Effective date: June 2026 | Jurisdiction: Republic of the Philippines
This Privacy Policy explains how sj77 ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the sj77 platform at sj77.org. sj77 is committed to full compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations. Please read this policy carefully before creating an sj77 account or submitting any personal information.
Six principles that guide how sj77 handles your personal data. These are commitments, not just statements.
sj77's data handling practices are designed and maintained in compliance with the Philippine Data Privacy Act of 2012. Your rights as a data subject under Philippine law are fully recognised and honoured by sj77.
sj77 collects only the personal data that is necessary for the specific purposes identified in this policy. We do not collect data speculatively or in excess of what our operational and regulatory requirements demand.
sj77 does not sell, rent, or trade your personal data to third parties for their independent marketing or commercial purposes. Data sharing with third parties is limited to what is necessary for platform operations, as described in Section 5 of this policy.
Personal data stored on sj77 systems is protected using encryption at rest. Passwords are hashed using one-way cryptographic functions — sj77 staff cannot access your actual password. Data in transit is protected by TLS/SSL encryption.
Your rights to access, correct, delete, and object to processing of your personal data are genuine and actionable through sj77's data subject request process — not merely stated obligations. Response timelines and procedures are detailed in Section 8.
sj77 does not retain personal data indefinitely. Retention periods are defined for each data category based on operational necessity and regulatory requirements, particularly PAGCOR and Philippine AMLA obligations. Data beyond its retention period is securely deleted or anonymised.
1.1 Identity of Controller. The data controller responsible for your personal data collected through sj77.org is the sj77 platform operator, operating under PAGCOR regulation in the Republic of the Philippines. sj77 operates the gaming platform at sj77.org and is responsible for determining the purposes and means of processing your personal data in connection with that platform.
1.2 Contact for Privacy Matters. For all data privacy inquiries, data subject access requests, and privacy-related complaints, you may contact sj77's data privacy team via the contact email address listed in the footer of sj77.org. sj77 commits to acknowledging all data privacy inquiries within five (5) business days of receipt.
sj77 has designated a Data Privacy Officer (DPO) in compliance with the requirements of the National Privacy Commission (NPC). The DPO is responsible for overseeing sj77's compliance with RA 10173 and serves as the primary point of contact for data subjects and regulatory authorities on privacy matters.
2.1 Registration Data. When you create an sj77 account, we collect: full legal name, date of birth, Philippine mobile number, email address, and a chosen username. This data is required to create and operate your account.
2.2 KYC and Identity Verification Data. To comply with PAGCOR regulations and Philippine anti-money laundering law (Republic Act No. 9160, as amended), sj77 collects identity document information for account verification. This includes: government-issued photo ID details (name, ID number, expiry date, issuing authority), selfie photograph for liveness verification, and where required, proof of address documentation.
2.3 Financial Data. When you make deposits or withdrawals, sj77 collects transaction data including: payment method details (e.g. GCash mobile number, Maya account reference, bank account number for BPI/BDO/UnionBank withdrawals), transaction amounts, timestamps, and transaction reference numbers. sj77 does not store full payment credentials — payment processing is handled by regulated payment service providers.
2.4 Gaming Activity Data. sj77 records all gaming activity on your account, including: games played, bet amounts, game outcomes, session durations, and bonus participation history. This data is required for regulatory compliance, dispute resolution, and responsible gaming monitoring.
2.5 Technical and Device Data. sj77 automatically collects technical data when you access the platform: IP address, device type, operating system, browser type and version, screen resolution, and session timestamps. This data is used for security monitoring, fraud prevention, and platform performance optimisation.
2.6 Communications Data. Records of communications between you and sj77 support — including live chat transcripts, support ticket content, and email correspondence — are retained for service quality assurance and dispute resolution purposes.
sj77 collects personal data through the following means:
sj77 processes your personal data only for specific, legitimate purposes. The following table outlines the primary purposes and the applicable legal basis under RA 10173:
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Performance of contract (account agreement with you) |
| Processing deposits and withdrawals | Performance of contract; compliance with PAGCOR and BSP requirements |
| KYC identity verification | Legal obligation (PAGCOR regulations; RA 9160 AMLA) |
| Responsible gaming monitoring and interventions | Legal obligation (PAGCOR responsible gaming framework); legitimate interest |
| Fraud detection and security monitoring | Legitimate interest in platform security and protection of all players |
| Customer support and dispute resolution | Performance of contract; legitimate interest |
| Marketing communications (where opted in) | Consent (you may withdraw consent at any time) |
| Regulatory reporting to PAGCOR and other authorities | Legal obligation |
| Platform analytics and performance improvement | Legitimate interest |
5.1 Service Providers. sj77 engages third-party service providers who process personal data on sj77's behalf and under sj77's instructions. These include payment processing partners (GCash/Maya/bank partners), KYC verification services, fraud detection providers, cloud infrastructure providers, and customer support platform vendors. All third-party processors are bound by data processing agreements that require them to protect your data in accordance with RA 10173 standards.
5.2 Regulatory Authorities. sj77 is required to share certain player data with PAGCOR and other Philippine regulatory authorities — including the Anti-Money Laundering Council (AMLC) — in the course of regulatory compliance, audits, and legally mandated reporting. sj77 will comply with lawful data requests from Philippine authorities.
5.3 Law Enforcement. sj77 may disclose personal data to Philippine law enforcement agencies where required by a valid court order, subpoena, or other lawful legal process, or where disclosure is necessary to prevent or detect crime.
5.4 No Sale of Data. sj77 does not sell, rent, trade, or otherwise transfer your personal data to third parties for their own independent commercial or marketing purposes. This prohibition applies regardless of commercial value and is a core principle of sj77's data governance policy.
6.1 General Principle. sj77 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable Philippine law and PAGCOR regulations.
6.2 Retention Periods. The following retention periods apply:
6.3 Secure Disposal. Upon expiry of applicable retention periods, personal data is securely deleted or anonymised using industry-standard methods that prevent reconstruction of the original data.
7.1 Technical Measures. sj77 implements technical security measures proportionate to the sensitivity of the personal data we process. These include: TLS/SSL encryption for all data in transit; AES encryption for personal data at rest; one-way cryptographic hashing for passwords; access controls and role-based permissions restricting staff access to personal data on a need-to-know basis; and regular security assessments of the sj77 platform.
7.2 Organisational Measures. sj77 staff who handle personal data are subject to confidentiality obligations and data privacy training. Access to sensitive personal data is logged and monitored. sj77 maintains internal data privacy policies and procedures aligned with NPC guidelines.
7.3 Data Breach Response. In the event of a personal data breach that is likely to result in harm to affected individuals, sj77 will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, in accordance with NPC Circular 16-03. Affected data subjects will be notified in accordance with NPC requirements.
As a data subject under RA 10173, you have the following rights with respect to your personal data held by sj77. You may exercise these rights by submitting a request to sj77's data privacy team via the contact email on this site.
| Right | Description |
|---|---|
| Right to Access | Request a copy of the personal data sj77 holds about you and information about how it is processed. |
| Right to Rectification | Request correction of inaccurate or incomplete personal data held by sj77. |
| Right to Erasure | Request deletion of personal data that is no longer necessary for the purposes for which it was collected, subject to applicable legal retention obligations. |
| Right to Object | Object to processing of your personal data for direct marketing purposes. You may also object to processing based on legitimate interest grounds where sj77 cannot demonstrate compelling legitimate grounds that override your interests. |
| Right to Data Portability | Receive your personal data in a structured, commonly used, machine-readable format, where technically feasible. |
| Right to Lodge a Complaint | Lodge a complaint with the National Privacy Commission (NPC) if you believe sj77 has processed your personal data in breach of RA 10173. |
Response Timeline. sj77 will acknowledge data subject requests within five (5) business days and provide a substantive response within fifteen (15) business days of receiving all information required to process the request. Complex requests may require additional time, in which case sj77 will notify you of the extended timeline.
9.1 What We Use. sj77 uses cookies and similar tracking technologies to operate the platform, maintain session security, and analyse platform usage. The following categories of cookies are used:
9.2 Managing Cookies. You can control non-essential cookies through your browser settings. Note that disabling certain cookies may affect platform functionality. Strictly necessary and fraud detection cookies cannot be disabled without impacting your ability to use sj77.
10.1 Age Restriction. sj77 does not knowingly collect personal data from individuals under the age of 21. Real-money gaming on sj77 is strictly prohibited for individuals under 21 years of age, as required by PAGCOR regulations.
10.2 Discovery of Underage Accounts. If sj77 discovers or is notified that personal data has been collected from an individual under 21, sj77 will immediately suspend the relevant account and take steps to delete the associated personal data, subject to any overriding regulatory obligations requiring retention.
10.3 Parental Notification. If you believe your child under 21 has created an sj77 account, please contact sj77's data privacy team immediately with supporting information so that the account can be investigated and closed.
11.1 Transfer Circumstances. In certain circumstances, sj77 may transfer personal data to service providers or systems located outside the Philippines — for example, cloud infrastructure providers whose servers are located in other jurisdictions.
11.2 Safeguards. Where personal data is transferred outside the Philippines, sj77 ensures that appropriate safeguards are in place in accordance with NPC guidelines, including contractual data protection obligations binding the recipient to standards equivalent to RA 10173. sj77 does not transfer personal data to jurisdictions that the NPC has identified as providing inadequate data protection without implementing appropriate supplementary safeguards.
12.1 Right to Update. sj77 may update this Privacy Policy from time to time to reflect changes in our data practices, platform functionality, or applicable law. When material changes are made, sj77 will notify registered account holders via the email address or mobile number associated with their account, and the updated policy will be published at sj77.org/privacy-policy with a revised effective date.
12.2 Continued Use. Your continued use of the sj77 platform after an updated Privacy Policy takes effect constitutes your acknowledgment of the updated policy. If you object to the updated policy, you may request account closure as described in the sj77 Terms & Conditions.
13.1 Privacy Inquiries. For any questions, concerns, or requests relating to this Privacy Policy or sj77's handling of your personal data, please contact sj77's data privacy team using the contact email published on sj77.org. Please include "Privacy Request" in your message subject and provide sufficient detail to allow sj77 to identify your account and respond to your inquiry accurately.
13.2 NPC Complaints. If you believe sj77 has breached your data privacy rights under RA 10173 and your complaint has not been resolved through sj77's internal process, you have the right to lodge a formal complaint with the National Privacy Commission of the Philippines. The NPC's contact information and complaint procedures are available through official Philippine government channels.
sj77 is committed to handling your personal data responsibly and transparently. Review our full Terms & Conditions or visit our Responsible Gaming page for more information about how sj77 protects Filipino players.
For entertainment purposes only. 21+ only. PAGCOR regulated. Play responsibly.