Effective Date: 1 January 2026
Last Reviewed: 1 January 2026
RA 10173 Compliant
Data Privacy Act Compliant
okadaph processes your personal data in full compliance with Republic Act No. 10173 — the Philippine Data Privacy Act of 2012 — and all implementing rules issued by the National Privacy Commission (NPC).
Your Data, Your Rights
As a registered player, you have the right to access, correct, erase, and restrict processing of your personal data. You can exercise these rights at any time by contacting okadaph's Data Protection Officer.
We Never Sell Your Data
okadaph does not sell, rent, or trade your personal information to third parties for marketing purposes. Data is shared only where legally required, operationally necessary, or with your explicit consent.
Section 1
Introduction
This Privacy Policy (hereinafter "Policy") describes how okadaph (hereinafter "okadaph," "we," "us," or "the Platform") collects, uses, stores, discloses, and otherwise processes personal data relating to registered players, prospective players, and visitors to okadaph.one (the "Platform"). This Policy is issued in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (hereinafter "DPA"), its Implementing Rules and Regulations, and all relevant issuances of the National Privacy Commission of the Philippines (hereinafter "NPC").
okadaph is a Philippine-focused online gaming platform regulated by the Philippine Amusement and Gaming Corporation (PAGCOR). In operating a licensed gaming platform, okadaph is subject to both data privacy obligations under the DPA and specific data-handling requirements under PAGCOR's licensing conditions, including Know Your Customer (KYC) verification protocols and Anti-Money Laundering (AML) reporting obligations under Republic Act No. 9160 as amended.
By accessing okadaph.one, creating an account, depositing funds, or engaging with any feature of the okadaph platform, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein. If you do not consent to the terms of this Policy, you must discontinue use of the platform and not create or maintain a registered account.
Policy Scope: This Policy applies to all personal data processed by okadaph in connection with your use of the Platform, whether submitted by you directly during registration, collected automatically through your use of the Platform, or obtained from third-party sources such as payment processors and identity verification services. It applies to Filipino players in Metro Manila, Cebu, Davao, and all other regions of the Philippines accessing the Platform.
Section 2
Data Controller & DPO Contact
For the purposes of the Data Privacy Act of 2012, okadaph is the Personal Information Controller (PIC) with respect to the personal data collected and processed through the Platform. As PIC, okadaph determines the purposes for which, and the means by which, personal data is processed.
okadaph has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the DPA and this Policy. The DPO is the point of contact for all data subject requests, privacy complaints, and data breach notifications.
Data Protection Officer:
Platform: okadaph (okadaph.one)
DPO Contact Email:
[email protected] — Subject line: "DPO Request"
Response Timeframe: Within 15 business days of receipt of a written request
Regulator: National Privacy Commission of the Philippines (NPC)
Section 3
Personal Data We Collect
okadaph collects the following categories of personal data. The specific data elements collected depend on the nature of your interaction with the Platform, whether as a visitor, a registered player, or a verified account holder.
| Category |
Data Elements |
When Collected |
| Identity Data |
Full legal name, date of birth, gender, nationality, government ID number, ID document images, selfie/photo verification |
KYC verification process; mandatory before first withdrawal |
| Contact Data |
Mobile number (Globe/Smart/DITO), email address, residential address |
Account registration; contact and support interactions |
| Financial Data |
GCash account number, PayMaya account, bank account details (BPI, BDO, Metrobank), transaction amounts, deposit and withdrawal history |
Deposit and withdrawal processing; AML compliance |
| Gaming Data |
Game sessions, bet amounts, game outcomes, win/loss history, game preferences, bonus usage, session duration |
Automatically during gameplay on the Platform |
| Technical Data |
IP address, device type and model, operating system, browser type and version, screen resolution, session tokens, cookies |
Automatically on Platform access; used for security and fraud prevention |
| Communication Data |
Support chat transcripts, email correspondence, complaint records, feedback submissions |
Customer support interactions; quality monitoring |
| Behavioral Data |
Page navigation patterns, feature usage, promotional offer interactions, login frequency and timing |
Automatically via analytics tools during Platform use |
okadaph does not collect sensitive personal information as defined under Section 3(l) of the DPA — such as racial or ethnic origin, political or religious beliefs, health data, or sexual orientation — unless specifically required by law (for example, where health information is voluntarily disclosed in the context of responsible gaming support).
Section 4
How We Collect Your Data
okadaph collects personal data through the following methods:
- Direct Submission: Information you provide when creating an account, completing KYC verification, submitting support tickets, or participating in promotions. This includes your name, mobile number, email address, password, and government ID documents.
- Automated Collection: Technical data collected automatically when you access the Platform, including IP address, device identifiers, browser information, session data, and cookie-stored preferences. This collection occurs regardless of whether you are logged in.
- Payment Processors: Transaction confirmation data and payment method identifiers received from GCash, PayMaya, BPI, BDO, Metrobank, and cryptocurrency processing services when you make deposits or withdrawals.
- Identity Verification Providers: Verification results and identity confirmation data from third-party KYC verification services used to validate the authenticity of submitted government ID documents.
- Analytics Tools: Aggregated and pseudonymized behavioral data collected through analytics platforms to understand how players use the Platform and to improve the gaming experience.
- Regulatory Sources: Data received from PAGCOR, AMLC, or other Philippine government authorities in the course of compliance with legal obligations, including self-exclusion registry data.
Section 5
Purpose of Data Processing
okadaph processes your personal data for the following specific, legitimate, and declared purposes. We do not process personal data for any purpose other than those listed below, or for purposes incompatible with those listed below, without obtaining separate consent or establishing a separate legal basis.
- Account Registration and Management: To create, maintain, authenticate, and manage your okadaph account, including processing your login credentials, account preferences, and session management.
- Identity Verification (KYC): To verify your identity and age in compliance with PAGCOR licensing requirements and applicable Philippine law. KYC verification is mandatory before any withdrawal can be processed.
- Payment Processing: To process your GCash, PayMaya, and bank transfer deposits and withdrawals, to reconcile transactions, and to maintain your Player Wallet balance accurately.
- Anti-Money Laundering (AML) Compliance: To monitor transactions for suspicious activity, to fulfill mandatory reporting obligations to the Anti-Money Laundering Council (AMLC) under RA 9160, and to conduct source-of-funds due diligence where required.
- Provision of Gaming Services: To operate game sessions, record game outcomes, manage betting records, and provide the full range of casino and gaming services available on the Platform.
- Fraud Prevention and Security: To detect and prevent fraud, unauthorized account access, multi-accounting, system manipulation, and other prohibited conduct as defined in our Terms and Conditions.
- Responsible Gaming: To support responsible gaming obligations including enforcing deposit limits, administering cooling-off periods and self-exclusion requests, and cross-referencing PAGCOR's exclusion registry.
- Customer Support: To respond to player inquiries, investigate complaints, resolve disputes, and maintain support records for service quality and regulatory audit purposes.
- Legal and Regulatory Compliance: To fulfill obligations under Philippine law including PAGCOR licensing conditions, the DPA, the AMLA, and any lawful orders from competent Philippine authorities.
- Platform Improvement and Analytics: To analyze usage patterns, improve game offerings, optimize Platform performance, and personalize the user experience — using aggregated or pseudonymized data where possible.
- Marketing Communications (with consent): To send promotional offers, bonus notifications, and Platform updates to players who have opted in to marketing communications. Players may opt out at any time.
Section 6
Legal Basis for Processing
In accordance with Section 12 and Section 13 of the Data Privacy Act, okadaph relies on the following legal bases for processing your personal data:
Processing is necessary for the performance of the contract between you and okadaph — specifically, the Terms and Conditions you accepted upon registration. This covers account creation, identity verification, payment processing, game session management, and customer support. Without this processing, okadaph cannot provide its services to you.
Processing is necessary to comply with okadaph's legal obligations under Philippine law, including PAGCOR licensing requirements, KYC/AML obligations under RA 9160, age verification under applicable gaming regulations, and data retention requirements under Philippine law. Compliance-related processing cannot be refused or withdrawn by the data subject.
Certain processing activities are conducted on the basis of okadaph's legitimate interests, provided these interests are not overridden by the data subject's rights and freedoms. This includes fraud detection and security monitoring, platform analytics and performance optimization, and internal reporting and audit functions. okadaph has conducted legitimate interest assessments for these processing activities and concluded they are proportionate and necessary.
For processing activities not covered by the above bases — principally direct marketing communications and non-essential cookies — okadaph relies on your freely given, specific, informed, and unambiguous consent. You may withdraw consent for marketing communications or non-essential cookies at any time without affecting the lawfulness of processing carried out prior to withdrawal. Withdrawal of marketing consent will not affect your ability to use the Platform.
Section 7
Data Sharing & Disclosure
okadaph does not sell, rent, or trade your personal data to any third party for commercial purposes. Personal data is disclosed to third parties only in the following circumstances:
- Payment Service Providers: GCash (G-Xchange Inc.), PayMaya (Voyager Innovations), BPI, BDO, Metrobank, and cryptocurrency processors — for the sole purpose of processing deposits and withdrawals in connection with your account.
- KYC and Identity Verification Partners: Third-party identity verification service providers used to authenticate government-issued IDs submitted during KYC verification. These providers are contractually bound to process data only for verification purposes.
- Game Software Providers: JILI, PG Soft, Evolution Gaming, Pragmatic Play, and other certified game providers may receive limited technical session data necessary to facilitate game play and verify outcomes. No personal identity data is shared beyond what is necessary for session authentication.
- PAGCOR: okadaph is required by its operating license to report player activity, audit data, and other information to PAGCOR as required by PAGCOR's regulatory framework.
- Anti-Money Laundering Council (AMLC): Suspicious transaction reports and covered transaction reports are submitted to the AMLC as required by RA 9160. This reporting is mandatory and cannot be waived.
- Law Enforcement and Courts: Where okadaph receives a valid legal order, subpoena, court order, or regulatory directive from a competent Philippine authority, it is obligated to disclose relevant personal data. okadaph will notify affected data subjects where legally permissible.
- Fraud Prevention Services: Aggregated or pseudonymized fraud-risk signals may be shared with industry-standard fraud detection networks to protect the Platform and its players.
International Transfers: Where any of the above third parties are located outside the Philippines, okadaph ensures that appropriate data transfer safeguards are in place consistent with NPC requirements, including contractual data processing agreements that impose standards equivalent to the DPA. okadaph does not transfer personal data to jurisdictions without adequate data protection frameworks without implementing such safeguards.
Section 8
Data Retention
okadaph retains personal data for as long as necessary to fulfill the purposes outlined in this Policy and to comply with applicable legal retention obligations. The following retention periods apply:
| Data Category |
Retention Period |
Basis |
| Account and Identity Data |
Duration of account + 5 years after closure |
PAGCOR licensing requirements; AML regulations |
| Financial and Transaction Data |
10 years from transaction date |
RA 9160 AMLA requirements; tax and audit obligations |
| KYC Documents |
5 years after account closure |
PAGCOR; AMLC regulatory requirements |
| Gaming Records |
5 years from session date |
PAGCOR auditing; dispute resolution |
| Support Communications |
3 years from last interaction |
Dispute resolution; service quality records |
| Marketing Preferences |
Until consent is withdrawn |
Consent-based processing |
| Technical and Log Data |
12 months from collection |
Security monitoring; fraud prevention |
Upon expiry of the applicable retention period, personal data is securely deleted or anonymized in accordance with NPC-recognized data disposal standards. Anonymized data that cannot be used to identify an individual is not subject to the retention limitations above and may be retained indefinitely for statistical and analytical purposes.
Section 9
Data Security
okadaph implements appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:
- Encryption in Transit: All data transmitted between your device and the okadaph Platform is encrypted using industry-standard 256-bit SSL/TLS protocols. This applies to login sessions, payment processing, KYC document uploads, and all other data exchanges.
- Encryption at Rest: Sensitive personal data — including KYC documents, payment method details, and account credentials — is stored using AES-256 encryption in okadaph's data storage infrastructure.
- Access Controls: Access to personal data is restricted to authorized okadaph personnel and contracted service providers on a strict need-to-know basis. All access is logged and subject to regular review.
- Two-Factor Authentication (2FA): Players are encouraged and supported in enabling 2FA on their accounts via registered mobile number OTP verification to prevent unauthorized account access.
- Intrusion Detection and Monitoring: okadaph's systems are monitored continuously for anomalous activity, unauthorized access attempts, and security incidents by dedicated security infrastructure.
- Vulnerability Management: Regular security assessments, penetration testing, and vulnerability scans are conducted on Platform infrastructure and codebase to identify and remediate security weaknesses.
Data Breach Notification: In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected players, okadaph will notify the National Privacy Commission within 72 hours of becoming aware of the breach, in accordance with NPC Circular 16-03. Affected data subjects will be notified within a reasonable timeframe where the breach poses a high risk to their rights.
Section 10
Cookies & Tracking Technologies
okadaph uses cookies and similar tracking technologies on the Platform. A cookie is a small data file stored on your device that enables the Platform to recognize you, maintain session state, and remember your preferences.
The following types of cookies are used:
- Strictly Necessary Cookies: Essential for the Platform to function. These include session authentication tokens, security cookies, and load-balancing cookies. These cannot be disabled without breaking Platform functionality.
- Functional Cookies: Remember your preferences such as language, login details (if "Remember this device" is enabled), and game settings. These improve your experience but are not essential.
- Analytics Cookies: Collect pseudonymized data about how you navigate the Platform — which pages you visit, how long you stay, and which features you use. This data is used to improve Platform performance and user experience.
- Security Cookies: Used to detect and prevent fraud, bot activity, and account manipulation. These cookies are part of okadaph's security infrastructure and cannot be disabled.
You may manage cookie preferences through your browser settings. Disabling non-essential cookies will not prevent you from using the Platform, though it may affect some functionality and personalization features. okadaph does not use third-party advertising cookies or behavioral tracking cookies for cross-site advertising purposes.
Section 11
Your Data Subject Rights
Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data processed by okadaph. You may exercise these rights by contacting our Data Protection Officer at [email protected] with the subject line "DPO Request."
You have the right to obtain confirmation of whether okadaph processes your personal data, and to request a copy of the personal data we hold about you, the purposes for which it is processed, and the categories of recipients with whom it has been shared.
You have the right to request correction of any inaccurate or incomplete personal data we hold about you. For KYC-verified data, corrections may require submission of updated documentary evidence. Identity changes may require PAGCOR notification.
You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent (for consent-based processing), or where processing is unlawful. This right is subject to overriding legal retention obligations.
You may object to processing carried out on the basis of legitimate interests. You have an absolute right to object to processing for direct marketing purposes at any time, and this will always be honored immediately.
Right to Restrict Processing
In certain circumstances — such as where you contest the accuracy of data or have objected to processing pending verification of legitimate grounds — you may request that processing be temporarily suspended while the matter is resolved.
Right to Data Portability
Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to Complain: If you believe okadaph has not handled your personal data in accordance with the DPA, you have the right to lodge a complaint with the National Privacy Commission of the Philippines (NPC). Contact information for the NPC is available at privacy.gov.ph. okadaph encourages players to first raise concerns directly with our DPO, as many issues can be resolved promptly without formal regulatory escalation.
Section 12
Protection of Minors
The okadaph Platform is strictly restricted to persons who are 18 years of age or older. okadaph does not knowingly collect personal data from individuals below the age of 18. Our age verification policy requires all account holders to submit a valid Philippine government-issued identity document confirming they are 18 or older before any withdrawal — and in practice, before full account activation.
If okadaph discovers or has reasonable grounds to believe that it has inadvertently collected personal data from a person below the age of 18, the following actions will be taken immediately: the account will be suspended and access to the Platform blocked; all real-money balance will be returned to the verified payment source; all personal data collected in relation to the underage account will be securely deleted, except where retention is required by PAGCOR or AMLC regulations; and the matter will be reported to PAGCOR in accordance with our licensing obligations.
Report Underage Access: If you have reason to believe that a person under 18 is using or has used the okadaph Platform, please report this immediately to our support team via live chat or to our DPO. okadaph takes underage gambling extremely seriously and will act immediately upon any credible report.
Sections 13–14
Policy Changes & Contact
okadaph reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, legal obligations, or the Platform's features. Material changes — those that significantly affect your rights or how your data is used — will be communicated to registered players via email or mobile notification at least 14 days before they take effect. The updated Policy will always be available at okadaph.one/privacy-policy with a revised effective date. Minor clarifications or editorial corrections may be made without prior notice. Continued use of the Platform after the effective date of an amended Policy constitutes acceptance of the changes. If you do not accept the amended Policy, you must stop using the Platform and close your account.
For all privacy-related requests, data subject rights exercises, data breach reports, or complaints, please contact okadaph's Data Protection Officer. All requests should be submitted in writing by email to
[email protected] with the subject line "DPO Request." Please include your full name as registered on your okadaph account, your account mobile number or email address, and a clear description of your request. okadaph will acknowledge your request within 3 business days and provide a substantive response within 15 business days. In complex cases, this period may be extended by a further 15 days, in which case you will be notified of the extension and the reason for it. For general account support queries not related to data privacy, please use the live chat feature available on the Platform, which is staffed 24/7 in English and Filipino.