Contents
1. Introduction & Controller 2. Data We Collect 3. How We Collect Data 4. Legal Basis & Purposes 5. How We Use Your Data 6. Data Sharing & Disclosure 7. Cookies & Tracking 8. Data Security 9. Data Retention 10. Your Privacy Rights 11. Children & Minors 12. Cross-Border Transfers 13. Changes to This Policy 14. Contact & DPOScope of This Policy
This Privacy Policy applies to all personal information collected by tah77 through the tah77.org website, the tah77 Login portal, the tah77 Wallet, customer support channels, and all other services offered under the tah77 brand. By using any tah77 service, you consent to the data practices described in this Policy. This Policy should be read alongside the Terms & Conditions.
1 Introduction and Data Controller
1.1 tah77 ("we," "us," or "the Company") operates the online gaming platform accessible at tah77.org and all associated sub-domains and services. tah77 is the personal information controller in relation to all personal data collected through the Platform, as defined under Republic Act No. 10173, the Data Privacy Act of 2012 (DPA 2012).
1.2 tah77 is committed to protecting the privacy of its players and to processing personal data in a manner that is transparent, lawful, and consistent with the principles established under DPA 2012 and the implementing rules and regulations issued by the National Privacy Commission (NPC). The Platform is also subject to data-related obligations arising from PAGCOR's regulatory framework for online gaming operators.
1.3 tah77 has designated a Data Protection Officer (DPO) responsible for overseeing compliance with DPA 2012 and for handling all player data-related inquiries and requests. Contact details for the DPO are provided in Section 14 of this Policy.
2 Personal Data We Collect
2.1 tah77 collects personal information that is necessary and proportionate to the services provided. The following categories of data are collected:
| Category | Specific Data Points | When Collected |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, gender | Registration and KYC verification |
| Contact Data | Mobile number, email address, residential address | Registration and account updates |
| Identity Document Data | Government-issued ID type and number, ID images or scans | KYC verification (before first withdrawal) |
| Financial Data | GCash or Maya account number, bank account details (BPI, BDO, UnionBank), deposit and withdrawal history | Wallet setup and transaction processing |
| Gaming Activity Data | Bet history, game session records, win/loss data, bonus usage, wagering activity | During all real-money gaming sessions |
| Technical Data | IP address, device type, operating system, browser type, session duration, referring URL | Automatically on each Platform visit |
| Communications Data | Live chat transcripts, support email correspondence, SMS logs | During any support interaction |
| Responsible Gaming Data | Deposit limits set, self-exclusion requests, cooling-off periods, session time alerts | When player-activated tools are used |
2.2 tah77 does not knowingly collect sensitive personal information — including race, religion, political affiliation, health data, or sexual orientation — unless the Player voluntarily provides such information in the context of a responsible gaming or support interaction, in which case it is treated with the highest level of protection.
3 How We Collect Personal Data
tah77 collects personal data through the following channels and mechanisms:
- Direct submission by the Player: When you register an account, complete KYC verification, add a payment method, contact support, or submit any form on the Platform, you directly provide us with personal data.
- Automated technical collection: When you visit and interact with tah77.org, our servers and analytics systems automatically record technical data including IP address, device information, session duration, and page interactions.
- Payment processors: When you transact via GCash, Maya, BPI, BDO, or other payment providers, those providers share transaction reference data with tah77 to confirm deposit and withdrawal status. tah77 does not receive your full payment account password or PIN.
- Third-party KYC verification services: tah77 uses certified third-party identity verification services to cross-check government-issued ID documents against official databases. These services provide verification outcomes to tah77, and their data practices are governed by their own privacy policies and applicable Philippine law.
- Game providers: Certified game providers integrated into the tah77 Platform may share game session metadata with tah77 for the purpose of game history recording, dispute resolution, and regulatory reporting.
4 Legal Basis and Purposes for Processing
4.1 Under the Data Privacy Act of 2012, tah77 processes personal data on one or more of the following lawful bases:
- Contractual necessity: Processing required to perform the services you have agreed to through the tah77 Terms & Conditions — including account management, game access, payment processing, and wallet operations.
- Legal obligation: Processing required to comply with obligations under PAGCOR's licensing conditions, the Anti-Money Laundering Act (AMLA) of 2001 as amended, Republic Act No. 10173 (DPA 2012), and other applicable Philippine laws and regulations.
- Legitimate interests: Processing for tah77's legitimate interests in operating a safe, fair, and commercially viable gaming platform — including fraud prevention, responsible gaming monitoring, security incident investigation, and platform improvement — provided these interests do not override your fundamental rights and freedoms.
- Consent: For marketing communications and non-essential cookies, tah77 relies on your freely given, specific, and informed consent. You may withdraw marketing consent at any time by contacting [email protected].
5 How We Use Your Personal Data
tah77 uses the personal data it collects for the following specific purposes:
- Creating, verifying, and managing your tah77 Account;
- Processing deposits and withdrawals through GCash, Maya, BPI, BDO, UnionBank, and other supported payment methods;
- Completing KYC identity verification before processing withdrawals;
- Providing access to gaming services including slots, live casino tables, bingo rooms, and the tah77 Wallet;
- Calculating and crediting bonuses, cashback, and VIP rewards accurately and in accordance with promotion terms;
- Detecting and preventing fraud, account abuse, money laundering, and other prohibited conduct;
- Complying with PAGCOR's regulatory reporting requirements and AMLA obligations;
- Monitoring responsible gaming indicators and administering player-activated tools such as deposit limits, loss limits, session alerts, and self-exclusion;
- Responding to player support inquiries via live chat, email, and other support channels;
- Resolving disputes, investigating security incidents, and cooperating with law enforcement or regulatory inquiries when required by law;
- Sending transactional communications (deposit confirmations, withdrawal notifications, security alerts) via SMS or email;
- With your consent, sending promotional communications about tah77 offers, new games, and events.
6 Data Sharing and Disclosure
6.1 tah77 does not sell, rent, or trade your personal data to third parties for their independent marketing purposes.
6.2 tah77 may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data protection agreements:
- Payment processors and e-wallet providers (GCash/GXI, Maya/PayMaya Philippines Inc., BPI, BDO, UnionBank, and others) — for the purpose of processing your deposits and withdrawals;
- KYC and identity verification service providers — for the purpose of verifying your identity documents against official records;
- Game providers — for game integration, bet settlement, game history recording, and provider-level fairness audits;
- Cloud infrastructure and hosting providers — for secure data storage and Platform operation, subject to data processing agreements;
- Customer support platform providers — for delivering live chat and support ticket management services;
- PAGCOR and other Philippine regulatory authorities — where required by law, regulation, or lawful regulatory inquiry;
- Philippine law enforcement agencies — where required by a valid court order, subpoena, or other lawful process;
- Anti-Money Laundering Council (AMLC) — where required under the Anti-Money Laundering Act for suspicious transaction reporting.
6.3 All third-party service providers who process personal data on tah77's behalf are bound by data processing agreements that require them to process such data only as instructed by tah77, in compliance with DPA 2012 and applicable law, and to implement appropriate technical and organizational security measures.
7 Cookies and Tracking Technologies
7.1 tah77 uses cookies and similar tracking technologies to operate and improve the Platform. Cookies are small text files placed on your device when you visit tah77.org.
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Essential | Maintaining your login session, remembering wallet state, basic security functions | No — required for Platform to function |
| Functional | Remembering your language preference, game display settings, last visited sections | Yes — optional preference |
| Analytics | Understanding how players navigate the Platform, identifying performance issues | Yes — with your consent |
| Security | Detecting suspicious login patterns, bot detection, fraud prevention | No — required for account security |
7.2 You can manage your cookie preferences through your browser settings. Please note that disabling essential or security cookies may affect Platform functionality, including your ability to log in. For mobile browsers, cookie management settings vary by browser application.
8 Data Security
8.1 tah77 implements appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, disclosure, alteration, or destruction. These measures include:
- 256-bit AES encryption for all personal and financial data stored at rest in tah77's database infrastructure;
- TLS 1.3 encryption for all data in transit between your device and tah77's servers;
- Multi-factor authentication requirements for internal staff accessing player data systems;
- Role-based access controls ensuring that only authorized personnel with a documented business need can access specific categories of personal data;
- Regular security audits and penetration testing of the Platform and underlying infrastructure;
- Comprehensive data incident response procedures aligned with NPC notification requirements under DPA 2012.
8.2 While tah77 takes all reasonable steps to protect your personal data, no internet transmission or electronic storage system can be guaranteed as completely secure. Players are also responsible for maintaining the security of their own Account credentials and should immediately notify tah77 if they suspect any unauthorized access to their Account.
Your Role in Data Security
Use a strong, unique password for your tah77 Account. Enable two-factor authentication. Never share your login credentials with any third party. Log out when using shared devices. If you receive a login notification you don't recognize, contact tah77 support immediately via live chat or at [email protected].
9 Data Retention
9.1 tah77 retains personal data for no longer than is necessary to fulfill the purpose for which it was collected, or as required by applicable law. The following general retention periods apply:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | Regulatory (PAGCOR, AMLA) |
| KYC identity documents | Duration of account + 5 years after closure | AMLA obligations (RA 9160 as amended) |
| Financial transaction records | 5 years from transaction date | AMLA obligations |
| Gaming session and bet history | 5 years from session date | PAGCOR regulatory reporting requirements |
| Support communications | 3 years from last interaction | Legitimate interest (dispute resolution) |
| Marketing consent records | 3 years from consent or withdrawal | NPC compliance requirement |
| Technical/log data | 90 days from collection | Security monitoring and fraud detection |
9.2 Upon expiry of the applicable retention period, tah77 will securely delete or anonymize the relevant personal data using industry-standard data destruction methods. Anonymized, non-identifiable data derived from gaming activity may be retained indefinitely for statistical and Platform improvement purposes.
10 Your Privacy Rights Under DPA 2012
10.1 As a data subject under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by tah77:
10.2 To exercise any of the above rights, submit a written request to tah77's Data Protection Officer at [email protected] with the subject line "Data Privacy Request." tah77 will acknowledge your request within three (3) business days and respond substantively within thirty (30) calendar days, as required under NPC regulations.
10.3 Certain rights are subject to limitations where data retention is required by law (e.g., AMLA and PAGCOR regulatory records cannot be erased during their mandatory retention period regardless of a deletion request). tah77 will explain applicable limitations clearly when responding to your request.
11 Children and Minors
Strict 21+ Age Requirement
tah77 is a real-money gaming platform exclusively for adults aged 21 years and above as mandated by PAGCOR. tah77 does not knowingly collect, process, or retain personal data from any individual under the age of 21. Age is verified during KYC. Any account found to belong to a person under 21 will be immediately closed and all data will be handled in accordance with applicable law.
11.1 If you are a parent or guardian and believe that a minor under your care has accessed tah77 or provided personal data to the Platform, please contact tah77 immediately at [email protected]. tah77 will investigate the matter promptly and take appropriate action including account closure, data deletion where legally permissible, and notification to PAGCOR as required.
12 Cross-Border Data Transfers
12.1 Some of tah77's third-party service providers — including cloud infrastructure providers, game providers, and analytics vendors — may be located outside the Republic of the Philippines. In such cases, tah77 ensures that any cross-border transfer of personal data complies with the requirements of Section 21 of DPA 2012 and the NPC's guidelines on cross-border data transfers.
12.2 Before transferring personal data to a foreign country or international organization, tah77 verifies that the recipient country's data protection framework provides an adequate level of protection equivalent to Philippine standards, or implements contractual safeguards (such as standard contractual clauses) that protect your data to an equivalent standard.
12.3 Game session data transmitted to game provider servers may be processed in various jurisdictions. All such providers are contractually required to process data only for the purpose of game delivery and settlement, and are prohibited from using tah77 player data for their own independent purposes.
13 Changes to This Privacy Policy
13.1 tah77 may update this Privacy Policy from time to time to reflect changes in the Platform's data practices, legal requirements, or NPC guidance. The effective date at the top of this document will be updated whenever a new version takes effect.
13.2 For material changes — those that significantly affect how your personal data is collected or used — tah77 will notify you by SMS to your registered mobile number and display a notice on the Platform at least fourteen (14) days before the changes take effect. For non-material changes (such as clarifications or typographic corrections), the updated Policy will be posted without individual notification.
13.3 Your continued use of the tah77 Platform after the effective date of any updated Privacy Policy constitutes your acknowledgment of and agreement to the updated terms.
14 Contact and Data Protection Officer
14.1 For any questions, concerns, or formal requests relating to this Privacy Policy or tah77's data processing practices, please contact our designated Data Protection Officer:
Data Protection Officer — tah77
Contact Method: [email protected] — Subject: "Data Privacy Request"
Live Chat: Available 24/7 via tah77.org — identify your inquiry as a data privacy matter
Response Time: Acknowledgement within 3 business days; substantive response within 30 calendar days
Operating Hours: Philippine Standard Time (PST), 24 hours a day, 7 days a week
14.2 If you are unsatisfied with tah77's response to a privacy concern, you have the right to escalate your complaint to the National Privacy Commission of the Philippines. The NPC's contact information and complaint procedures are available through the official NPC website and other official Philippine government channels.
Related Documents
This Privacy Policy should be read alongside the tah77 Terms & Conditions and the Responsible Gaming Policy. Together, these documents set out the complete framework for your relationship with tah77.
Document version: 2026.1 | Effective date: 1 January 2026 | Legal basis: RA 10173 (DPA 2012) | Regulator: NPC & PAGCOR | Jurisdiction: Republic of the Philippines