This Privacy Policy explains how 9aph collects, uses, stores, and protects your personal information when you use the 9aph platform at 9aph.net. We are committed to handling your data responsibly and in full compliance with the Republic Act No. 10173 — the Data Privacy Act of 2012 (DPA) — as administered by the National Privacy Commission of the Philippines.
This Privacy Policy applies to all personal data processed by 9aph in connection with your registration, account use, transactions, and interactions with the 9aph platform. By registering an account or using any 9aph service, you consent to the data practices described in this Policy. If you do not agree with any provision of this Policy, please discontinue use of the platform.
For the purposes of this Privacy Policy, the following terms carry the meanings set out below:
2.1 Identity of the Data Controller. 9aph, operating the online gaming platform at 9aph.net, is the Data Controller for all personal data collected from Users of the platform. As Data Controller, 9aph determines the purposes for which your personal data is collected and the means by which it is processed.
2.2 Data Protection Officer. 9aph has designated a Data Protection Officer (DPO) responsible for overseeing the platform's compliance with the Data Privacy Act of 2012 and this Privacy Policy. You may contact the 9aph DPO directly for any data protection inquiries, rights requests, or complaints at: support at 9aph.net — please include "Data Privacy" in the subject line of your correspondence.
2.3 Registration with the NPC. 9aph maintains appropriate registrations and notifications with the National Privacy Commission of the Philippines as required by the DPA and its implementing rules and regulations. Where required, 9aph's data processing systems are registered with the NPC.
9aph collects the following categories of personal data in connection with your use of the platform:
| Category | Data Elements | Purpose |
|---|---|---|
| Identity Data | Full legal name, date of birth, gender, nationality, government-issued ID number and document images | KYC verification, age verification (21+), AML compliance, regulatory reporting |
| Contact Data | Philippine mobile number (+63), email address, home or billing address | Account communication, 2FA delivery, support, regulatory notifications |
| Account Data | Username, encrypted password, account creation date, login history, session timestamps | Account management, security monitoring, access control |
| Financial Data | GCash account reference, PayMaya account reference, bank account details (BPI, BDO, Metrobank), transaction history, deposit and withdrawal records | Payment processing, AML monitoring, financial reporting, withdrawal verification |
| Gaming Activity Data | Game session logs, bet amounts, game outcomes, win/loss records, bonus usage, wagering history | Service delivery, regulatory compliance, responsible gaming monitoring, dispute resolution |
| Technical Data | IP address, device type and model, browser type and version, operating system, device fingerprint, geolocation data | Security, fraud prevention, geographic eligibility verification, platform optimization |
| Communications Data | Customer support chat transcripts, email correspondence, SMS logs | Customer service quality, dispute resolution, training, regulatory audits |
| Responsible Gaming Data | Deposit limits set, self-exclusion status, cool-off periods, session time preferences | Responsible gaming tool administration, regulatory compliance |
Government-issued ID documents and financial account details submitted for KYC verification constitute Sensitive Personal Information under the DPA. 9aph applies enhanced security controls to this data category, including access restriction to authorized KYC personnel only, encrypted storage, and mandatory audit logging of all access events.
9aph collects personal data through the following means:
9aph processes your personal data on the following legal bases as recognized under the Data Privacy Act of 2012:
9aph uses your personal data for the following purposes:
7.1 General Principle. 9aph does not sell, rent, or trade your personal data to any third party for their own marketing purposes. Personal data is shared only as described in this section and only to the extent necessary for the stated purpose.
7.2 Service Providers and Data Processors. 9aph shares personal data with third-party service providers who process data on 9aph's behalf under data processing agreements that bind them to confidentiality and security obligations consistent with the DPA. These include:
7.3 Regulatory Authorities. 9aph is required by law to disclose personal data — including identity documents, financial records, and gaming activity logs — to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), law enforcement agencies, and other Philippine governmental authorities upon lawful request or as required by applicable regulation. Such disclosures will be made without prior notice to the User where disclosure notice is prohibited by law or where providing notice would compromise an investigation.
7.4 Business Transfers. In the event of a merger, acquisition, restructuring, or asset sale involving 9aph, personal data held by 9aph may be transferred to the acquiring or successor entity, subject to that entity assuming the data protection obligations described in this Policy. Users will be notified of any such transfer as required by the DPA.
9aph does not sell, license, or exchange your personal data for third-party marketing purposes. Any data sharing arrangement with third parties is governed by a written agreement that requires the third party to process your data only for the purposes specified by 9aph and to apply security measures consistent with the Data Privacy Act of 2012.
8.1 Retention Periods. 9aph retains personal data for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, and to resolve disputes. The following retention periods apply as a general guide:
8.2 Retention After Account Closure. When you close your 9aph account, personal data is not immediately deleted. Data required to be retained under the periods set out in Section 8.1 will be retained in restricted-access secure storage for the applicable period and then securely destroyed or anonymized at expiry, unless a legal hold is in effect.
9.1 Security Measures. 9aph implements technical, organizational, and physical security measures appropriate to the nature of the personal data processed, including:
9.2 Data Breach Notification. In the event of a personal data breach that poses a real risk of harm to affected individuals, 9aph will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, as required by NPC Circular No. 16-03. Affected Users will be notified without unreasonable delay where the breach is likely to result in a high risk to their rights and freedoms, in accordance with applicable NPC guidelines.
9.3 User Responsibility. While 9aph implements robust security measures, Users are responsible for maintaining the security of their own Account credentials. 9aph will never request your password through any communication channel. If you suspect your Account has been compromised, contact 9aph support immediately at support at 9aph.net.
10.1 Types of Cookies Used. The 9aph platform uses the following categories of cookies and similar tracking technologies:
10.2 Cookie Management. You may control non-essential cookies through your browser settings. Most modern browsers allow you to block, delete, or restrict cookies. Please note that disabling strictly necessary cookies will prevent you from logging in to the 9aph platform and using its core features. Instructions for managing cookies in common browsers (Chrome, Firefox, Samsung Internet, Safari) are available through your browser's help documentation.
10.3 Device Fingerprinting. In addition to cookies, 9aph uses device fingerprinting technology to identify the device used to access the platform for security and multi-account detection purposes. Device fingerprint data is processed on the basis of 9aph's legitimate interest in fraud prevention and enforcement of the one-account-per-user policy.
As a data subject under the Data Privacy Act of 2012, you have the following rights with respect to your personal data processed by 9aph. To exercise any of these rights, submit a written request to support at 9aph.net with the subject line "Data Subject Rights Request." 9aph will respond within fifteen (15) business days of receiving a complete and valid request.
Your right to erasure of personal data is subject to 9aph's legal obligations to retain certain data categories under the Anti-Money Laundering Act, PAGCOR regulations, and other applicable Philippine law. Where a legal retention obligation applies, 9aph will inform you of the specific retention basis and the earliest date on which erasure can be carried out.
12.1 No Data Collection from Minors. The 9aph platform is strictly intended for individuals aged 21 years and above. 9aph does not knowingly collect personal data from individuals under 21 years of age. Age verification is conducted as part of the registration and KYC process to enforce this restriction.
12.2 Detection and Remediation. If 9aph discovers or has reasonable grounds to suspect that an Account was registered by or is being used by an individual under 21 years of age, the Account will be immediately suspended, all associated data will be secured pending investigation, and the matter will be reported to PAGCOR and other relevant authorities as required by law. Any funds in the Account at the time of suspension will be handled in accordance with 9aph's Terms and Conditions and applicable regulatory directives.
12.3 Parental Concerns. If a parent or guardian believes their child under 21 years of age has created a 9aph account or provided personal data to 9aph, they are requested to contact 9aph immediately at support at 9aph.net with relevant details. 9aph will investigate and take appropriate remedial action as a matter of priority.
13.1 Transfer Circumstances. Some of 9aph's service providers — including game content studios, cloud infrastructure providers, and technical support vendors — may be located outside the Philippines. Where personal data is transferred to a jurisdiction outside the Philippines, 9aph ensures that appropriate safeguards are in place as required by the Data Privacy Act and NPC guidelines on cross-border data transfers.
13.2 Transfer Safeguards. Cross-border transfers of personal data are carried out only where one of the following conditions is met: (a) the recipient country has been determined to provide an adequate level of data protection; (b) 9aph has entered into a data transfer agreement with the recipient that incorporates NPC-approved standard contractual clauses or equivalent safeguards; or (c) the User has provided explicit informed consent to the transfer after being advised of the risks.
13.3 Information on Transfers. You may request information about the specific third-party recipients outside the Philippines to whom your personal data is transferred, and the safeguards applicable to those transfers, by contacting the 9aph DPO at support at 9aph.net.
14.1 Right to Amend. 9aph reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or the Services we provide. Material amendments will be notified to Users via the platform notification system, registered email address, or SMS to the registered mobile number, with a minimum of seven (7) days' notice before the amended Policy takes effect, except where an immediate amendment is required by law or regulatory directive.
14.2 Continued Use as Acceptance. Continued use of the 9aph platform after the effective date of any amended Privacy Policy constitutes your acceptance of the amended Policy. If you do not agree with any amendment, you must discontinue use of the platform and may request account closure in accordance with the Terms and Conditions.
14.3 Current Version. The effective date of the current version of this Privacy Policy is indicated at the top of this document. Users are encouraged to review this Policy periodically. Prior versions are available upon written request to the 9aph DPO.
For any data privacy inquiries, rights requests, complaints, or concerns regarding the processing of your personal data by 9aph, please contact the 9aph Data Protection Officer:
Email: support at 9aph.net (subject line: "Data Privacy")
Response time: Within 15 business days of receipt of a complete request
Support hours: 24 hours a day, 7 days a week
Languages: English and Tagalog
If you are not satisfied with 9aph's response to your data privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC). Information about filing a complaint with the NPC is available through the NPC's official government channels.
9aph is built on trust. Filipino players share real personal and financial data with this platform, and we take that responsibility seriously. If anything in this Policy is unclear, or if you have any question about how your data is handled, please reach out — our DPO team is here to help, in English or Tagalog, anytime.
Six core commitments that define 9aph's approach to data protection for Filipino players.
All data transmitted between your device and the 9aph platform is encrypted using the same 256-bit SSL/TLS standard used by Philippine banks like BPI and BDO. Your personal details, financial information, and account credentials are never transmitted in plain text.
9aph's KYC verification process complies with Republic Act No. 10173 (Data Privacy Act of 2012). Identity documents submitted for verification are stored encrypted, accessible only to authorized verification personnel, and retained only for the legally required period.
9aph does not sell, rent, or trade your personal data to any third party for marketing purposes — full stop. Third-party service providers who process data on our behalf are bound by strict data processing agreements and may only use your data for the specific purposes authorized by 9aph.
In the event of a data breach posing real risk of harm, 9aph notifies the National Privacy Commission within 72 hours as required by NPC Circular No. 16-03, and informs affected Users without unreasonable delay. Incident response procedures are rehearsed and documented.
Filipino players on the 9aph platform hold all rights provided under the Data Privacy Act of 2012 — access, rectification, erasure, objection, portability, and the right to lodge NPC complaints. Rights requests are processed within 15 business days of a complete submission.
9aph has a designated Data Protection Officer available to handle privacy inquiries, rights requests, and complaints in both English and Tagalog. Whether you're in Manila, Cebu, or Davao, you can reach the 9aph DPO any time at support at 9aph.net with "Data Privacy" in the subject line.
9aph handles your personal data with the same seriousness it applies to game security and financial protection. Confident your privacy is in order? Log in to your 9aph account and explore everything the platform has to offer — from live baccarat and 500+ slot titles to bingo rooms with Filipino hosts, all in Philippine Peso.
🔞 21+ only. Philippine residents only. Gamble responsibly.
Related Documents