jilliph Privacy Policy

jilliph operates as an online gaming and entertainment platform serving Filipino players across the Philippines. As a personal information controller under the Data Privacy Act of 2012, jilliph is responsible for determining the purposes and means of processing the personal data of its users.

This Policy applies to all personal data collected through the jilliph website at jilliph.app, the jilliph mobile platform, customer support channels, and any other touchpoints through which you interact with jilliph. It applies to all registered players, prospective players, and visitors to the Platform.

jilliph has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with this Policy and the DPA. Contact details for the DPO are provided in Section 14 of this Policy.

jilliph collects the following categories of personal data from users of the Platform:

jilliph does not intentionally collect sensitive personal information (as defined under the DPA) beyond what is strictly necessary for identity verification and regulatory compliance. Where sensitive personal information is collected, it is handled with the heightened protections required by law.

jilliph collects personal data through the following means:

• Direct collection: Information you provide when registering an account, completing KYC verification, making deposits or withdrawals, contacting customer support, or participating in promotions.
• Automated collection: Technical and usage data collected automatically when you access the Platform, including through cookies, web beacons, log files, and similar tracking technologies (see Section 9).
• Third-party sources: Identity verification data from KYC service providers; fraud and AML screening data from compliance service providers; payment confirmation data from GCash, PayMaya/Maya, and banking partners.
• Publicly available sources: Where permitted by law, jilliph may supplement your profile with information from publicly available government databases for the purpose of identity verification and fraud prevention.

jilliph processes your personal data for the following purposes:

• Account registration and management: To create, maintain, and administer your jilliph account, including verifying your identity and eligibility to use the Platform.
• KYC and age verification: To verify that you meet the minimum age requirement of 21 years and to comply with our Know Your Customer obligations under applicable Philippine regulations.
• Transaction processing: To process deposits, withdrawals, and bonus credits to and from your jilliph account via GCash, PayMaya/Maya, bank transfer, and debit card.
• Regulatory compliance: To comply with anti-money laundering (AML) obligations under the Anti-Money Laundering Act (AMLA), PAGCOR licensing requirements, and other applicable Philippine laws and regulations.
• Fraud prevention and security: To detect, investigate, and prevent fraudulent activity, cheating, money laundering, and other prohibited conduct on the Platform.
• Customer support: To respond to your inquiries, complaints, and support requests in a timely and effective manner.
• Platform improvement: To analyze usage patterns, conduct research, and improve the features, performance, and user experience of the jilliph Platform.
• Marketing communications: To send you promotional offers, bonus notifications, and news about jilliph, where you have opted in to receive such communications. You may opt out at any time.
• Responsible gaming: To monitor gameplay patterns and identify players who may be at risk of problem gambling, in accordance with our Responsible Gaming Policy.
• Legal proceedings: To establish, exercise, or defend legal claims involving jilliph.

Under the Data Privacy Act of 2012, jilliph processes your personal data on the following legal bases:

• Contractual necessity: Processing required to perform our contract with you, including account management, transaction processing, and customer support.
• Legal obligation: Processing required to comply with applicable Philippine laws, including AML obligations, PAGCOR regulatory requirements, and tax reporting obligations.
• Legitimate interests: Processing necessary for jilliph's legitimate interests, including fraud prevention, Platform security, and improving our services, where such interests are not overridden by your data protection rights.
• Consent: Processing based on your freely given, specific, informed, and unambiguous consent, including for marketing communications and certain non-essential cookies. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

jilliph does not sell, rent, or trade your personal data. We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data protection safeguards:

• Payment processors: GCash, PayMaya/Maya, BPI, BDO, Metrobank, UnionBank, Landbank, PNB, Security Bank, and debit card processors, for the purpose of processing your financial transactions.
• KYC and identity verification providers: Third-party service providers engaged to verify your identity and age in compliance with our regulatory obligations.
• AML and fraud screening providers: Compliance technology providers engaged to screen transactions and player activity for money laundering and fraud indicators.
• IT and platform service providers: Cloud hosting, data storage, cybersecurity, and platform infrastructure providers who process data on our behalf under strict data processing agreements.
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine government authorities, where disclosure is required by law or regulatory mandate.
• Legal and professional advisors: Lawyers, auditors, and other professional advisors engaged by jilliph in connection with legal proceedings or compliance reviews, subject to professional confidentiality obligations.

All third-party service providers who process personal data on behalf of jilliph are required to enter into data processing agreements that impose data protection obligations consistent with the DPA and this Policy.

jilliph retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The following general retention periods apply:

• Account and identity data: Retained for the duration of your account and for a minimum of five (5) years following account closure, in compliance with AML record-keeping requirements under the AMLA.
• Transaction records: Retained for a minimum of five (5) years from the date of each transaction, as required by the AMLA and applicable tax regulations.
• KYC documents: Retained for a minimum of five (5) years following account closure or the completion of the relevant transaction, whichever is later.
• Customer support records: Retained for three (3) years from the date of the last interaction, unless a longer period is required for ongoing legal proceedings.
• Marketing preferences: Retained until you withdraw your consent or opt out of marketing communications.
• Technical and usage logs: Retained for up to twelve (12) months for security and fraud prevention purposes, after which they are anonymized or deleted.

Upon expiry of the applicable retention period, personal data will be securely deleted or anonymized in accordance with jilliph's data disposal procedures.

jilliph implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

• Transport Layer Security (TLS) encryption for all data transmitted between your device and the jilliph Platform.
• Encryption at rest for sensitive personal data stored in jilliph's databases.
• Role-based access controls limiting access to personal data to authorized personnel on a strict need-to-know basis.
• Regular security vulnerability assessments and penetration testing of the Platform.
• Multi-factor authentication requirements for administrative access to systems containing personal data.
• Incident response procedures for detecting, reporting, and managing personal data breaches in accordance with NPC notification requirements.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, jilliph will notify the NPC within seventy-two (72) hours of becoming aware of the breach, and will notify affected individuals without undue delay, as required by the DPA and NPC Circular No. 16-03.

While jilliph takes all reasonable steps to protect your personal data, no method of electronic transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your jilliph account credentials and for notifying us immediately of any suspected unauthorized access to your account.

jilliph uses cookies and similar tracking technologies to operate and improve the Platform. Cookies are small text files placed on your device when you visit the Platform. The following categories of cookies are used:

• Strictly necessary cookies: Essential for the Platform to function correctly, including session management, authentication, and security. These cannot be disabled.
• Functional cookies: Remember your preferences and settings (e.g., language, display preferences) to provide a more personalized experience.
• Analytics cookies: Collect anonymized data about how users interact with the Platform to help us understand usage patterns and improve our services.
• Marketing cookies: Used to deliver relevant promotional content to you based on your interests and Platform activity, where you have consented to receive marketing communications.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. For strictly necessary cookies, your consent is not required as they are essential for the Platform to operate.

Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data held by jilliph:

Right to Access: You may request a copy of the personal data jilliph holds about you, along with information about how it is processed.

Right to Rectification: You may request correction of inaccurate or incomplete personal data. You can update basic account information directly through your account dashboard.

Right to Erasure: You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to jilliph's legal obligations to retain certain records.

Right to Object: You may object to the processing of your personal data for direct marketing purposes at any time. You may also object to processing based on legitimate interests, subject to jilliph's overriding legitimate grounds.

Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, machine-readable format for transfer to another service provider, where technically feasible.

Right to Complain: If you believe jilliph has violated your data privacy rights, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

To exercise any of your data rights, please contact our Data Protection Officer at [email protected]. jilliph will respond to all data rights requests within thirty (30) days of receipt, as required by the DPA.

The jilliph Platform is strictly intended for individuals who are at least 21 years of age, in accordance with Philippine gaming regulations. jilliph does not knowingly collect personal data from individuals under the age of 21.

If jilliph becomes aware that it has inadvertently collected personal data from a person under the age of 21, it will take immediate steps to delete such data and close the associated account. Any winnings accrued by an underage player will be forfeited in accordance with our Terms & Conditions.

If you are a parent or guardian and believe that your child under the age of 21 has registered on the jilliph Platform, please contact us immediately at [email protected] so that we can take appropriate action.

In the course of operating the jilliph Platform, your personal data may be transferred to and processed in countries outside the Philippines, including countries where jilliph's cloud infrastructure providers or technology partners are located.

Where personal data is transferred outside the Philippines, jilliph ensures that appropriate safeguards are in place to protect your data in accordance with the DPA, including contractual clauses approved by the NPC, adequacy determinations, or other lawful transfer mechanisms.

jilliph will not transfer your personal data to a foreign country or international organization unless it has ensured that the recipient provides a level of data protection that is at least equivalent to the standards required under Philippine law.

jilliph reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or Platform features. The date of the most recent revision is indicated at the top of this page under "Last Updated."

When material changes are made to this Policy, jilliph will notify registered players by posting a prominent notice on the Platform and, where practicable, by sending an email notification to your registered email address. We encourage you to review this Policy periodically to stay informed about how we protect your personal data.

Your continued use of the jilliph Platform following the effective date of any amended Policy constitutes your acceptance of the changes. If you do not agree with the amended Policy, you must cease using the Platform and close your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or jilliph's data processing practices, please contact our Data Protection Officer (DPO) through the following channels:

• Email: [email protected] (plain text – not a clickable link)
• Subject Line: Please include "Privacy / DPO Request" in your subject line for faster routing
• Live Chat: Available 24/7 through your jilliph account dashboard
• Response Time: jilliph aims to acknowledge all privacy-related inquiries within 72 hours and to resolve them within 30 days

If you are not satisfied with jilliph's response to your privacy concern, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines, which is the supervisory authority responsible for enforcing the Data Privacy Act of 2012.