sloph Privacy Policy

sloph ("we," "us," "our," or "the Platform") operates at sloph.club as a PAGCOR-licensed online gaming platform serving Filipino players across the Philippines. We understand that your personal data is yours, and we take the responsibility of handling it seriously.

This Privacy Policy ("Policy") applies to all personal data processed by sloph in connection with your use of the Platform, including account registration, gaming activity, financial transactions, customer support interactions, and marketing communications. It covers all services accessible via the sloph website and any associated mobile applications.

This Policy is issued in accordance with Republic Act No. 10173, the Data Privacy Act of 2012 ("DPA"), its Implementing Rules and Regulations ("IRR"), and the relevant issuances of the National Privacy Commission ("NPC") of the Philippines.

The following definitions apply throughout this Policy:

• "Personal Data" means any information from which an individual can be directly or indirectly identified, including but not limited to name, mobile number, address, government ID number, financial account details, IP address, and device identifiers.
• "Sensitive Personal Information" has the meaning given in Section 3(l) of the DPA and includes government-issued identification numbers, financial information, and information relating to health.
• "Processing" means any operation performed on Personal Data, including collection, recording, storage, use, transfer, disclosure, and deletion.
• "Data Subject" means the individual to whom the Personal Data relates — in the context of sloph, this is you, the Member or visitor.
• "Data Controller" means the entity that determines the purposes and means of processing Personal Data — in this case, sloph.
• "Data Processor" means any entity that processes Personal Data on behalf of sloph, such as a payment gateway provider or cloud hosting service.
• "DPO" means sloph's designated Data Protection Officer, responsible for overseeing sloph's compliance with the DPA.
• "NPC" means the National Privacy Commission of the Philippines, the government agency responsible for administering and enforcing the DPA.

sloph is the Data Controller responsible for your Personal Data collected through the sloph Platform. As Data Controller, sloph determines the purposes for which your data is collected and the manner in which it is processed.

sloph operates under a PAGCOR gaming license and is subject to the data governance requirements applicable to PAGCOR licensees, in addition to the obligations imposed by the DPA and its IRR.

Contact information for sloph's Data Protection Officer is provided in Section 15 of this Policy. The DPO is available to receive inquiries, access requests, and data privacy complaints from Data Subjects.

sloph collects Personal Data through several channels depending on how you interact with the Platform. The categories of data collected are set out below:

4.1 Registration Data

When you create a sloph Account, we collect: your Philippine mobile number, a password (stored in encrypted form only), date of birth (for age verification), and — where required for KYC — your full legal name and government-issued ID details.

4.2 Identity Verification (KYC) Data

To comply with PAGCOR licensing requirements and applicable anti-money laundering laws, sloph may collect copies of government-issued identification documents (e.g., UMID, PhilSys National ID, passport, driver's license), a selfie photograph for biometric comparison, and proof of address documentation.

4.3 Financial Transaction Data

sloph collects records of all deposits, withdrawals, bonus credits, and gameplay transactions associated with your Account, including the payment method used (e.g., GCash account identifier, bank account details as provided), transaction amounts in Philippine Peso, timestamps, and transaction reference numbers.

4.4 Gaming Activity Data

sloph records all gameplay activity, including games played, bets placed, outcomes, session durations, wagering patterns, and bonus utilization. This data is used for platform operations, responsible gaming monitoring, and regulatory reporting.

4.5 Technical and Device Data

When you access sloph, we automatically collect: IP address, device type and model, operating system, browser type and version, session timestamps, and referring URL. This data is used for security monitoring, fraud prevention, and platform optimization.

4.6 Communications Data

Records of your communications with sloph's customer support team — including live chat transcripts, emails, and support ticket content — are retained for quality assurance, dispute resolution, and regulatory compliance purposes.

4.7 Data You Provide Voluntarily

You may voluntarily provide additional information when participating in surveys, promotions, or responsible gaming self-assessment tools on sloph. Such data is collected only with your active participation and consent.

sloph processes your Personal Data for the following purposes:

Under the Data Privacy Act of 2012, sloph processes your Personal Data on one or more of the following lawful bases:

• Contractual Necessity: Processing required for the performance of the agreement between you and sloph — including account registration, deposit processing, gameplay, and withdrawal services.
• Legal Obligation: Processing required to comply with sloph's obligations under Philippine law, including PAGCOR license conditions, the Anti-Money Laundering Act, and applicable tax legislation.
• Consent: Processing for which you have given specific, informed, and freely given consent — most notably for marketing communications. You may withdraw consent for such processing at any time without affecting the lawfulness of prior processing.
• Legitimate Interests: Processing for purposes of fraud prevention, platform security, and responsible gaming monitoring that are proportionate and do not override your fundamental privacy rights.
• Vital Interests: Processing necessary to protect the vital interests of a Data Subject, in exceptional circumstances such as a responsible gaming or medical emergency.

sloph does not sell your Personal Data. We may share your Personal Data with the following categories of recipients only to the extent necessary for the stated purpose:

• Payment Service Providers: GCash, Maya, GrabPay, and accredited banking partners for deposit and withdrawal processing. These parties process your payment data as independent controllers subject to their own privacy policies and BSP regulatory obligations.
• Game Providers: Third-party game software providers (such as Pragmatic Play, PG Soft, Evolution Gaming, and Jili) receive the minimum data necessary to deliver games — typically a pseudonymous player identifier and session token. Game Providers are bound by data processing agreements with sloph.
• Identity Verification Services: Accredited KYC and biometric verification service providers used to verify your identity and age in connection with sloph's PAGCOR compliance obligations.
• Regulatory Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission, and other Philippine government agencies, where sloph is legally required to disclose data.
• Technology Service Providers: Cloud hosting, cybersecurity, customer support platform, and data analytics providers engaged by sloph under contractual data processing agreements that impose confidentiality and data protection obligations consistent with the DPA.
• Legal Advisors and Auditors: Professional advisors and auditors engaged by sloph for legal, compliance, financial, or regulatory purposes, bound by professional confidentiality obligations.
• Business Transfers: In the event of a merger, acquisition, or transfer of sloph's business or assets, your Personal Data may be transferred to the successor entity. You will be notified in advance of any such transfer that materially affects your data.

sloph uses cookies and similar tracking technologies to operate the Platform, remember your preferences, and analyze usage patterns. The following categories of cookies may be set when you access sloph:

• Strictly Necessary Cookies: Essential for the Platform to function correctly. These include session authentication cookies and security tokens. These cannot be disabled without impairing Platform functionality.
• Functional Cookies: Remember your preferences such as language settings, display preferences, and logged-in state to provide a more personalized experience.
• Analytics Cookies: Collect aggregated and anonymized data about how visitors use sloph, which pages are most visited, and where errors occur. This data helps sloph improve the Platform.
• Security Cookies: Used to detect fraudulent behavior, suspicious login patterns, and automated bot activity.

sloph does not use third-party advertising cookies or tracking pixels for cross-site behavioral advertising. You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies may prevent access to certain Platform features.

sloph retains Personal Data for no longer than is necessary for the purposes for which it was collected, taking into account applicable legal, regulatory, and operational requirements. The following general retention guidelines apply:

• Account and KYC Data: Retained for the duration of your Account relationship with sloph and for a minimum of five (5) years following Account closure, in accordance with PAGCOR license obligations and applicable anti-money laundering record-keeping requirements.
• Transaction Records: Retained for a minimum of five (5) years from the date of each transaction, consistent with AMLA record-keeping requirements and PAGCOR regulatory standards.
• Gaming Activity Logs: Retained for a period of up to three (3) years from the date of the recorded activity, unless a longer period is required for dispute resolution or regulatory purposes.
• Customer Support Communications: Retained for a period of two (2) years from the date of the most recent communication, unless the matter is subject to ongoing legal proceedings requiring longer retention.
• Marketing Consent Records: Retained for as long as you maintain an Account with sloph and for twelve (12) months thereafter, to demonstrate compliance with consent requirements.

Following the expiry of applicable retention periods, Personal Data is securely deleted or irreversibly anonymized. Where anonymization is used, the resulting data may be retained indefinitely for statistical and analytical purposes.

sloph implements appropriate technical and organizational security measures to protect Personal Data against unauthorized access, disclosure, alteration, loss, and destruction. Key security measures include:

• Encryption in Transit: All data transmitted between your device and sloph's servers is encrypted using 256-bit SSL/TLS protocols.
• Encryption at Rest: Sensitive data stored on sloph's systems, including financial records and identity verification documents, is encrypted at rest using industry-standard encryption algorithms.
• Password Security: Account passwords are stored using bcrypt hashing with appropriate cost factors. sloph does not store passwords in recoverable form.
• Access Controls: Access to Personal Data within sloph's systems is restricted on a need-to-know basis with role-based access controls, multi-factor authentication for administrative access, and comprehensive access logging.
• Security Monitoring: sloph's systems are monitored continuously for suspicious activity, unauthorized access attempts, and anomalous data access patterns.
• Penetration Testing: sloph conducts periodic security assessments and penetration testing of its Platform and underlying infrastructure.
• Incident Response: sloph maintains a data breach incident response plan. In the event of a personal data breach that poses a real risk of serious harm, sloph will notify the National Privacy Commission and affected Data Subjects within 72 hours of becoming aware of the breach, in accordance with NPC Circular 16-03.

The Data Privacy Act of 2012 grants you the following rights in respect of your Personal Data held by sloph. You may exercise these rights by contacting sloph's DPO using the details in Section 15:

To exercise any of the above rights, please contact sloph's Data Protection Officer as described in Section 15. Identity verification will be required before sloph processes any access, correction, or erasure request.

sloph does not knowingly collect or process Personal Data of individuals below 21 years of age. The sloph Platform is strictly restricted to persons who are at least 21 years old, consistent with PAGCOR gaming regulations.

If sloph becomes aware that Personal Data of a person below the age of 21 has been collected — whether through a misrepresentation of age during registration or otherwise — sloph will immediately close the associated Account, delete the relevant Personal Data to the extent not required for regulatory compliance, and report the matter to PAGCOR where required.

sloph's primary data processing infrastructure is located within the Philippines. However, certain service providers engaged by sloph — such as cloud hosting, cybersecurity, and game platform technology providers — may store or process data in jurisdictions outside the Philippines.

Where Personal Data is transferred outside the Philippines, sloph ensures that appropriate safeguards are in place consistent with the requirements of the DPA and applicable NPC rules on cross-border data transfer, including:

• Data transfer agreements incorporating the NPC's prescribed contractual clauses or equivalent protective terms;
• Transfer to jurisdictions recognized by the NPC as providing adequate levels of data protection; or
• Transfer necessary for the performance of the contract between you and sloph, where no other adequate safeguard is practicable.

sloph reserves the right to update or amend this Privacy Policy at any time to reflect changes in applicable law, regulatory guidance, or sloph's data processing practices. The current version of this Policy, together with its effective date, is always accessible via the footer of every page on the sloph Platform.

Material changes to this Policy — particularly changes that expand the categories of data collected or the purposes for which data is used — will be communicated to Members by a notice on the sloph Platform prior to the change taking effect. Where required by applicable law, sloph will seek renewed consent before processing your data for any materially new purpose.

Your continued use of sloph following the publication of an updated Privacy Policy constitutes your acknowledgment of the updated terms. If you disagree with any material change, you may request Account closure in accordance with the sloph Terms & Conditions.

sloph has designated a Data Protection Officer (DPO) in accordance with Section 21 of the Data Privacy Act of 2012. The DPO is responsible for overseeing sloph's compliance with the DPA and serves as the primary point of contact for data privacy inquiries and complaints from Data Subjects.

You may contact sloph's DPO or the general support team for privacy-related matters through the following channels:

• Live Chat Support: Available 24/7 via the sloph Platform. Ask to be connected to the Data Privacy team for DPA-related matters.
• Email: [email protected] — please include "Data Privacy Request" in your message subject for DPO matters. (Plain text — not a clickable link.)

sloph aims to acknowledge all data privacy requests and complaints within five (5) business days of receipt. Substantive responses to access, correction, and erasure requests will be provided within thirty (30) days, or such shorter period as may be required under applicable NPC rules.