sagisag
Privacy Policy

This Privacy Policy is issued by sagisag (hereinafter "sagisag," "we," "us," or "our"), the operator of the online gaming platform accessible at sagisag.one and its associated subdomains, mobile interfaces, and digital services (collectively, the "Platform"). sagisag acts as the Personal Information Controller ("PIC") with respect to all personal data collected through the Platform, as defined under Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines ("DPA"), and its Implementing Rules and Regulations ("IRR") as administered by the National Privacy Commission ("NPC").

This Privacy Policy applies to all individuals who interact with the sagisag Platform in any capacity, including registered Members, prospective registrants who browse the Platform without creating an account, and individuals who contact sagisag's customer support team. It covers personal data collected through the Platform's website, any APIs or integrations we operate, and communications sent by sagisag to users via SMS, email, or other digital channels.

By registering for or using the sagisag Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, processing, and disclosure of your personal data as described herein. If you do not agree to this Privacy Policy, you must not register for or use the Platform. This Privacy Policy is incorporated by reference into sagisag's Terms and Conditions.

sagisag collects only the personal information that is necessary and proportionate to the purposes described in this Privacy Policy. The categories of personal data we collect from Filipino players and Platform users are as follows:

sagisag does not collect sensitive personal information as defined under Section 3(l) of the DPA (e.g., health data, racial or ethnic origin, political opinions, religious beliefs) unless strictly required by a specific legal obligation and with the explicit consent of the data subject.

sagisag collects personal information through the following channels and methods:

• Direct Registration: When you create a sagisag account, you provide your name, date of birth, Philippine mobile number, and email address directly through the registration form on the Platform;
• KYC Document Submission: When you submit government-issued identification documents for identity verification prior to your first withdrawal;
• Payment Processing: When you initiate deposits or withdrawal requests through GCash, PayMaya, BPI, BDO, Metrobank, or USDT, relevant payment identifiers are transmitted through our integrated payment gateways;
• Gameplay Activity: Automatically generated records of your gaming sessions, wager history, and account transactions are captured by our platform systems in real time;
• Device and Browser Data: Technical information about the device, operating system, browser, and network you use to access the Platform is automatically recorded by our servers and analytics infrastructure when you visit sagisag.one;
• Customer Support Interactions: When you contact sagisag's support team via live chat or email, records of those communications are stored for service quality and compliance purposes;
• Cookies and Tracking Technologies: Session and persistent cookies, as well as similar tracking technologies, are used on the Platform as described in Section 9 of this Privacy Policy.

sagisag does not purchase personal data from data brokers or third-party list providers, nor do we collect personal data from social media profiles without your direct authorization.

Under the Data Privacy Act of 2012 and its IRR, sagisag processes your personal data on the following legal grounds, depending on the specific processing activity involved:

1. Contractual Necessity: Processing required to perform the contract between you and sagisag — specifically, the Terms and Conditions you accept upon registration — including account creation, deposit and withdrawal processing, gameplay facilitation, and customer support;
2. Legal Obligation: Processing required to comply with applicable Philippine laws and PAGCOR regulatory requirements, including Anti-Money Laundering Act obligations, KYC identity verification mandates, responsible gaming program requirements, and PAGCOR reporting obligations;
3. Legitimate Interest: Processing necessary for sagisag's legitimate operational interests, including fraud prevention, platform security, abuse detection, and service improvement, where those interests are not overridden by your fundamental rights and freedoms;
4. Consent: Processing for optional purposes, including promotional communications and marketing messages, for which sagisag relies on your freely given, specific, and informed consent. You may withdraw consent for marketing processing at any time by updating your preferences in account settings or by contacting support.

sagisag uses the personal information it collects for the following specific and documented purposes:

• Creating, verifying, and maintaining your sagisag Member account;
• Processing deposits and withdrawals through your chosen payment method, including GCash and PayMaya;
• Conducting mandatory PAGCOR-required KYC identity verification before processing your first withdrawal;
• Monitoring transactions for compliance with the Anti-Money Laundering Act of the Philippines (RA 9160, as amended) and filing Suspicious Transaction Reports (STRs) with the Anti-Money Laundering Council (AMLC) as required by law;
• Providing access to and facilitating your participation in Color Game, MT Live dealer games, slots, sports betting, bingo, sabong, and all other game categories on the Platform;
• Resolving gameplay disputes using independently audited RNG records and live game server logs;
• Administering responsible gaming tools including deposit limits, session reminders, cool-off periods, and self-exclusion;
• Delivering transactional communications including deposit confirmations, withdrawal notifications, OTP messages, and account security alerts via SMS and email to your registered Philippine mobile number and email address;
• Sending promotional and marketing communications to Members who have opted in to receive them, subject to your communication preferences;
• Detecting and investigating suspected fraud, cheating, account abuse, and security incidents;
• Optimizing Platform performance and user experience based on aggregated, anonymized usage data;
• Fulfilling our reporting obligations to PAGCOR and other competent Philippine regulatory and law enforcement authorities as required by law.

sagisag does not sell, rent, trade, or otherwise commercially transfer your personal data to third parties. We share your personal information only in the following specific, documented circumstances:

• Payment Service Providers: GCash (G-Xchange Inc.), PayMaya (Maya Philippines Inc.), BPI, BDO, Metrobank, and USDT processing intermediaries receive the minimum financial data necessary to process your requested transactions. These providers are bound by their own privacy policies and applicable Philippine financial regulations;
• Game Content Providers: RNG game providers and live dealer studio operators receive anonymized or pseudonymized gameplay session data as required to facilitate game delivery, RTP calculations, and technical support. They do not receive your identity or financial data unless strictly necessary for dispute resolution;
• Regulatory and Law Enforcement Authorities: PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), and other Philippine government agencies and law enforcement bodies where disclosure is required by law, court order, or valid regulatory demand;
• Identity Verification Service Providers: Third-party KYC technology providers engaged by sagisag to assist with the processing and verification of government ID documents submitted by Members, operating under data processing agreements that prohibit independent use of your data;
• Technical Infrastructure Providers: Cloud hosting, content delivery, and platform infrastructure providers who process data solely as directed by sagisag under strict data processing agreements and who are prohibited from accessing or using your data for any independent purpose;
• Professional Advisors: Lawyers, auditors, and consultants who are bound by professional confidentiality obligations, where access to your data is strictly necessary for a specific legal, compliance, or audit purpose.

Any third party to whom sagisag discloses personal data for processing purposes is required to process that data only in accordance with sagisag's documented instructions, under a valid data sharing or processing agreement that imposes security and confidentiality obligations consistent with the DPA.

sagisag retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law, PAGCOR licensing conditions, and AML obligations. The following retention periods apply:

• Account and Identity Data: Retained for the duration of your active sagisag account plus a minimum of five (5) years following account closure, as required by PAGCOR licensing conditions and AML regulations;
• Financial Transaction Records: Retained for a minimum of five (5) years following each transaction, as required under the Anti-Money Laundering Act (RA 9160, as amended) and its implementing rules;
• Gameplay Records: Retained for a minimum of three (3) years to support dispute resolution, PAGCOR reporting, and game fairness audit obligations;
• Customer Support Communications: Retained for two (2) years from the date of the final interaction in each support case, unless a specific case requires longer retention for ongoing compliance or legal proceedings;
• Technical and Device Data (Logs): Retained for twelve (12) months for security monitoring and fraud investigation purposes;
• Marketing Preferences and Consent Records: Retained for the duration of your account plus three (3) years following account closure, to demonstrate compliance with consent requirements.

When personal data is no longer required and no legal obligation mandates its continued retention, sagisag will securely delete or anonymize it in accordance with our data destruction procedures, which comply with the NPC's guidelines on data disposal.

sagisag implements comprehensive technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, loss, or destruction. Our security framework includes:

• Encryption in Transit: All data transmitted between your device and sagisag's servers is encrypted using 256-bit TLS/SSL, the same standard employed by Philippine banks including BPI and BDO;
• Encryption at Rest: Sensitive personal data, including KYC document files and financial data, is encrypted at rest on sagisag's storage infrastructure;
• Password Security: Account passwords are stored as salted cryptographic hashes; sagisag staff cannot view or retrieve your plaintext password under any circumstances;
• Two-Factor Authentication: SMS OTP verification is required for new device logins, password resets, and withdrawal requests;
• Access Controls: Access to personal data within sagisag is restricted on a strict need-to-know basis, with role-based access controls and audit logging of all internal data access events;
• Network Security: sagisag's infrastructure is protected by enterprise-grade firewalls, intrusion detection systems, and regular penetration testing conducted by independent security professionals;
• Physical Security: Data is stored in access-controlled, monitored data center facilities with physical security protocols.

sagisag uses cookies and similar tracking technologies on the Platform to provide core functionality, enhance security, and improve user experience. A "cookie" is a small text file stored on your device by your web browser when you visit a website. sagisag uses the following types of cookies:

• Strictly Necessary Cookies: Required for the Platform to function — these include session authentication tokens, security cookies for CSRF protection, and load-balancing cookies. These cannot be disabled without impairing Platform functionality;
• Functional Cookies: Remember your preferences such as language settings, last-visited game category, and responsible gaming configuration to improve your experience on return visits;
• Analytics Cookies: Collect aggregated, anonymized data about how Filipino players use the Platform — such as which game categories are most visited and where navigation issues occur — to help sagisag improve the Platform. No individual player is identified through analytics data;
• Security Cookies: Used to detect fraudulent login attempts, identify suspicious device behavior, and support sagisag's fraud prevention systems.

You may manage your cookie preferences through your browser settings. Note that disabling strictly necessary cookies will prevent you from using the Platform. sagisag does not currently use third-party advertising or cross-site tracking cookies.

Under the Data Privacy Act of 2012 (RA 10173) and its IRR, you have the following rights with respect to your personal data held by sagisag. These rights may be subject to limitations where overriding legal obligations apply, such as AML record-keeping requirements.

To exercise any of these rights, contact sagisag's Data Protection Officer at [email protected] with the subject line "Data Subject Rights Request." sagisag will respond to all valid requests within fifteen (15) business days of receipt, or within such extended period as permitted under NPC guidelines for complex requests.

During registration, sagisag requires users to enter their date of birth and confirm they are at least 21 years old. This declaration is subject to KYC identity verification using government-issued documents prior to the processing of any withdrawal. Where age verification reveals that a user is below the minimum age, the account will be terminated immediately and all deposited funds will be returned through the original payment method, subject to AML compliance review.

sagisag primarily stores and processes personal data of Filipino players within the Philippines. Certain personal data may be transferred to or accessible by third-party service providers whose infrastructure is located outside the Philippines, including cloud hosting providers and RNG game technology providers operating international data center networks.

Where such cross-border transfers occur, sagisag ensures that appropriate safeguards are in place in accordance with Section 21 of the DPA and the NPC's guidelines on cross-border data flows, including but not limited to: contractual clauses requiring the recipient to apply equivalent data protection standards; verification that the recipient jurisdiction provides adequate data protection under applicable law; and, where required, notification to the NPC of cross-border data sharing arrangements.

sagisag will not transfer personal data to any jurisdiction or entity that cannot provide adequate guarantees of data protection equivalent to those required under the DPA.

sagisag reserves the right to update or modify this Privacy Policy at any time to reflect changes in Philippine law, NPC guidance, PAGCOR requirements, our Platform's data processing activities, or best practices in data privacy. The "Last Updated" date at the top of this document indicates when the most recent revision was made.

For material changes that significantly affect your rights or how sagisag processes your personal data, we will notify registered Members by email to their registered address or via a prominent notice on the Platform at least seven (7) calendar days before the revised Privacy Policy takes effect. For non-material clarifications or corrections, the updated Privacy Policy will take effect upon publication on the Platform.

Your continued use of the sagisag Platform after a revised Privacy Policy takes effect constitutes your acknowledgment of and, where applicable, consent to the updated data processing practices described therein. We encourage you to review this Privacy Policy periodically to stay informed about how sagisag protects your personal information.

sagisag has designated a Data Protection Officer ("DPO") responsible for overseeing compliance with the Data Privacy Act of 2012 and this Privacy Policy. If you have any questions, concerns, or complaints about how sagisag handles your personal data, or if you wish to exercise any of your data subject rights described in Section 10, please contact our DPO through the following channels:

• Email: [email protected] — use subject line "Privacy / DPO Inquiry";
• Live Chat: Available on the sagisag Platform 24 hours a day, 7 days a week.

sagisag will acknowledge receipt of your privacy inquiry within three (3) business days and aim to provide a substantive response within fifteen (15) business days. Complex requests involving large volumes of data, third-party coordination, or legal analysis may require additional time, in which case we will inform you of the expected timeline.

If you are not satisfied with sagisag's response to your privacy complaint, you have the right to escalate the matter to the National Privacy Commission (NPC) of the Philippines through its official complaint mechanisms. The NPC is the Philippine government authority responsible for enforcing the Data Privacy Act and protecting the data privacy rights of Filipino citizens.