paytime Privacy
Policy

The data controller responsible for the personal information of all registered players on the paytime platform is paytime, the operator of the website accessible at paytime.bio and all associated subdomains and services. paytime processes personal data as described in this Privacy Policy in its capacity as a data controller under Republic Act No. 10173 (the Data Privacy Act of 2012 of the Philippines).

paytime has appointed a Data Protection Officer (DPO) who is responsible for overseeing all matters relating to the processing of personal data and for serving as the primary point of contact for data subject rights requests. Contact details for the paytime DPO are provided in Section 15 of this Policy.

paytime collects personal data in the categories described below. We apply the principle of data minimization — collecting only what is necessary for the specified purpose — throughout our data collection practices.

paytime does not collect special categories of sensitive personal data — such as racial or ethnic origin, religious beliefs, political opinions, health data, or biometric data — except where explicitly required for age verification purposes, in which case only the minimum necessary information is processed.

paytime collects personal data through the following channels:

• Direct submission: Information you provide when registering your paytime account, completing KYC verification, submitting payment details, contacting support, or participating in promotions.
• Automated collection: Technical data collected automatically when you access the paytime Platform, including IP address, session data, device information, and browsing behavior within the Platform, gathered through server logs and session management systems.
• Third-party payment processors: Transaction reference data and payment status information received from GCash, PayMaya, BPI, BDO, Metrobank, and other integrated Philippine payment services in connection with deposits and withdrawals.
• Game providers: Game round outcome data and session information transmitted by paytime's licensed game content providers as part of the real-time game delivery process.
• Identity verification services: Results of identity and document verification checks conducted by paytime's KYC service providers against Philippine government-issued identification documents.

paytime processes your personal data on the following legal bases under the Data Privacy Act of 2012:

• Performance of a contract: Processing necessary to provide the paytime gaming services you have registered for, including account management, game delivery, and payment processing.
• Legal obligation: Processing required to comply with Philippine law, including PAGCOR regulatory requirements, anti-money laundering obligations under the Anti-Money Laundering Act (AMLA), and KYC obligations.
• Legitimate interests: Processing necessary to prevent fraud, ensure platform security, conduct responsible gaming monitoring, and maintain the integrity of game outcomes — where these interests are not overridden by your fundamental rights.
• Consent: Processing of your data for marketing communications and non-essential cookies, which is conducted only with your explicit consent and may be withdrawn at any time.

paytime is required by law and by PAGCOR-aligned responsible gaming obligations to verify the identity and age of all registered players before permitting real-money gameplay or the processing of withdrawal requests. All players must be a minimum of 21 years of age to register and play.

KYC verification requires the submission of at least one Philippine government-issued photographic identification document. Acceptable documents include the PhilSys National ID, LTO Driver's License, Philippine Passport, UMID, Voter's ID, or PRC ID.

Identity documents submitted to paytime for KYC purposes are:

• Processed securely using paytime's KYC verification partner, whose data processing activities are governed by a Data Processing Agreement aligned with the Data Privacy Act of 2012.
• Stored in encrypted form on paytime's secure servers, accessible only to authorized personnel with a legitimate operational need.
• Not used for any purpose other than identity verification, age confirmation, and compliance with applicable law.
• Retained for the period specified in Section 8 of this Policy and then securely destroyed.

paytime uses cookies and similar technologies on its Platform. Cookies are small text files placed on your device when you visit paytime.bio. They serve the following functions:

You may manage your cookie preferences at any time through the cookie preference center accessible from the paytime Platform footer. Withdrawing consent for non-essential cookies will not affect your ability to access or use your paytime account.

paytime does not sell your personal data to third parties under any circumstances. We share your data only in the following limited circumstances and only to the extent strictly necessary:

• Payment processors: GCash, PayMaya, BPI, BDO, Metrobank, and related Philippine payment infrastructure providers receive transaction reference data necessary to process your deposits and withdrawals.
• KYC and identity verification providers: Licensed identity verification service providers receive your ID document images and biographic data solely for the purpose of completing KYC verification.
• Game content providers: Licensed game software providers receive your paytime Player ID and session token to deliver live casino, slot, bingo, and other game content. These providers do not receive your full identity or financial data.
• Regulatory authorities: paytime may disclose player data to PAGCOR, the Anti-Money Laundering Council (AMLC), law enforcement agencies, or other Philippine government authorities where required by law or in response to a lawful order.
• Fraud prevention services: Aggregated and pseudonymized transaction and behavioral data may be shared with licensed fraud prevention and risk management service providers.

All third-party processors engaged by paytime are bound by Data Processing Agreements that require them to process your personal data only on paytime's instructions, to maintain appropriate security measures, and to comply with the Data Privacy Act of 2012.

paytime retains your personal data for no longer than is necessary for the purposes for which it was collected, subject to the minimum retention periods required by Philippine law. The following indicative retention periods apply:

• Account and identity data: For the duration of your active paytime account plus a minimum of five (5) years following account closure, as required by AMLA and PAGCOR regulatory obligations.
• Transaction and gaming activity records: A minimum of five (5) years from the date of the transaction or game round, consistent with Philippine financial record-keeping requirements.
• KYC documents: For the duration of account activity plus five (5) years following closure, or such longer period as may be required by applicable law.
• Customer support communications: Up to three (3) years from the date of the communication, unless required to be retained longer for ongoing dispute or legal proceedings.
• Marketing consent records: For the duration of your consent plus a reasonable period to evidence compliance.

Upon expiry of applicable retention periods, paytime will securely delete or anonymize personal data using industry-standard data destruction methods. Anonymized data — which cannot reasonably be re-identified — may be retained for statistical and analytical purposes without limitation.

paytime implements a comprehensive set of technical and organizational security measures to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, and destruction. Key measures include:

• Encryption in transit: All data transmitted between your device and paytime's servers is encrypted using TLS 1.3 / 256-bit SSL encryption.
• Encryption at rest: Sensitive personal data stored on paytime's infrastructure, including payment references and ID document images, is encrypted using AES-256 encryption.
• Access controls: Access to personal data is restricted to paytime personnel with a legitimate operational need, enforced through role-based access control and multi-factor authentication requirements.
• Security monitoring: paytime's infrastructure is subject to continuous security monitoring, intrusion detection, and regular penetration testing by qualified security professionals.
• Data breach response: paytime maintains an incident response procedure for personal data breaches, including mandatory notification to the National Privacy Commission (NPC) and affected data subjects within the timeframes required by the Data Privacy Act of 2012.

Under the Data Privacy Act of 2012 (RA 10173), you have the following rights with respect to your personal data held by paytime. To exercise any of these rights, contact the paytime Data Protection Officer as described in Section 15.

paytime will respond to all data subject rights requests within fifteen (15) business days. Where a request requires additional verification of your identity before it can be processed, paytime will request appropriate evidence and the response period will commence from the date of satisfactory verification.

paytime is strictly an adult platform. The minimum age to register and play on paytime is 21 years. paytime does not knowingly collect personal data from any person under the age of 21 and has no services directed at or appropriate for minors.

In the event that paytime discovers that personal data has been collected from a person under the age of 21, we will immediately and permanently close the associated account, delete all personal data collected in connection with that account (except where retention is required for regulatory purposes), and, where appropriate, report the incident to relevant authorities.

If you are a parent or guardian and believe that a minor has registered on paytime, please contact the paytime support team or Data Protection Officer immediately using the contact details in Section 15.

paytime's primary data processing infrastructure is hosted in servers located in the Philippines and in certified data center facilities operating under Philippine law. Where any transfer of personal data outside the Philippines is required — for example, in connection with certain game content providers or technical service providers — paytime ensures that such transfers are conducted in compliance with the Data Privacy Act of 2012, including by:

• Ensuring the recipient country provides an adequate level of data protection, or
• Implementing contractual safeguards through Data Processing Agreements that impose obligations equivalent to those under Philippine data protection law on the receiving party.

paytime does not transfer personal data to jurisdictions that do not provide adequate data protection safeguards without implementing appropriate additional security measures.

paytime may send you promotional communications — including bonus offers, game launch announcements, tournament notifications, and personalized recommendations — via SMS to your registered Philippine mobile number and by email, but only where you have provided explicit consent to receive such communications.

You may withdraw your consent to receive marketing communications from paytime at any time by:

• Updating your communication preferences in the paytime account settings panel; or
• Clicking the unsubscribe link included in any paytime marketing email; or
• Contacting the paytime support team via Live Chat with a request to opt out of all marketing communications.

Withdrawal of marketing consent will not affect your ability to access your paytime account, play games, or make deposits and withdrawals. paytime will continue to send transactional communications — such as deposit confirmations, withdrawal notifications, and security alerts — regardless of marketing consent status, as these are necessary for the operation of your account.

paytime may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable Philippine law, PAGCOR regulatory requirements, or Platform features. The most current version of this Policy is always available on this page at paytime.bio/privacy-policy, together with the effective date of the current version.

Where updates to this Policy are material — for example, changes to the categories of data we collect, the purposes for which we use it, or your data subject rights — paytime will provide advance notice to registered players via email or in-platform notification at least fourteen (14) days before the changes take effect.

Your continued use of the paytime Platform after an updated Privacy Policy takes effect constitutes your acknowledgment of the revised Policy. If you do not accept an updated Policy, you must cease use of the Platform and request account closure before the effective date.

For all inquiries, requests, or concerns relating to this Privacy Policy or the processing of your personal data by paytime, please contact the paytime Data Protection Officer through the following channels:

• Live Chat: Available 24/7 from your logged-in paytime account dashboard. Specify "Data Privacy Request" in your initial message to be routed directly to the DPO team.
• Email: [email protected] — please include "Privacy Policy" or "Data Subject Request" in your subject line for prompt handling.

paytime aims to respond to all privacy-related inquiries within fifteen (15) business days. Complex data subject access requests may require additional time, in which case we will communicate the expected completion date.

If you are not satisfied with paytime's response to a privacy complaint, you have the right to escalate the matter to the National Privacy Commission (NPC) of the Philippines, the supervisory authority responsible for enforcing the Data Privacy Act of 2012.

This Privacy Policy was last updated on 1 January 2026 and supersedes all previous versions of the paytime Privacy Policy. paytime · paytime.bio · [email protected]