Privacy Policy — 26superph

1.1 This Policy applies to all personal data processed by 26superph in connection with the operation of its online casino, sports betting, bingo, and ancillary services accessible through the 26superph platform and any associated mobile-responsive web interfaces.

1.2 This Policy applies to all users of the 26superph platform, including registered account holders, applicants for account registration who did not complete registration, and visitors to the 26superph website who have not registered an account.

1.3 This Policy should be read in conjunction with 26superph's Terms and Conditions and Responsible Gaming Policy, both of which are available on the 26superph website and are incorporated into the overall framework governing your use of the platform.

1.4 Philippines Data Privacy Act. 26superph processes personal data of Filipino citizens and residents in accordance with Republic Act No. 10173, its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC) of the Philippines. Our data processing practices are also governed by PAGCOR's applicable data governance regulations for licensed online gaming operators.

2.1 The data controller responsible for your personal data is 26superph, the operator of the 26superph online gaming platform at https://26superph.asia, operating under a license issued and overseen by the Philippine Amusement and Gaming Corporation (PAGCOR).

2.2 As the data controller, 26superph determines the purposes and means of processing personal data collected through the platform. Where 26superph engages third-party processors — such as payment service providers, KYC verification services, and game software providers — those parties process data only under 26superph's instructions and subject to contractual data protection obligations.

2.3 26superph has designated a Data Protection Officer (DPO) as required under the Data Privacy Act. Contact details for the 26superph DPO are provided in Section 15 of this Policy.

3.1 26superph collects personal data across the following categories, depending on your level of interaction with the platform:

Identity & Contact Data

Financial & Transaction Data

Technical & Usage Data

Communications Data

3.2 Sensitive Personal Data. To the extent that any data collected during KYC verification constitutes sensitive personal data under the Data Privacy Act (for example, data from a government ID that includes national identification numbers), such data is processed with heightened security measures and only to the extent strictly necessary for legal compliance.

4.1 26superph collects personal data through the following channels and means:

• Direct submission at registration: Name, date of birth, mobile number, and other fields completed during the account registration process on the 26superph platform.
• KYC verification submission: Government-issued ID documents, selfies, and proof of address submitted in response to identity verification requests.
• Financial transactions: Payment reference data associated with deposits and withdrawals processed through GCash, Maya, Philippine banks, and other payment channels.
• Platform activity: Game play, betting history, session activity, and navigation data collected automatically through the platform's logging systems during your use of 26superph services.
• Technical collection: IP addresses, device identifiers, browser data, and session tokens collected automatically when you access the 26superph website or platform.
• Customer support interactions: Information provided by you through live chat, email correspondence, or other support channels when you contact 26superph.
• Cookies and similar technologies: See Section 11 for full details of 26superph's cookie and tracking practices.

5.1 Under the Philippine Data Privacy Act, 26superph processes personal data on the following legal bases:

5.2 Where 26superph processes your data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal and does not affect processing carried out on other legal bases.

6.1 26superph processes your personal data for the following specific purposes:

• Account creation and management: To register, authenticate, and administer your 26superph account, including identity verification, login security, and account recovery.
• Service delivery: To provide you with access to casino games, sports betting, bingo, and all other 26superph platform features you choose to use.
• Financial processing: To process deposits and withdrawals via GCash, Maya, Philippine bank transfers, and other accepted payment channels, and to maintain accurate financial records.
• Regulatory compliance — KYC: To verify your identity, age, and eligibility to use 26superph services as required by PAGCOR regulations and Philippine law.
• Regulatory compliance — AML: To monitor transactions for suspicious activity and fulfill 26superph's reporting obligations under the Philippine Anti-Money Laundering Act, the Terrorism Financing Prevention and Suppression Act, and PAGCOR directives.
• Responsible gaming: To administer responsible gaming tools, enforce self-exclusion restrictions, and comply with PAGCOR's responsible gaming framework.
• Security and fraud prevention: To detect, investigate, and prevent unauthorized access, fraud, cheating, bot activity, and other prohibited conduct on the platform.
• Customer support: To respond to your queries, resolve disputes, and provide technical and account assistance.
• Platform improvement: To analyze usage patterns, identify technical issues, and improve the 26superph platform and user experience.
• Marketing communications: To send you promotional offers, game announcements, and platform updates, subject to your communication preferences and consent.

7.1 No sale of personal data. 26superph does not sell, rent, or otherwise transfer your personal data to third parties for their own commercial or marketing purposes under any circumstances.

7.2 Authorized processors. 26superph may share your personal data with the following categories of trusted third parties who process it solely on 26superph's behalf and subject to contractual data protection obligations:

• Payment service providers: GCash (Mynt), Maya (Voyager), participating Philippine banks (BPI, BDO, Metrobank), and other payment processors to facilitate deposits and withdrawals.
• KYC and identity verification providers: Regulated identity verification services used to verify government-issued Philippine IDs and conduct facial recognition checks in compliance with PAGCOR KYC requirements.
• Game software providers: Licensed gaming software and live dealer studio providers who supply certified games to the 26superph platform.
• Cloud and hosting providers: Infrastructure providers who host the 26superph platform and its data on secure servers.
• Customer support technology: Live chat and ticketing platform providers who host customer support interactions.
• Fraud and security services: Providers of device fingerprinting, IP reputation, and fraud detection services used to protect the platform and its players.

7.3 Regulatory disclosure. 26superph will disclose personal data to government authorities, regulatory bodies (including PAGCOR and the National Privacy Commission), the Anti-Money Laundering Council (AMLC), and law enforcement agencies where required by Philippine law or a valid legal process, without prior notice to the data subject where disclosure of the request is prohibited by law.

8.1 Some of 26superph's third-party service providers — including game software providers and cloud hosting infrastructure — may process personal data in jurisdictions outside the Philippines. Where such transfers occur, 26superph ensures that appropriate safeguards are in place in compliance with the Data Privacy Act and NPC guidance.

8.2 Safeguards for international data transfers include: contractual obligations binding the recipient to data protection standards equivalent to those required by the Data Privacy Act; transfers to jurisdictions recognized by the NPC as providing adequate protection; and additional technical and organizational measures applied to the data in transit and at rest.

8.3 Where required, 26superph obtains the NPC's authorization for data transfers to jurisdictions that have not been recognized as providing adequate protection, as required by the Data Privacy Act and its Implementing Rules.

9.1 26superph retains personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory obligations, and to establish, exercise, or defend legal claims. The following retention periods apply:

9.2 Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with 26superph's data disposal procedures, unless retention for a longer period is required by applicable law.

10.1 26superph implements comprehensive technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption in transit: All data transmitted between your device and the 26superph platform is encrypted using 256-bit SSL/TLS protocols.
• Encryption at rest: Sensitive personal and financial data stored in 26superph's systems is encrypted at rest using industry-standard encryption algorithms.
• Access controls: Access to personal data within 26superph is restricted on a strict need-to-know basis. All internal system access is authenticated, logged, and periodically audited.
• OTP two-factor authentication: Account access is protected by two-factor authentication via OTP delivery to your registered Philippine mobile number on new or unrecognized devices.
• Pseudonymization: Where processing can be achieved using pseudonymized data, 26superph implements pseudonymization to reduce risk exposure.
• Security audits: 26superph conducts regular security assessments, vulnerability testing, and penetration testing on its platform infrastructure.
• Incident response: 26superph maintains a documented personal data breach response procedure and will notify affected data subjects and the National Privacy Commission in accordance with Data Privacy Act breach notification requirements.

10.2 Despite these measures, no electronic transmission or storage system is completely secure. 26superph cannot guarantee the absolute security of your personal data but is committed to maintaining industry-standard protections and responding promptly to any security incidents.

11.1 The 26superph platform uses cookies and similar tracking technologies to support platform functionality, security, and analytics. The following categories of cookies are used:

• Strictly necessary cookies: Essential for the operation of the 26superph platform, including session management, authentication token storage, and security verification. These cannot be disabled without impairing core platform functionality.
• Functional cookies: Used to remember your preferences, such as display settings, language, and responsible gaming limit configurations.
• Analytics cookies: Used to collect aggregated, anonymized data about how users navigate and interact with the 26superph platform, to help us improve performance and usability. These are subject to your consent.
• Security cookies: Used for fraud detection, device fingerprinting, and session security monitoring — part of 26superph's PAGCOR-required security infrastructure.

11.2 You can manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies may prevent you from using core 26superph platform features, including login and gameplay.

11.3 26superph does not use cookies to deliver third-party advertising networks or to track you across third-party websites.

12.1 As a data subject under the Philippine Data Privacy Act, you have the following rights with respect to your personal data held by 26superph:

• Right to be informed: The right to be informed of whether personal data about you is being or has been processed.
• Right of access: The right to access your personal data held by 26superph, including information on its sources, recipients, and processing purposes.
• Right to object: The right to object to the processing of your personal data, particularly where processing is based on legitimate interest or for direct marketing purposes.
• Right to erasure or blocking: The right to request suspension, withdrawal, removal, or destruction of personal data under circumstances specified in the Data Privacy Act.
• Right to damages: The right to be indemnified for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data.
• Right to file a complaint: The right to file a complaint with the National Privacy Commission of the Philippines if you believe your privacy rights have been violated.
• Right to data portability: The right to obtain a copy of personal data in a structured, commonly used format in certain circumstances.
• Right to rectification: The right to request correction of inaccurate personal data held by 26superph.

12.2 To exercise any of the above rights, please submit a written request to the 26superph Data Protection Officer at the contact details provided in Section 15. 26superph will respond to all Data Privacy Act rights requests within fifteen (15) business days of receipt, consistent with NPC guidelines.

13.1 The 26superph platform is strictly restricted to persons who are twenty-one (21) years of age or older, in compliance with PAGCOR regulations governing online gaming in the Philippines. 26superph does not knowingly collect personal data from persons under 21 years of age.

13.2 If 26superph becomes aware that it has inadvertently collected personal data from a person under 21 years of age, it will immediately terminate the associated account, delete all personal data associated with that account to the extent legally permissible, and report the matter to PAGCOR as required.

13.3 Under no circumstances does 26superph process the personal data of persons under 18 years of age for any purpose. The age restriction of 21 years applies to platform access; however, the processing of data belonging to persons under 18 is prohibited absolutely.

14.1 26superph may update this Privacy Policy periodically to reflect changes in its data processing practices, applicable law, PAGCOR requirements, or NPC guidance. All updates will be published on the 26superph website with a revised effective date.

14.2 Where changes to this Policy are material — particularly changes that expand 26superph's processing of personal data beyond the purposes described in the current version — 26superph will provide advance notice to registered account holders via their registered email address or through an in-platform notification before the changes take effect.

14.3 Your continued use of the 26superph platform following the effective date of an updated Privacy Policy constitutes your acknowledgment of the updated Policy. If you do not accept the updated Policy, you may close your account by contacting customer support.

15.1 Data Protection Officer. 26superph has appointed a Data Protection Officer (DPO) as required under the Philippine Data Privacy Act. The DPO is responsible for overseeing 26superph's data protection compliance and is your primary point of contact for data privacy matters.

15.2 Exercising Your Rights. To exercise your data subject rights, submit a data privacy complaint, or direct any privacy-related inquiry, you may contact 26superph through the following channels:

• Email: support@26superph.asia (subject line: "Data Privacy Request")
• Live Chat: Available 24/7 through the 26superph platform — for urgent matters, this is the fastest channel

15.3 National Privacy Commission. If you are not satisfied with 26superph's response to a data privacy concern, you have the right to file a complaint with the National Privacy Commission of the Philippines through its official channels as published on the NPC's official website.