mayawin Privacy Policy

1. Introduction

This Privacy Policy ("Policy") describes how mayawin ("mayawin," "we," "us," "our") collects, processes, stores, uses, shares, and protects the personal data of individuals ("you," "Player," "User") who access or use the mayawin online gaming platform available at mayawin.app (the "Platform").

mayawin is committed to protecting the personal data of all registered and prospective Filipino players in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as enforced by the National Privacy Commission of the Philippines ("NPC").

By creating a mayawin Account or using the Platform, you acknowledge that you have read and understood this Policy and that you consent to the collection and processing of your personal data as described herein. If you do not agree with this Policy, you must discontinue use of the Platform.

2. Data Controller

For the purposes of the Data Privacy Act of 2012 and all applicable data protection legislation, mayawin is the Personal Information Controller responsible for the personal data collected through the Platform. mayawin determines the purposes and means of processing your personal data and is accountable for ensuring that such processing complies with applicable law.

mayawin has designated a Data Protection Officer ("DPO") responsible for overseeing compliance with this Policy and applicable data protection law. Contact details for the DPO are provided in Section 16 of this Policy.

3. Personal Data We Collect

mayawin collects the following categories of personal data in connection with the operation of the Platform:

3.1 Identity and Registration Data

• Full legal name as appearing on a government-issued Philippine ID
• Date of birth (required to verify compliance with the 21+ age requirement)
• Nationality and country of residence
• Registered Philippine mobile number
• Email address (where provided)
• Username selected during registration

3.2 Identity Verification (KYC) Data

• Government-issued photo identification documents (Philippine National ID, Passport, Driver's License, UMID, Voter's ID, or SSS ID)
• Proof of address documentation (utility bill, bank statement, or similar, where requested)
• Source of funds documentation (where required for regulatory compliance)
• Selfie or live verification images submitted for biometric identity confirmation

3.3 Financial and Transaction Data

• GCash account number and PayMaya wallet number linked to your Account
• Bank account details (BPI, BDO, Metrobank, or other Philippine banks) where used for withdrawal purposes
• Cryptocurrency wallet addresses where used for deposit or withdrawal
• Deposit and withdrawal transaction records, including amounts, timestamps, and status
• Bonus and promotional fund allocation records

3.4 Gaming Activity Data

• Bet history across all game categories (live casino, slots, sports, bingo, sabong, arcade)
• Game session timestamps and durations
• Win/loss records and wagering volume (used for VIP program calculations)
• Responsible gaming settings and any self-exclusion or limit requests made through your Account

3.5 Technical and Device Data

• IP address and approximate geographic location derived therefrom
• Device type, operating system, and browser version
• Device identifier and session tokens
• Platform access logs and timestamps

3.6 Communications Data

• Records of customer support interactions via live chat, email, and any other support channel
• Responses to surveys or feedback requests (where voluntarily provided)
• Any correspondence you initiate with mayawin in connection with your Account

4. How We Collect Your Data

mayawin collects personal data through the following means:

Collection Method	Examples
Direct provision by you	Account registration form, KYC document upload, customer support messages, deposit and withdrawal requests
Automated platform interactions	Login timestamps, game session data, bet placement records, device and browser data collected via the Platform
Payment provider data	Transaction confirmation and status data shared by GCash, PayMaya, BPI, BDO, Metrobank, and cryptocurrency network providers
Identity verification services	KYC verification results from third-party identity verification providers engaged by mayawin
Cookies and tracking technologies	Session cookies, analytics cookies, and similar technologies as described in Section 8
Regulatory and compliance sources	Politically exposed persons (PEP) screening and anti-money laundering database checks where required by PAGCOR compliance obligations

5. Legal Bases for Processing

mayawin processes your personal data only where we have a lawful basis to do so under the Data Privacy Act of 2012. The legal bases applicable to our processing activities are as follows:

• Contractual necessity: Processing required to fulfil our obligations under the mayawin Terms and Conditions, including Account administration, deposit processing, withdrawal execution, and game delivery.
• Legal obligation: Processing required to comply with PAGCOR licensing obligations, anti-money laundering (AML) and counter-financing of terrorism (CFT) requirements under Republic Act No. 9160 (as amended), and other applicable Philippine law.
• Legitimate interests: Processing necessary for mayawin's legitimate business interests, including fraud detection and prevention, platform security, responsible gaming monitoring, and customer support improvement — where such interests are not overridden by your rights and interests.
• Consent: Processing of data for optional purposes such as marketing communications and promotional profiling, where you have provided explicit, informed, and freely given consent. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

6. How We Use Your Personal Data

mayawin uses your personal data for the following specific purposes:

• Account creation and management: Registering your Account, maintaining your profile, and administering your mayawin relationship throughout its duration.
• Identity and age verification: Confirming that you are 21 years of age or older and that your identity matches the payment methods associated with your Account, as required by PAGCOR regulations.
• Payment processing: Executing deposits and withdrawals to and from your Account via GCash, PayMaya, Philippine bank transfers, and cryptocurrency channels.
• Game delivery and personalisation: Providing access to the game library, personalising your gaming experience based on activity and preferences, and calculating VIP tier status and associated rewards.
• Fraud and security monitoring: Detecting and investigating suspicious account activity, unauthorized access attempts, multi-account violations, and payment fraud.
• AML compliance: Meeting anti-money laundering obligations under Republic Act No. 9160 (as amended by RA 10167 and RA 10365), including transaction monitoring and mandatory reporting to the Anti-Money Laundering Council (AMLC) where required.
• Responsible gaming: Monitoring gaming patterns to identify indicators of problem gambling and administering responsible gaming tools including deposit limits, self-exclusion, and cooling-off periods.
• Customer support: Responding to your support requests, investigating disputes, and maintaining records of our communications with you for quality assurance purposes.
• Marketing communications: Sending you promotional offers, bonus notifications, and platform updates where you have consented to receive such communications, or where permitted under applicable law on the basis of existing customer relationship.
• Analytics and improvement: Analysing Platform usage patterns to improve game offerings, user experience, and operational performance.
• Legal compliance and regulatory reporting: Responding to lawful requests from PAGCOR, the NPC, AMLC, and other regulatory bodies, and meeting document retention obligations under applicable Philippine law.

7. Sharing Your Personal Data

mayawin does not sell, rent, or commercially transfer your personal data to third parties. We share your data only in the limited circumstances described below:

7.1 Service Providers

mayawin engages trusted third-party service providers to assist in operating the Platform. These include KYC verification providers, payment processors (GCash, PayMaya, BPI, BDO, Metrobank, and crypto network providers), game content providers, cloud infrastructure providers, fraud detection services, and customer support platform providers. All service providers are contractually bound to process your data only on mayawin's instructions and in accordance with applicable data protection requirements.

7.2 Regulatory Authorities

mayawin is required by law to share certain player and transaction data with PAGCOR in connection with licensing compliance, with the Anti-Money Laundering Council (AMLC) in connection with suspicious transaction reporting obligations under the Anti-Money Laundering Act, and with the National Privacy Commission in connection with data breach reporting obligations. Disclosure to these authorities does not require your prior consent where mandated by law.

7.3 Law Enforcement

mayawin may disclose personal data to Philippine law enforcement authorities where required to do so by a lawful court order, warrant, or other legally binding process. mayawin will endeavour to notify affected Account holders of such disclosure where legally permitted to do so.

7.4 Business Transfers

In the event of a merger, acquisition, or sale of substantially all of mayawin's assets, your personal data may be transferred to the acquiring entity as part of that transaction. You will be notified of any such transfer and the acquiring entity will be required to honour the privacy commitments described in this Policy.

8. Cookies & Tracking Technologies

The mayawin Platform uses cookies and similar tracking technologies to deliver a functional and personalised experience. The following types of cookies are used:

• Strictly necessary cookies: Required for the Platform to function. These include session authentication cookies that keep you logged in and security cookies that detect and prevent fraudulent access. These cookies cannot be disabled without impairing Platform functionality.
• Functional cookies: Remember your preferences such as language settings, game category selections, and responsible gaming settings between sessions.
• Analytics cookies: Collect aggregated, anonymised information about how players interact with the Platform — such as pages viewed, session duration, and features used — to help mayawin improve the Platform experience.
• Marketing cookies: Used to deliver relevant promotional content within the Platform based on your gaming activity and preferences, where you have consented to receive personalised promotions.

You may manage your cookie preferences through your browser settings at any time. Please note that disabling cookies beyond strictly necessary cookies may affect your experience on the mayawin Platform.

9. Data Retention

mayawin retains your personal data for as long as is necessary to fulfil the purposes described in this Policy, subject to the following minimum retention periods:

• Account and identity data: Retained for a minimum of five (5) years from the date of account closure, as required by PAGCOR licensing obligations and AML record-keeping requirements under Republic Act No. 9160.
• Transaction records: Retained for a minimum of five (5) years from the date of each transaction, in compliance with AML record-keeping obligations.
• KYC documents: Retained for a minimum of five (5) years from account closure or from the date of last transaction, whichever is later.
• Customer support records: Retained for three (3) years from the date of the interaction, for quality assurance and dispute resolution purposes.
• Marketing consent records: Retained for three (3) years from the date of consent or until withdrawal of consent, whichever is earlier.

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in a manner that prevents re-identification.

10. Security Measures

mayawin implements comprehensive technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, disclosure, or destruction. Our security measures include:

• Transport layer security: All data transmitted between your browser and mayawin servers is protected by TLS 1.3 encryption.
• Data encryption at rest: Sensitive personal data — including KYC document images, payment method details, and account credentials — is encrypted at rest using AES-256 encryption.
• Access controls: Access to personal data within mayawin's systems is restricted on a need-to-know basis, with role-based access controls and multi-factor authentication for all administrative access.
• Session management: Account sessions expire on inactivity. Login from unrecognised devices triggers OTP verification to your registered Philippine mobile number.
• Fraud and intrusion monitoring: mayawin employs real-time monitoring for suspicious activity, unauthorized access attempts, and anomalous transaction patterns.
• Third-party security audits: mayawin's security infrastructure is subject to periodic independent security audits and penetration testing.

11. Your Rights as a Data Subject

Under the Data Privacy Act of 2012 and its Implementing Rules, you have the following rights with respect to your personal data held by mayawin:

To exercise any of the above rights, please contact mayawin's Data Protection Officer at the address provided in Section 16. mayawin will respond to all data subject requests within thirty (30) calendar days of receipt, in accordance with NPC requirements. Where a request is complex or numerous, the response period may be extended by a further thirty (30) days, and you will be notified of this extension.

12. International Data Transfers

The mayawin Platform is operated primarily within the Philippines. However, certain service providers engaged by mayawin — including cloud infrastructure providers, game content providers, and certain KYC verification services — may process data outside the Philippines.

Where personal data is transferred internationally, mayawin ensures that appropriate safeguards are in place in accordance with the Data Privacy Act of 2012 and NPC regulations. These safeguards include contractual data processing agreements incorporating standard data protection clauses, and processing only with providers located in jurisdictions assessed as providing an adequate level of data protection.

13. Children & Minors

The mayawin Platform is strictly prohibited for persons under 21 years of age. mayawin does not knowingly collect, process, or store personal data from individuals under 21 years old. Account registration requires affirmative confirmation of compliance with the 21+ age requirement, and age is verified during the KYC process.

If mayawin becomes aware that an Account was registered by or on behalf of a person under 21 years of age, or that personal data of an underage individual has inadvertently been collected, the Account will be suspended immediately, the data will be securely deleted following any mandatory reporting obligations, and any funds in the Account will be returned to the originating payment source.

14. Responsible Gaming & Data Processing

mayawin uses gaming activity data — including betting history, session duration, deposit and withdrawal patterns, and responsible gaming tool usage — to support its responsible gaming obligations. Specifically, this data is used to:

• Monitor for indicators of problem gambling patterns in accordance with PAGCOR responsible gaming guidelines;
• Administer self-exclusion, deposit limits, and cooling-off periods requested by players through their Account Settings;
• Enforce self-exclusion periods across the entire mayawin Platform, ensuring that self-excluded players cannot access any game category during the exclusion period;
• Prepare aggregated, anonymised responsible gaming reports for regulatory compliance purposes.

Processing of gaming activity data for responsible gaming purposes is carried out on the basis of our legal obligations under PAGCOR licensing requirements. This processing is non-optional and cannot be objected to, as it is required to maintain our licence to operate.

15. Amendments to This Policy

mayawin reserves the right to amend, update, or modify this Privacy Policy at any time in response to changes in applicable law, NPC guidance, PAGCOR requirements, or our processing activities. The "Last updated" date at the top of this Policy reflects the date of the most recent revision.

Where material changes are made to this Policy, mayawin will notify registered Players via the mobile number or email address associated with their Account at least 15 calendar days before the changes take effect. Continued use of the Platform after the effective date of any amendment constitutes acceptance of the revised Policy.

The most current version of this Privacy Policy is always available at mayawin.app/privacy-policy.

16. Contact & Data Protection Officer

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data by mayawin, please contact the mayawin Data Protection Officer (DPO) through the following channels:

• Email: The DPO can be reached at the support email address displayed in the footer of this page. Please include "Data Privacy" or "DPO Request" in the subject line of your communication.
• Live Chat: Available 24/7 through the support channel within the Platform. For formal data subject requests, written communication via email is preferred for record-keeping purposes.
• Response time: mayawin endeavours to acknowledge all data privacy inquiries within 48 hours and to provide a substantive response within 30 calendar days.