ezeph Casino — Privacy Policy

This Privacy Policy ("Policy") describes how ezeph ("we," "us," or "the Platform") collects, uses, stores, shares, and protects the personal information of Players and visitors to the ezeph website accessible at ezeph.vip (the "Platform").

This Policy is issued in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 of the Philippines, its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC). It also reflects applicable obligations under PAGCOR regulations governing licensed online gaming operators.

This Policy forms an integral part of the ezeph Terms and Conditions. By registering an Account, accessing the Platform, or continuing to use our services, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal information as described herein.

For the purposes of the Data Privacy Act of 2012 and applicable regulations, ezeph is the personal information controller ("PIC") responsible for the personal data of Players collected through the Platform.

The Data Protection Officer (DPO) designated by ezeph is responsible for overseeing the Platform's compliance with data privacy obligations, handling data subject requests, and serving as the primary point of contact for NPC-related matters.

Contact details for the DPO are provided in Section 16 of this Policy. Data subjects may contact the DPO directly to exercise any right under the Data Privacy Act of 2012 or to raise any concern about the processing of their personal information by ezeph.

ezeph collects the following categories of personal information in connection with the Platform:

ezeph collects personal information through the following means:

4.1 Direct Collection. Information you provide directly by completing the registration form, submitting KYC documents, initiating deposits or withdrawals, participating in promotions, contacting customer support, or updating your Account settings.

4.2 Automated Technical Collection. Information collected automatically when you access or interact with the Platform — including IP address, device identifiers, browser information, pages visited, session duration, and navigation patterns — via server logs, cookies, and similar tracking technologies. See Section 8 for full details on cookies.

4.3 Third-Party Sources. Information received from third parties in limited circumstances, including:

• Payment processors (GCash, Maya, BPI, BDO) — transaction verification and reference numbers for reconciliation;
• Identity verification service providers — to supplement or verify KYC document authenticity as permitted by applicable law;
• PAGCOR — in connection with regulatory compliance obligations or dispute resolution processes;
• Fraud prevention and AML screening providers — to detect suspicious activity and comply with Philippine anti-money laundering law.

4.4 Inferred Data. ezeph may derive or infer information about your preferences, risk profile (for responsible gaming purposes), and likely gaming behaviors based on your Account activity, where this is necessary for the purposes described in Section 6.

ezeph processes personal information on the following lawful bases under the Data Privacy Act of 2012:

• Contractual Necessity: Processing required to perform the Agreement between you and ezeph — including Account administration, transaction processing, KYC verification, and withdrawal management;
• Legal Obligation: Processing required to comply with applicable Philippine laws, including PAGCOR regulations, the Anti-Money Laundering Act, and NPC directives — including identity verification, transaction monitoring, and record-keeping obligations;
• Legitimate Interests: Processing necessary for ezeph's legitimate interests, including platform security, fraud prevention, responsible gaming monitoring, and service improvement, provided such interests are not overridden by your privacy rights;
• Consent: Where you have given specific, informed, and freely given consent to a specific processing activity — principally in relation to direct marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

ezeph uses your personal information for the following specific purposes:

6.1 Account Management. To create, maintain, and administer your Player Account; to process your registration, login authentication, and password management; and to communicate with you about your Account status.

6.2 Payment Processing. To process deposits via GCash, Maya, BPI, BDO, and other accepted payment channels; to process withdrawal requests to your registered payment instruments; and to maintain transaction records in Philippine Peso.

6.3 KYC & AML Compliance. To verify your identity and age (21+) as required by PAGCOR; to fulfil anti-money laundering screening and transaction monitoring obligations under the Anti-Money Laundering Act of 2001 as amended; and to maintain records as required by applicable Philippine law.

6.4 Service Delivery. To provide access to the game lobby — including slots, live dealer tables, bingo rooms, and sports betting markets; to record gaming sessions and outcomes; and to calculate and credit winnings to your Wallet.

6.5 Responsible Gaming. To monitor gaming patterns for indicators of problem gambling; to administer deposit limits, cooling-off periods, and self-exclusion requests; and to provide responsible gaming communications where patterns suggest a player may benefit from support.

6.6 Security & Fraud Prevention. To detect, investigate, and prevent fraudulent transactions, unauthorized Account access, bonus abuse, and other prohibited conduct; to protect the integrity of the Platform and the interests of other Players.

6.7 Promotions & VIP Programme. To administer bonuses, cashback offers, and promotional campaigns where you have opted in; to track VIP tier progression and deliver tier-appropriate benefits; and to personalize your Platform experience based on your gaming preferences.

6.8 Customer Support. To respond to your inquiries, complaints, and requests; to maintain records of support interactions; and to improve our support quality.

6.9 Legal & Regulatory. To comply with PAGCOR directives, court orders, and the lawful requests of Philippine government authorities; to defend ezeph's legal rights in connection with any dispute or litigation.

ezeph does not sell, rent, or trade your personal data with third parties for their marketing purposes. We share your information only in the following limited circumstances:

7.1 Service Providers. With carefully vetted third-party service providers who perform functions on our behalf under strict contractual data protection obligations, including:

• Payment processors and e-wallet operators (GCash, Maya, Coins.ph) for transaction processing;
• Bank partners (BPI, BDO, UnionBank, Metrobank) for direct bank transfer services;
• KYC and identity verification technology providers;
• Game software providers (Pragmatic Play, PG Soft, JILI, Evolution Gaming, Nolimit City) — limited technical and session data only, not identity documents;
• Cloud hosting and infrastructure providers who maintain Platform data under secure, contracted conditions;
• Fraud detection and AML screening platforms.

7.2 Regulatory Authorities. With PAGCOR and other competent Philippine government authorities (including the AMLC — Anti-Money Laundering Council) when required by applicable law, regulation, PAGCOR directive, or lawful order. Such disclosures are made to the minimum extent necessary to satisfy the relevant legal requirement.

7.3 Legal Proceedings. With courts, law enforcement agencies, or other parties in connection with legal proceedings, investigations, or claims in which ezeph is involved, where disclosure is required by applicable law or is necessary to protect ezeph's legal rights.

7.4 Business Transfers. In the event of a merger, acquisition, restructuring, or sale of assets involving ezeph, personal data may be transferred to the relevant counterparty as part of that transaction, subject to equivalent data protection commitments being maintained.

ezeph uses cookies and similar tracking technologies on the Platform for the following purposes:

8.1 Strictly Necessary Cookies. These cookies are essential for the Platform to function and cannot be disabled. They include session management cookies that maintain your login state, security cookies that protect against cross-site request forgery, and performance cookies that ensure game sessions load reliably on your device.

8.2 Functional Cookies. These cookies remember your preferences — such as your preferred game lobby view, language settings, and responsible gaming limit configurations — to improve your experience on return visits to the Platform.

8.3 Analytics Cookies. ezeph uses privacy-respecting analytics tools to understand aggregate Platform usage patterns — including which games are most popular, how players navigate the lobby, and where technical issues occur. This data is used in anonymised or aggregated form and is not used to identify individual Players.

8.4 Managing Cookies. You can control non-essential cookies through your browser settings. Most modern browsers allow you to block or delete cookies. Please note that disabling strictly necessary cookies will affect the functionality of the Platform and may prevent you from logging in or playing games successfully.

ezeph retains personal data for no longer than is necessary for the purposes for which it was collected, subject to the minimum retention periods required by applicable Philippine law and PAGCOR regulations:

After applicable retention periods expire, ezeph will securely delete or irreversibly anonymise your personal data. Anonymised, aggregate data may be retained indefinitely for statistical analysis and platform improvement purposes.

ezeph implements technical, organizational, and physical safeguards to protect your personal data against unauthorized access, disclosure, alteration, and destruction. The following measures are in place:

• Encryption in Transit: All data transmitted between your device and the ezeph Platform is protected by TLS 1.2 or higher (256-bit SSL encryption) — the same standard used by Philippine banks for online transactions. Your credentials and payment references are never transmitted in plain text.
• Encryption at Rest: Sensitive personal data — including KYC documents and financial references — is encrypted at rest in storage using AES-256 encryption.
• Access Controls: Access to personal data within ezeph's internal systems is governed by role-based access controls. Only personnel who require access to fulfill their specific function are granted permissions, and all access is logged and auditable.
• Intrusion Detection: Network monitoring and intrusion detection systems are in place to identify and respond to unauthorized access attempts in real time.
• Two-Factor Authentication: Internal administrative access to systems containing personal data requires multi-factor authentication. Players are also offered SMS 2FA for their Accounts as an additional layer of protection.
• Breach Response: ezeph maintains a documented personal data breach response procedure. In the event of a breach that is likely to result in a risk to data subjects, ezeph will notify the National Privacy Commission within seventy-two (72) hours as required by NPC regulations, and will notify affected Players without undue delay.

Under the Philippine Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations, you have the following rights with respect to your personal data held by ezeph:

11.1 Right to Be Informed. You have the right to be informed of how your personal data is collected and processed — which this Privacy Policy provides. You are entitled to know the identity of the personal information controller, the purpose of processing, the recipients of your data, and the period of retention.

11.2 Right of Access. You have the right to request a copy of the personal data ezeph holds about you, including information about how it has been processed. Requests will be fulfilled within thirty (30) days of receipt, subject to identity verification.

11.3 Right to Correction. You have the right to request the correction of any inaccurate, incomplete, or outdated personal information held about you. Certain corrections — such as updates to KYC-related identity data — may require submission of updated supporting documents.

11.4 Right to Erasure. You have the right to request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent (where consent is the basis of processing), or where it has been unlawfully processed. This right is subject to overriding legal obligations — ezeph is required to retain transaction and KYC records for minimum periods under Philippine law and cannot delete this data at your request during the applicable retention period.

11.5 Right to Data Portability. Where processing is based on your consent or on a contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.

11.6 Right to Object. You have the right to object to the processing of your personal data where ezeph relies on legitimate interests as the lawful basis for processing. You may also object at any time to the processing of your data for direct marketing purposes, without providing any justification.

11.7 Right to File a Complaint. If you believe that ezeph has violated your rights under the Data Privacy Act of 2012, you have the right to file a complaint with the National Privacy Commission (NPC) at www.privacy.gov.ph. We encourage you to contact ezeph's DPO first so we may attempt to resolve your concern directly.

The ezeph Platform primarily stores and processes personal data on infrastructure located within or serving the Philippines market. However, certain service providers — particularly game software providers and cloud infrastructure vendors — may process data through servers located outside the Philippines.

Where personal data is transferred outside the Philippines, ezeph takes appropriate safeguards to ensure that the receiving party maintains data protection standards equivalent to those required under the Data Privacy Act of 2012. Such safeguards include contractual data processing agreements that impose binding obligations on the recipient equivalent to Philippine data protection requirements.

ezeph does not transfer personally identifiable KYC documents or sensitive personal information outside the Philippines except as strictly required by PAGCOR-mandated KYC verification processes conducted through compliant service providers.

If ezeph becomes aware that personal information has been collected from a person under twenty-one (21) years of age without age verification having been correctly completed, ezeph will immediately suspend the associated Account, initiate a return of any deposited funds through the registered payment method, and delete the personal data of the minor from its systems, except to the extent that retention is required by applicable Philippine law.

If you are a parent or guardian and have reason to believe that a minor has created an Account on the ezeph Platform, please contact the DPO immediately at [email protected]. ezeph will take prompt action to investigate and remediate the situation.

The ezeph Platform does not contain links to third-party websites. All navigation within the Platform is to internal pages only. However, payment processing redirects — for example, when initiating a GCash or Maya deposit — may temporarily direct you to the interface of the relevant payment provider.

The data processing practices of third-party payment providers (including GCash / Mynt, Maya / Voyager Innovations, and Philippine banks) are governed by their own privacy policies, which are separate from this Policy. ezeph is not responsible for the privacy practices of these third-party providers. We encourage you to review their respective privacy notices before providing personal information to them directly.

ezeph may update this Privacy Policy from time to time to reflect changes in our data processing practices, new legal requirements under Philippine privacy law, NPC issuances, or changes to PAGCOR regulations applicable to online gaming operators.

Where a material change is made to this Policy — meaning a change that meaningfully affects your rights or the way your data is processed — ezeph will provide advance notice via: (a) a prominent notice on the Platform homepage; and/or (b) an email to your registered email address, at least fourteen (14) days before the updated Policy takes effect.

For non-material changes (such as typographical corrections, formatting updates, or clarifications that do not change the substance of the Policy), the updated Policy will be posted on this page with a revised effective date, and Players will be notified via an in-platform notification at their next login.

Your continued use of the ezeph Platform after the effective date of a revised Privacy Policy constitutes your acknowledgment of and agreement to the updated terms.

For all inquiries, requests, or concerns related to this Privacy Policy or the processing of your personal data by ezeph, please contact the Data Protection Officer through the following channels:

• Email: [email protected] — use subject line "Privacy / Data Subject Rights" for priority routing to the DPO
• Live Chat: Available 24/7 within the ezeph Platform after login — request escalation to the Data Protection Officer for formal privacy matters

ezeph will acknowledge all formal data subject requests within five (5) Philippine business days and aims to resolve standard requests within thirty (30) calendar days. Complex requests involving a large volume of data or requiring legal review may take up to sixty (60) days, in which case you will be notified of the extended timeline.

If you have a concern about ezeph's handling of your personal data that has not been resolved to your satisfaction after contacting the DPO, you have the right to lodge a complaint with the National Privacy Commission of the Philippines. The NPC's contact details and complaint procedures are available at their official government website.