This Privacy Policy explains how croyale collects, uses, stores, and protects the personal data of Filipino players in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and applicable PAGCOR regulatory requirements.
croyale ("we," "us," "our") operates the online gaming platform accessible at croyale.vip. As a PAGCOR-regulated operator serving Filipino players, croyale is committed to protecting the privacy and personal data of every person who interacts with our platform. This Privacy Policy describes our data practices in clear, honest terms.
This Policy applies to all personal data we collect and process in connection with your use of the croyale platform, including account registration, gaming activity, financial transactions, customer support interactions, and marketing communications. It applies regardless of whether you access croyale via a desktop browser, mobile browser, or any other supported interface.
croyale processes personal data in compliance with the Philippine Data Privacy Act of 2012 (RA 10173), its Implementing Rules and Regulations, and applicable NPC (National Privacy Commission) issuances. Our Data Protection Officer (DPO) is registered with the NPC in accordance with applicable regulations.
1.1 This Privacy Policy governs the collection, use, storage, disclosure, and protection of personal data submitted by or collected about players and visitors of the croyale platform ("Data Subjects"). It also applies to individuals who contact croyale's customer support team, participate in promotions, or otherwise interact with croyale through any channel.
1.2 By registering a croyale account or continuing to use the croyale platform, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein, to the extent that consent is required by applicable Philippine law.
1.3 This Policy should be read alongside croyale's Terms and Conditions, which govern your use of the Platform, and our Responsible Gaming Policy, which describes our player welfare framework.
1.4 We may update this Policy from time to time. The current version is always available at croyale.vip/privacy-policy. The Effective Date at the top of this document indicates when the current version was last updated.
2.1 croyale is the personal information controller ("PIC") for all personal data processed in connection with the croyale platform, as defined under the Philippine Data Privacy Act of 2012.
2.2 croyale has designated a Data Protection Officer (DPO) responsible for overseeing data protection compliance and serving as the point of contact for Data Subject enquiries and NPC regulatory communications.
2.3 Data protection enquiries, requests to exercise data rights, and privacy complaints may be directed to our DPO via the contact details set out in Section 15 of this Policy.
croyale collects personal data from you directly, automatically, and from third parties in the following categories:
When you create a croyale account, we collect: full legal name, date of birth, nationality, registered mobile number (Philippine number required), email address, username, and password (stored in hashed form — your actual password is never accessible to croyale staff).
For identity verification required under PAGCOR anti-money laundering and age verification obligations, we collect: copies of government-issued photo identification (PhilSys National ID, Philippine passport, driver's license, or PRC ID), selfie or liveness verification images, proof of address documents where required, and tax identification information where applicable.
We collect data relating to your financial transactions on croyale, including: deposit and withdrawal amounts, payment method identifiers (GCash account number, bank account details, card last four digits), transaction timestamps, and transaction reference numbers. croyale does not store full card numbers or payment credentials — these are handled by certified third-party payment processors.
We collect records of all gaming sessions, including: games played, stakes placed, outcomes, bonus usage, win and loss records, session duration, and game preferences. This data is required for regulatory compliance, responsible gaming monitoring, and dispute resolution.
We automatically collect certain technical data when you access croyale, including: IP address, device type and operating system, browser type and version, session timestamps, geographic location data (country and region level), referral URL, and page interaction data.
We retain records of your communications with croyale's support team, including live chat transcripts, support ticket content, and any documentation you submit in connection with a support request or dispute.
| Data Category | Examples | Collection Method |
|---|---|---|
| Identity | Name, DOB, mobile number, email | Registration form |
| KYC Documents | Gov't ID, selfie, proof of address | Verification upload |
| Financial | Transaction amounts, payment references | Cashier, payment processor |
| Gaming Activity | Game logs, stakes, outcomes, session data | Platform systems (automatic) |
| Technical | IP address, device type, browser | Automatic (cookies, logs) |
| Communications | Live chat transcripts, support tickets | Customer support interactions |
croyale processes your personal data on the following legal bases under the Philippine Data Privacy Act of 2012:
croyale uses the personal data it collects for the following specific purposes:
croyale does not use personal data to make fully automated decisions that produce legal or similarly significant effects on Data Subjects without human oversight.
croyale does not sell, rent, or trade your personal data to any third party for their own commercial purposes. Data is shared only in the circumstances described below:
Financial transaction data is shared with certified payment processors (including GCash, Maya, and bank partners) solely to facilitate deposits and withdrawals. These processors are bound by their own regulatory obligations and data protection commitments.
croyale is required by law to share certain data with PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine regulatory authorities upon lawful request or as required by applicable reporting obligations.
Identity document data may be shared with certified KYC service providers for verification processing. Such providers act as personal information processors under written data processing agreements that require them to process data only as instructed by croyale and to maintain appropriate security measures.
croyale uses cloud infrastructure, security, and analytics service providers to operate the platform. These providers may process certain personal data as part of service delivery and are bound by data processing agreements requiring compliance with applicable Philippine privacy law.
croyale may disclose personal data to law enforcement agencies where required by valid legal process, court order, or where croyale reasonably believes disclosure is necessary to prevent serious harm, fraud, or criminal activity.
croyale will never share your personal data with unsolicited third parties or data brokers. If you are ever contacted by a party claiming to represent croyale and requesting personal information, please verify through the official croyale support channel before responding.
7.1 croyale retains personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to mandatory retention periods under Philippine law.
7.2 Account and identity data is retained for the duration of your active croyale account, and for a minimum of five (5) years following account closure, in compliance with PAGCOR licensing requirements and AMLA record-keeping obligations.
7.3 Financial transaction records are retained for a minimum of five (5) years from the date of the transaction, as required by the Philippine Anti-Money Laundering Act.
7.4 Gaming activity logs are retained for a minimum of two (2) years from the date of the session, or longer where required for dispute resolution or regulatory compliance purposes.
7.5 Customer support communications are retained for two (2) years from the date of the interaction.
7.6 Upon expiry of applicable retention periods, personal data is securely deleted or anonymized in accordance with croyale's data disposal procedures.
croyale implements industry-standard technical and organizational security measures to protect your personal data from unauthorized access, loss, destruction, alteration, or disclosure. Our security measures include:
7.7 In the event of a personal data breach that is likely to result in harm to Data Subjects, croyale will notify affected individuals and the National Privacy Commission within 72 hours of becoming aware of the breach, in accordance with RA 10173 and NPC Circular No. 16-03.
9.1 croyale uses cookies and similar tracking technologies to operate the Platform effectively, maintain your session, and improve your experience. A cookie is a small data file placed on your device by the Platform when you visit.
9.2 You may manage non-essential cookies through your browser settings. Note that disabling certain cookies may affect Platform functionality. croyale does not use third-party advertising cookies or social media tracking pixels on its gaming platform.
Under the Philippine Data Privacy Act of 2012, you have the following rights with respect to your personal data held by croyale:
You have the right to obtain confirmation of whether croyale holds personal data about you, and to access a copy of that data.
You have the right to request correction of inaccurate or incomplete personal data held by croyale about you.
You may request deletion of personal data that is no longer necessary for the purpose it was collected, subject to croyale's legal retention obligations.
You may object to the processing of your personal data for direct marketing purposes at any time. You may also object to processing based on legitimate interests.
You may request a copy of your personal data in a structured, machine-readable format for personal use or transfer to another service.
You have the right to be indemnified for damages sustained due to inaccurate, incomplete, or unlawfully obtained personal data, under RA 10173.
To exercise any of the above rights, please contact croyale's Data Protection Officer via the contact details in Section 15. croyale will respond to verified Data Subject requests within thirty (30) days of receipt. Identity verification may be required before processing a data rights request.
Some data rights requests may be subject to limitations where croyale has a legal obligation to retain certain data (such as AML and KYC records). In such cases, croyale will explain the applicable limitation in its response to your request.
11.1 croyale does not knowingly collect or process personal data of individuals under 21 years of age. The croyale platform is strictly restricted to adults aged 21 and above, in compliance with PAGCOR regulations applicable to online gaming in the Philippines.
21+ Only. If croyale becomes aware that an account belongs to or was created by a person under 21 years of age, that account will be immediately suspended, all gaming activity voided, and any personal data collected will be securely deleted to the extent permitted by regulatory requirements.
11.2 If you are a parent or guardian and believe that a minor under your care has accessed or registered on the croyale platform, please contact our support team immediately via live chat so we can take appropriate action.
12.1 croyale's primary operations and data processing are based within the Philippines. Where personal data is processed by or transferred to service providers outside the Philippines (such as international cloud infrastructure providers), croyale ensures that such transfers comply with the requirements of RA 10173 and NPC regulations on cross-border data transfers.
12.2 Cross-border transfers are conducted only where: (a) the recipient country or organization provides adequate data protection standards as assessed by croyale; or (b) appropriate contractual safeguards are in place, including data processing agreements with standard contractual clauses consistent with NPC requirements.
12.3 croyale does not transfer personal data to countries or entities that cannot guarantee adequate protection of Data Subject rights.
13.1 If you believe that croyale has processed your personal data in violation of this Privacy Policy or applicable Philippine privacy law, you have the right to raise a complaint.
13.2 We encourage you to first raise your concern directly with croyale's Data Protection Officer (contact details in Section 15). croyale will investigate all privacy complaints promptly and respond within thirty (30) days.
13.3 If you are not satisfied with croyale's response, or if you prefer to escalate your complaint directly, you have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines, the regulatory body responsible for enforcing RA 10173.
14.1 croyale may update this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or platform operations. The Effective Date at the top of this document indicates when the current version was last revised.
14.2 Where changes are material — meaning they meaningfully affect how we collect or use your personal data, or your rights as a Data Subject — croyale will notify registered players via email or in-platform notification before the changes take effect.
14.3 Minor updates (such as typographical corrections, clarifications that do not change substantive meaning, or administrative updates) may be made without prior notification.
14.4 The current version of this Privacy Policy is always accessible at croyale.vip/privacy-policy. You are encouraged to review it periodically.
For all data protection enquiries, requests to exercise Data Subject rights, privacy complaints, or general questions about this Privacy Policy, please contact croyale's Data Protection Officer through the following channels:
croyale's DPO will acknowledge receipt of your request within three (3) business days and provide a substantive response within thirty (30) days, or will notify you of any extension where the complexity of the request requires additional time.
croyale takes all privacy requests and complaints seriously. Every Data Subject request is reviewed by our DPO personally and handled with the full weight of croyale's PAGCOR compliance obligations and RA 10173 requirements behind it.
A plain-language summary of the six most important data protection commitments croyale makes to every Filipino player.
Every data exchange between your device and croyale — from login to deposits to live chat — is protected by 256-bit TLS encryption, the same standard used by Philippine banks and major financial institutions.
croyale does not sell, rent, or trade your personal data to any third party for commercial purposes — ever. Data is shared only where legally required (PAGCOR, AMLC) or to deliver the services you use (GCash, payment processors).
croyale processes all personal data in full compliance with the Philippine Data Privacy Act of 2012 and NPC regulations. Our Data Protection Officer is registered with the NPC and oversees all data protection obligations.
Filipino players have full rights to access, correct, object to, and request deletion of their personal data under RA 10173. croyale's DPO handles all data rights requests within 30 days and will never make it difficult to exercise your rights.
Your croyale password is hashed using a one-way cryptographic function before storage. Even croyale's own staff cannot read your actual password. This means a data breach cannot expose your login credentials in usable form.
croyale only sends marketing communications to players who have opted in. You can withdraw your marketing consent at any time through your account settings. Withdrawal takes effect immediately — no waiting period, no dark patterns.
croyale's Data Protection Officer and 24/7 support team are ready to answer any questions about your personal data and privacy rights under Philippine law.