romaph is committed to protecting the privacy and personal data of every player on our platform. This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and what rights you have under the Philippine Data Privacy Act of 2012.
Six core principles that guide how romaph handles every piece of personal data we hold
romaph collects personal data strictly on a need-to-know basis. The information we ask for — your name, date of birth, contact details, and payment information — is required to operate a PAGCOR-licensed platform safely and legally. We do not collect personal data speculatively or in excess of our legitimate operational needs.
All personal data processing at romaph is conducted in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the guidelines issued by the National Privacy Commission (NPC). PAGCOR's data security requirements are also applied throughout.
Personal data stored by romaph is protected by 256-bit SSL encryption in transit and AES-256 encryption at rest. Access to personal data systems is restricted to authorised personnel only, and all access is logged. romaph conducts regular security audits and penetration testing of its data infrastructure.
romaph does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Full stop. Third-party data sharing at romaph is limited to service providers who process data on our behalf under strict contractual data protection obligations, and regulatory bodies where legally required.
Under the Philippine Data Privacy Act, you have the right to access, correct, and in certain circumstances request deletion of your personal data held by romaph. You also have the right to object to certain types of processing and to lodge a complaint with the National Privacy Commission if you believe your rights have been violated.
romaph maintains a clear, complete Privacy Policy that explains every category of data we collect, every purpose for which we use it, every third party we share it with, and every right you have. We update this document whenever our data practices change and notify registered players of material updates in advance.
About This Policy: This Privacy Policy ("Policy") is issued by romaph ("romaph", "we", "us", "our"), the operator of the online gaming platform accessible at romaph.co. This Policy applies to all personal data collected from individuals ("you", "your", "Data Subject") who access or use the romaph Platform, including registered players, prospective players who browse the Platform without registering, and individuals who contact romaph's support channels.
romaph takes data privacy seriously — not just because Philippine law requires it, but because our players deserve to know exactly how their information is handled. As a PAGCOR-licensed online casino serving Filipino players from Manila to Cebu to Davao, we process a range of personal data in the course of operating a regulated gaming platform. This Policy sets out in plain terms what we do with that data.
This Policy should be read together with the romaph Terms & Conditions. By registering an Account on romaph or by continuing to use the Platform after this Policy has been published or updated, you acknowledge that you have read and understood its contents. Where romaph relies on your consent as the legal basis for processing, we will obtain that consent separately and explicitly.
For the purposes of the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, romaph is the Personal Information Controller ("PIC") in respect of all personal data collected through the Platform.
romaph has appointed a Data Protection Officer ("DPO") who is responsible for overseeing compliance with this Policy and with applicable data protection law. Contact details for the DPO are provided in Section 14 of this Policy.
Regulatory Registration: romaph has registered its data processing systems with the Philippine National Privacy Commission (NPC) as required under the Data Privacy Act. romaph cooperates fully with NPC audits and investigations.
When you register an Account on romaph, we collect the following personal data:
To process deposits and withdrawals, romaph collects:
romaph does not store full payment card numbers. Where card payments are facilitated, card data is handled exclusively by PCI-DSS-certified payment processors.
As part of operating a licensed gaming platform, romaph records:
When you access the romaph Platform, we automatically collect certain technical information:
When you contact romaph's support team, we retain records of those communications — including live chat transcripts, email correspondence, and support ticket content — for quality assurance and dispute resolution purposes.
| Category | Examples | Collected At |
|---|---|---|
| Identity | Name, DOB, Government ID | Registration & KYC |
| Financial | GCash number, bank details, transaction history | Deposits & Withdrawals |
| Gaming Activity | Bets, wins, sessions, bonuses | Ongoing platform use |
| Technical | IP address, device info, session logs | Every platform visit |
| Communications | Support chats, email threads | When you contact support |
romaph collects personal data through the following methods:
romaph processes personal data for the following specific purposes:
Under the Philippine Data Privacy Act, romaph relies on the following legal bases for processing personal data:
romaph shares personal data with carefully selected third-party service providers who process data on our behalf and under our instruction. These include:
All service providers are required to process personal data only as instructed by romaph, under binding data processing agreements that include appropriate data protection obligations.
romaph will disclose personal data to regulatory bodies and law enforcement authorities without prior notice to the Data Subject where required by law or where romaph determines in good faith that disclosure is necessary to:
romaph does not sell, rent, lease, or otherwise commercially exploit your personal data to any third party. Data sharing at romaph is strictly limited to operational necessity and legal compliance.
romaph retains personal data for as long as necessary to fulfil the purposes for which it was collected, subject to the following minimum retention periods required by law:
Upon expiry of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be associated with an identifiable individual.
romaph implements technical and organisational security measures appropriate to the nature of the personal data we hold. These measures include:
Data Breach Notification: In the event of a personal data breach that is likely to harm your rights and interests, romaph will notify the National Privacy Commission within 72 hours of becoming aware of the breach, and will notify affected Data Subjects without undue delay, in accordance with NPC Circular No. 16-03.
Cookies are small text files placed on your device when you visit the romaph Platform. They allow the Platform to recognise your device across sessions and to provide a more functional, personalised experience.
You may manage cookie preferences through your browser settings. Most modern browsers allow you to refuse, delete, or selectively accept cookies. Please note that disabling strictly necessary cookies will impair your ability to use the romaph Platform, including logging in to your Account.
Under the Philippine Data Privacy Act of 2012, you have the following rights in respect of the personal data romaph holds about you:
You have the right to request a copy of the personal data that romaph holds about you, along with information about how it is being used and with whom it has been shared. Requests are processed within 30 days.
If any personal data romaph holds about you is inaccurate, incomplete, or outdated, you have the right to request that we correct it. You can update most account information directly in your Account settings.
You may request that romaph delete your personal data where it is no longer necessary for the purpose it was collected, where you withdraw consent (where consent is the legal basis), or where processing is unlawful — subject to our legal retention obligations under PAGCOR and AMLA requirements.
You may object to the processing of your personal data where romaph relies on legitimate interests as its legal basis. You may also object to direct marketing processing at any time, and we will cease such processing immediately upon receiving your objection.
You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format where the processing is based on consent or contract performance, enabling you to transmit that data to another controller.
If you believe that romaph has processed your personal data in a manner that violates the Philippine Data Privacy Act, you have the right to lodge a complaint with the National Privacy Commission (NPC). We encourage you to contact romaph first so we can try to resolve the matter directly.
How to Exercise Your Rights: To exercise any of the rights listed above, contact romaph's Data Protection Officer at the details provided in Section 14. We will acknowledge your request within 5 business days and complete your request within 30 days. Identity verification may be required before we process rights requests to protect against unauthorised access to your data.
The romaph Platform is strictly intended for individuals who are at least 21 years of age, as required by PAGCOR regulations and Philippine law. romaph does not knowingly collect personal data from individuals under the age of 21.
All registrations are subject to mandatory age verification through KYC. If romaph discovers that personal data has been collected from a person under 21, the Account will be immediately suspended, all associated data will be reviewed, and — where deletion is permissible under applicable law — the data will be securely deleted.
🔞 If you are a parent or guardian and believe a person under 21 has created an Account on romaph, please contact our support team immediately. We will investigate and take appropriate action as a matter of priority.
romaph may update this Privacy Policy from time to time to reflect changes in our data practices, changes in applicable law, or operational developments. Where changes are material, romaph will:
Your continued use of the Platform after the effective date of the updated Policy constitutes your acknowledgment of the changes. Where the updates require a new consent (e.g., a new category of processing based on consent), romaph will obtain that consent separately.
If you have any questions, concerns, or requests relating to this Privacy Policy or to romaph's personal data practices, you may contact us through the following channel:
romaph Data Protection Officer
Email: [email protected]
Subject line: Data Privacy Request — [Your Name]
Available: Monday to Friday, 9:00 AM – 6:00 PM Philippine Standard Time
Response target: Acknowledgement within 5 business days; full response within 30 days
For complaints that are not resolved to your satisfaction through romaph's internal process, you may escalate the matter to the Philippine National Privacy Commission:
National Privacy Commission (NPC)
3rd Floor, Core G, DICT Building, C.P. Garcia Avenue, UP Campus, Diliman, Quezon City
Website: privacy.gov.ph (official NPC website — do not navigate there from this page; access directly via your browser)
This Privacy Policy was last updated on 1 January 2026 and supersedes all prior versions. The governing language of this Policy is English. romaph.co — operated under PAGCOR license.
romaph is PAGCOR-licensed and fully compliant with the Philippine Data Privacy Act. Your personal information is protected, never sold, and handled with the same care as your money. 21+ only.