367ph Privacy Policy

367ph ("we," "us," "our," or the "Platform") is committed to safeguarding the personal information of all individuals who interact with our platform, including registered players, account applicants, and website visitors. This Privacy Policy ("Policy") explains what personal data 367ph collects, the purposes for which it is collected, how it is used and stored, to whom it may be disclosed, and the rights available to data subjects under applicable Philippine law.

This Policy applies to all personal data processed by 367ph in connection with: (a) the registration, verification, and ongoing management of 367ph player accounts; (b) the conduct of gaming, betting, and related transactions on the platform; (c) the provision of customer support, bonus administration, and promotional communications; and (d) the operation, monitoring, and security of the 367ph website at https://367ph.app and its associated services.

For the purposes of the Republic of the Philippines Data Privacy Act of 2012 (Republic Act No. 10173, hereinafter "DPA") and its Implementing Rules and Regulations, 367ph is the personal information controller responsible for the processing of personal data described in this Policy.

All inquiries, requests, and complaints relating to the processing of personal data under this Policy should be directed to the 367ph Data Protection Officer via the contact details specified in Section 15 of this Policy. 367ph has designated a Data Protection Officer in accordance with the requirements of the DPA and the National Privacy Commission's Implementing Rules.

367ph collects the following categories of personal data, depending on your relationship with the platform:

367ph collects personal data through the following channels and mechanisms:

• Direct submission: Information you provide when registering a 367ph account, completing KYC verification, making a deposit or withdrawal, contacting support, or updating your account settings;
• Automated technical collection: Data collected automatically when you access the 367ph platform, including IP address, device identifiers, browser information, and session metadata via server logs and analytics tools;
• Cookies and similar technologies: Session cookies, persistent cookies, and similar tracking mechanisms as described in Section 10;
• Payment processors: Confirmation and transaction reference data returned by payment processing partners (GCash, Maya, BPI, BDO, Metrobank, UnionBank) when you initiate a deposit or withdrawal;
• Identity verification partners: Data returned by third-party KYC or identity verification service providers engaged by 367ph to assist in document authentication;
• Anti-fraud and AML systems: Risk signals generated by automated compliance and fraud detection systems operating on transactional and behavioural data.

367ph processes personal data for the following specific, documented purposes:

1. Account registration and management: To create, maintain, and administer your 367ph account, including verifying your identity, processing your 367ph Login credentials, and keeping your profile current;
2. KYC and age verification: To verify that you are at least 21 years of age and to meet anti-money laundering obligations under Philippine law and PAGCOR regulatory requirements;
3. Transaction processing: To process deposits, withdrawals, and in-platform wagers in Philippine Peso via your chosen payment method, and to maintain accurate financial records;
4. Platform security and fraud prevention: To detect, investigate, and prevent unauthorised account access, fraudulent transactions, bonus abuse, collusion, and other prohibited conduct;
5. Regulatory compliance: To meet obligations under the DPA, Anti-Money Laundering Act (AMLA), relevant PAGCOR regulations, and other applicable Philippine law;
6. Customer support: To investigate and resolve complaints, account queries, payment disputes, and technical issues submitted via the 367ph support channels;
7. Responsible gaming: To monitor gaming patterns for indicators of problem gambling behaviour and to administer self-exclusion, deposit limit, and cool-off requests;
8. Service improvement: To analyse aggregated platform usage data for the purpose of improving the 367ph product, user experience, and game selection;
9. Marketing communications: To send promotional offers, bonus notifications, and product updates to players who have opted in to receive such communications.

367ph processes personal data on the following legal bases under Section 12 and Section 13 of the Data Privacy Act of 2012:

• Contractual necessity: Processing is necessary for the performance of the gaming services contract between 367ph and the registered account holder, including account maintenance, transaction processing, and support delivery;
• Legal obligation: Processing is required to comply with 367ph's obligations under the Anti-Money Laundering Act, PAGCOR regulations, and the Data Privacy Act itself, including KYC verification and transaction record-keeping;
• Legitimate interests: Processing is necessary for the legitimate interests of 367ph in operating a secure, fraud-free platform — provided those interests are not overridden by the rights and interests of the data subject;
• Consent: Where processing is not otherwise covered by the above bases — particularly for marketing communications and optional data collection — 367ph relies on the freely given, specific, and informed consent of the data subject, which may be withdrawn at any time.

367ph does not sell, rent, or commercially share personal data with any third party for marketing or advertising purposes. Personal data is shared with third parties only where necessary and on a strictly limited basis, as set out below.

Categories of Third Parties Who May Receive Data

• Payment processing partners: GCash, Maya (PayMaya), BPI, BDO, Metrobank, UnionBank, and over-the-counter partners receive the minimum data required to process your deposit or withdrawal transaction;
• Identity verification providers: Third-party KYC and document authentication services receive identity document images and personal details solely for the purpose of verifying account holder identity on behalf of 367ph;
• Game content providers: Third-party game providers (including JILI, Pragmatic Play, PG Soft, and Vivo Live) may receive session identifiers and wager data necessary to operate their games within the 367ph platform environment;
• IT infrastructure and hosting providers: Cloud infrastructure and hosting partners who provide data storage and processing services to 367ph under binding data processing agreements that prohibit independent use of your data;
• Regulatory and law enforcement authorities: 367ph will disclose personal data to the National Privacy Commission (NPC), PAGCOR, the Anti-Money Laundering Council (AMLC), the Philippine National Police (PNP), or other Philippine government authorities where required by law, court order, or regulatory directive;
• Professional advisors: Legal, audit, and compliance professionals engaged by 367ph under obligations of confidentiality, where access to personal data is necessary to provide their services.

All third parties engaged by 367ph to process personal data on its behalf are bound by data processing agreements requiring them to process data only on 367ph's documented instructions, to maintain appropriate security standards, and to delete or return data upon termination of the engagement.

367ph retains personal data only for as long as necessary to fulfil the purpose for which it was collected, to comply with legal and regulatory retention obligations, and to resolve any outstanding disputes or complaints. The following retention periods apply as a general framework:

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised such that it can no longer be attributed to an identifiable individual. Where data is retained for legal or regulatory purposes beyond account closure, access is restricted to compliance personnel only.

367ph implements a layered set of technical and organisational security controls to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include, but are not limited to:

• Transport encryption: All data transmitted between your device and the 367ph platform is encrypted using TLS 1.2 or higher with 256-bit SSL certificates. The 367ph Login page and all authenticated sections are served exclusively over HTTPS;
• Data-at-rest encryption: Personal data stored in 367ph's databases, including KYC documents, financial records, and account credentials, is encrypted at rest using AES-256 or equivalent standards;
• Password security: Account passwords are stored as salted cryptographic hashes using industry-standard algorithms. Plain-text passwords are never stored by 367ph;
• Access controls: Access to personal data is restricted on a need-to-know basis, enforced through role-based access controls, strong authentication requirements, and regular access reviews for 367ph personnel;
• OTP-based account verification: Sensitive account actions, including mobile number changes, withdrawal requests, and suspicious login attempts, require OTP verification to the registered Philippine mobile number;
• Intrusion detection: Automated monitoring systems are in place to detect unusual access patterns, credential stuffing attacks, and other indicators of malicious activity against the platform;
• Vendor security assessments: Third-party data processors are subject to security assessments prior to engagement and are contractually obligated to maintain appropriate security standards.

367ph uses cookies and similar browser-based tracking technologies to operate and improve the platform. A cookie is a small text file placed on your device when you visit the 367ph website. Cookies do not identify you personally on their own; they identify your browser or device.

Types of Cookies Used

• Strictly necessary cookies: Required for the platform to function correctly, including maintaining your logged-in session after authentication at the 367ph Login page, storing game session state, and enabling the cashier. These cannot be disabled without impairing platform functionality;
• Performance and analytics cookies: Used to collect aggregated, anonymised data on how visitors interact with the 367ph website — such as which pages are visited most frequently and how long sessions last. This data informs platform improvements;
• Functional cookies: Store preferences such as your language setting, responsible gaming notification preferences, and display configurations to improve your experience on return visits;
• Security cookies: Used to detect fraud, bot activity, and account misuse by identifying unusual browser behaviour or rapid repeated login attempts.

You may configure your browser to refuse or delete cookies at any time. Note that disabling strictly necessary cookies will prevent you from accessing authenticated areas of the 367ph platform, including the game lobby and cashier. 367ph does not currently respond to browser "Do Not Track" signals.

Under the Data Privacy Act of 2012 and its Implementing Rules, 367ph account holders and data subjects have the following rights with respect to the personal data held about them by 367ph. These rights may be exercised by contacting the 367ph Data Protection Officer as described in Section 15:

The 367ph platform is strictly intended for individuals who are at least twenty-one (21) years of age, as required by Philippine gaming law. 367ph does not knowingly collect or process personal data from any person under the age of 21. If 367ph becomes aware that personal data has been collected from a person who is under the minimum age, the account will be immediately suspended and the personal data will be deleted as soon as practicable, except to the extent required for compliance or legal proceedings.

If you believe that 367ph may have inadvertently collected personal data from a minor, please contact the 367ph Data Protection Officer immediately via the details in Section 15. Parent or guardian notification and cooperation will be requested where appropriate.

The 367ph platform may contain links to or embed content from third-party game providers, payment gateways, and operational tool providers. This Privacy Policy applies exclusively to the personal data processing conducted by 367ph and does not cover data practices of third-party platforms or services that have their own independent privacy policies.

When you interact with a third-party payment gateway — for example, when you authorise a GCash deposit — you are engaging with that third party's own systems and interface. 367ph is not responsible for the data practices of GCash, Maya, BPI, BDO, Metrobank, UnionBank, or any other independent service provider once you leave the direct 367ph platform environment. We encourage you to review the privacy policies of any third-party service you use in connection with 367ph transactions.

367ph reserves the right to update or revise this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, platform features, or regulatory requirements. The "Effective Date" at the top of this document will be updated to reflect the date the revised Policy enters into force.

Material changes to this Policy — particularly those affecting the purposes for which personal data is used, the categories of third parties with whom data is shared, or data subjects' rights — will be communicated to registered players via in-account notification or email at least seven (7) days before the changes take effect where reasonably practicable.

Your continued use of the 367ph platform following the effective date of a revised Policy constitutes your acceptance of the updated terms. If you do not accept the revised Policy, you must close your 367ph account by contacting support prior to the effective date of the changes.

All privacy-related inquiries, data subject rights requests, and personal data breach notifications should be submitted to the 367ph Data Protection Officer. Requests are acknowledged within five (5) business days and resolved as promptly as reasonably possible, with a maximum response period of thirty (30) days for standard requests.

Contact Details

Email (plain text — not a clickable link):
[email protected]

Support Channel: 24/7 Live Chat available on the 367ph website. When contacting regarding a privacy matter, please include "Privacy Request" in your initial message to ensure it is routed to the Data Protection Officer promptly.

National Privacy Commission

If you are not satisfied with 367ph's response to your data privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC), the independent regulatory body responsible for enforcing the Data Privacy Act of 2012. Information on how to file a complaint with the NPC is available through official Philippine government channels.