Privacy Policy

jlaaa ("we," "us," "our") operates the online gaming platform accessible at jlaaa.co (the "Platform"), which serves Filipino players across the Philippines — from Manila, Quezon City, and Makati to Cebu, Davao, Iloilo, and beyond. We are deeply committed to the responsible handling of your personal data, and this Privacy Policy ("Policy") is our formal, transparent explanation of how we do that.

This Policy applies to all personal data collected by jlaaa in connection with your registration, use of the Platform, participation in games, transactions, and communications with our support team. It applies regardless of the device or method you use to access jlaaa — whether that is a mobile phone on Globe or Smart data, a home WiFi connection, or a desktop browser.

jlaaa processes personal data in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and relevant issuances of the National Privacy Commission (NPC). Where jlaaa's operations intersect with PAGCOR's regulatory requirements, data processing also complies with applicable PAGCOR directives on player data and AML (Anti-Money Laundering) obligations.

In this Policy, the following terms have the meanings set out below:

Term	Meaning
Personal Data	Any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably ascertained, directly or indirectly, by jlaaa.
Sensitive Personal Data	Personal data about an individual's race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations; health, education, genetic or sexual life, or any proceedings for any offence committed or alleged to have been committed, or related information.
Data Subject	An individual whose personal data is processed by jlaaa — in this context, registered Players and prospective Players who use the jlaaa Platform.
Processing	Any operation or set of operations performed on personal data, including collection, recording, organization, storage, updating, retrieval, use, disclosure, or deletion.
Data Controller	jlaaa, the entity that determines the purposes and means of processing personal data collected through the Platform.
Data Processor	Any natural or juridical person that processes personal data on behalf of jlaaa, such as payment processors, KYC service providers, and cloud infrastructure partners.
Cookies	Small text files stored on your device by the jlaaa Platform to facilitate session management, preferences, and analytics.
NPC	National Privacy Commission — the Philippine government body responsible for administering and implementing the Data Privacy Act of 2012.

jlaaa collects the following categories of personal data, depending on your interactions with the Platform:

3.1 Identity and Contact Data

• Full legal name (as it appears on your government-issued ID);
• Date of birth;
• Gender;
• Residential address, including barangay, city or municipality, and province;
• Philippine mobile number (09XX format);
• Email address (where provided during registration or communications).

3.2 Identity Verification (KYC) Data

• Government-issued ID type and number (e.g., PhilSys ID, passport, driver's license, UMID, PRC ID, Voter's ID);
• Copies or photographs of government-issued ID documents submitted during KYC verification;
• Selfie or biometric verification image where required by jlaaa's KYC process;
• Source of funds declaration where required for enhanced due diligence.

3.3 Financial and Transaction Data

• GCash account number or registered mobile number associated with your GCash account;
• PayMaya account details where used for transactions;
• Bank account name, number, and branch (for BDO, BPI, or Metrobank withdrawals);
• Deposit amounts, dates, and transaction reference numbers;
• Withdrawal requests, amounts, and processing status;
• Wallet balance history and transaction records.

3.4 Gaming Activity Data

• Game titles played, bet amounts, wager outcomes, session durations, and total stakes;
• Bonus claims, wagering requirement progress, and promotional participation history;
• Game preferences, favourite categories, and login session data;
• Responsible gaming tool usage, including deposit limits set and self-exclusion periods activated.

3.5 Technical and Device Data

• IP address and approximate geographic location at the time of login;
• Device type, operating system version, and browser type and version;
• Session timestamps, login history, and device identifiers;
• Cookie identifiers and similar tracking data as described in Section 8.

3.6 Communications Data

• Records of support chat conversations, email correspondence, and support ticket histories between you and the jlaaa team;
• Feedback, complaints, and dispute records submitted to jlaaa.

jlaaa collects personal data through the following channels and methods:

• Account Registration: When you complete the jlaaa registration form, you provide your name, mobile number, date of birth, and address directly to jlaaa.
• KYC Verification: When you submit identity documents as part of age or identity verification, those documents and the data contained in them are collected and reviewed by jlaaa and, where applicable, by jlaaa's third-party KYC verification service provider.
• Deposits and Withdrawals: When you initiate a financial transaction on jlaaa, the associated payment details and transaction data are recorded.
• Platform Use: As you log in and use jlaaa's games and features, the Platform automatically records gaming activity, session data, and device and technical information.
• Support Interactions: When you contact jlaaa's support team via live chat or email, the content of those communications is recorded and retained.
• Cookies and Similar Technologies: The Platform uses cookies and similar tracking technologies to collect data about your browser session, preferences, and navigation behaviour, as further described in Section 8.
• Third-Party Sources: jlaaa may receive data about you from payment processors (e.g., GCash, PayMaya), KYC verification bureaus, fraud detection services, and regulatory bodies, where such receipt is necessary for the purposes described in Section 6.

jlaaa processes your personal data on the following legal bases under the Data Privacy Act of 2012 and its Implementing Rules:

Legal Basis	Examples of Processing Activities
Contractual Necessity	Processing your identity data to create and manage your Account; processing transaction data to execute deposits and withdrawals; maintaining your Wallet and transaction history.
Legal Obligation	Age verification under PAGCOR responsible gaming requirements; KYC and AML compliance under RA 9160 (Anti-Money Laundering Act); reporting obligations to PAGCOR, AMLC, and NPC.
Legitimate Interest	Fraud detection and platform security; analytics to improve game performance and user experience; internal reporting and business operations; responsible gaming monitoring.
Consent	Sending promotional communications and personalized offers; use of non-essential cookies for analytics and advertising; processing sensitive personal data where required and no other basis applies.

Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. Contact [email protected] to withdraw consent.

jlaaa uses the personal data described in Section 3 for the following purposes:

• Account Creation and Management: To register your Account, verify your identity and age, manage your profile, and maintain the security of your Account.
• Service Delivery: To provide access to games, process deposits and withdrawals, apply bonuses, and deliver all features of the jlaaa Platform.
• KYC and Regulatory Compliance: To fulfil jlaaa's obligations under PAGCOR licensing conditions, the Anti-Money Laundering Act (RA 9160), and applicable NPC directives, including the mandatory verification of Player age and identity before processing withdrawals.
• Fraud Prevention and Security: To detect, investigate, and prevent fraudulent transactions, unauthorized account access, money laundering, and other prohibited conduct as defined in jlaaa's Terms & Conditions.
• Responsible Gaming: To monitor gaming activity for indicators of problem gambling; to enforce deposit limits, loss limits, and self-exclusion periods activated by you or applied by jlaaa under its responsible gaming obligations.
• Customer Support: To respond to your enquiries, process complaints, and resolve disputes in accordance with jlaaa's support procedures.
• Communications: To send transactional messages (OTPs, account alerts, withdrawal confirmations) and, where you have consented, promotional messages about jlaaa offers and new games.
• Platform Improvement: To analyse Platform usage patterns, improve game performance, resolve technical issues, and develop new features based on aggregated and anonymized data.
• Legal Proceedings: To establish, exercise, or defend legal claims involving jlaaa and, where required by law or court order, to disclose data to regulatory authorities or law enforcement agencies in the Philippines.

7.1  jlaaa does not sell your personal data to any third party. We share your personal data only with the following categories of recipients, and only to the extent necessary for the specific purpose:

• Payment Processors: GCash (Mynt — Globe Fintech Innovations, Inc.), Maya Philippines, Inc., BDO, BPI, Metrobank, and other payment partners, for the purpose of processing your deposits and withdrawals.
• KYC and Identity Verification Providers: Third-party KYC service providers engaged by jlaaa to verify the identity and age of Players, operating under strict data processing agreements.
• Fraud Detection and Security Services: Third-party fraud prevention platforms that analyse transaction and device data to detect and prevent unauthorized activity.
• Cloud and Infrastructure Providers: Third-party cloud hosting and infrastructure providers on whose servers jlaaa's Platform and associated data are securely hosted, under contractual data processing obligations.
• Game Software Providers: Certified third-party game studios whose games are available on jlaaa may receive anonymized or pseudonymized gaming activity data for the purpose of game performance monitoring and RTP certification.
• Regulatory and Law Enforcement Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government authorities, where jlaaa is legally required to disclose data.
• Professional Advisers: Legal counsel, auditors, and compliance consultants under strict confidentiality obligations, where required for jlaaa's operations or legal defence.

7.2  All third-party recipients with whom jlaaa shares personal data are bound by written data processing or data sharing agreements that require them to process your data only for specified purposes, with appropriate security measures, and in compliance with the Data Privacy Act of 2012.

7.3  In the event of a proposed merger, acquisition, or sale of jlaaa's business assets, your personal data may be disclosed to prospective buyers under strict confidentiality conditions. You will be notified of any such transfer if it involves a material change in your rights as a Data Subject.

8.1  The jlaaa Platform uses cookies and similar technologies (collectively, "Cookies") to operate the Platform, enhance your experience, and analyse usage. The following categories of Cookies are used:

Cookie Type	Purpose	Essential?
Strictly Necessary	Maintain your login session, prevent session hijacking, and enable core Platform functions such as game loading and wallet access.	Yes — cannot be disabled
Functional	Remember your preferences such as preferred game lobby section, language settings, and responsible gaming tool configurations.	Optional
Performance / Analytics	Collect aggregated, anonymized data about how Players use the Platform — pages visited, session duration, device types — to help jlaaa improve game performance and UX.	Optional
Fraud Detection	Detect unusual login behaviour, suspicious transaction patterns, and potential account takeover attempts using device fingerprinting and behavioural analysis.	Yes — security critical

8.2  You can manage non-essential Cookie preferences through the Cookie settings panel available on the jlaaa Platform. Disabling optional Cookies will not affect your ability to log in or play games, but may reduce the personalization of your Platform experience.

8.3  jlaaa does not use third-party advertising Cookies or place tracking Cookies for cross-site advertising networks on the Platform.

9.1  jlaaa retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law. The following retention periods apply:

Data Category	Retention Period	Basis
Account & Identity Data	Duration of Account + 5 years after closure	AML / PAGCOR regulatory obligation
KYC Documents	5 years from submission or Account closure, whichever is later	RA 9160 (AMLA) requirement
Transaction Records	5 years from transaction date	RA 9160 and tax obligations
Gaming Activity Logs	3 years from record creation	Dispute resolution / PAGCOR compliance
Support Communications	3 years from last interaction	Legal claim defence
Session & Technical Logs	12 months from creation	Security monitoring / fraud detection
Marketing Consent Records	Until consent is withdrawn + 3 years	DPA 2012 accountability

9.2  Upon expiry of the applicable retention period, jlaaa will securely delete or anonymize your personal data in a manner that prevents its recovery or reconstruction. Data that is anonymized beyond the point of re-identification may be retained indefinitely for aggregate analytics purposes.

10.1  jlaaa implements technical and organizational security measures designed to protect your personal data against unauthorized access, loss, destruction, alteration, or disclosure. These measures include:

• Encryption in Transit: All data transmitted between your device and jlaaa's servers is encrypted using TLS 1.3 over HTTPS. Login credentials and payment data are never transmitted in plaintext.
• Encryption at Rest: Sensitive personal data stored in jlaaa's databases — including identity data, KYC documents, and financial records — is encrypted at rest using AES-256 encryption.
• Password Security: User passwords are never stored in plaintext. Passwords are stored as salted cryptographic hashes using industry-standard algorithms.
• Access Controls: Access to personal data within jlaaa's systems is restricted to personnel with a legitimate operational need, enforced through role-based access control and multi-factor authentication for all system administrators.
• Security Audits: jlaaa's Platform undergoes periodic security assessments, including penetration testing and vulnerability scanning, conducted by qualified third-party security professionals.
• Incident Response: jlaaa maintains a documented personal data breach response procedure. In the event of a breach affecting your data, jlaaa will notify affected Data Subjects and the NPC within the timeframes required by the DPA 2012 and its Implementing Rules.

Under the Data Privacy Act of 2012 (RA 10173) and its Implementing Rules, you have the following rights in respect of your personal data held by jlaaa:

To exercise any of the above rights, submit a written request to jlaaa's Data Protection Officer at [email protected] with the subject line "Data Privacy Request." Include your full name, registered mobile number, and the specific right you are exercising. jlaaa will acknowledge your request within 5 business days and provide a substantive response within 30 calendar days, or notify you if an extension is required under the DPA 2012.

If you are dissatisfied with jlaaa's response to your data privacy request, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines through the NPC's official complaint channels.

12.1  jlaaa does not intentionally collect, use, or disclose personal data from minors or from individuals under 21 years of age. The minimum age requirement for jlaaa accounts is 21 years, in accordance with PAGCOR's responsible gaming framework for the Philippine market.

12.2  Where jlaaa identifies or is credibly notified that an Account is held by, or that personal data was provided by, a person under 21 years of age, jlaaa will immediately suspend the Account, cease processing the relevant data, and — where technically feasible — securely delete all personal data associated with the underage Account, subject to any legal obligation to retain transaction records for AML purposes.

12.3  If you believe that jlaaa holds personal data belonging to a person under 21 years of age, please notify jlaaa's Data Protection Officer immediately at [email protected].

13.1  The jlaaa Platform integrates with third-party services — including payment gateways (GCash, PayMaya), KYC verification providers, and certified game software studios — whose own privacy policies govern their independent data processing activities. jlaaa is not responsible for the privacy practices of these third parties beyond its contractual obligations as described in Section 7.

13.2  The jlaaa Platform does not contain links to external third-party websites. However, the payment flows for GCash and PayMaya deposits and withdrawals will redirect you to those providers' apps or web interfaces, which operate under Mynt's and Maya Philippines' respective privacy policies.

13.3  Where jlaaa engages third-party Data Processors to process personal data on its behalf, jlaaa ensures — through contractual data processing agreements — that such processors implement security measures and privacy practices consistent with the DPA 2012 and this Policy.

14.1  jlaaa reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, jlaaa's data processing practices, or the features and services offered on the Platform.

14.2  The most current version of this Policy will always be published at jlaaa.co/privacy-policy with the effective date displayed prominently. For material changes — those that significantly affect your rights as a Data Subject or how jlaaa handles your personal data — jlaaa will provide advance notice of at least seven (7) days via the Platform notification system or by direct communication to your registered contact details, where technically feasible.

14.3  Your continued use of the jlaaa Platform after the effective date of any amendment constitutes your acceptance of the updated Policy in respect of processing activities based on your consent. For processing based on other legal grounds, the amended Policy applies from its effective date regardless of continued use.

jlaaa has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act of 2012 and this Privacy Policy. The DPO is your primary point of contact for all data privacy matters.

Data Protection Officer — jlaaa

Email: [email protected]
(Subject line: "Data Privacy Request" or "DPO Inquiry" — plain text, not a clickable link)

jlaaa's DPO will acknowledge your inquiry within five (5) Philippine business days and provide a substantive response within thirty (30) calendar days, or notify you if additional time is required under the DPA 2012. For urgent security-related concerns — such as suspected unauthorized Account access — please also use [email protected] and mark your message as "URGENT: Security."

If you are not satisfied with jlaaa's response to a data privacy concern, you may escalate your complaint to:

National Privacy Commission (NPC)
The NPC is the Philippine government authority responsible for overseeing compliance with the Data Privacy Act of 2012. Information on filing a complaint with the NPC is available through the NPC's official government channels.