At megaph, your personal data belongs to you. This Privacy Policy explains exactly what information we collect when you use the megaph platform, why we collect it, who we share it with, how we protect it, and what rights you have over it — all in plain terms, not buried in legal jargon.
Privacy at a Glance
These cards summarize megaph's core privacy commitments. The complete policy below contains the binding legal detail — please read it fully.
Every connection to megaph uses TLS 1.3 with 256-bit SSL encryption. Your personal data, payment details, and login credentials are encrypted in transit using the same standard applied by Philippine banks such as BPI and BDO for their online banking platforms.
megaph does not sell your personal data to third parties. The only organizations that receive your information are those required to process your transactions — payment providers like GCash and PayMaya — or those mandated by Philippine law, such as PAGCOR and AML authorities.
megaph complies with Republic Act No. 10173, the Philippine Data Privacy Act, and its Implementing Rules and Regulations. Your rights as a data subject under Philippine law — including access, correction, erasure, and portability — are honored and actionable through our support team.
megaph collects only the personal data required to operate your account, comply with PAGCOR and AML regulations, and process your transactions. We do not collect data for its own sake. If we no longer need a piece of data for its original purpose, it is deleted on schedule.
In the event of a personal data breach affecting your account, megaph will notify you within the timeframe required by the National Privacy Commission (NPC) under the Data Privacy Act. You will receive clear information on what data was affected and the steps megaph is taking.
Marketing communications from megaph — including promotions, game updates, and bonus offers — are sent only with your consent. You can withdraw consent and opt out of all marketing communications at any time through your Account Settings or by contacting support.
This Privacy Policy ("Policy") describes how megaph ("the Company," "we," "us," "our") collects, uses, shares, stores, and protects the personal data of individuals ("you," "your," "Data Subject") who access or use the megaph platform at megaph.org. This Policy is issued in compliance with Republic Act No. 10173 (the Data Privacy Act of 2012), its Implementing Rules and Regulations, and the guidelines issued by the National Privacy Commission of the Philippines.
megaph is a Philippines-focused online gaming platform offering live casino games, slots, bingo, and sports betting to Filipino players. The platform is accessed by registered players from cities like Manila, Cebu, Davao, Quezon City, Makati, Iloilo, and across the Philippine archipelago. When you register for a megaph account, deposit funds, place bets, request withdrawals, or contact our support team, you provide us with personal data that we are required — both legally and operationally — to collect, process, and retain.
megaph is committed to collecting only the data necessary to provide and improve its services, to protecting that data using appropriate technical and organizational measures, and to respecting your rights as a data subject under Philippine law. We do not sell personal data. We do not share personal data with advertisers. We do not build behavioral profiles for resale to third parties.
This Policy covers all personal data processing activities conducted by megaph in connection with the megaph platform. It applies to all users of the platform regardless of how they access it — whether via mobile browser, desktop browser, or any future application interface.
The following terms have the meanings assigned to them in this Policy and in Republic Act No. 10173:
megaph collects the following categories of personal data in the course of providing the platform and complying with legal obligations:
| Category | Specific Data Points | When Collected |
|---|---|---|
| Identity Data | Full legal name, date of birth, government ID type and number (PhilSys, passport, or driver's license) | Registration & KYC verification |
| Contact Data | Email address, Philippine mobile number (Smart, Globe, or DITO) | Registration |
| Financial Data | GCash number, PayMaya number, bank account name and number (BPI, BDO, Metrobank), transaction amounts in PHP, deposit and withdrawal history | Payment processing & KYC |
| Gaming Activity Data | Game session logs, bet amounts, game outcomes, win/loss records, bonus usage | Ongoing — each game session |
| Technical Data | IP address, device type and OS, browser type and version, approximate geolocation (country/region level), session timestamps, login history | Each platform session |
| Communications Data | Records of support chat conversations, email correspondence, live chat transcripts | When you contact support |
| KYC Documents | Scanned copies or photos of government-issued photo ID; proof of address documents (utility bill or bank statement); source-of-funds documentation for high-value accounts | Before first withdrawal & on compliance request |
| Preference Data | Marketing communication preferences, responsible gaming limits set by the player, notification settings | Account settings changes |
megaph does not collect or process data regarding race, religion, political affiliation, health conditions, or other sensitive personal data categories as defined under the Data Privacy Act, except where a player voluntarily discloses such information to support staff in the context of a responsible gaming consultation or support request.
megaph collects personal data through the following means:
Data you provide directly when you register a megaph account, complete KYC verification, make a deposit or withdrawal request, contact support, or update your account profile. This is the primary source of Identity Data, Contact Data, Financial Data, and KYC Documents.
Data collected automatically when you access and use the megaph platform, including your IP address, device information, browser type, session duration, pages visited, game sessions initiated, and login timestamps. This data is collected using server logs, session tokens, and cookies. See Section 7 for details on cookies.
Data received from third-party payment processors — including GCash, PayMaya, BPI, BDO, and Metrobank — confirming the status of deposit and withdrawal transactions. Data received from KYC verification service providers confirming the validity of identity documents. megaph does not receive your full payment credentials from these providers; payment data is processed by the provider's systems and megaph receives only the confirmation and transaction reference necessary for account management.
In limited circumstances, megaph may receive information about a player from PAGCOR, the Anti-Money Laundering Council (AMLC), or other Philippine regulatory bodies as part of compliance investigations or regulatory reporting requirements.
megaph processes personal data only for specific, lawful purposes. The legal bases for processing under the Data Privacy Act are: (a) consent of the data subject; (b) contractual necessity; (c) compliance with a legal obligation; and (d) legitimate interests pursued by megaph, provided these do not override the fundamental rights of the data subject.
| Processing Purpose | Legal Basis |
|---|---|
| Account registration and management | Contractual necessity |
| Processing deposits and withdrawals in Philippine Pesos | Contractual necessity |
| KYC identity and age verification (21+ requirement) | Legal obligation (PAGCOR, Data Privacy Act) |
| AML transaction monitoring and reporting | Legal obligation (Republic Act No. 9160 as amended) |
| Fraud prevention and account security | Legitimate interests; legal obligation |
| Game session logging for dispute resolution and auditing | Contractual necessity; legal obligation (PAGCOR) |
| Responsible gaming monitoring and intervention | Legal obligation (PAGCOR); legitimate interests |
| Customer support and complaint handling | Contractual necessity |
| Sending marketing and promotional communications | Consent (opt-in required; withdrawable at any time) |
| Platform analytics and service improvement | Legitimate interests (aggregated/anonymized where possible) |
megaph shares the minimum necessary personal data with payment service providers — GCash, PayMaya, BPI, BDO, and Metrobank — solely for the purpose of processing deposit and withdrawal transactions. These providers operate under their own privacy policies and are subject to Bangko Sentral ng Pilipinas (BSP) regulations governing payment processors in the Philippines. megaph does not receive or store your full GCash PIN, bank account password, or other authentication credentials.
megaph uses accredited third-party KYC verification services to validate government-issued ID documents and confirm player identity. These providers process your ID images and personal data solely for verification purposes, under data processing agreements that bind them to confidentiality and security obligations consistent with the Data Privacy Act.
As a platform operating under PAGCOR's regulatory framework, megaph is required to provide player data, transaction records, and gaming activity logs to PAGCOR upon request or as part of routine regulatory reporting. megaph is also required to report certain transactions to the Anti-Money Laundering Council (AMLC) under Republic Act No. 9160. These disclosures are made under legal obligation and are not within megaph's discretion to withhold.
megaph uses third-party cloud infrastructure, game software providers, and platform technology vendors to operate the megaph platform. These vendors act as Data Processors under the Data Privacy Act and are contractually bound by data processing agreements that restrict their use of your personal data to the services they provide to megaph and prohibit them from using it for their own commercial purposes.
megaph does not sell personal data to any third party. megaph does not share personal data with advertisers, data brokers, or marketing technology platforms without your explicit consent. megaph does not share personal data with parties in jurisdictions that do not provide an adequate level of data protection without implementing appropriate safeguards.
All third-party data processors engaged by megaph are contractually obligated to process personal data only as instructed by megaph, to implement appropriate security measures, and to comply with the Data Privacy Act and NPC regulations. megaph maintains a current register of data processors available to the DPO upon request.
The megaph platform uses cookies and similar session tracking technologies to maintain your login session, remember your preferences, detect fraud, and measure platform performance. Cookies are small text files placed on your device by your browser when you access megaph.org.
You can configure your browser to refuse or delete cookies. However, disabling strictly necessary cookies will prevent megaph from maintaining your authenticated session and may make the platform inaccessible. Instructions for managing cookies are available in your browser's help documentation. megaph does not use cross-site tracking cookies, retargeting pixels, or third-party advertising cookies on the megaph.org domain.
megaph retains personal data for no longer than is necessary for the purpose for which it was collected, subject to applicable legal retention requirements. The following retention periods apply:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | PAGCOR regulatory requirement |
| KYC documents (ID copies, proof of address) | Duration of account + 5 years after closure | AMLC / PAGCOR requirement |
| Financial transaction records | 10 years from transaction date | Republic Act No. 9160 (AMLA) |
| Game session logs | 5 years from session date | PAGCOR; dispute resolution |
| Support communications | 3 years from last communication | Legitimate interests; legal claims |
| Marketing preferences and consent records | Until consent is withdrawn, then 2 years | NPC guidance on consent records |
| Technical/session logs (IP, device) | 12 months | Security; fraud detection |
Upon expiry of the applicable retention period, megaph will securely delete or anonymize personal data. Where data must be retained for regulatory purposes beyond what would otherwise be necessary, it is stored in restricted-access archives and is not used for operational processing.
megaph implements the following technical security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction:
megaph maintains a designated Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and the Data Privacy Act. All megaph staff with access to personal data receive mandatory data privacy training. Third-party vendors with access to personal data are subject to data processing agreements and security assessments before engagement.
In the event of a personal data breach that is likely to result in harm to affected data subjects, megaph will notify the National Privacy Commission within 72 hours of becoming aware of the breach, as required by NPC Circular No. 16-03. Affected data subjects will be notified within a reasonable timeframe following assessment of the breach's scope and impact.
No security system is impenetrable. While megaph implements robust safeguards, the security of your account also depends on you protecting your password and OTP. megaph will never ask for your password or one-time PIN through any external communication channel. If you receive such a request, do not comply — it is a phishing attempt. Report it to support immediately.
Under Republic Act No. 10173 (the Data Privacy Act of 2012), you have the following rights with respect to your personal data held by megaph. To exercise any of these rights, contact megaph's Data Protection Officer at [email protected]. megaph will respond to data subject requests within fifteen (15) calendar days of receipt, or within any extended period permitted by the NPC where the complexity of the request reasonably requires it.
You have the right to obtain confirmation of whether megaph holds personal data about you, and if so, to receive a copy of that data and information about how it is being processed, the purposes for which it is used, and the third parties to whom it has been disclosed.
You have the right to require megaph to correct or update inaccurate or incomplete personal data. Where data has been shared with third parties, megaph will notify them of the correction where practicable.
You have the right to request that megaph delete or block your personal data where it is no longer necessary for the purpose for which it was collected, where you have withdrawn consent (where consent was the basis for processing), or where processing is unlawful. This right is subject to megaph's legal retention obligations under PAGCOR and AMLA regulations.
You have the right to object to the processing of your personal data where the basis for processing is legitimate interests. This includes the right to object to processing for direct marketing purposes — you may opt out of all marketing communications from megaph at any time through Account Settings.
Where processing is based on your consent or is necessary for the performance of a contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another service. Contact the DPO to request a data export.
Where processing is based on your consent — such as for marketing communications — you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
If you believe megaph has violated your rights under the Data Privacy Act, you have the right to lodge a complaint with the National Privacy Commission (NPC). Details of the NPC's complaint procedure are available on the NPC's official website at privacy.gov.ph. megaph encourages data subjects to contact our DPO first to attempt an informal resolution before escalating to the NPC.
The megaph platform is strictly intended for adults aged 21 years and older, in compliance with PAGCOR regulations governing online gaming in the Philippines. megaph does not knowingly collect personal data from individuals under 21 years of age. Age verification is a mandatory step in the megaph account registration and KYC process.
If megaph becomes aware that personal data of an individual under 21 has been collected, that data will be deleted immediately and the associated account will be suspended. If you believe a minor has registered for a megaph account, please contact [email protected] immediately.
Age Requirement — 21+ Only: Creating a megaph account while under 21 years of age is a violation of these Terms and Philippine gaming law. megaph enforces age verification at registration and before processing any withdrawal. Falsifying your age during registration constitutes a breach of the Terms and Conditions and may result in account suspension, forfeiture of balances, and regulatory reporting.
megaph primarily processes personal data within the Philippines. However, certain technical operations — including cloud infrastructure services and game software provision — may involve the transfer of personal data to servers or processing facilities outside the Philippines. Where such transfers occur, megaph ensures that:
megaph does not transfer KYC documents or sensitive financial data outside the Philippines except where strictly required by a Philippine regulatory authority or by a payment processor operating a regulated Philippine payment channel. Where KYC verification requires cross-border processing, this is conducted by accredited KYC providers under contractual security and privacy obligations consistent with the Data Privacy Act.
megaph may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable Philippine law, NPC guidance, or PAGCOR regulations. Material updates — those that substantively change your rights or megaph's data processing obligations — will be communicated to all registered users by email to their registered address and via a prominent platform notification at least seven (7) calendar days before the changes take effect.
Non-material updates, such as clarifications of existing provisions, corrections of typographical errors, or reformatting that does not alter the substantive meaning of any provision, may be implemented without advance notice. The effective date at the top of this document will reflect when the current version took effect.
Continued use of the megaph platform after the effective date of any updated Policy constitutes your acknowledgment of the changes. If you do not agree with material changes to this Policy, you may close your megaph account before the changes take effect and request deletion of your personal data, subject to megaph's legal retention obligations.
megaph has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act and this Privacy Policy. The DPO is the primary contact for all data subject rights requests, privacy complaints, and data protection inquiries.
When submitting a data subject rights request, please include your registered email address, the nature of your request, and any relevant details that will help us identify and locate the relevant data efficiently. megaph may request additional verification to confirm your identity before processing certain requests — this is to protect your data from unauthorized disclosure to third parties impersonating you.
megaph treats your personal data the same way we treat your money — with security, transparency, and respect. If you're ready to experience a Philippine gaming platform that takes both privacy and entertainment seriously, create your free megaph account today. Strictly for players 21 years of age or older.