Summary: aceph11 collects personal data to operate the Platform, comply with Philippine gaming and anti-money laundering regulations, and improve your experience. We do not sell your personal data to third parties. This policy is governed by the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.
1 Introduction
aceph11 ("aceph11", "we", "us", "our") is committed to protecting the privacy and personal data of all users of the aceph11 online gaming platform, including the aceph11 Casino website and all related services (collectively, the "Platform"). This Privacy Policy ("Policy") describes how aceph11 collects, uses, stores, shares, and protects your personal data when you access or use the Platform.
This Policy applies to all registered players, visitors to the Platform, and any other individuals whose personal data aceph11 processes in connection with the operation of the Platform. By registering an account, completing the aceph11 Login process, or otherwise using the Platform, you acknowledge that you have read and understood this Policy.
aceph11 acts as the Personal Information Controller (PIC) in respect of the personal data it collects and processes, as defined under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, "DPA") and its Implementing Rules and Regulations ("IRR"). aceph11 has appointed a Data Protection Officer ("DPO") who is responsible for overseeing compliance with this Policy and applicable data privacy laws.
This Policy should be read together with the aceph11 Terms & Conditions. Capitalised terms not defined in this Policy have the meanings given to them in the Terms & Conditions.
2 Personal Data We Collect
aceph11 collects the following categories of personal data from and about you:
2.1 Identity & Contact Data
- Full legal name, date of birth, nationality;
- Government-issued identification number (e.g., PhilSys National ID number, passport number, driver's licence number);
- Email address, mobile phone number;
- Residential address (barangay, city/municipality, province, postal code).
2.2 Account & Authentication Data
- Username and encrypted password;
- Security questions and answers (where applicable);
- Two-factor authentication credentials.
2.3 Financial Data
- GCash or PayMaya / Maya account details (mobile number associated with the e-wallet);
- Bank account details (bank name, account number) for bank transfer transactions;
- Debit card details (card number, expiry date — stored in tokenised form only);
- Transaction history, including deposit amounts, withdrawal amounts, dates, and payment method used.
2.4 KYC Verification Data
- Copies of government-issued photo identification documents;
- Proof of address documents;
- Selfie or liveness check images (where required for identity verification);
- Source of funds declarations (where required by AML regulations).
2.5 Gaming & Behavioural Data
- Game history, including games played, wager amounts, wins, and losses;
- Session duration and frequency of play;
- Responsible gaming tool usage (deposit limits set, cooling-off periods activated, self-exclusion requests);
- Bonus and promotion participation history.
2.6 Technical & Device Data
- IP address and approximate geolocation derived from IP;
- Device type, operating system, and browser type and version;
- Unique device identifiers;
- Log data, including pages visited, links clicked, and error reports;
- Cookie identifiers and similar tracking technology data (see Section 7).
2.7 Communications Data
- Records of your communications with aceph11 customer support, including live chat transcripts and email correspondence;
- Feedback, survey responses, and complaints submitted to aceph11.
aceph11 does not collect sensitive personal information beyond what is strictly necessary for identity verification and regulatory compliance. We do not collect biometric data except where a liveness check is required as part of KYC verification, and such data is processed solely for that purpose.
3 How We Collect Your Data
aceph11 collects your personal data through the following means:
- Directly from you — when you register an account, complete the aceph11 Login process, submit KYC documents, make a deposit or withdrawal, contact customer support, or participate in a promotion;
- Automatically — when you access and use the Platform, through cookies, web beacons, server logs, and similar tracking technologies (see Section 7);
- From third-party identity verification providers — when we use third-party KYC and AML screening services to verify your identity and screen against sanctions and watchlists;
- From payment processors — when you make a deposit or withdrawal, your payment provider may share transaction confirmation data with aceph11;
- From fraud prevention and analytics partners — to help us detect and prevent fraudulent activity on the Platform.
4 How We Use Your Personal Data
aceph11 uses your personal data for the following purposes:
| Purpose | Data Categories Used |
|---|---|
| Account registration and management | Identity, Contact, Account & Authentication |
| Identity verification (KYC) and age verification (21+) | Identity, KYC Verification |
| Processing deposits and withdrawals | Financial, Identity |
| Anti-money laundering (AML) and counter-terrorism financing (CTF) compliance | Identity, Financial, KYC Verification |
| Providing and improving Platform services and games | Gaming & Behavioural, Technical & Device |
| Customer support and dispute resolution | Identity, Contact, Communications |
| Responsible gaming monitoring and intervention | Gaming & Behavioural, Identity |
| Fraud detection and prevention | Technical & Device, Financial, Gaming & Behavioural |
| Sending promotional communications (with your consent) | Identity, Contact |
| Compliance with legal and regulatory obligations | All categories as required |
aceph11 will not use your personal data for any purpose that is incompatible with the purposes listed above without first obtaining your consent or establishing another lawful basis for processing.
5 Legal Basis for Processing
Under the Philippine Data Privacy Act of 2012, aceph11 relies on the following legal bases for processing your personal data:
- Contractual necessity — processing is necessary to perform our contract with you (i.e., to provide the aceph11 Platform and its services, including processing your aceph11 Login, managing your account, and processing transactions);
- Legal obligation — processing is necessary for aceph11 to comply with its legal and regulatory obligations, including KYC verification, AML/CTF compliance, PAGCOR reporting requirements, and obligations under the DPA itself;
- Legitimate interests — processing is necessary for aceph11's legitimate interests, including fraud prevention, Platform security, responsible gaming monitoring, and improving our services, provided that such interests are not overridden by your rights and interests;
- Consent — where we rely on your consent as the legal basis for processing (e.g., for sending marketing communications), you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
You may opt out of receiving marketing communications from aceph11 at any time by updating your communication preferences in your account settings or by contacting our Data Protection Officer at the details provided in Section 14.
6 Sharing Your Personal Data
aceph11 does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate data protection safeguards:
- KYC and identity verification providers — third-party services that assist aceph11 in verifying your identity and screening against sanctions lists and politically exposed persons (PEP) databases, as required by Philippine AML regulations;
- Payment processors and e-wallet providers — GCash, PayMaya / Maya, and Philippine banking partners (BPI, BDO, Metrobank, UnionBank, Landbank, PNB, Security Bank) for the purpose of processing your deposits and withdrawals;
- Game providers — third-party game developers and providers whose games are available on the aceph11 Casino Platform may receive limited technical data necessary to deliver their games;
- Fraud prevention and analytics partners — service providers that help aceph11 detect and prevent fraudulent activity, cheating, and abuse on the Platform;
- Regulatory and law enforcement authorities — PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other competent Philippine authorities, where disclosure is required by law, court order, or regulatory direction;
- Professional advisers — lawyers, auditors, and other professional advisers engaged by aceph11, subject to professional confidentiality obligations;
- Business successors — in the event of a merger, acquisition, or sale of all or part of aceph11's business, your personal data may be transferred to the acquiring entity, subject to equivalent data protection commitments.
Where aceph11 shares your personal data with third-party service providers, we require those providers to process your data only on our instructions and in accordance with applicable data privacy laws. We do not permit our service providers to use your personal data for their own purposes.
7 Cookies & Tracking Technologies
aceph11 uses cookies and similar tracking technologies (such as web beacons and pixel tags) on the Platform to enhance your experience, maintain your session, and gather analytics data. The following types of cookies are used:
- Strictly necessary cookies — essential for the Platform to function correctly, including maintaining your aceph11 Login session and remembering your preferences. These cookies cannot be disabled without affecting Platform functionality;
- Performance and analytics cookies — used to collect aggregated, anonymised information about how users interact with the Platform, helping aceph11 identify areas for improvement;
- Functional cookies — used to remember your preferences and personalise your experience on the Platform, such as your preferred language or game lobby layout;
- Security cookies — used to detect and prevent fraudulent activity, including bot detection and session integrity verification.
You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. For strictly necessary cookies, no consent is required as they are essential to the operation of the service you have requested.
aceph11 does not use cookies to serve third-party advertising or to track your activity across unrelated websites. Our cookies are used solely in connection with the operation and improvement of the aceph11 Platform.
8 Data Retention
aceph11 retains your personal data for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. The following general retention periods apply:
- Account and KYC data — retained for a minimum of five (5) years from the date of account closure, in accordance with Philippine AML regulations and PAGCOR requirements;
- Transaction and financial data — retained for a minimum of five (5) years from the date of the transaction, as required by the Anti-Money Laundering Act of 2001 (Republic Act No. 9160, as amended) and its implementing regulations;
- Gaming and behavioural data — retained for the duration of your account and for up to three (3) years following account closure, for the purposes of dispute resolution and responsible gaming monitoring;
- Customer support communications — retained for up to three (3) years from the date of the communication, for the purposes of dispute resolution and service improvement;
- Technical and device data — retained for up to twelve (12) months from collection, unless required for longer for fraud investigation purposes.
Where aceph11 is required by law to retain your personal data for a longer period, the statutory retention period will apply. Upon expiry of the applicable retention period, aceph11 will securely delete or anonymise your personal data.
9 Data Security
aceph11 takes the security of your personal data seriously and implements appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, destruction, or disclosure. Our security measures include:
- Encryption — all data transmitted between your device and the aceph11 Platform is encrypted using industry-standard Transport Layer Security (TLS) protocols. Sensitive data at rest, including financial data and KYC documents, is encrypted using AES-256 encryption;
- Access controls — access to personal data is restricted to aceph11 personnel and authorised service providers who have a legitimate need to access it, and is subject to role-based access controls and audit logging;
- Password security — user passwords are stored in hashed form using a strong cryptographic hashing algorithm. aceph11 never stores passwords in plain text;
- Fraud detection systems — aceph11 employs automated fraud detection and anomaly detection systems to identify and respond to suspicious activity on the Platform;
- Regular security assessments — aceph11 conducts periodic security assessments and vulnerability testing to identify and remediate potential security weaknesses.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, aceph11 will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay, in accordance with the DPA and its IRR.
While aceph11 implements robust security measures, no online platform can guarantee absolute security. You are responsible for maintaining the confidentiality of your aceph11 Login credentials and for notifying us immediately if you suspect unauthorised access to your account.
10 Your Data Privacy Rights
Under the Philippine Data Privacy Act of 2012, you have the following rights in respect of your personal data held by aceph11:
- Right to be informed — the right to be informed of how your personal data is being collected and processed, as set out in this Policy;
- Right of access — the right to request a copy of the personal data that aceph11 holds about you, and information about how it is being processed;
- Right to rectification — the right to request that aceph11 correct any inaccurate or incomplete personal data it holds about you;
- Right to erasure — the right to request that aceph11 delete your personal data where it is no longer necessary for the purposes for which it was collected, subject to aceph11's legal and regulatory retention obligations;
- Right to object — the right to object to the processing of your personal data where aceph11 relies on legitimate interests as the legal basis for processing;
- Right to data portability — the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible;
- Right to lodge a complaint — the right to lodge a complaint with the National Privacy Commission (NPC) if you believe that aceph11 has processed your personal data in violation of the DPA.
To exercise any of the above rights, please contact aceph11's Data Protection Officer using the contact details provided in Section 14. aceph11 will respond to your request within thirty (30) days of receipt, in accordance with the DPA and its IRR. Please note that certain rights are subject to limitations and exceptions under applicable law, particularly where processing is required for regulatory compliance or legal proceedings.
You may also update your personal information directly through your account settings for certain data types, such as your contact email address and communication preferences, without needing to contact the DPO.
11 Children's Privacy and Minors
The aceph11 Platform is strictly intended for adults aged 21 years and above, in accordance with Philippine gaming regulations. aceph11 does not knowingly collect personal data from individuals under the age of 21.
As part of the KYC verification process, aceph11 verifies the age of all registered players before permitting real-money gaming activity. Any account found to belong to a person under 21 years of age will be immediately suspended, and any personal data collected in connection with that account will be securely deleted, except where retention is required by law.
If you are a parent or guardian and believe that your child has registered an account on the aceph11 Platform, please contact our Data Protection Officer immediately using the contact details in Section 14. aceph11 will investigate and take appropriate action, including account suspension and data deletion, as quickly as possible.
12 Third-Party Links
The aceph11 Platform may contain links to third-party websites or services, such as payment provider portals (e.g., GCash, PayMaya / Maya) or game provider interfaces. This Privacy Policy applies only to the aceph11 Platform and does not cover the privacy practices of any third-party websites or services.
aceph11 is not responsible for the privacy practices or content of any third-party websites. We encourage you to review the privacy policies of any third-party services you access in connection with your use of the aceph11 Platform. The inclusion of a link to a third-party website does not constitute an endorsement of that website or its privacy practices by aceph11.
13 Changes to This Privacy Policy
aceph11 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable law, or regulatory requirements. When material changes are made to this Policy, aceph11 will notify registered players by posting a prominent notice on the Platform and, where practicable, by sending a notification to the email address associated with your account.
The updated Policy will take effect on the date specified in the notice. Your continued use of the aceph11 Platform after the effective date of any updated Policy constitutes your acknowledgment of the changes. If you do not agree to the updated Policy, you must cease using the Platform and may close your account in accordance with the Terms & Conditions.
The most current version of this Privacy Policy will always be available on this page, together with the effective date. We recommend that you review this page periodically to stay informed of any updates to our data privacy practices.
14 Contact & Data Protection Officer
If you have any questions, concerns, or requests regarding this Privacy Policy or aceph11's data processing practices, or if you wish to exercise any of your data privacy rights under the DPA, please contact our Data Protection Officer:
Data Protection Officer — aceph11
aceph11 aims to acknowledge all data privacy requests within 72 hours and to resolve them within thirty (30) days of receipt. For complex requests, aceph11 may extend this period by a further thirty (30) days, in which case we will notify you of the extension and the reasons for it.
If you are not satisfied with aceph11's response to your data privacy request or complaint, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines, which is the supervisory authority responsible for enforcing the DPA.
How aceph11 Protects Your Data
Six key commitments that define how aceph11 handles your personal information every day.
All data in transit is protected by TLS encryption. Sensitive data at rest — including KYC documents and financial records — is encrypted with AES-256, the same standard used by banks.
aceph11 fully complies with the Philippine Data Privacy Act of 2012 (RA 10173). We have a registered Data Protection Officer and follow NPC guidelines for data handling and breach notification.
aceph11 does not sell, rent, or trade your personal data to third parties for marketing purposes — ever. Your data is used only to operate the Platform and meet our legal obligations.
You have the right to access, correct, delete, and port your personal data. Submit a request to our DPO and we'll respond within 30 days, as required by Philippine privacy law.
Only authorised aceph11 personnel with a legitimate need can access your personal data. All access is role-based, logged, and audited regularly to prevent internal misuse.
We clearly document every purpose for which we process your data and the legal basis for doing so. No hidden uses, no surprises — just straightforward, lawful data processing.