Privacy Policy

1

Introduction

This Privacy Policy ("Policy") sets out the basis on which tay365 ("tay365," "we," "us," or "our") collects, uses, discloses, and otherwise processes the personal data of individuals who access or use the tay365 platform at tay365.app ("Platform"), including all gaming services, account functions, promotional programmes, and customer support channels operated by tay365.

This Policy applies to all registered account holders, visitors to the tay365 website, and individuals who interact with tay365 through any digital channel. By registering an account on tay365 or using any Service, you acknowledge that you have read and understood this Policy and consent to the processing of your personal data as described herein.

Scope: This Policy should be read alongside the tay365 Terms & Conditions, which together govern the relationship between tay365 and its registered players. Defined terms used in this Policy have the same meaning as in the Terms & Conditions unless otherwise specified.

2

Data Controller

For the purposes of the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, tay365 is the Personal Information Controller in respect of the personal data collected through the tay365 platform.

tay365 has designated a Data Protection Officer (DPO) responsible for overseeing the Platform's compliance with applicable Philippine data privacy obligations. The DPO may be contacted via the details provided in Section 16 of this Policy.

Regulatory Body: The National Privacy Commission (NPC) of the Philippines is the competent supervisory authority for data privacy matters in the Philippines. Players who believe their data privacy rights have been infringed may lodge a complaint with the NPC through its official channels.

3

Data We Collect

tay365 collects the following categories of personal data in connection with the provision of its Services:

3.1 Registration and Identity Data

Full legal name as it appears on a valid Philippine government-issued identification document
Date of birth (used to verify compliance with the 21+ age requirement)
Gender (optional, collected for account personalisation purposes)
Philippine mobile number (used as a primary account identifier and for two-factor authentication)
Email address (used for account communications and password recovery)
Username selected during registration

3.2 Identity Verification (KYC) Data

Scanned copy or photograph of a valid Philippine government-issued photo ID (e.g., PhilSys National ID, Passport, UMID, SSS, Voter's ID, Driver's Licence, PRC ID)
Selfie photograph holding the submitted ID
Proof of payment method ownership (e.g., GCash or Maya account screenshot showing registered name)

3.3 Financial and Transaction Data

Deposit amounts, deposit timestamps, and the payment method used for each transaction
Withdrawal amounts, withdrawal timestamps, and destination payment account details (e.g., registered GCash number or bank account name)
Account balance history, bonus credit records, and promotional claim records
Wagering history, game session records, and win/loss transaction logs

3.4 Device and Technical Data

IP address and geographic location data derived from IP
Device type, operating system, browser type and version
Session timestamps, login history, and logout records
Cookies and similar tracking technologies (see Section 8)

3.5 Communication and Support Data

Records of live chat conversations between you and tay365 support agents
Email correspondence with tay365
Feedback, dispute submissions, and complaint records

3.6 Responsible Gaming Data

Deposit limits, loss limits, and session limits you have configured on your account
Self-exclusion requests and exclusion period records
Responsible gaming assessments where voluntarily submitted

Sensitive Personal Information: To the extent that any data collected by tay365 constitutes Sensitive Personal Information as defined under the Data Privacy Act (including government ID numbers), tay365 applies heightened processing safeguards to such data and processes it only to the extent required for identity verification, legal compliance, and fraud prevention.

4

How We Collect Your Data

tay365 collects personal data through the following means:

Directly from you — when you complete the registration form, submit KYC documents, make a deposit or withdrawal, contact customer support, participate in a promotion, or configure account settings.
Automatically through the Platform — via cookies, server logs, and session tracking technologies that record how you interact with the tay365 website and game lobby.
From payment processors — tay365's approved payment partners (GCash, Maya, BPI, BDO, Metrobank, UnionBank, 7-Eleven CLiQQ, GrabPay, QR Ph, and USDT TRC20 processors) may transmit transaction confirmation data to tay365 to reconcile deposits and withdrawals.
From KYC verification providers — where tay365 uses a third-party identity verification service to assist with document authentication, that service processes your ID documents on tay365's behalf under a data processing agreement.
From fraud detection and security services — tay365 uses risk and fraud detection tools that may collect device fingerprint data and behavioural analytics to protect the integrity of the platform.

5

Legal Basis for Processing

tay365 processes your personal data on the following legal bases under the Data Privacy Act of 2012:

Processing Purpose	Legal Basis
Account registration, login, and account management	Performance of a contract with you
Processing deposits and withdrawals	Performance of a contract with you
Identity verification (KYC) and age verification	Legal obligation (PAGCOR regulations; Anti-Money Laundering Act)
Anti-fraud and security monitoring	Legitimate interest; Legal obligation
Responsible gaming tools and player protection	Legal obligation; Legitimate interest; Consent
Marketing communications (opt-in only)	Consent
Platform analytics and service improvement	Legitimate interest
Regulatory reporting to PAGCOR and AMLC	Legal obligation
Customer support and dispute resolution	Performance of a contract; Legitimate interest

6

How We Use Your Personal Data

tay365 uses the personal data we collect for the following purposes:

To create, verify, manage, and secure your tay365 account throughout its lifecycle.
To verify that you meet the 21+ age requirement and are not subject to any self-exclusion or regulatory restriction that would prohibit your use of the Platform.
To process deposits and withdrawals through your chosen payment method and to reconcile financial transactions on your account.
To comply with Anti-Money Laundering Act obligations, including transaction monitoring, suspicious transaction reporting to the AMLC, and KYC record-keeping requirements.
To communicate with you about your account — including transaction confirmations, security alerts, policy updates, and support responses.
To deliver promotions, bonuses, and VIP programme benefits for which you are eligible, where you have not opted out of promotional communications.
To provide, maintain, and improve the tay365 platform — including game performance, payment processing reliability, mobile experience, and customer support quality.
To detect, investigate, and prevent fraudulent activity, identity theft, account takeover, money laundering, and other prohibited conduct on the Platform.
To operate and enhance responsible gaming safeguards, including enforcement of deposit limits, session limits, and self-exclusion orders you have placed on your account.
To fulfil our reporting and record-keeping obligations to PAGCOR and other applicable Philippine regulatory bodies.

No Automated Decision-Making with Legal Effect: tay365 does not make automated decisions that have a significant legal effect on you — such as permanent account closure or forfeiture of funds — without human review. Where automated systems flag an account for investigation (e.g., fraud detection), a qualified compliance officer reviews the case before any action is taken that materially affects your account.

7

Sharing Your Personal Data

tay365 does not sell your personal data to any third party. We share your data only in the following limited circumstances, and only to the extent necessary for the stated purpose:

7.1 Service Providers and Data Processors

tay365 engages trusted third-party service providers who process personal data on our behalf under written data processing agreements. These providers include:

Payment processors facilitating GCash, Maya, bank transfer, and cryptocurrency transactions
Identity verification (KYC) and document authentication services
Fraud detection and cybersecurity service providers
Cloud infrastructure and data hosting providers
Customer support software platforms
Game software providers (who may receive anonymised session data for technical support purposes)

All service providers are contractually bound to process your data only on tay365's documented instructions and to maintain appropriate security standards.

7.2 Regulatory and Legal Disclosures

tay365 is required by Philippine law to disclose certain personal and financial data to regulatory and law enforcement authorities in specific circumstances. This includes:

Reporting of covered and suspicious transactions to the Anti-Money Laundering Council (AMLC) under the Anti-Money Laundering Act
Provision of player account records and transaction history to PAGCOR upon request pursuant to its regulatory mandate
Disclosure to Philippine courts, the National Bureau of Investigation (NBI), or other law enforcement bodies pursuant to a lawful order or warrant

7.3 Business Transfers

In the event that tay365 undergoes a corporate restructuring, merger, acquisition, or sale of substantially all of its assets, player personal data may be transferred as part of that transaction. Where such a transfer occurs, tay365 will notify affected account holders and ensure that the acquiring entity is bound by data protection obligations consistent with this Policy.

No Third-Party Marketing: tay365 strictly prohibits the disclosure of your personal data to any third party for the purpose of direct marketing by that third party. If you receive unsolicited marketing from a third party claiming to represent or be affiliated with tay365, please report it to our support team immediately.

8

Cookies and Tracking Technologies

tay365 uses cookies and similar tracking technologies on the tay365.app website. Cookies are small text files stored on your device by your browser when you visit a website. They allow tay365 to recognise your device on subsequent visits and to provide a personalised, functional user experience.

Types of Cookies Used by tay365

Strictly Necessary Cookies: These cookies are essential for the operation of the tay365 platform. They enable core functions such as session management, login authentication, and the operation of your account wallet. You cannot opt out of strictly necessary cookies while using the Platform.
Functional Cookies: These cookies remember your preferences — such as your preferred display language, currency view, and game lobby layout — to provide a more personalised experience on subsequent visits.
Performance and Analytics Cookies: These cookies collect anonymised data about how players navigate the tay365 website — which pages are most visited, how long sessions last, and which game categories are most popular. This data is used to improve Platform performance and user experience.
Security Cookies: These cookies assist with fraud detection and security monitoring, including device fingerprinting and session integrity checks.

You may manage your cookie preferences through your browser settings. Most modern browsers allow you to block or delete cookies. Please be aware that disabling certain cookies may affect the functionality of the tay365 platform — in particular, disabling strictly necessary cookies will prevent you from logging in and using your account.

No Cross-Site Advertising Cookies: tay365 does not use third-party advertising or cross-site tracking cookies for the purpose of displaying targeted advertisements on other websites you visit.

9

Data Security

tay365 implements technical and organisational security measures appropriate to the nature and sensitivity of the personal data we process. These measures include, but are not limited to:

256-bit TLS/SSL encryption for all data transmitted between your device and tay365 servers
Encryption at rest for sensitive personal data and financial records stored in tay365 databases
Role-based access controls limiting access to personal data to authorised personnel on a need-to-know basis
Multi-factor authentication requirements for tay365 staff accessing systems that contain personal data
Regular security assessments, penetration testing, and vulnerability management programmes
Network firewalls, intrusion detection systems, and real-time security monitoring
Data backup procedures and business continuity planning to protect against data loss

While tay365 takes all reasonable steps to protect your personal data, no method of electronic transmission or storage is completely secure. Players are responsible for maintaining the security of their own tay365 account credentials. tay365 will never ask you for your full password via live chat, email, or any other communication channel.

Account Security Tip: Enable two-factor authentication (2FA) on your tay365 account and use a unique, strong password that you do not use on any other platform. If you suspect unauthorised access to your account, contact tay365 support immediately.

10

Data Retention

tay365 retains your personal data only for as long as is necessary to fulfil the purposes described in this Policy, or for such longer period as is required or permitted by Philippine law. The following retention guidelines apply:

Data Category	Retention Period	Basis
Account registration data	Duration of account + 5 years after closure	Legal obligation (PAGCOR; AMLA)
KYC / identity verification documents	Duration of account + 5 years after closure	Legal obligation (AMLA; PAGCOR)
Financial transaction records	10 years from date of transaction	Legal obligation (AMLA; BIR)
Game session and wagering history	Duration of account + 3 years after closure	Legal obligation; Legitimate interest
Customer support communications	3 years from date of communication	Legitimate interest (dispute resolution)
Marketing preference records	Until opt-out + 3 years	Consent; Legal obligation
Cookies and analytics data	Up to 13 months from collection	Legitimate interest; Consent
Self-exclusion records	Duration of exclusion + 5 years	Legal obligation; Player protection

Upon expiry of the applicable retention period, tay365 will securely delete or anonymise personal data so that it can no longer be linked to any identifiable individual.

11

Your Data Subject Rights

As a data subject under the Data Privacy Act of 2012, you have the following rights in relation to your personal data held by tay365. You may exercise any of these rights by contacting the tay365 Data Protection Officer using the details in Section 16.

Right of Access

You have the right to request a copy of the personal data tay365 holds about you, along with information about how that data is being processed. tay365 will respond to access requests within 15 calendar days of receipt.

Right to Correction (Rectification)

If any personal data tay365 holds about you is inaccurate or incomplete, you have the right to request that it be corrected. For certain data fields (e.g., legal name, date of birth), you will be required to provide supporting documentation to complete the correction.

Right to Erasure

You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other legal basis for processing applies. This right is subject to overriding legal retention obligations — tay365 cannot delete financial transaction records within their mandatory AMLA retention period, for example.

Right to Object

You have the right to object to the processing of your personal data where tay365 relies on legitimate interest as the legal basis for processing, including profiling for marketing purposes. Upon receipt of a valid objection, tay365 will cease the relevant processing unless it can demonstrate compelling legitimate grounds that override your interests.

Right to Data Portability

Where tay365 processes your personal data on the basis of consent or performance of a contract, and that processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Withdraw Consent

Where tay365 processes your personal data on the basis of your consent (e.g., for marketing communications), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Right to Lodge a Complaint

If you believe that tay365 has processed your personal data in a manner that infringes the Data Privacy Act of 2012, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

How to Exercise Your Rights: Submit your data subject rights request in writing to [email protected] with the subject line "Data Subject Rights Request." tay365 may ask you to verify your identity before processing the request. We aim to respond to all requests within 15 calendar days.

12

Minors and Age Verification

The tay365 platform is strictly intended for adults aged 21 years and above. tay365 does not knowingly collect or process the personal data of any individual under the age of 21. Age verification is a mandatory step in the account registration and KYC process, and any account found to belong to a person under 21 will be suspended immediately and its data subject to the tay365 underage account protocol.

If you have reason to believe that a person under the age of 21 has registered an account on tay365, please notify the tay365 support team immediately so that the matter can be investigated and the account closed.

21+ Strictly Enforced: Any individual who provides false date-of-birth information during registration in order to circumvent the age restriction commits a serious breach of the tay365 Terms & Conditions. The personal data used during such a registration may be shared with PAGCOR and relevant Philippine authorities.

13

International Data Transfers

tay365 primarily stores and processes player personal data on servers located in Asia. Where it is necessary to transfer personal data outside the Philippines — for example, to a cloud infrastructure provider whose servers are located in another jurisdiction — tay365 ensures that such transfers are carried out in compliance with the cross-border data transfer requirements of the Data Privacy Act of 2012 and NPC regulations.

This includes ensuring that the recipient jurisdiction or organisation provides an adequate level of data protection, or that appropriate safeguards (such as contractual clauses consistent with NPC model clauses) are in place prior to the transfer.

Data Residency: Certain categories of data — including KYC documents, financial transaction records, and PAGCOR-mandated player records — are stored on servers within Asia in accordance with applicable regulatory requirements.

14

Third-Party Links

The tay365 platform may contain links to third-party services — including payment processors, game provider information pages, and responsible gaming support resources. This Privacy Policy applies exclusively to personal data collected and processed by tay365. It does not extend to the data practices of third-party websites or services that you access through links on the tay365 platform.

tay365 recommends that you review the privacy policies of any third-party service you interact with, particularly in relation to any personal data you choose to provide to those services directly. tay365 is not responsible for the privacy practices or content of third-party platforms.

15

Changes to This Privacy Policy

tay365 reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data processing practices, applicable Philippine law, or NPC guidance. Where changes are material — meaning they substantively alter how we collect, use, or share your personal data — tay365 will notify registered account holders by email or SMS to their registered contact details, and by posting a prominent notice on the tay365 platform, no less than 14 days before the amended Policy takes effect.

For minor amendments — such as typographical corrections or clarifications that do not change the substance of the Policy — tay365 will update the "Last Updated" date at the top of this page without prior individual notice.

Your continued use of the tay365 platform after the effective date of any amended Privacy Policy constitutes your acknowledgment of and agreement to the updated terms. If you do not agree with the amended Policy, you should close your account before the effective date of the change.

16

Contact & Complaints

For any enquiries relating to this Privacy Policy, the personal data tay365 holds about you, or to exercise your data subject rights, please contact the tay365 Data Protection Officer through the following channels:

Email: [email protected] (Subject line: "Privacy / Data Protection Enquiry")
Live Chat: Available 24 hours a day, 7 days a week on the tay365 platform — average response time 3–5 minutes.

tay365 aims to respond to all privacy-related enquiries within 15 calendar days. Complex requests — including full data access requests requiring compilation across multiple systems — may require up to 30 calendar days, in which case tay365 will notify you of the extended timeline within the initial 15-day period.

If you are not satisfied with tay365's response to your privacy enquiry or complaint, you may escalate the matter to the National Privacy Commission of the Philippines through its official complaint channels. This Privacy Policy was last reviewed and updated on January 1, 2026.

Philippine Data Privacy Act

256-Bit SSL Encryption

You Control Your Data

No Selling of Personal Data

Defined Retention Periods

Breach Notification