are conducted in compliance with the Data Privacy Act of 2012 and NPC guidelines on cross-border data transfers.

Specifically, s5ph ensures that any cross-border transfer of personal data is subject to one or more of the following safeguards:

• The recipient country provides an adequate level of data protection as recognized by the NPC.
• Appropriate contractual safeguards are in place between s5ph and the recipient, including standard contractual clauses approved by the NPC.
• The transfer is necessary for the performance of a contract between you and s5ph, or for the implementation of pre-contractual measures taken at your request.

s5ph reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory requirements. When we make material changes to this Policy, we will notify registered users by posting a prominent notice on the Platform and updating the "Last updated" date at the top of this document.

Your continued use of the s5ph Platform following the posting of a revised Privacy Policy constitutes your acknowledgment of the changes. If you do not agree to the revised Policy, you must stop using the Platform and may request account closure.

We recommend reviewing this Policy periodically to stay informed of how s5ph protects your personal information. For significant changes that materially affect your rights, s5ph will provide advance notice where reasonably practicable.

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data by s5ph, please contact our Data Protection Officer (DPO):

You also have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines if you believe that s5ph has violated your data privacy rights. The NPC is the independent regulatory body responsible for administering and implementing the Data Privacy Act of 2012 in the Philippines.