epicjili Privacy Policy

1.1 epicjili is committed to protecting the privacy and personal data of every player who registers for and uses the epicjili online gaming platform at epicjili.org ("Platform"). This Privacy Policy ("Policy") sets out how epicjili collects, uses, discloses, stores, and protects your personal information.

1.2 This Policy is issued in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 ("DPA"), its Implementing Rules and Regulations ("IRR"), and applicable issuances of the National Privacy Commission ("NPC") of the Philippines.

1.3 By registering for an epicjili Account or by continuing to use the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein. If you do not agree with the terms of this Policy, you must not use the Platform.

1.4 This Privacy Policy should be read in conjunction with epicjili's Terms and Conditions, which govern your use of the Platform generally. In the event of any conflict between this Policy and the Terms and Conditions on a privacy matter, this Policy shall prevail.

For the purposes of this Privacy Policy, the following terms have the meanings set out below:

• "Personal Data" means any information, whether recorded in material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained, or when put together with other information, would directly and certainly identify the individual.
• "Sensitive Personal Information" has the meaning ascribed to it under the DPA and includes information about your racial origin, marital status, health, education, genetic, sexual life, court proceedings, and government-issued identification numbers.
• "Processing" means any operation or set of operations performed upon personal data, including collection, recording, organisation, storage, updating, retrieval, use, consolidation, blocking, erasure, or destruction of data.
• "Data Controller" means epicjili, the entity that controls the collection, holding, processing, or use of personal data on the Platform.
• "Data Processor" means any third party that processes personal data on behalf of epicjili pursuant to a written data processing agreement.
• "Data Subject" means you, the individual player whose personal data is being processed by epicjili.
• "DPO" means the epicjili Data Privacy Officer, the individual responsible for overseeing epicjili's compliance with the DPA and this Privacy Policy.
• "NPC" means the National Privacy Commission of the Philippines, the independent government body responsible for administering and implementing the DPA.

3.1 epicjili collects the following categories of personal data from players:

3.2 epicjili does not intentionally collect sensitive personal information beyond what is strictly necessary for identity verification and regulatory compliance. Where sensitive personal information is collected (for example, a national identification number for KYC), it is processed under explicit consent and strict data minimisation principles.

4.1 epicjili collects personal data through the following means:

• Direct collection: Information you provide when registering an Account, completing KYC verification, making deposits or withdrawals, contacting customer support, or responding to surveys.
• Automated collection: Technical data collected automatically when you access the Platform, including device identifiers, IP addresses, session data, and browsing behaviour within the Platform, collected through server logs, cookies, and similar technologies.
• Third-party sources: Identity verification data received from KYC service providers; payment confirmation data from GCash, Maya, BPI, BDO, and other payment processors; fraud and AML screening data from compliance service providers.

4.2 epicjili applies the principle of data minimisation and collects only the personal data that is necessary for the specific, legitimate purpose for which it is being collected. Collection of unnecessary personal data is prohibited under epicjili's internal data governance policy.

5.1 epicjili uses your personal data for the following purposes:

• Account creation and management: To create, maintain, and administer your epicjili Account, verify your identity, and provide you with access to Platform services.
• Service delivery: To enable you to deposit, play games, withdraw winnings, and access all features of the epicjili Platform.
• Payment processing: To process deposits and withdrawals via GCash, Maya, bank transfer, and other Philippine payment channels.
• Legal and regulatory compliance: To fulfil obligations under the DPA, Anti-Money Laundering Act (AMLA), PAGCOR regulations, and other applicable Philippine law — including conducting KYC, reporting suspicious transactions to the AMLC, and maintaining required records.
• Responsible gaming: To monitor gaming patterns for indicators of problem gambling and to administer self-exclusion, deposit limits, and other responsible gaming tools you have activated.
• Fraud prevention and security: To detect, prevent, and investigate fraud, unauthorised account access, money laundering, and other prohibited activities.
• Customer support: To respond to your enquiries, resolve complaints, and communicate with you about your Account.
• Marketing communications: To send you promotional offers, bonus notifications, and gaming updates — but only where you have given explicit consent to receive such communications and have not subsequently withdrawn that consent.
• Platform improvement: To analyse aggregated, anonymised usage data to improve the Platform's performance, game selection, and user experience.

5.2 epicjili will not use your personal data for any purpose that is incompatible with the purposes described in this Policy without first obtaining your consent or establishing a separate legitimate legal basis for the new processing activity.

6.1 Under the Data Privacy Act of 2012, epicjili processes your personal data on the following legal bases:

• Consent: Where you have given clear, informed, and freely given consent for a specific processing activity — for example, consent to receive marketing communications or consent to processing of sensitive personal information for KYC.
• Contractual necessity: Where processing is necessary for the performance of the contract between you and epicjili — that is, to provide you with the gaming services you have registered for.
• Legal obligation: Where processing is required to comply with a legal obligation to which epicjili is subject, including AMLA reporting, PAGCOR regulatory requirements, and tax obligations.
• Legitimate interests: Where processing is necessary for epicjili's legitimate interests — such as fraud prevention, platform security, responsible gaming monitoring, and service improvement — provided those interests are not overridden by your rights and freedoms.

6.2 Where consent is the legal basis for processing, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. Withdrawal of consent for certain processing activities (such as KYC) may affect your ability to use all features of the Platform.

7.1 epicjili may share your personal data with the following categories of recipients, strictly for the purposes described in this Policy:

• Payment service providers: GCash (G-Xchange, Inc.), Maya (Voyager Innovations, Inc.), BancNet, BPI, BDO, Metrobank, and other Philippine payment processors — for the purpose of processing deposits and withdrawals.
• Identity verification providers: Third-party KYC and identity verification service providers who process your identification documents to verify your identity as required by PAGCOR and AMLA regulations.
• Fraud prevention and AML service providers: Compliance technology providers who assist epicjili in screening transactions and accounts for indicators of fraud, money laundering, or other financial crime.
• Game content providers: Game development studios whose games are hosted on the epicjili Platform. Sharing is limited to technical session data necessary for game delivery and logging.
• Regulatory authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine regulatory or law enforcement bodies, where disclosure is required by law or regulation.
• Cloud infrastructure providers: Third-party cloud hosting and infrastructure providers who store Platform data on behalf of epicjili pursuant to written data processing agreements incorporating appropriate security and confidentiality obligations.
• Customer support service providers: Third-party customer support platforms used to manage live chat and ticketing — processing is limited to communication content necessary to resolve your enquiry.

7.2 All third-party service providers who process personal data on behalf of epicjili are required to enter into a written Data Processing Agreement that imposes data protection obligations consistent with the DPA and this Privacy Policy.

8.1 epicjili uses cookies and similar tracking technologies on the Platform to enable core functionality, improve performance, and (where consent is given) to deliver relevant content.

8.2 The following categories of cookies are used on the Platform:

• Strictly necessary cookies: Required for the Platform to function. These include session cookies that keep you logged in and security cookies that protect against cross-site request forgery. These cannot be disabled.
• Functional cookies: Remember your preferences (language, responsible gaming settings, display preferences) to personalise your experience. These are enabled by default but may be disabled.
• Analytics cookies: Collect aggregated, anonymised data about how players use the Platform to improve performance and game selection. These are enabled only with your consent.
• Security and fraud prevention cookies: Used to identify and prevent fraudulent sessions, bot activity, and unauthorised access attempts. These are strictly necessary and cannot be disabled.

8.3 You may manage your cookie preferences through your browser settings or the epicjili cookie preference centre. Disabling strictly necessary or security cookies may prevent the Platform from functioning correctly.

8.4 epicjili does not use third-party advertising or behavioural tracking cookies on the Platform.

9.1 epicjili employs the following technical security measures to protect your personal data:

• 256-bit TLS/SSL encryption for all data transmitted between your device and epicjili servers;
• AES-256 encryption for sensitive personal data stored in epicjili databases;
• Multi-factor authentication for all epicjili administrative system access;
• Regular penetration testing and vulnerability assessments by independent security consultants;
• Intrusion detection and prevention systems on all production infrastructure;
• Segregated network architecture to limit access to sensitive data;
• Role-based access control ensuring epicjili staff can access only the data necessary for their specific job function.

9.2 Organisational security measures include staff privacy training, documented data handling procedures, vendor due diligence for all third-party processors, and a formal incident response plan for data breaches.

9.3 No security system is impenetrable. While epicjili takes all reasonable precautions to protect your data, epicjili cannot guarantee the absolute security of data transmitted over the internet. You are responsible for maintaining the security of your Account credentials and for reporting any suspected compromise to epicjili immediately.

10.1 epicjili retains your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law. The following minimum retention periods apply:

• Account and identity data: Retained for the duration of your Account and for a minimum of five (5) years following Account closure, as required under the Anti-Money Laundering Act and PAGCOR regulations.
• Financial transaction records: Retained for a minimum of five (5) years from the date of each transaction, as required by AMLA and the Bureau of Internal Revenue.
• KYC verification records: Retained for a minimum of five (5) years following Account closure.
• Customer support communications: Retained for two (2) years from the date of the interaction, or longer where a complaint remains unresolved.
• Marketing consent records: Retained for as long as you hold an Account and for three (3) years following Account closure to demonstrate consent compliance.
• Technical and log data: Retained for a maximum of twelve (12) months from the date of collection, unless required for longer periods by security investigations or regulatory requests.

10.2 Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in a manner that prevents reconstruction or re-identification of the data subject.

11.1 Under the Data Privacy Act of 2012, you have the following rights in relation to the personal data epicjili holds about you:

11.2 To exercise any of the rights listed above, please submit a written request to the epicjili Data Privacy Officer at the contact details provided in Section 16 of this Policy. You may be required to verify your identity before your request is processed.

11.3 epicjili will respond to all data subject rights requests within fifteen (15) business days of receipt. Where a request is complex or numerous, epicjili may extend this period by a further fifteen (15) business days, in which case you will be notified of the extension and the reason for it.

11.4 epicjili will process data subject rights requests at no cost to you. Where requests are manifestly unfounded or excessive — in particular because of their repetitive character — epicjili may charge a reasonable administrative fee.

12.1 epicjili does not knowingly collect, process, or store personal data from individuals under the age of twenty-one (21) years. The Platform is intended solely for adults who meet the minimum age requirement under Philippine law for participation in online gambling.

12.2 Where epicjili discovers or is notified that personal data has been collected from a person under the age of 21, all such data will be immediately deleted and the associated Account permanently closed. Deposits collected from underage accounts will be returned to the originating payment method.

12.3 If you are a parent or guardian and believe that a minor under your care has registered for an epicjili Account, please contact the epicjili Data Privacy Officer immediately using the contact details in Section 16.

13.1 epicjili's primary data processing operations are conducted within the Philippines. However, certain third-party service providers — including cloud infrastructure providers, game content studios, and fraud prevention services — may process your personal data in jurisdictions outside the Philippines.

13.2 Where personal data is transferred outside the Philippines, epicjili ensures that appropriate safeguards are in place to protect your data to a standard consistent with the DPA. These safeguards may include contractual clauses approved by the National Privacy Commission, adequacy decisions, or binding corporate rules.

13.3 epicjili will not transfer your personal data to a country or jurisdiction unless it has satisfied itself that adequate protections exist and that the transfer is necessary for one of the legitimate purposes described in this Policy.

14.1 The epicjili Platform may contain links to third-party websites or services — for example, links to payment provider support pages. epicjili is not responsible for the privacy practices of any third-party website and encourages you to review the privacy policies of any third-party service you access.

14.2 Game content provided by third-party game studios hosted on the epicjili Platform may involve the processing of limited technical session data by those studios for game delivery and audit purposes. Such processing is governed by data processing agreements between epicjili and each studio and is limited to data strictly necessary for the operation of the game.

14.3 Payment service providers (GCash, Maya, BPI, BDO, etc.) process your financial transaction data according to their own privacy policies in addition to the obligations imposed by their data processing agreements with epicjili. epicjili recommends reviewing the privacy policies of your payment provider directly.

15.1 epicjili may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal obligations, regulatory requirements, or Platform features. All updates will be posted on this page with a revised "Last Updated" date.

15.2 Where changes are material — that is, where they significantly affect your rights or how we use your personal data — epicjili will notify you via your registered email address or a prominent notice on the Platform at least seven (7) days before the changes take effect.

15.3 Your continued use of the Platform after a Privacy Policy update has been published and, where applicable, after the notification period has expired, constitutes your acceptance of the revised Policy.

15.4 The most current version of this Privacy Policy is always accessible at epicjili.org/privacy-policy. Previous versions of this Policy are available upon written request to the Data Privacy Officer.

16.1 If you have any questions, concerns, or requests relating to this Privacy Policy or epicjili's data processing activities, please contact the epicjili Data Privacy Officer:

16.2 If you are not satisfied with epicjili's response to your privacy request or complaint, you have the right to escalate your complaint to the National Privacy Commission of the Philippines. The NPC's contact information and complaint procedures are available on the NPC's official website.

16.3 This Privacy Policy was last reviewed and updated in January 2026. All previous versions are superseded in their entirety by this version.