jillss Casino — Privacy Policy

In this Privacy Policy, "jillss," "we," "us," and "our" refer to the operator of the online gaming platform accessible at jillss.app and all associated subdomains and services operating under the jillss brand in the Philippines.

jillss acts as the Personal Information Controller (PIC) for the personal data collected and processed through the Platform, as that term is defined under Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations.

As a licensed online gaming operator subject to PAGCOR oversight, jillss has designated a Data Protection Officer (DPO) responsible for ensuring compliance with the Data Privacy Act and for handling data subject requests and inquiries. Contact details for the DPO are provided in Section 15 of this Policy.

This Privacy Policy applies to all personal data collected, used, stored, and processed by jillss in connection with:

• Account registration and identity verification (KYC);
• Use of the jillss Platform, including all games, payment features, and support channels;
• Participation in jillss promotions, bonuses, and loyalty programmes;
• Communications between you and jillss, including live chat, email, and SMS;
• Visits to the jillss website, including pages visited without a registered account.

This Policy applies to all individuals who interact with jillss, whether or not they hold a registered account. If you are a visitor to the Platform who has not registered, the sections covering cookies, analytics, and website data collection are relevant to you.

This Policy does not apply to third-party websites or services linked to or from the jillss Platform. jillss is not responsible for the privacy practices of third-party game providers, payment processors, or other external services. We encourage you to review the privacy policies of any third party whose services you use.

jillss collects the following categories of personal data from players and Platform visitors:

3.1 Identity & Contact Data

• Full legal name as it appears on your government-issued identification;
• Date of birth (to verify the 21+ age requirement);
• Philippine mobile number (primary account identifier and OTP delivery);
• Email address (if provided during registration or support contact);
• Residential address (required for KYC at the withdrawal verification stage);
• Government-issued ID details: PhilSys, Driver's License, Passport, UMID, or equivalent.

3.2 Financial Data

• GCash account reference (mobile number associated with your GCash wallet);
• Maya, BDO, BPI, UnionBank, Metrobank, or other payment account details as applicable to your chosen deposit and withdrawal methods;
• Transaction history: deposit amounts, withdrawal amounts, dates, and reference numbers;
• USDT TRC20 wallet address, where used for transactions.

jillss does not collect or store full debit/credit card numbers. All card transactions, where applicable, are processed exclusively by certified third-party payment processors operating PCI-DSS compliant infrastructure.

3.3 Gaming Activity Data

• Game sessions: titles played, bet amounts, win/loss outcomes, session duration;
• Sports betting history: markets wagered, bet amounts, outcomes;
• Bonus and promotion history: bonuses claimed, wagering progress, bonus outcomes;
• Responsible gaming tool activations: deposit limits set, self-exclusion requests.

3.4 Technical & Usage Data

• IP address and approximate geographic location derived from IP;
• Device type, operating system, browser type, and version;
• Pages visited on the Platform, time spent, navigation paths;
• Login timestamps, session durations, and logout events;
• Cookies and similar tracking technologies (see Section 8).

3.5 Communications Data

• Contents of live chat conversations with jillss support;
• Email and SMS content where you initiate contact with jillss;
• Records of your preferences regarding marketing communications.

jillss collects your personal data through the following channels:

• Directly from you: When you register an account, complete KYC verification, make a deposit, request a withdrawal, contact support, or participate in a promotion;
• Automatically through Platform use: Technical and usage data is collected automatically when you access the Platform, via server logs, cookies, and analytics tools (see Section 8);
• From payment service providers: When you initiate a deposit or withdrawal, your payment provider transmits transaction confirmation data to jillss to allow processing;
• From identity verification services: During KYC, jillss may use third-party verification services to cross-check the identity documents you submit. These services return a verification status result to jillss;
• From fraud prevention and risk monitoring tools: jillss uses fraud detection services that may flag account behaviour patterns against known risk indicators. These services process device fingerprints, IP reputation data, and behavioural signals.

jillss processes your personal data for the following purposes:

Under the Data Privacy Act of 2012, jillss processes your personal data on the following legal bases:

• Contract Performance: Processing is necessary to perform the contract between you and jillss — i.e., to operate your account, enable gameplay, and process your transactions. Without this processing, jillss cannot provide the Platform to you.
• Legal Obligation: Processing is required for jillss to comply with applicable legal and regulatory obligations, including PAGCOR licensing requirements, AMLA obligations, and the mandatory 21+ age verification requirement.
• Legitimate Interests: Processing is necessary for jillss's legitimate business interests, including fraud prevention, security monitoring, Platform improvement, and responsible gaming programme management — provided those interests are not overridden by your fundamental rights and freedoms.
• Consent: For marketing communications and certain optional Platform features, processing is based on your freely given, specific, informed, and unambiguous consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Where processing is based on legitimate interests, jillss has conducted a balancing assessment to confirm that its legitimate interests are not outweighed by your privacy rights. Records of these assessments are maintained by the jillss DPO and are available upon written request.

jillss does not sell your personal data to third parties. Data is shared only in the following circumstances and only to the extent necessary for each purpose:

• Payment Service Providers: GCash (GXI / Globe Fintech), Maya (Voyager Innovations), BDO, BPI, UnionBank, Metrobank, 7-Eleven Cliqq, and Coins.ph receive the transaction data necessary to process your deposit or withdrawal. Each provider operates under its own privacy policy and regulatory obligations.
• Game Providers: JILI Gaming, PG Soft, Pragmatic Play, and other game providers contracted by jillss receive session identifiers and bet data necessary to operate game rounds. Game providers do not receive your full identity information.
• Identity Verification Services: KYC verification providers receive copies of identity documents you submit for verification purposes only. Verification providers are prohibited by contract from retaining your documents beyond the period required to complete verification.
• Fraud Prevention & Security Services: Device fingerprint data, IP addresses, and behavioural signals may be shared with fraud detection service providers to identify and mitigate account fraud and money laundering risks.
• Regulatory Authorities: jillss is required by law to provide information to PAGCOR, the Anti-Money Laundering Council (AMLC), and other Philippine government agencies upon lawful request or as required by applicable reporting obligations. jillss will not notify you of such disclosures where prohibited from doing so by law.
• Professional Advisers: jillss's legal, audit, and compliance advisers may access personal data in the course of providing professional services, subject to professional privilege and confidentiality obligations.
• Business Transfers: In the event of a merger, acquisition, or asset sale involving jillss, your personal data may be transferred to the acquiring entity. You will be notified of any such transfer and of any material change to how your data will be processed.

All third parties with whom jillss shares personal data are required to maintain appropriate technical and organisational safeguards and to process data only for the specified purposes set out in their data processing agreements with jillss.

jillss uses cookies and similar tracking technologies to operate and improve the Platform. A cookie is a small text file stored on your device by your browser when you visit a website. Cookies allow jillss to remember your session, preferences, and certain security settings.

jillss uses the following categories of cookies:

• Strictly Necessary Cookies: Required for the Platform to function. These include session authentication cookies that keep you logged in to your jillss account. Strictly necessary cookies cannot be disabled without breaking core Platform functionality.
• Functional Cookies: Store your preferences such as display settings and game lobby filters. These are not strictly required but improve your experience.
• Analytics Cookies: jillss uses analytics tools to understand how players interact with the Platform — which pages are visited most, where users encounter difficulties, and how navigation can be improved. Analytics data is processed in aggregated, anonymised form where possible.
• Security Cookies: Support fraud detection by identifying unusual access patterns, detecting automated login attempts, and flagging devices associated with known fraudulent activity.

You may manage your cookie preferences through your browser settings. Note that disabling cookies other than strictly necessary ones may affect Platform functionality. Disabling strictly necessary cookies will prevent you from logging in to your jillss account.

jillss retains your personal data for as long as necessary to fulfil the purposes for which it was collected, to comply with applicable legal and regulatory obligations, and to resolve disputes. The following retention periods apply:

Upon expiry of the applicable retention period, jillss will securely delete or anonymise your personal data. Where data must be retained due to an unresolved legal dispute or regulatory investigation, it will be retained until final resolution and then deleted in accordance with the applicable period.

jillss implements a multi-layered technical and organisational security programme to protect your personal data against unauthorised access, loss, alteration, and disclosure. Our security measures include:

• Encryption: 256-bit SSL/TLS encryption for all data in transit; AES-256 encryption for sensitive data fields stored in our databases;
• Access Controls: Role-based access controls limiting employee access to personal data to those with a legitimate need for each category of data;
• Authentication: Multi-factor authentication requirements for jillss staff accessing internal systems containing player data;
• Infrastructure Security: Platform hosted on cloud infrastructure with ISO 27001-certified data centres, firewall protection, intrusion detection systems, and regular penetration testing;
• Vulnerability Management: Regular security assessments, patch management processes, and third-party security audits;
• Incident Response: A documented data breach response plan with defined escalation procedures and NPC notification processes;
• Staff Training: All jillss personnel who handle personal data undergo data protection training and are bound by confidentiality obligations.

While jillss employs industry-standard security measures, no system connected to the internet can be guaranteed to be completely secure. You also have a role to play in protecting your data — specifically by keeping your account credentials secure and not sharing them with others. Refer to the account security guidance in the jillss Terms & Conditions for detailed recommendations.

Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data processed by jillss:

• Right to be Informed: The right to know that your personal data is being processed and the details of such processing — satisfied by this Privacy Policy.
• Right of Access: The right to obtain confirmation of whether jillss processes your personal data and, if so, to receive a copy of the data being processed, together with information about the purposes, categories, and recipients.
• Right to Rectification: The right to have inaccurate or incomplete personal data corrected without undue delay. You may update certain account details directly in your account settings; other corrections require submission of supporting documentation to jillss support.
• Right to Erasure: The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis for processing. Note that this right is subject to jillss's legal retention obligations — we cannot delete data required by AMLA or PAGCOR record-keeping rules before the applicable retention period expires.
• Right to Restriction of Processing: The right to request that jillss limit its processing of your data in certain circumstances — for example, while you contest the accuracy of the data or where processing is unlawful but you prefer restriction over erasure.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used, machine-readable format and to have that data transmitted to another controller where technically feasible.
• Right to Object: The right to object to processing based on legitimate interests, including profiling. jillss will cease such processing unless it can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, submit a written request to jillss support via live chat or email (see Section 15). jillss will verify your identity before processing any data subject request and will respond within 15 business days, or within the timeframe required by applicable law if shorter.

The jillss Platform is strictly for persons who are 21 years of age or older. jillss does not knowingly collect personal data from any person under the age of 21. The 21+ age requirement is enforced through mandatory age verification during the KYC process, which must be completed before any withdrawal is processed.

If jillss discovers that personal data has been collected from a person under 21 years of age, the account will be immediately suspended, all associated funds will be withheld pending regulatory review, and the data will be deleted to the extent not required to be retained for regulatory compliance purposes.

If you are a parent or guardian and believe a person under 21 in your care has registered with jillss, please contact us immediately via live chat or email so that we can take appropriate action.

Some of jillss's service providers — including game providers and infrastructure partners — may be located outside the Philippines or may process data on servers located outside Philippine territory. Where personal data is transferred outside the Philippines, jillss ensures that appropriate safeguards are in place to protect your data to a standard equivalent to that required by the Data Privacy Act.

Safeguards for cross-border transfers include:

• Data Processing Agreements with contractual clauses requiring recipient parties to maintain DPA-equivalent data protection standards;
• Transfers only to jurisdictions assessed to provide an adequate level of data protection, or with specific safeguards applied where adequacy cannot be assumed;
• Technical security measures (encryption, access controls) applied to data regardless of where it is processed.

By using the jillss Platform, you acknowledge that your data may be processed in jurisdictions outside the Philippines, subject to the safeguards described above.

jillss may update this Privacy Policy from time to time to reflect changes in applicable law, regulatory requirements, Platform features, or our data processing practices. The effective date and last updated date at the top of this Policy will be revised whenever a new version is published.

Where changes are material — meaning they substantively alter your rights or how jillss processes your data — jillss will provide advance notice of no less than 14 days by displaying a prominent notice on the Platform or by notifying you via your registered contact details, consistent with the amendment procedure described in the jillss Terms & Conditions.

Continued use of the jillss Platform following the effective date of any revised Privacy Policy constitutes your acceptance of the revised Policy. If you do not accept the revised Policy, you must cease using the Platform and may request account closure.

For all privacy-related enquiries, data subject rights requests, or concerns about how jillss processes your personal data, please contact our Data Protection Officer through the following channels:

• Live Chat: Available 24/7 via the jillss Platform. Reference "Privacy / DPO Request" at the start of your message so your query is directed to the appropriate team.
• Email: [email protected] (plain text — not a clickable link). Please include "Data Privacy Request" in the subject line. Responses to email privacy requests are provided within 3–5 business days for acknowledgement and within 15 business days for substantive response.

If you are not satisfied with jillss's response to your privacy concern, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines, the regulatory authority responsible for enforcing the Data Privacy Act of 2012. Information on how to file a complaint with the NPC is available through official Philippine government channels.