phream is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how we use it, who we share it with, and what rights you have under the Philippine Data Privacy Act (Republic Act 10173). Please read this document carefully before using the phream platform.
These cards highlight the principles that govern how phream handles your personal data. They summarise — but do not replace — the full legal text set out in this Privacy Policy.
phream collects personal data that is strictly necessary for account registration, identity verification, payment processing, and regulatory compliance with PAGCOR. We do not collect data that serves no legitimate operational or legal purpose.
All personal data held by phream is stored using industry-standard encryption. Access to player data is restricted to authorised personnel only, on a strict need-to-know basis. phream's security practices are reviewed and updated continuously in line with current best practice.
phream does not sell, rent, or trade your personal data to any third party for commercial or marketing purposes. Data is shared with third parties only where this is necessary for platform operation, payment processing, fraud prevention, or legal compliance — and only on terms that protect your privacy.
Under Republic Act 10173 (Philippine Data Privacy Act), you have the right to access, correct, object to, and request erasure of your personal data held by phream. phream provides a clear process for exercising these rights and responds to all valid requests within the legally required timeframe.
phream operates in compliance with the requirements of the Philippine Amusement and Gaming Corporation (PAGCOR) and the National Privacy Commission (NPC). All data processing activities are conducted within the framework of applicable Philippine law, including RA 10173, RA 9160, and related PAGCOR circulars.
phream retains personal data only for as long as is necessary for the purpose it was collected, and for such additional periods as are required by Philippine law and PAGCOR regulatory obligations. When retention is no longer justified, data is securely deleted or anonymised in accordance with our Data Retention Schedule.
1.1 This Privacy Policy applies to all personal data collected and processed by phream in connection with your use of the phream platform accessible at phream.org, including all sub-pages, features, games, and related services (collectively, the "Platform").
1.2 For the purposes of the Philippine Data Privacy Act (Republic Act 10173, as implemented by its Implementing Rules and Regulations), phream is the Personal Information Controller (PIC) with respect to the personal data you provide or that is generated through your use of the Platform.
1.3 This Policy should be read alongside the phream Terms & Conditions and the Responsible Gaming Policy, both of which are incorporated by reference into the overall framework governing your relationship with phream.
Philippine Law Basis: phream processes personal data in full compliance with Republic Act 10173 (Data Privacy Act of 2012), its Implementing Rules and Regulations, and all applicable National Privacy Commission (NPC) advisories and circulars.
2.1 Registration Data. When you create a phream account, we collect the information you provide during the registration process, including your full legal name, date of birth, residential address, Philippine mobile number, and email address.
2.2 Identity Verification (KYC) Data. In compliance with PAGCOR requirements and Philippine anti-money laundering law, phream collects copies of government-issued identification documents for all account holders prior to processing withdrawals. Acceptable documents include Philippine passport, driver's licence, SSS card, PhilHealth card, UMID, and Philippine National ID.
2.3 Financial Data. phream collects transaction data associated with your account, including deposit and withdrawal records, payment method identifiers (such as your registered GCash number or bank account details), and transaction timestamps. phream does not store full payment card numbers.
2.4 Gaming Activity Data. We maintain records of your gaming activity on the Platform, including game session logs, bet history, win and loss records, and bonus utilisation — both for regulatory compliance and to enable the personalised gaming experience.
2.5 Technical and Device Data. phream automatically collects certain technical data when you access the Platform, including your IP address, device type and operating system, browser type and version, session duration, pages visited, and referring URLs. This data is used for security monitoring, fraud detection, and platform performance optimisation.
2.6 Communications Data. If you contact phream via live chat, email, or any other channel, we retain records of those communications for quality assurance, dispute resolution, and audit purposes.
2.7 Data You Volunteer. You may provide additional personal information voluntarily — for example, when completing responsible gaming assessments or feedback surveys. Such data is processed only for the stated purpose of the relevant activity.
| Category | Examples | Collection Method |
|---|---|---|
| Identity | Full name, date of birth, nationality, government ID details | Registration and KYC forms |
| Contact | Mobile number, email address, residential address | Registration form |
| Financial | GCash number, bank account name, deposit/withdrawal history | Cashier transactions |
| Gaming | Bet history, game sessions, bonus records, win/loss logs | Platform activity logs |
| Technical | IP address, device info, session logs, browser type | Automatic collection |
| Communications | Live chat transcripts, support email records | Support interactions |
phream processes your personal data only where a valid legal basis exists under RA 10173. The applicable legal bases for phream's processing activities are:
4.1 Account Management. To create, maintain, and administer your phream account — including verifying your identity, managing your Wallet, processing deposits and withdrawals, and communicating account-related notifications.
4.2 Regulatory Compliance. To fulfil phream's obligations under PAGCOR regulations, the Anti-Money Laundering Act, the Data Privacy Act, and all other applicable Philippine law — including mandatory reporting, KYC maintenance, and audit record-keeping.
4.3 Fraud Prevention and Security. To detect, investigate, and prevent fraud, money laundering, collusion, and any other prohibited conduct on the Platform. This includes automated monitoring of transaction patterns and gaming activity for anomalies consistent with prohibited conduct.
4.4 Responsible Gaming. To monitor for patterns of gaming behaviour that may be indicative of problem gambling, and to deliver appropriate responsible gaming interventions — including mandatory limit-setting or self-exclusion — where warranted under phream's Responsible Gaming Policy and PAGCOR guidelines.
4.5 Service Personalisation. To personalise your phream experience — for example, surfacing games relevant to your activity history, delivering targeted promotions you have consented to receive, and providing customer support that reflects your account context.
4.6 Platform Improvement. To analyse aggregated, anonymised usage data for the purpose of improving Platform functionality, game selection, payment system performance, and customer support quality. Such analyses do not identify individual players.
4.7 Communications. To send you transactional communications (e.g., deposit confirmations, withdrawal notifications, account security alerts) and, where you have consented, promotional communications about phream offers and new features. You may withdraw consent to promotional communications at any time.
5.1 The phream Platform uses cookies and similar tracking technologies to enable core Platform functionality, maintain your login session, remember your preferences, and collect the technical usage data described in Section 2.5.
5.2 The categories of cookies used by phream include:
5.3 You may manage cookie preferences through your browser settings. Note that disabling essential cookies will impair the Platform's functionality and may prevent you from logging into your phream account.
6.1 phream does not sell, rent, or trade your personal data to any third party. Personal data is shared with third parties only in the following limited circumstances:
6.2 In all cases where phream engages a third-party processor, phream enters into a data processing agreement that binds the processor to processing your data only on phream's documented instructions and to maintaining appropriate security measures.
7.1 Some of phream's service providers and game partners are located or operate servers outside the Philippines. Where personal data is transferred to a country that has not been designated by the NPC as providing adequate data protection, phream ensures that appropriate safeguards are in place — including contractual data protection clauses that meet NPC standards — before any such transfer occurs.
7.2 phream maintains a record of all cross-border data transfer arrangements and makes this available to the NPC on request in accordance with NPC Circular 16-01 and related guidelines.
8.1 phream retains personal data for the period necessary to fulfil the purpose for which it was collected and for such additional periods as are required by Philippine law and PAGCOR regulations.
8.2 The following general retention principles apply:
8.3 Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised in accordance with phream's Data Destruction Procedures.
9.1 phream implements a layered security architecture to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Key measures include:
9.2 In the event of a personal data breach that is likely to result in a real risk to the rights and freedoms of affected data subjects, phream will notify the National Privacy Commission and affected individuals within the timeframe required by RA 10173 and NPC Circular 16-03.
As a data subject under the Philippine Data Privacy Act, you have the following rights with respect to your personal data held by phream. Requests to exercise any of these rights should be submitted to phream's Data Protection Officer using the contact details in Section 13.
You have the right to be informed whether phream holds personal data about you, and to receive clear information about how that data is being processed. This Privacy Policy is the primary means by which phream fulfils this obligation.
You have the right to request a copy of the personal data phream holds about you. phream will respond to verified access requests within fifteen (15) working days, in compliance with NPC guidelines.
You have the right to request correction of inaccurate or incomplete personal data held about you. For account details, many corrections can be initiated directly through the phream account settings or by contacting support.
You have the right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where processing is unlawful. This right is subject to phream's legal retention obligations under PAGCOR regulations and RA 9160, which may override an erasure request.
You have the right to object to the processing of your personal data on the basis of legitimate interests, including profiling and direct marketing. Where you object to promotional communications, phream will cease such communications immediately upon receipt of a valid objection.
Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to request that it be transmitted to another controller where technically feasible.
If you believe phream has processed your personal data in violation of RA 10173, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. phream encourages you to contact our Data Protection Officer first to attempt resolution before escalating to the NPC.
11.1 The phream Platform is strictly restricted to individuals aged 21 years and above. phream does not knowingly collect personal data from any person under the age of 21.
11.2 If phream discovers that personal data has been collected from a person under 21 — whether through a false age declaration or any other means — phream will immediately suspend the relevant Account and delete or securely destroy all associated personal data, except where retention is required by law in connection with the underage access event itself.
11.3 If you believe a person under 21 has accessed phream using your Account or any other means, please contact phream's support team immediately.
12.1 phream reserves the right to update this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or PAGCOR regulatory requirements.
12.2 Material changes will be communicated to registered Players via the Platform notification system and/or the registered email address at least seven (7) calendar days before the revised policy takes effect, except where immediate amendment is required by law.
12.3 Your continued use of the phream Platform after the effective date of an updated Privacy Policy constitutes your acceptance of the revised terms. If you do not accept the revised policy, you must discontinue use of the Platform and close your Account before the effective date.
12.4 The version of this Privacy Policy currently accessible at phream.org/privacy-policy is the version in force. Previous versions are available on request from the Data Protection Officer.
phream has designated a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy and with RA 10173. If you have any questions about this Privacy Policy, wish to exercise any of your data subject rights, or wish to raise a privacy concern, please contact the phream DPO through the following channels:
phream will acknowledge all data subject rights requests within three (3) working days of receipt and will provide a substantive response within fifteen (15) working days, in compliance with NPC guidelines. For complex requests, phream may extend this period by a further fifteen (15) working days with prior written notification to the requester.
If your privacy concern relates to a potential data breach or unauthorised access to your phream Account, please contact us immediately via live chat 24/7 so that our Security team can act without delay. Do not wait to submit a formal written request in these circumstances.
Related Legal Documents: This Privacy Policy forms part of phream's broader legal framework. For information on account rules, bonus terms, and platform usage obligations, read the Terms & Conditions. For responsible gaming tools and self-exclusion, visit the Responsible Gaming page.
Responsible Gaming: phream uses the gaming activity data it collects partly to protect vulnerable players. If you need support with responsible gaming, access our tools and resources at the Responsible Gaming page. All usage of gaming data for responsible gaming purposes is covered by the legal bases described in Section 3 of this Policy.
256-bit encryption, PAGCOR compliance, and a dedicated Data Protection Officer — your privacy is built into phream's architecture, not bolted on. Experience the platform that takes both gaming and data privacy seriously. For Filipino players aged 21 and above.