This Privacy Policy explains how d10d collects, processes, stores, shares, and protects your personal data when you use the d10d online gaming platform. It also explains the rights available to you under applicable Philippine data protection law and how to exercise them. Reading this policy carefully before creating or using a d10d account is strongly recommended.
What personal data d10d collects at registration, during gameplay, through payment transactions, and via device and browser signals — and why each category is necessary.
The specific purposes for which d10d processes personal data — including account management, KYC compliance, payment processing, fraud prevention, and responsible gaming enforcement.
The categories of third parties — payment processors, game providers, identity verification services, PAGCOR — with whom d10d may share personal data and under what conditions.
The technical and organisational security measures d10d uses to protect your personal data, including encryption, access controls, and incident response procedures.
d10d's data retention schedule — how long different categories of personal data are kept, why, and when they are deleted or anonymised after account closure.
The rights available to you as a data subject under Republic Act 10173 (Data Privacy Act of 2012) — including access, correction, deletion, and the right to object to processing.
d10d ("we," "us," "our," "d10d") is a PAGCOR-regulated online gaming platform operated at d10d.co and serving Filipino players across the Philippines. As an operator of a regulated gaming platform that collects, processes, and stores personal information in connection with account registration, identity verification, financial transactions, and gameplay, d10d is a Personal Information Controller (PIC) within the meaning of the Data Privacy Act of 2012 (Republic Act 10173, "DPA").
This Privacy Policy describes how d10d handles personal data relating to its registered Players and platform visitors. It covers the categories of personal data collected, the purposes and legal bases for processing, the conditions under which data may be shared with third parties, the security measures in place, data retention periods, and the rights available to data subjects under the DPA.
If you have questions about this policy or wish to exercise your data rights, please contact us through the d10d Help Center. Contact details are provided in Section 14.
The Personal Information Controller responsible for your personal data is d10d, the operator of the d10d gaming platform at d10d.co. d10d is licensed and regulated by the Philippine Amusement and Gaming Corporation (PAGCOR), which itself operates under and exercises authority pursuant to Presidential Decree 1869, as amended.
For purposes of the Data Privacy Act of 2012, d10d's Data Protection Officer (DPO) is contactable through the d10d Help Center. The DPO is responsible for overseeing d10d's data protection compliance, handling data subject requests, and managing the reporting of personal data breaches to the National Privacy Commission (NPC) where required.
When you create a d10d account, we collect the personal information necessary to establish and manage your account, including:
In compliance with PAGCOR licensing requirements and applicable anti-money laundering obligations, d10d collects identity verification documentation before processing withdrawals and in certain other circumstances, including:
In connection with deposits, withdrawals, and betting activity on the d10d Platform, we collect:
When you access d10d through a browser or mobile device, we automatically collect certain technical data, including:
When you contact d10d through the Help Center or any support channel, we retain records of your communications, including the content of messages, timestamps, and the resolution history of your support interactions.
Where you use d10d's responsible gaming tools — including deposit limits, session alerts, loss limits, or self-exclusion — we process the settings you configure, the dates and times those settings were activated, and any associated gameplay restriction records. This data is processed as part of d10d's PAGCOR-mandated responsible gaming obligations.
d10d processes personal data for the following purposes:
Under the Data Privacy Act of 2012, d10d processes personal data on the following legal bases:
d10d does not sell personal data to third parties. We may share personal data with the following categories of recipients in the circumstances described:
GCash (Mynt — Globe Fintech Innovations, Inc.), PayMaya (Voyager Innovations, Inc.), BPI, BDO, and Metrobank receive the transaction data necessary to process your deposits and withdrawals. These providers process data under their own privacy policies and applicable Philippine financial regulations.
d10d uses accredited third-party KYC service providers to verify the identity documents submitted during account verification. These providers process your identification data solely for the purpose of verifying your identity in connection with your d10d account and are contractually bound to appropriate data protection standards.
Where third-party game studios provide games hosted within the d10d lobby, session data necessary for game function and result verification may be transmitted to those providers. This is limited to the minimum data necessary and does not include full identity or financial records.
d10d is required by law and by its PAGCOR license to share information with:
d10d uses third-party service providers for hosting, cloud infrastructure, customer support systems, and security monitoring. These providers access personal data only to the extent necessary to provide their services to d10d and are bound by data processing agreements that require compliance with applicable data protection standards.
d10d's primary operations are based in the Philippines and personal data is processed primarily within the Philippines. Where d10d uses third-party service providers whose infrastructure is located outside the Philippines — including cloud hosting and certain game content providers — personal data may be transferred to and processed in other countries.
Any such transfers are conducted under contractual safeguards consistent with the requirements of the Data Privacy Act of 2012 and NPC issuances on cross-border data flows. d10d takes reasonable steps to ensure that receiving parties maintain data protection standards appropriate to the sensitivity of the personal data transferred.
Where transfers occur to jurisdictions without equivalent data protection frameworks, d10d relies on standard contractual clauses or equivalent contractual protections to safeguard your personal data.
d10d retains personal data for as long as necessary to fulfil the purposes described in this policy, meet legal and regulatory retention obligations, and resolve any disputes or enforce agreements. The following table summarises d10d's key retention periods:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account registration and identity data | Duration of account + 5 years after closure | PAGCOR regulatory requirement; AML obligations |
| KYC verification documents | Duration of account + 5 years after closure | RA 9160 (AMLA) record-keeping requirement |
| Financial transaction records | 10 years from transaction date | AMLA mandatory retention requirement |
| Wagering and game session history | Duration of account + 2 years after closure | PAGCOR audit requirement; dispute resolution |
| Customer support communications | 3 years from last interaction | Complaint management and dispute resolution |
| Device and technical log data | 12 months from collection | Security monitoring and fraud detection |
| Responsible gaming records | Duration of account + 5 years after closure | PAGCOR responsible gaming compliance |
| Marketing consent records | 3 years from last consent or opt-out | Compliance with consent obligations under DPA |
At the end of the applicable retention period, personal data is securely deleted or irreversibly anonymised so that it can no longer be attributed to an identified or identifiable individual.
d10d implements technical and organisational security measures appropriate to the sensitivity of personal data processed on the Platform. These measures include:
d10d uses cookies and similar technologies on its Platform for the following purposes:
Essential cookies are technically necessary for the Platform to function. They include session cookies that maintain your authenticated login session, security cookies that help detect and prevent cross-site request forgery, and load-balancing cookies that ensure consistent Platform performance. These cookies cannot be disabled without impairing Platform functionality.
d10d uses first-party analytics data to understand how Players interact with the Platform — which game categories are most used, where Players experience difficulties, and how Platform performance can be improved. Analytics data is aggregated and does not identify individual Players for external reporting purposes.
Functional cookies remember your preferences — such as your preferred game lobby view or language setting — to provide a personalised experience across sessions.
You can manage or delete cookies through your browser settings. Disabling essential cookies will impair your ability to log in and use the Platform. Instructions for managing cookies are available through your browser's help documentation. d10d does not respond to "Do Not Track" browser signals.
As a data subject under Republic Act 10173, you have the following rights in relation to the personal data d10d holds about you. To exercise any of these rights, please contact d10d through the Help Center.
The right to be informed about how your personal data is collected and processed — which this Privacy Policy fulfils.
The right to request a copy of the personal data d10d holds about you and information about how it is processed.
The right to request correction of inaccurate or incomplete personal data held by d10d. Some corrections require re-verification.
The right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.
The right to object to processing based on legitimate interests, including direct marketing. Where processing is required by law or contract, objection may not be possible.
The right to request that d10d restricts processing of your data in certain circumstances, for example while an accuracy dispute is being resolved.
The right to receive your personal data in a structured, machine-readable format and to have it transmitted to another controller where technically feasible.
The right to lodge a complaint with the National Privacy Commission (NPC) at privacy.gov.ph if you believe d10d has not handled your personal data lawfully.
d10d is an online gaming platform subject to PAGCOR regulation. The minimum age requirement to use d10d is 21 years. d10d does not knowingly collect personal data from persons under the age of 21. Registration requires age verification through the KYC process, and accounts found to belong to underage individuals are closed immediately.
d10d may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal obligations, or Platform features. When we make material changes, we will notify registered Players by email and/or by displaying a notice on the Platform.
The effective date at the top of this document reflects the date of the most recent revision. We encourage you to review this Privacy Policy periodically. The current version is always available at d10d.co/privacy-policy. Continued use of the Platform after the effective date of an updated policy constitutes acceptance of the revised terms.
For questions about this Privacy Policy, to exercise your data subject rights, or to report a concern about d10d's data handling practices, please contact d10d's Data Protection Officer through the Help Center available within your d10d account.
If you are not satisfied with d10d's response to your complaint or data subject request, you have the right to escalate your complaint to the National Privacy Commission (NPC) of the Philippines. The NPC is the supervisory authority responsible for enforcing the Data Privacy Act of 2012 and can be reached through its official channels.
PAGCOR-regulated, DPA-compliant, and built to protect both your winnings and your personal information. That's the d10d difference for Filipino players.