hybet Privacy Policy

1. Scope & Data Controller Identity

hybet operates the online gaming platform at hybet.co and is the Personal Information Controller (PIC) for the personal data it processes, as defined under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, as implemented by NPC regulations).

hybet processes personal data under the authority of a license issued by the Philippine Amusement and Gaming Corporation (PAGCOR) and is subject to the data governance obligations applicable to PAGCOR licensees, including compliance with the Anti-Money Laundering Act of 2001 (RA 9160, as amended by RA 10365) and its implementing rules on customer due diligence.

This Privacy Policy applies to all personal data collected and processed by hybet through the Platform, including data collected via the website, live chat, email support, and any promotional activities. It does not apply to third-party websites or services linked from the Platform, each of which operates under its own privacy policy.

2. Personal Data We Collect

hybet collects the categories of personal data described below. Not all categories apply to all users — for example, payment data is only collected from Players who make a deposit, and KYC identity documents are only required from Players who request a withdrawal.

3. How We Collect Your Data

hybet collects personal data through the following channels:

• Direct collection: Information you provide when registering an Account, completing KYC verification, making deposits or withdrawal requests, adjusting account settings, or contacting support.
• Automated collection: Technical data collected automatically when you access the Platform, including IP address, device identifiers, browser information, and cookie data (see Section 7).
• Third-party payment processors: When you make a deposit or withdrawal via GCash, Maya, or a bank transfer, hybet receives confirmation data from the relevant payment processor, including transaction reference numbers and account identifiers needed to credit your wallet.
• Identity verification providers: hybet may use third-party KYC verification services to cross-reference identity documents against government databases, in compliance with PAGCOR's AML obligations.
• Game providers: Game activity data generated through third-party game providers (such as Pragmatic Play, PG Soft, and others integrated into the hybet lobby) is transmitted to hybet's systems for account crediting, dispute resolution, and responsible gaming monitoring.

4. Legal Bases for Processing

Under the Philippine Data Privacy Act, hybet processes personal data on one or more of the following lawful bases:

• Contractual necessity: Processing required to perform hybet's obligations under the Terms & Conditions you agreed to at registration — including maintaining your account, processing deposits and withdrawals, and settling bets.
• Legal obligation: Processing required to comply with applicable Philippine laws, including PAGCOR licensing conditions, the Anti-Money Laundering Act, and the Data Privacy Act itself (e.g., KYC verification, regulatory reporting, and AML transaction monitoring).
• Legitimate interests: Processing necessary for hybet's legitimate business interests, where those interests are not overridden by your privacy rights — including fraud detection, platform security, responsible gaming monitoring, and improving the platform experience.
• Consent: Where none of the above bases applies, hybet will seek your explicit, freely given, specific, informed, and unambiguous consent before processing. You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Purposes of Processing

hybet processes your personal data for the following specific purposes:

• Creating and managing your hybet Account, including authentication and password recovery.
• Processing deposits, withdrawals, and all financial transactions on the Platform.
• Verifying your identity and age (21+) as required by PAGCOR regulations and Philippine AML laws.
• Detecting, investigating, and preventing fraud, money laundering, and other prohibited activities.
• Monitoring gaming activity for responsible gaming purposes, including detecting problem gambling indicators and applying appropriate interventions.
• Providing customer support via live chat and email, including resolving disputes and complaints.
• Sending transactional communications — account notifications, deposit confirmations, withdrawal receipts, and security alerts.
• Sending promotional communications — bonus offers, new game announcements, and other marketing messages — only where you have provided consent or where permitted under applicable law. You may opt out of marketing communications at any time via your Account settings or by contacting support.
• Complying with PAGCOR reporting obligations, court orders, and requests from competent Philippine authorities.
• Improving the Platform through analytics, user experience research, and technical performance monitoring.

6. Data Sharing & Disclosure

6.1 Service Providers

hybet engages carefully selected third-party service providers who process personal data on hybet's behalf as Personal Information Processors (PIPs) under binding data processing agreements. These providers are limited to using data for the specific services they provide to hybet and may not use your data for their own purposes. Categories of service providers include:

• Payment processors and e-wallet operators (GCash, Maya, banks) for transaction processing.
• KYC and identity verification service providers.
• Cloud infrastructure and data hosting providers operating data centres with appropriate security certifications.
• Online game content providers whose games are integrated into the hybet lobby (e.g., Pragmatic Play, PG Soft).
• Customer support platform providers for live chat and email ticketing.
• Analytics providers for platform performance and user experience analysis (configured to minimise personal data collection).

6.2 Regulatory Disclosure

hybet is required by law and by its PAGCOR license conditions to disclose personal data to the following regulatory and government bodies:

• PAGCOR — for licensing compliance, audit, and regulatory investigation purposes.
• The Anti-Money Laundering Council (AMLC) — for Suspicious Transaction Reports (STRs) and Covered Transaction Reports (CTRs) under the AMLA, as amended.
• The National Privacy Commission (NPC) — for data breach notifications and regulatory inquiries.
• Philippine courts, law enforcement agencies, and other government authorities — pursuant to a valid court order, legal process, or lawful directive.

6.3 No Sale of Data

hybet does not sell, rent, exchange, or otherwise commercially transfer your personal data to any third party for their own independent commercial purposes, including marketing or advertising. This prohibition is absolute and applies regardless of the compensation offered.

7. Cookies & Tracking Technologies

hybet uses cookies and similar tracking technologies to operate the Platform, maintain your session, and improve your experience. A cookie is a small text file stored on your device by your browser when you visit the Platform.

7.1 Types of Cookies Used

• Strictly Necessary Cookies: Essential for the Platform to function. These include session authentication tokens, security cookies (CSRF protection), and load balancing cookies. These cannot be disabled without breaking Platform functionality.
• Functional Cookies: Remember your preferences, such as language settings and responsible gaming limits, to personalise your experience across sessions.
• Analytics Cookies: Collect aggregated, anonymised information about how Players use the Platform — which pages are visited most frequently, how long sessions last, and which features are used. hybet uses this data to improve the Platform. You may opt out of analytics cookies via the cookie consent manager.
• Security Cookies: Detect and prevent fraudulent activity, including detecting unusual login patterns or device fingerprint mismatches that may indicate account takeover attempts.

7.2 Managing Cookies

You may manage cookie preferences through your browser's settings. Disabling strictly necessary cookies will impair Platform functionality, including preventing you from logging in. Most modern browsers allow you to review and delete stored cookies at any time. Note that clearing cookies will log you out of the Platform and reset any locally stored preferences.

8. Data Retention

hybet retains personal data for the periods required to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. The principal retention periods are as follows:

• Account and transaction data: Retained for a minimum of five (5) years from the date of account closure or the last transaction, in accordance with PAGCOR's record-keeping requirements and RA 9160 (AMLA) retention obligations.
• KYC identity documents: Retained for a minimum of five (5) years following the end of the business relationship, or longer where required by a specific legal obligation.
• Gaming activity logs: Retained for a minimum of three (3) years for dispute resolution, responsible gaming monitoring, and PAGCOR audit purposes.
• Customer support records: Retained for a minimum of two (2) years from the date of the most recent interaction.
• Marketing consent records: Retained for the duration of your registration and for a reasonable period thereafter to evidence compliance with consent obligations.
• Technical logs (IP addresses, session logs): Retained for a maximum of ninety (90) days, unless extended in connection with a fraud or security investigation.

Upon expiry of the applicable retention period, data is securely deleted using industry-standard deletion protocols, or anonymised in a manner that permanently prevents re-identification.

9. Data Security Measures

hybet implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include:

• Encryption in transit: All communications between your browser or app and hybet's servers are protected by TLS 1.2 or higher (256-bit encryption). Connections over unencrypted HTTP are automatically redirected to HTTPS.
• Encryption at rest: Sensitive data stored in hybet's databases — including identity documents, financial account details, and password hashes — is encrypted using AES-256 or equivalent standards.
• Password security: User passwords are never stored in plain text. hybet uses bcrypt or an equivalent adaptive hashing algorithm with appropriate cost factors to store password representations.
• Access controls: Logical access to systems containing personal data is restricted to authorised hybet personnel based on the principle of least privilege. Access is controlled by role-based permissions, enforced with mandatory multi-factor authentication for all staff with privileged system access.
• Penetration testing and vulnerability management: hybet's platform undergoes regular security assessments, including automated vulnerability scanning and periodic penetration testing by qualified security professionals.
• Incident response: hybet maintains a documented data breach response plan, including procedures for detection, containment, assessment, notification (to the NPC within 72 hours and to affected Players as required), and post-incident review.

While hybet takes all reasonable steps to protect your data, no internet transmission or electronic storage system is completely secure. You are responsible for maintaining the security of your login credentials and for notifying hybet immediately of any suspected unauthorised access to your Account.

10. International Data Transfers

hybet's primary operations and data storage are based within the Philippines. However, some of hybet's service providers — particularly cloud infrastructure providers, game content providers, and analytics platforms — may process or store data outside the Philippines.

Where personal data is transferred internationally, hybet ensures that appropriate safeguards are in place, consistent with the requirements of the Philippine Data Privacy Act and NPC guidance, including:

• Contractual clauses in data processing agreements that impose data protection standards equivalent to those required under RA 10173.
• Selecting processors in jurisdictions that maintain an adequate level of data protection as recognised by the NPC.
• Applying technical controls (such as encryption) to data in transit to and from international processors.

If you would like more information about international transfers affecting your personal data or the safeguards applied, contact hybet's Data Protection Officer (DPO) using the contact information in Section 15.

11. Your Data Subject Rights

As a data subject under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by hybet. To exercise any of these rights, contact hybet's DPO as described in Section 15. hybet will respond to verified requests within thirty (30) calendar days, extendable by a further fifteen (15) days in complex cases.

• ACCESS You have the right to request confirmation of whether hybet processes personal data about you, and to receive a copy of that data in a readable format, along with information about how it is used and who it is shared with.
• CORRECT You have the right to request correction of inaccurate or incomplete personal data held by hybet. Note that some data fields — such as your legal name as verified against a government ID — cannot be changed without submission of updated identity documents.
• ERASURE You have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, where consent has been withdrawn and no other legal basis applies, or where processing is unlawful. Erasure requests are subject to hybet's legal retention obligations under PAGCOR regulations and the AMLA.
• OBJECT You have the right to object to processing of your personal data where hybet relies on legitimate interests as the legal basis, including profiling for marketing purposes. You also have an absolute right to opt out of direct marketing communications at any time via your Account settings.
• PORTABILITY Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., CSV or JSON), and to transmit that data to another controller.
• RESTRICT You have the right to request restriction of processing of your personal data in certain circumstances — for example, while a dispute about accuracy is being resolved, or where processing is unlawful but you prefer restriction over erasure.
• COMPLAIN If you believe hybet has processed your personal data in violation of the Data Privacy Act, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. Details of how to contact the NPC are available on the NPC's official government website.

12. Children, Minors & Age Verification

The hybet platform is strictly restricted to individuals who are at least twenty-one (21) years of age, as required by PAGCOR under Philippine gaming regulations. hybet does not knowingly collect personal data from individuals under 21 years old.

If hybet discovers that personal data has been collected from an individual under 21, the Account will be immediately suspended, the data will be deleted (subject to any legal obligation to retain it for regulatory reporting purposes), and the matter will be reported to PAGCOR as required.

If you are a parent or guardian and believe your child (under 21) has created an account or provided data to hybet, please contact the support team immediately using the details in Section 15. hybet will take prompt action to investigate and, where confirmed, delete the data and close the Account.

13. Responsible Gaming & Data Processing

As a PAGCOR-licensed operator, hybet processes gaming activity data for responsible gaming purposes. This includes automated monitoring of betting patterns, session lengths, deposit frequency, and self-exclusion compliance to identify potential indicators of problem gambling.

Where indicators of problem gambling are detected, hybet may use this data to: (a) trigger responsible gaming alerts within your Account; (b) proactively offer to set account limits; (c) refer the matter to hybet's responsible gaming team for a welfare check; or (d) apply regulatory interventions required by PAGCOR. This processing is carried out on the basis of legal obligation and legitimate interests in player welfare.

Responsible gaming data — including self-exclusion records — is treated with the highest level of confidentiality and is not used for marketing purposes or shared with third parties except where required by PAGCOR or applicable law.

For more information about hybet's responsible gaming tools, including deposit limits, cool-off periods, and self-exclusion, please visit the Responsible Gaming page.

14. Amendments to This Policy

hybet reserves the right to update or amend this Privacy Policy at any time to reflect changes in our practices, applicable law, or PAGCOR regulatory requirements. Material changes will be communicated to registered Players via email to the registered address and/or a prominent notice on the Platform, at least seven (7) calendar days before the changes take effect, except where immediate changes are required by law or regulatory directive.

The effective date at the top of this document will be updated with each revision. We encourage you to review this policy periodically. Your continued use of the Platform after the effective date of a revised policy constitutes your acknowledgement of the changes.

15. Contact & Data Protection Officer

hybet has appointed a Data Protection Officer (DPO) in accordance with the requirements of the Philippine Data Privacy Act and NPC regulations. The DPO is responsible for overseeing hybet's data protection compliance, handling data subject requests, and serving as the point of contact for the National Privacy Commission.

To exercise your data subject rights, report a potential data breach, ask questions about this Privacy Policy, or raise a data privacy concern, contact the hybet DPO using the following channels:

• Email: [email protected] — Please include "Privacy Request" or "DPO" in the subject line so your message reaches the right team promptly.
• Live Chat: Available 24/7 on hybet.co. Request to be connected with the privacy or data protection team for matters requiring immediate attention.

hybet aims to respond to all data subject rights requests within thirty (30) calendar days of receiving a verified request. Complex requests may be extended by an additional fifteen (15) days with notification to you before the initial deadline.

If you are not satisfied with hybet's response to a data privacy concern, you have the right to escalate your complaint to the National Privacy Commission of the Philippines (NPC) — the independent government body responsible for enforcing the Data Privacy Act.