This Privacy Policy describes how taraph collects, uses, stores, and protects the personal information of all individuals who access or use the taraph platform at taraph.one. taraph is committed to handling your personal data in full compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and PAGCOR's applicable data governance requirements.
Effective Date: 1 January 2026 · Last Updated: 1 January 2026NPC Compliant — This Privacy Policy is prepared in accordance with the National Privacy Commission's (NPC) guidelines under Republic Act No. 10173 and its Implementing Rules and Regulations. taraph acts as a Personal Information Controller (PIC) in respect of all data described herein.
Your Privacy at taraph
Before you read the full policy below, here is a plain-English summary of taraph's six core commitments to protecting the personal data of every Filipino player who trusts us with their information.
taraph collects only the personal data that is strictly necessary for account operation, KYC compliance, payment processing, and regulatory reporting under PAGCOR and AMLA requirements. We do not collect data for its own sake.
All personal data processed by taraph is protected using industry-standard SSL/TLS encryption in transit and AES-256 encryption at rest. Access to your personal data is strictly limited to authorised taraph personnel with a verified operational need.
taraph does not sell, rent, or commercially transfer your personal information to third parties. Data sharing with external parties is limited strictly to service providers, payment processors, and regulatory bodies as described in this Policy.
As a data subject under RA 10173, you have the right to access, correct, update, object to, and request deletion of your personal data held by taraph. These rights can be exercised by contacting taraph's Data Protection Officer through the support channel.
taraph will only send promotional communications — bonus offers, game announcements, and seasonal Filipino Fiesta event updates — to players who have expressly opted in at registration or in their Account settings. You can withdraw marketing consent at any time.
taraph retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or for the minimum retention periods mandated by PAGCOR, BSP, and AMLC regulations — whichever is longer. Data beyond the required retention window is securely deleted.
RA 10173 Rights
Under the Philippine Data Privacy Act, every Filipino player whose personal data is processed by taraph has the following legally enforceable rights. These can be exercised at any time by contacting taraph's Data Protection Officer.
Know what data we collect and why before or at the time of collection.
Request a copy of all personal data taraph holds about you at any time.
Have inaccurate or incomplete personal data corrected promptly upon request.
Request deletion of your data when it is no longer necessary, subject to regulatory retention obligations.
Object to specific processing activities, including direct marketing, based on legitimate interests.
Claim compensation for damages suffered as a result of taraph's non-compliance with RA 10173.
This Privacy Policy ("Policy") is issued by taraph ("taraph," "we," "us," or "our"), the operator of the online gaming and casino platform available at taraph.one ("the Platform"). taraph is registered and operates in compliance with PAGCOR online gaming regulations applicable to the Philippines. This Policy sets out in full the personal data processing practices of taraph and the rights available to all data subjects whose information taraph handles.
This Policy is issued pursuant to Republic Act No. 10173, the Data Privacy Act of 2012 ("DPA"), and its Implementing Rules and Regulations ("IRR") as promulgated by the National Privacy Commission ("NPC"). taraph is the Personal Information Controller ("PIC") in respect of all personal data processing activities described in this Policy.
By creating a taraph account, making a deposit, or otherwise using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal data as described herein.
1.1 taraph operates taraph.one as a PAGCOR-regulated online gaming and casino platform serving Filipino players in the Philippines. As the operator of the Platform, taraph determines the purposes and means of processing personal data collected through the Platform and is therefore the Personal Information Controller under the DPA.
1.2 taraph has designated a Data Protection Officer ("DPO") in accordance with Section 21 of the DPA IRR. The DPO is responsible for ensuring taraph's ongoing compliance with data privacy obligations and serves as the primary point of contact for data subject enquiries and NPC communications. Contact details for the DPO are provided in Section 18 of this Policy.
2.1 This Policy applies to all personal data processing activities conducted by taraph in connection with the Platform, including but not limited to: account registration and management; identity verification (KYC); payment processing and transaction monitoring; game play and activity logging; customer support interactions; marketing communications; and fraud prevention activities.
2.2 This Policy applies to all individuals who interact with the Platform regardless of whether they hold a registered Account, including visitors who browse the Platform without registering.
2.3 Where taraph engages third-party service providers who process personal data on taraph's behalf (Personal Information Processors, "PIPs"), taraph ensures appropriate contractual data processing agreements are in place binding those processors to obligations consistent with this Policy and the DPA.
3.1 taraph collects the following categories of personal data in connection with operating the Platform:
| Data Category | Collected At | Regulatory Basis |
|---|---|---|
| Identity & Contact | Registration | DPA Sec. 13(b); PAGCOR KYC Rules |
| KYC Documents | Verification stage | RA 9160 (AMLA); PAGCOR licensing conditions |
| Financial & Transaction | Every transaction | RA 9160 (AMLA); BSP Circulars |
| Gaming Activity | Active play sessions | PAGCOR licensing; Responsible gaming obligations |
| Technical & Device | Every Platform visit | Fraud prevention; security monitoring |
4.1 Directly from you: The majority of personal data taraph holds is provided directly by you during account registration, KYC verification, payment transactions, support interactions, and the completion of responsible gaming tool settings in your Account dashboard.
4.2 Automatically through the Platform: When you access the Platform, taraph's systems automatically record technical data including your IP address, device specifications, session timestamps, and browsing behaviour within the Platform (pages visited, games launched, session duration). This data is collected through server logs and first-party cookies as described in Section 8.
4.3 From payment service providers: When you initiate a deposit or withdrawal, taraph's payment processing partners (GCash, Maya, BPI, BDO, Metrobank, and InstaPay) transmit transaction confirmation data including payment reference numbers and transaction amounts to taraph for reconciliation and record-keeping purposes. taraph does not receive or store full bank account credentials or GCash PINs.
4.4 From identity verification services: Where taraph uses third-party KYC/identity verification processors to assist with document verification, those processors may return confidence scores and verification outcomes to taraph. All raw identity documents are retained by taraph in its own secure storage infrastructure.
5.1 taraph relies on the following legal bases for processing personal data, as recognised under Section 13 of the DPA:
6.1 taraph processes your personal data for the following purposes:
taraph does not use personal data for automated individual decision-making (profiling) that produces legal effects or significantly affects Players, except where required by PAGCOR responsible gaming obligations to identify and respond to problem gambling risk indicators.
7.1 taraph does not sell, rent, or commercially transfer personal data to unaffiliated third parties. Personal data is shared only in the following circumstances and strictly on a need-to-know basis:
Transaction data is shared with GCash, Maya, BPI, BDO, Metrobank, InstaPay, and other approved payment service providers solely for the purpose of processing deposits and withdrawals. These providers are contractually bound to handle shared data in accordance with applicable BSP regulations and data privacy standards.
Where third-party identity verification processors are engaged to assist with document verification and liveness checks, taraph shares the minimum necessary data (identity document images and applicant details) with those processors under binding contractual data processing agreements.
taraph discloses personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Bureau of Investigation (NBI), the Philippine National Police (PNP), or other competent Philippine authorities where required by applicable law, court order, or regulatory direction. Such disclosures will be made to the minimum extent required to fulfil the legal obligation.
taraph may share personal data with legal counsel, auditors, and compliance advisors under strict confidentiality obligations where necessary for the conduct of legal proceedings, regulatory submissions, or financial audits.
Where taraph operates within a corporate group structure, personal data may be shared with affiliated entities within that group under binding intra-group data processing agreements, solely for the purposes described in this Policy and subject to equivalent data protection standards.
taraph will never share your personal data with third-party marketing companies, data brokers, or unaffiliated commercial entities. Any request purporting to be from taraph asking you to share personal data through an unofficial channel should be treated as suspicious and reported to taraph support immediately.
8.1 taraph uses first-party cookies and similar session technologies on the Platform for the following purposes:
8.2 taraph does not use third-party advertising cookies or cross-site tracking technologies on the Platform. You can manage cookie preferences through your browser settings, though disabling strictly necessary cookies will prevent normal Platform operation.
taraph's cookies are strictly first-party — they operate only within the taraph.one domain and do not track your activity across other websites or applications.
9.1 taraph implements a comprehensive set of technical and organisational security measures designed to protect personal data against unauthorised access, accidental loss, destruction, or disclosure:
9.2 Notwithstanding the above measures, no data transmission or storage system is completely secure. taraph cannot guarantee absolute security against all possible threats. In the event of a security incident affecting your personal data, taraph will notify you and the NPC in accordance with the procedure described in Section 15 of this Policy.
10.1 taraph retains personal data for the minimum period necessary to fulfil the purpose for which it was collected, subject to the following mandatory minimum retention periods required under Philippine law and PAGCOR regulations:
10.2 Upon expiry of the applicable retention period, personal data will be securely deleted or anonymised in a manner that prevents reconstruction of the original personal data.
11.1 Where taraph engages service providers or technology partners whose infrastructure is located outside the Philippines (for example, cloud hosting providers or third-party analytics processors), personal data may be transferred to or processed in jurisdictions outside the Philippines.
11.2 Any such international transfer of personal data will only be made where taraph has confirmed that adequate protective measures are in place, including contractual data processing agreements requiring the recipient to maintain protection standards equivalent to those required under the DPA and NPC regulations. taraph will not transfer personal data to jurisdictions that do not provide adequate data protection standards without implementing appropriate safeguards.
12.1 The taraph Platform is strictly restricted to persons who are at least 21 years of age. taraph does not knowingly collect personal data from individuals under 21 years of age. Where taraph discovers that personal data has been collected from a person under 21, taraph will immediately close the associated Account, forfeit any balance in accordance with the Terms & Conditions, delete the collected data to the extent permitted by applicable law and regulatory retention obligations, and report the incident to PAGCOR as required.
12.2 If you have reason to believe that a person under 21 years of age has submitted personal data to taraph, please contact taraph's Data Protection Officer immediately at the contact details set out in Section 18 of this Policy.
Persons under 21 years of age must not attempt to register on or use the taraph Platform. Online gaming by persons under 21 is prohibited under PAGCOR regulations and Philippine law.
13.1 Subject to the conditions and limitations prescribed by the DPA and applicable PAGCOR and AMLA regulations, you have the following rights in respect of your personal data held by taraph:
13.2 To exercise any of the above rights, please submit a written request to taraph's Data Protection Officer through the Platform's official support channel. taraph will acknowledge your request within three (3) business days and complete the requested action or provide a substantive response within fifteen (15) business days of receiving a complete and valid request.
13.3 Where taraph is unable to fully comply with a request — for example, because fulfilling it would conflict with a mandatory regulatory retention obligation under RA 9160 — taraph will provide a written explanation of the specific legal basis for the refusal.
13.4 If you believe taraph has not adequately addressed your data privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines.
14.1 taraph will only send promotional and marketing communications — including bonus offers, new game announcements, Philippine Fiesta event promotions, and seasonal campaign updates — to Players who have expressly consented to receive such communications at registration or through their Account notification settings.
14.2 Marketing consent is collected separately from the acceptance of the Terms & Conditions and this Privacy Policy. Declining marketing consent will not affect your ability to access or use the Platform's gaming and payment services.
14.3 You may withdraw marketing consent at any time by updating your notification preferences in the Account settings section. Withdrawal of consent will take effect within five (5) business days. Withdrawal of marketing consent does not affect the lawfulness of processing conducted prior to withdrawal.
14.4 Transactional notifications — including deposit confirmations, withdrawal status updates, KYC verification notices, and Account security alerts — are sent to all registered Players regardless of marketing consent status, as these communications are necessary for the performance of taraph's contractual obligations and for regulatory compliance purposes.
15.1 In the event of a personal data breach that taraph determines poses a real risk of serious harm to affected data subjects, taraph will:
15.2 If you suspect that your taraph Account has been compromised, or that your personal data has been accessed by an unauthorised party, please contact taraph support immediately through the Platform's live chat channel so that appropriate containment and remediation steps can be initiated without delay.
16.1 The Platform may contain references to or integrations with third-party service providers (such as payment processors) whose own privacy practices govern the personal data they collect independently. taraph is not responsible for the privacy practices of those third parties. When you interact directly with a third-party service — for example, completing a GCash authorisation within the GCash app — that interaction is governed by GCash's own privacy policy.
16.2 taraph does not embed third-party social media widgets, advertising networks, or cross-site tracking tools on the Platform. The Platform does not link to external websites beyond the payment provider flows necessary to complete transactions.
17.1 taraph may amend this Privacy Policy from time to time to reflect changes in data processing practices, regulatory requirements, or Platform functionality. The updated Policy will be published on the Platform with a revised effective date prominently displayed at the top of the document.
17.2 Where changes are material — meaning they significantly affect your rights or the way taraph processes your personal data — taraph will notify active Account holders through the Platform's notification system or by email to the registered Account address at least fourteen (14) days before the changes take effect.
17.3 Continued use of the Platform following the effective date of any amended Privacy Policy constitutes your acknowledgment of and agreement to the amended Policy. If you do not agree to material changes, you should cease using the Platform and request Account closure prior to the effective date of the changes.
18.1 For all privacy-related enquiries, data subject rights requests, concerns about taraph's personal data processing practices, or to report a suspected data breach or privacy incident, please contact taraph's designated Data Protection Officer through the following channel:
taraph Data Protection Officer
Contact via taraph's official platform support channel. Please state clearly in your message that your query relates to a data privacy matter and include your registered Account username to allow the DPO team to locate your records promptly.
Support contact: support taraph.one
Response time: Within 3 business days for DPO correspondence.
18.2 If you are not satisfied with taraph's response to your privacy concern, you have the right to escalate your complaint to the National Privacy Commission of the Philippines, which acts as the supervisory authority for data privacy matters in the Philippines under the DPA.
18.3 This Privacy Policy was last reviewed and updated on 1 January 2026. The version published on the Platform at any given time is the current operative version.
Confident in Your Privacy?
taraph is built for Filipino players and operated with full respect for your privacy under Philippine law. Create your account today — GCash deposits, PHP payouts, 24/7 Filipino-speaking support, and a platform that genuinely protects your data. Must be 21 or older.
21+ only · PAGCOR regulated · Data protected under RA 10173 · Philippines players only
Play Responsibly — 21+ Only
taraph is strictly for players aged 21 years and above. Online casino gaming and wagering involve real financial risk and should be treated as entertainment only — never as a means of income or financial recovery. taraph provides deposit limits, session timers, cooling-off periods, and permanent self-exclusion tools accessible directly from your Account settings. If gaming is affecting your financial wellbeing or relationships, please visit our Responsible Gaming page for self-exclusion options and access to professional support resources available to Filipino players.