croyale is committed to protecting the personal information of every Filipino player who uses our platform. This Privacy Policy explains exactly what data we collect, why we collect it, how it is stored and secured, and the rights you hold over your own information under Philippine law.
Your Privacy Matters: By registering a croyale account or continuing to use croyale.club, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein. croyale processes personal data in compliance with Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines, and its implementing rules and regulations. If you do not agree to this policy, please do not access or use the croyale platform.
These six commitments summarize croyale's approach to data privacy. The full legal provisions follow in the sections below. Summaries do not replace the binding policy text.
croyale collects only the personal information that is strictly necessary for account operation, KYC compliance, payment processing, and regulatory reporting. We do not collect data for its own sake.
All personal data transmitted between your device and croyale's servers — including login credentials, payment details, and KYC documents — is protected by 256-bit SSL encryption during transit.
croyale does not sell, rent, or commercially transfer your personal data to third parties for their own marketing or commercial purposes. Your information is never a product at croyale.
As a Philippine data subject, you have the right to access, correct, object to, erase, and port your personal data. croyale provides a clear process for exercising each of these rights, detailed in this policy.
croyale does not hold your personal data indefinitely. Retention periods are determined by legal and regulatory obligations, operational necessity, and your account status. Data no longer needed is securely deleted.
In the event of a personal data breach that poses a risk to your rights and freedoms, croyale will notify affected players and the National Privacy Commission of the Philippines within the timeframes prescribed by law.
For the purposes of this Privacy Policy, the following terms carry the meanings assigned below:
2.1 croyale acts as the Data Controller for all personal data collected from Players through the croyale.club platform. As Data Controller, croyale determines the purposes for which and the means by which personal data is processed.
2.2 croyale has appointed a Data Protection Officer (DPO) as required under RA 10173. The DPO is responsible for overseeing croyale's compliance with the Data Privacy Act and may be contacted using the details provided in Section 16 of this policy.
2.3 Where croyale engages third-party service providers who process personal data on its behalf — including payment processors, game platform providers, and cloud infrastructure services — those providers act as Data Processors under written data processing agreements that bind them to data protection standards consistent with this policy and applicable Philippine law.
3.1 The categories of personal data collected by croyale and the contexts in which they are gathered are described in the table below. croyale collects only what is necessary for the stated purposes.
| Category | Data Elements | When Collected |
|---|---|---|
| Registration Data | Full legal name, date of birth, Philippine mobile number, email address, residential address, nationality | Account registration |
| Identity / KYC Documents | Government-issued Philippine ID (PhilSys, passport, driver's licence, UMID, SSS, TIN), ID number, selfie or live photo for liveness check | KYC verification before first withdrawal |
| Financial Data | GCash number, Maya account number, bank account details (BSP-accredited banks), transaction history, deposit and withdrawal records | Payment processing; ongoing account operation |
| Gaming Activity Data | Game session logs, bet amounts, game outcomes, session durations, bonus usage, responsible gaming limit settings | Continuously during active platform use |
| Technical / Device Data | IP address, device type and model, operating system, browser type and version, mobile network operator (Globe, Smart, DITO), session timestamps | Automatically upon platform access |
| Communications Data | Live chat transcripts, support ticket content, email correspondence, player-submitted feedback | When you contact croyale support |
| Marketing Preferences | Communication opt-in/opt-out status, preferred notification channels (SMS, email, push), promotional interaction history | Registration and ongoing account settings |
3.2 croyale does not collect sensitive personal information beyond what is strictly required for KYC document verification and regulatory compliance. Government-issued ID numbers are stored in encrypted format and are not used for any purpose other than identity verification and regulatory reporting.
4.1 Directly from you — when you register an account, complete the KYC process, make a deposit or withdrawal, contact customer support, respond to a promotion, or update your account settings.
4.2 Automatically — through the croyale platform itself as you navigate the site, play games, or conduct transactions. This includes server logs, session management systems, and analytics tools that record technical interaction data.
4.3 From payment providers — when you initiate a deposit or withdrawal via GCash, Maya, BPI, BDO, or another supported payment channel, that provider may share transaction reference data with croyale to confirm the status and legitimacy of the transaction.
4.4 From identity verification services — where croyale uses third-party KYC technology providers to assist with the liveness check and document authentication steps of the verification process. These providers process your ID documents under data processing agreements with croyale.
4.5 From regulatory authorities — croyale may receive information from PAGCOR, the Anti-Money Laundering Council (AMLC), or other Philippine government bodies in connection with regulatory compliance, investigations, or mandatory reporting obligations.
5.1 croyale processes your personal data on the following legal bases as recognized under RA 10173 and its implementing rules:
6.1 croyale uses the personal data it collects for the following specific purposes:
7.1 croyale does not sell your personal data. We share your data only as described in this section, and only to the extent necessary for the stated purpose.
7.2 Payment Processors. To process deposits and withdrawals, croyale shares necessary transaction data with your chosen payment provider — for example, your GCash registered mobile number or your bank account details with your BSP-accredited bank. These providers process your data as independent controllers subject to their own privacy policies and BSP regulatory requirements.
7.3 KYC and Identity Verification Providers. croyale may use third-party identity verification platforms to assist with document authentication and liveness detection as part of the KYC process. These providers act as data processors under written agreements with croyale and are not permitted to use your KYC data for their own commercial purposes.
7.4 Regulatory and Law Enforcement Authorities. croyale is obligated to disclose personal data to PAGCOR, AMLC, the National Privacy Commission, and other competent Philippine government bodies when required by law, court order, or regulatory directive. croyale will notify you of such disclosure where legally permitted to do so.
7.5 Cloud Infrastructure and Platform Technology Providers. croyale uses cloud infrastructure and gaming technology providers whose services involve the storage and processing of player data. These providers operate as data processors under contractual safeguards and are bound to process data only on croyale's documented instructions.
7.6 Professional Advisers. croyale may share personal data with legal counsel, auditors, and compliance consultants in connection with legitimate legal, regulatory, and audit matters, subject to professional confidentiality obligations.
7.7 Business Transfers. In the event of a merger, acquisition, or transfer of croyale's business assets, personal data held by croyale may be transferred to the acquiring entity, subject to equivalent data protection commitments. croyale will notify affected players of any such transfer in advance where feasible.
8.1 croyale uses cookies and similar tracking technologies on the croyale.club website to enable platform functionality, maintain login sessions, detect fraud, and analyse aggregated usage patterns.
8.2 The following categories of cookies may be placed on your device when you visit croyale.club:
8.3 You may manage non-essential cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the croyale platform. croyale does not use third-party advertising cookies or tracking pixels for the purpose of serving targeted advertisements on other websites.
9.1 croyale retains personal data for as long as is necessary to fulfil the purpose for which it was collected, subject to applicable legal and regulatory minimum retention periods.
9.2 The following retention schedule applies to the principal categories of personal data held by croyale:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration data | Duration of account + 5 years after closure | PAGCOR regulatory requirement; AML Act |
| KYC / identity documents | Duration of account + 5 years after closure | Anti-Money Laundering Act (RA 9160, as amended) |
| Financial transaction records | 10 years from transaction date | AMLC regulatory requirement |
| Gaming activity logs | Duration of account + 3 years after closure | PAGCOR audit requirements; responsible gaming monitoring |
| Customer support records | 3 years from interaction date | Dispute resolution; service improvement |
| Marketing consent records | 3 years from last interaction or withdrawal of consent | NPC compliance; legal protection |
| Technical / device logs | 12 months from collection | Security monitoring; fraud prevention |
9.3 At the end of the applicable retention period, personal data is securely deleted or anonymised using industry-standard deletion methods. Data that has been fully anonymised — such that no individual can be identified from it — may be retained for statistical and analytical purposes without time limit.
10.1 croyale implements a layered set of technical and organisational security measures designed to protect your personal data from unauthorised access, disclosure, alteration, destruction, or loss. These measures include:
10.2 Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure. croyale cannot guarantee the absolute security of data transmitted over the internet and shall not be liable for breaches attributable to circumstances outside its direct control, provided that croyale has implemented the security measures described above.
10.3 You are responsible for maintaining the security of your croyale account credentials. croyale will never ask for your password in an unsolicited communication. If you suspect your account has been compromised, contact croyale support immediately via live chat at croyale.club.
11.1 Under Republic Act No. 10173 (Data Privacy Act of 2012) and its implementing rules and regulations, you have the following rights in relation to your personal data held by croyale:
You may request a copy of the personal data croyale holds about you and information about how it is processed. croyale will respond within 30 days of receiving a verifiable request.
You may request correction of inaccurate or incomplete personal data held about you. Where data accuracy affects your account or payments, croyale will prioritize the correction.
You may request deletion of your personal data where it is no longer necessary for the purpose collected, subject to our legal retention obligations under PAGCOR and AML regulations.
You may object to the processing of your personal data for direct marketing purposes at any time. You may also object to processing based on legitimate interests by contacting the croyale DPO.
You may request your personal data in a structured, commonly used, machine-readable format to be transmitted to yourself or another service provider where technically feasible.
If you believe croyale has violated your data privacy rights, you may lodge a complaint with the National Privacy Commission of the Philippines (privacy.gov.ph).
11.2 To exercise any of the rights described above, please contact croyale's Data Protection Officer using the details in Section 16. croyale will verify your identity before processing any data rights request to prevent unauthorized disclosure. Requests will be responded to within thirty (30) calendar days, or within such shorter period as may be mandated by NPC regulations. Where a request is complex or numerous, croyale may extend this period by a further thirty (30) days with written notice to you.
11.3 Exercising your right to erasure or portability does not affect the lawfulness of processing carried out before the request was made, and does not override croyale's legal obligations to retain data under PAGCOR licensing, the Anti-Money Laundering Act, or other applicable Philippine law.
12.1 croyale is a real-money gaming platform strictly restricted to individuals who are twenty-one (21) years of age or older. croyale does not knowingly collect personal data from any individual under 21 years of age.
12.2 Age verification is performed as part of the registration process, and identity verification through the KYC process confirms date of birth before any withdrawal is approved. Where croyale discovers that an account has been registered by a person under 21, the account will be closed immediately, all real-money balances will be returned, and the matter may be referred to PAGCOR.
12.3 If you are a parent or guardian and believe that a minor has registered a croyale account using false information, please contact croyale support immediately via live chat so that the account can be reviewed and closed without delay.
13.1 croyale may transfer your personal data to service providers or infrastructure systems located outside the Philippines where necessary for the operation of the platform, including cloud hosting, game platform provision, and technical support services.
13.2 Where personal data is transferred outside the Philippines, croyale ensures that appropriate safeguards are in place to protect the data to a standard at least equivalent to that required under RA 10173. These safeguards include contractual data processing agreements incorporating standard data protection clauses approved by the NPC or equivalent regulatory bodies in the recipient jurisdiction.
13.3 By registering a croyale account and accepting this Privacy Policy, you consent to the cross-border transfer of your personal data as described in this section, subject to the safeguards described above.
14.1 croyale maintains a documented incident response plan specifically addressing personal data breaches. In the event of a breach that is likely to give rise to a real risk of serious harm to affected players, croyale will:
14.2 Where notification to affected players would involve disproportionate effort due to the scale of the breach, croyale will instead publish a prominent public notice on croyale.club and through other appropriate channels, as permitted under NPC regulations.
14.3 Breaches that are determined to present a low risk to the rights and freedoms of data subjects, or that are contained before significant harm can occur, will be documented internally but may not require individual notification, in accordance with the thresholds set out in NPC Circular No. 16-03.
15.1 croyale reserves the right to update or amend this Privacy Policy at any time to reflect changes in applicable law, regulatory requirements, croyale's data processing practices, or platform functionality. The effective date at the top of this policy will be updated whenever a substantive amendment is made.
15.2 Material amendments — those that significantly affect how croyale processes your personal data or the rights available to you — will be communicated to registered players via email to their registered address or through a prominent notice on the croyale platform at least fourteen (14) days before the amendment takes effect.
15.3 Your continued use of the croyale platform after the effective date of any amendment constitutes acknowledgement of the updated Privacy Policy. If you do not accept the amended policy, you may close your account as provided in the croyale Terms & Conditions.
15.4 The current version of this Privacy Policy is always available on croyale.club. You are encouraged to review it periodically. For significant changes, version history summaries will be provided at the end of this document where feasible.
16.1 For all data privacy inquiries, requests to exercise your data subject rights, or to contact croyale's Data Protection Officer, please use the following channels:
16.2 croyale aims to respond to all data subject requests within thirty (30) calendar days. For complex requests, or where identity verification requires additional steps, croyale will acknowledge receipt within five (5) business days and advise on the expected timeline for full resolution.
16.3 If you are dissatisfied with croyale's response to a data privacy concern, you have the right to lodge a formal complaint with the National Privacy Commission of the Philippines. Information about the NPC complaints process is available through the NPC's official channels.
croyale is built on the principles of transparency, security, and respect for your personal data. Join over a million Filipino players who trust croyale for fair gaming, fast GCash cashouts, and a platform that takes your privacy seriously.
21+ only · PAGCOR regulated · RA 10173 compliant · Gambling involves risk