This Privacy Policy explains how aaph collects, uses, stores, shares, and protects your personal information when you use our platform. It also sets out your rights as a data subject under the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines.
🔍 Privacy at a Glance
These cards summarize aaph's core data privacy commitments. They do not replace the full policy text — please read all sections below for the complete picture.
aaph collects personal data for specific, legitimate purposes — registration, identity verification (KYC), payment processing, and regulatory compliance. We do not collect data speculatively or sell it to third-party advertisers.
aaph uses 256-bit SSL encryption, access-controlled data infrastructure, and industry-standard security protocols to protect your personal information from unauthorized access, disclosure, or loss.
aaph processes all personal data in accordance with the Data Privacy Act of 2012 (RA 10173), its Implementing Rules and Regulations, and applicable PAGCOR data governance requirements. You have enforceable rights as a data subject under Philippine law.
aaph shares your data only with parties necessary to deliver our services — payment processors, identity verification providers, game studios, and regulatory bodies. We do not sell or rent personal data to unrelated third parties under any circumstances.
As an aaph player, you have the right to access, correct, delete, and port your personal data, and to withdraw consent where processing is consent-based. You may exercise these rights by contacting aaph's Data Protection Officer at any time.
aaph retains personal data only for as long as required to fulfill the purposes for which it was collected, comply with PAGCOR record-keeping obligations (minimum five years for gaming transaction records), and meet AML legislative requirements.
This policy applies to all aaph users. By using aaph, you accept this Privacy Policy.
Your privacy matters to aaph. This Privacy Policy ("Policy") is issued by aaph ("aaph," "we," "us," "our") and governs how we handle personal data belonging to Players, prospective Players, and website visitors. By registering an account or using the aaph platform, you confirm that you have read and understood this Policy and consent to the collection and use of your personal data as described herein.
aaph is committed to protecting the privacy and personal data of everyone who uses our platform. This Policy is designed to comply with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines, its Implementing Rules and Regulations (IRR), the guidelines issued by the National Privacy Commission (NPC) of the Philippines, and all applicable PAGCOR data governance and anti-money laundering requirements.
This Policy applies to all personal data collected through the aaph website at aaph.one, all associated gaming and account services, customer support channels, marketing communications, and any other interactions between you and aaph. It covers data collected from registered Players, registered accounts undergoing KYC verification, prospective Players who have not yet completed registration, and general visitors to the aaph website.
By accessing or using aaph, you acknowledge that you have read this Policy and that your personal data will be processed in the manner described. If you do not agree with the terms of this Policy, you should not use aaph's services.
For the purposes of the Data Privacy Act of 2012 and this Policy, aaph acts as the Personal Information Controller (PIC) in respect of all personal data collected from Players and website visitors in connection with the aaph platform. As PIC, aaph determines the purposes for which and the manner in which your personal data is processed.
aaph is a PAGCOR-supervised online gaming platform operating under Philippine gaming and financial regulations. All data processing activities conducted by aaph are subject to PAGCOR oversight and Philippine law. Inquiries regarding aaph's data controller responsibilities may be directed to aaph's Data Protection Officer at the contact details provided in Section 14 of this Policy.
aaph collects the following categories of personal data from Players and website users. The specific data collected depends on the stage of your relationship with aaph:
| Category | Specific Data Points | When Collected |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, government-issued ID type and number, ID photograph, selfie photograph | KYC verification (required before first withdrawal) |
| Contact Data | Email address, Philippine mobile number, residential address | Account registration and profile updates |
| Account Data | Username, account ID, password (encrypted hash only), security settings, communication preferences | Account creation and ongoing account use |
| Financial Data | Deposit and withdrawal history, payment method type and masked identifiers (e.g., last four digits of BPI account, GCash number), transaction timestamps, wallet balance history | Deposits, withdrawals, and transaction activity |
| Gaming Data | Game session logs, bet amounts, game results, wagering history, bonus participation and usage, VIP tier activity | All real-money gaming activity on aaph |
| Technical Data | IP address, device type and identifiers, browser type and version, operating system, session timestamps, login history, geolocation data (city/region level) | Platform access and all browsing sessions |
| Communications Data | Support chat and email correspondence, survey responses, feedback, complaint records | Customer support interactions and feedback |
| Marketing Data | Promotion engagement history, marketing email open and click data, communication opt-in and opt-out records | Participation in aaph promotions and marketing communications |
aaph does not collect or store your full payment card numbers, full bank account numbers, or GCash PINs. Payment processing is handled by regulated third-party payment processors subject to their own data security standards and Philippine BSP guidelines.
aaph collects personal data through the following channels and methods:
aaph processes your personal data only where a valid legal basis exists under the Data Privacy Act of 2012. The following table maps each processing activity to its purpose and legal basis:
| Processing Activity | Purpose | Legal Basis |
|---|---|---|
| Account registration and management | Creating and maintaining your aaph Player account | Performance of contract |
| KYC identity verification | Verifying Player identity and age in compliance with PAGCOR regulations and AML law | Legal obligation (PAGCOR, RA 9160) |
| Payment processing | Processing deposits, withdrawals, and wallet transactions in PHP | Performance of contract |
| Gaming activity recording | Maintaining bet, game session, and outcome records for dispute resolution and PAGCOR reporting | Legal obligation (PAGCOR) / Legitimate interest |
| AML monitoring and screening | Detecting and reporting suspicious financial transactions as required by RA 9160 | Legal obligation |
| Responsible gaming enforcement | Applying deposit limits, self-exclusion records, and problem gambling detection | Legal obligation (PAGCOR) / Legitimate interest |
| Customer support | Responding to inquiries, resolving disputes, and maintaining support records | Performance of contract / Legitimate interest |
| Platform security | Fraud detection, account security monitoring, and prevention of prohibited conduct | Legitimate interest |
| Marketing communications | Sending promotional offers, bonus notifications, and platform updates to opted-in Players | Consent |
| Platform analytics and improvement | Analyzing usage patterns to improve platform performance and game offerings | Legitimate interest |
Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing that took place prior to withdrawal (see Section 11).
aaph does not sell, rent, or trade your personal data to unrelated third parties. We share personal data only with the categories of recipients listed below, and only to the extent necessary to fulfill the stated purpose:
Important: All third-party service providers engaged by aaph are required to maintain data processing agreements (DPAs) with aaph and process your personal data only in accordance with aaph's documented instructions. aaph remains responsible for ensuring that all data processors comply with the Data Privacy Act of 2012.
Some of aaph's third-party service providers — particularly game content studios and cloud infrastructure providers — are headquartered or operate data centers outside the Philippines. Where personal data is transferred to recipients in jurisdictions outside the Philippines, aaph ensures that appropriate safeguards are in place in accordance with Section 21 of the Data Privacy Act of 2012, including but not limited to:
aaph will not transfer your personal data to a foreign jurisdiction unless aaph is satisfied that the recipient country or organization provides an adequate level of protection for personal data, or that appropriate contractual safeguards are in place.
aaph retains personal data for the periods specified below, after which data is securely deleted or anonymized unless a longer retention period is required by law:
Where legal proceedings or regulatory investigations are in progress or anticipated, aaph may retain relevant data for longer than the periods specified above until the matter is fully resolved.
aaph implements a comprehensive set of technical and organizational security measures to protect your personal data against unauthorized access, loss, disclosure, alteration, or destruction. These measures include:
Notwithstanding the above, no online platform can guarantee absolute security. You are responsible for maintaining the security of your aaph account credentials, including your password and OTP codes. Do not share these with anyone.
Cookies are small text files placed on your device when you visit the aaph website. They help aaph recognize your browser, maintain your session, remember your preferences, and collect analytical data about how the platform is used.
You may manage or disable non-essential cookies through your browser settings or through aaph's cookie consent interface. Disabling strictly necessary cookies will impair your ability to use the aaph platform, including the ability to log in and access your account. aaph does not use cookies to serve advertisements from third-party advertising networks.
As a data subject under the Data Privacy Act of 2012, you have the following rights in respect of your personal data held by aaph. To exercise any of these rights, contact aaph's Data Protection Officer as described in Section 14:
Request a copy of the personal data aaph holds about you and information on how it is processed.
Request correction of inaccurate or incomplete personal data. For KYC data, supporting documentation may be required.
Request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
Object to processing based on legitimate interest, including for direct marketing and profiling purposes. Withdrawal of objection to marketing can be done through your account settings.
Receive a structured, machine-readable copy of personal data you have provided to aaph for transfer to another data controller.
Request that aaph restricts processing of your personal data in certain circumstances — for example, while a correction request is being assessed.
Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing. Marketing consent can be withdrawn via account settings or by contacting the DPO.
Lodge a complaint with aaph's DPO or directly with the National Privacy Commission (NPC) of the Philippines if you believe your data rights have been violated.
Response times: aaph will acknowledge data subject rights requests within 72 hours and will complete the request or provide a substantive response within 15 calendar days of receipt, or within such longer period as permitted by the Data Privacy Act where the request is complex. aaph will not charge a fee for standard data subject rights requests.
aaph is a real-money gaming platform strictly for persons aged 21 years and above, in compliance with PAGCOR regulations and Philippine law. aaph does not knowingly collect personal data from individuals under 21 years of age. The aaph registration process requires users to confirm their age, and identity verification (KYC) prior to withdrawal confirms that a Player meets the minimum age requirement using a government-issued Philippine identity document.
If aaph becomes aware that personal data has been collected from a Player who is under 21 years of age, aaph will immediately suspend the relevant account, delete or return any deposited funds, and securely delete all personal data associated with the underage individual. Parents or guardians who believe a minor may have registered on aaph should contact our support team immediately.
aaph strictly enforces the 21+ age requirement. Gambling by persons under 21 is illegal in the Philippines and a violation of PAGCOR regulations. All accounts are subject to age verification through KYC identity document checks.
aaph may send you marketing communications — including promotional offers, bonus notifications, new game announcements, and platform updates — via email and SMS, where you have provided consent to receive such communications at the time of registration or at a later date through your account settings.
Marketing communications from aaph will always:
You may withdraw your consent to marketing communications at any time by updating your communication preferences in your aaph Account Settings, or by contacting aaph support. Withdrawal of marketing consent does not affect transactional communications that are necessary to deliver the services you have requested (e.g., deposit confirmations, withdrawal notifications, or account security alerts).
In compliance with the Data Privacy Act of 2012, aaph has designated a Data Protection Officer (DPO) responsible for overseeing aaph's data protection strategy, ensuring compliance with RA 10173, and serving as the primary point of contact for data subject rights requests and privacy inquiries.
The aaph DPO may be contacted through the following channels. Note that email addresses and contact information below are displayed as plain text only and are not clickable links:
aaph's DPO is registered with the National Privacy Commission of the Philippines in accordance with NPC registration requirements applicable to personal information controllers of aaph's scale and nature of data processing.
aaph reserves the right to update this Privacy Policy at any time to reflect changes in applicable law, PAGCOR regulatory requirements, aaph's data processing activities, or industry best practices. Material changes to this Policy will be notified to registered Players via email to the address on file and/or through an in-platform notification, with a minimum of fourteen (14) days' advance notice prior to the effective date of the change.
The updated Policy will always be available at aaph.one/privacy-policy. The "Last Updated" date at the top of this Policy will reflect the date of the most recent revision. Your continued use of the aaph platform following the effective date of any revision constitutes your acceptance of the updated Policy. If you do not agree to the revised Policy, you may close your account as described in aaph's Terms & Conditions.
If you have any questions, concerns, or complaints regarding this Privacy Policy or how aaph handles your personal data, we encourage you to contact aaph's Data Protection Officer in the first instance using the contact details provided in Section 14. aaph will acknowledge your inquiry within 72 hours and work toward a substantive resolution within 15 calendar days.
If you are not satisfied with aaph's response to your privacy complaint, you have the right to escalate the matter to the National Privacy Commission (NPC) of the Philippines, which is the competent supervisory authority for the Data Privacy Act of 2012. Information on filing a complaint with the NPC is available through official NPC channels.
Effective Date: 1 January 2026. This Privacy Policy is issued by aaph and governs all personal data processing activities conducted in connection with the aaph platform. aaph is operated under PAGCOR supervision. All data processing is conducted in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines.