m.fb001 Privacy
Policy

m.fb001 ("the Platform," "we," "us," or "our") is committed to protecting the privacy and personal data of all players and users who access and use the Platform at mfb001.app. We operate as a PAGCOR-regulated online gaming platform serving Filipino players across Luzon, Visayas, and Mindanao.

This Privacy Policy is prepared in compliance with Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines ("DPA"), and its Implementing Rules and Regulations ("IRR"), as administered by the National Privacy Commission ("NPC"). It also reflects the data handling obligations imposed by PAGCOR's online gaming regulatory framework and the Anti-Money Laundering Act (AMLA) of the Philippines, as amended.

We encourage you to read this Policy carefully. If you have questions about any part of it, please contact our Data Protection Officer (DPO) at [email protected] before registering or using the Platform.

For the purposes of the Philippine Data Privacy Act, m.fb001 acts as the Personal Information Controller (PIC) in respect of all personal data collected and processed through the Platform. As a PAGCOR-regulated operator, m.fb001 is registered with the relevant Philippine regulatory bodies and maintains a designated Data Protection Officer responsible for overseeing compliance with the DPA.

All inquiries, requests, or concerns regarding personal data processing may be directed to the m.fb001 Data Protection Officer via the contact details set out in Section 15 of this Policy.

m.fb001 collects the following categories of personal data in connection with your registration, use of the Platform, and compliance with applicable regulatory requirements:

• Full legal name (as it appears on your government-issued ID)
• Date of birth (for 21+ age verification)
• Philippine mobile number (primary login credential and OTP verification)
• Email address (where provided)
• Account username and encrypted password
• Residential address in the Philippines (where required for KYC)

• Copy of a valid Philippine government-issued ID (e.g., UMID, PhilSys National ID, driver's license, or Philippine passport)
• ID number and expiry date
• Selfie photograph (where required for identity matching)
• Source of funds declaration (for high-value accounts, per AMLA requirements)

• Deposit and withdrawal transaction records (date, amount, payment method, reference number)
• GCash or Maya account number (last digits only for security, or full number where required for withdrawal routing)
• Bank account details where bank transfer is the chosen payment method
• Account balance history

• Game session logs (games played, bet amounts, outcomes, session duration)
• Bonus and promotion redemption history
• Responsible gaming settings and tool usage (deposit limits, self-exclusion status)

• IP address at time of login and transaction
• Device type, operating system, and browser information
• Session timestamps and duration
• Cookie identifiers (see Section 8)

• Live chat and email correspondence with the m.fb001 support team
• Feedback, complaints, and dispute records

m.fb001 collects personal data through the following means:

• Directly from you — when you register an account, complete KYC verification, make a deposit or withdrawal request, contact support, or update your account settings;
• Automatically — through cookies, server logs, and session monitoring when you access and use the Platform;
• From payment processors — transaction confirmation data from GCash, Maya, BPI, BDO, and other integrated payment channels;
• From identity verification providers — data returned during the KYC process where third-party verification services are used;
• From regulatory authorities — where PAGCOR, the Anti-Money Laundering Council (AMLC), or other Philippine agencies provide or request information pursuant to applicable law.

m.fb001 processes your personal data for the following specific purposes:

m.fb001 does not process your personal data for purposes beyond those stated above without your explicit consent or as required by applicable Philippine law.

Under the Philippine Data Privacy Act, personal data processing requires a lawful basis. m.fb001 relies on the following legal bases for the processing described in this Policy:

• Contractual necessity: Processing required to create and maintain your Account, process transactions, and deliver the gaming services you have requested;
• Legal obligation: Processing required to comply with PAGCOR regulations, the Anti-Money Laundering Act, the Data Privacy Act, and other applicable Philippine laws;
• Legitimate interests: Processing for fraud prevention, platform security, responsible gaming monitoring, and service improvement — balanced against your privacy rights;
• Consent: Processing for optional communications and non-essential analytics, where your explicit consent has been obtained and may be withdrawn at any time.

m.fb001 may share your personal data with the following categories of recipients in the circumstances described:

Transaction data is shared with payment service providers (including GCash, Maya, BPI, BDO, Metrobank, UnionBank, and other integrated payment channels) to the extent required to process deposits and withdrawals. These processors are bound by their own data protection obligations under Philippine law.

KYC data may be processed by third-party identity verification service providers engaged by m.fb001. These providers act as Personal Information Processors (PIPs) under data processing agreements consistent with the DPA.

m.fb001 is required to submit player data reports to PAGCOR as part of its licensing and regulatory compliance obligations. Transaction data may also be reported to the Anti-Money Laundering Council (AMLC) in compliance with the Philippines' Anti-Money Laundering Act, as amended. Compliance with these regulatory obligations is mandatory and does not require your separate consent.

Personal data may be disclosed to Philippine law enforcement agencies or courts where required by a lawful order, warrant, or other legal process issued under Philippine law.

Certain technical session data (but not personal identification data) may be processed by licensed game providers (e.g., JILI, PG Soft, Evolution Gaming) solely for the purpose of delivering game sessions. These providers do not receive or retain your personal identification information.

Personal data may be shared with legal, financial, or compliance advisers where strictly necessary for the exercise or defense of legal claims, or for regulatory advice, under binding confidentiality obligations.

m.fb001 uses cookies and similar tracking technologies to enable core platform functionality, maintain your login session, and analyze how the Platform is used. The following types of cookies are used:

• Essential cookies: Required for the Platform to function. These include session cookies that maintain your authenticated login state and cookies used for security and fraud prevention. These cannot be disabled without impairing your ability to use the Platform;
• Functional cookies: Remember your preferences (e.g., language, recently played games) to provide a more personalized experience;
• Analytics cookies: Collect aggregated data about Platform usage to help us improve performance, navigation, and game availability. Where possible, analytics data is anonymized;
• Security cookies: Used to detect and prevent fraudulent access, unusual login patterns, and bot activity.

You may manage or disable non-essential cookies through your browser settings. Please note that disabling certain cookies may affect Platform functionality. m.fb001 does not use third-party advertising or behavioral tracking cookies.

m.fb001 retains personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to the following minimum retention obligations:

• Account and KYC data: Retained for the duration of the account relationship and for a minimum of five (5) years following account closure, in compliance with PAGCOR regulatory requirements and AMLA record-keeping obligations;
• Financial transaction records: Retained for a minimum of five (5) years from the date of the transaction, as required by the Anti-Money Laundering Act;
• Game session logs: Retained for a period sufficient to enable regulatory reporting and dispute resolution, typically two (2) to five (5) years;
• Communication records: Retained for a period of two (2) years from the date of the communication, or longer if required for an ongoing dispute or legal matter;
• Technical and device data: Retained for up to twelve (12) months for security monitoring and fraud prevention purposes.

Following the expiry of applicable retention periods, personal data is securely deleted or anonymized in a manner that prevents re-identification.

m.fb001 implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• 256-bit SSL/TLS encryption for all data transmitted between your device and the Platform;
• Encrypted storage of account passwords (hashing with salting — passwords are never stored in plain text);
• OTP-based two-step verification for account access on new or unrecognized devices;
• Session anomaly detection to identify and flag unusual login patterns indicative of unauthorized access;
• Strict access controls limiting internal access to personal data to authorized personnel on a need-to-know basis;
• Regular security audits and vulnerability assessments of Platform infrastructure;
• Data breach response procedures consistent with NPC notification requirements under the DPA.

Under the Philippine Data Privacy Act, you have the following rights with respect to your personal data held by m.fb001. These rights may be exercised by contacting the DPO at [email protected]:

m.fb001 aims to respond to all data subject rights requests within thirty (30) days of receipt. Some requests may require identity verification before processing. Requests may be subject to limitations where fulfillment would conflict with mandatory regulatory retention obligations.

If m.fb001 discovers or receives information that a registered account is held by a person under 21 years of age, the account will be immediately suspended, any balance will be handled in accordance with applicable PAGCOR regulations, and all personal data associated with that account will be deleted to the extent not required to be retained under mandatory regulatory obligations.

If a parent or guardian believes that a minor has accessed or registered on the Platform, please contact our DPO immediately at [email protected] so that appropriate action can be taken without delay.

Some of the third-party service providers used by m.fb001 — including certain game content providers and technical infrastructure services — may process data in jurisdictions outside the Philippines. Where such cross-border data transfers occur, m.fb001 ensures that appropriate safeguards are in place consistent with the requirements of the Philippine Data Privacy Act and its IRR, including:

• Data processing agreements with overseas processors incorporating DPA-equivalent protections;
• Assessment of the data protection adequacy of the recipient jurisdiction;
• Contractual obligations requiring processors to maintain security standards consistent with Philippine requirements;
• Limitation of transferred data to the minimum necessary for the specific processing purpose.

Personal identification and financial data is, wherever technically feasible, processed and stored within Philippine or regionally equivalent jurisdictions.

m.fb001 reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law, regulatory guidance from PAGCOR or the NPC, changes to our data processing practices, or improvements to our security measures.

Material amendments will be communicated to registered Players via the email address or mobile number on record, or via an in-platform notification, prior to the effective date of the change. The "Last Updated" date at the top of this Policy will be revised accordingly. Continued use of the Platform following notification of an amendment constitutes acceptance of the revised Policy.

If you do not accept a material amendment to this Policy, you may close your account by contacting [email protected] prior to the amendment's effective date.

For all privacy-related inquiries, data subject rights requests, or concerns regarding the processing of your personal data by m.fb001, please contact our Data Protection Officer through the following channels:

• Email (DPO): [email protected] — please include "Privacy Request" in the subject line
• Live Chat: 24/7 via the Platform — average response time 3–5 minutes

For complaints that have not been resolved to your satisfaction by m.fb001's DPO, you may escalate the matter to the National Privacy Commission of the Philippines through its official government channels.