jilulu Privacy Policy

1.1 This Privacy Policy is published by the operator of the jilulu platform (the "Operator", "we", "us", or "our") — a PAGCOR-licensed legal entity operating the online gaming platform accessible at jilulu.club. The Operator is a registered personal information controller under the National Privacy Commission (NPC) of the Philippines.

1.2 This Privacy Policy applies to all personal data collected from or about registered players, visitors, prospective registrants, and any other individuals who interact with the jilulu platform, including through the website at jilulu.club, any associated mobile-optimised interfaces, and communications channels such as live chat and email support.

1.3 The processing of your personal data by jilulu is governed primarily by the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and NPC issuances, in addition to applicable PAGCOR data governance requirements and anti-money laundering obligations under Republic Act No. 9160 (as amended).

1.4 By registering an account on jilulu, using the platform, or otherwise providing personal data to us, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal data as described herein.

2.1 jilulu collects personal data through several channels — directly from you during registration and account management, automatically through your use of the platform, and in some cases from third parties such as payment providers and identity verification services. The categories of data collected are described below.

2.2 jilulu does not collect or store full payment card numbers, CVV codes, or GCash/Maya PINs. Payment card and digital wallet transactions are processed through PCI-DSS compliant third-party payment gateways that handle sensitive payment credentials independently of jilulu's systems.

2.3 jilulu does not collect sensitive personal information as defined under the Data Privacy Act (such as health data, religious beliefs, or political views) unless specifically required by applicable law or regulation.

3.1 jilulu processes personal data for the following specific purposes:

• Account creation and management — to register your jilulu account, maintain your player profile, authenticate your identity on login, and manage your wallet balance and transaction history;
• Service delivery — to provide access to jilulu's games, process deposits and withdrawals, award bonuses and promotions, and deliver customer support;
• Legal and regulatory compliance — to fulfil obligations under PAGCOR's licensing requirements, the Anti-Money Laundering Act (AMLA), the Terrorism Financing Prevention and Suppression Act, and any other applicable Philippine law or regulatory directive;
• Identity and age verification — to confirm that you meet the 21+ age requirement and are not subject to any PAGCOR exclusion, using your identity data and KYC documentation;
• Fraud prevention and security — to detect, investigate, and prevent fraudulent transactions, account takeovers, bonus abuse, collusion, and other prohibited conduct;
• Responsible gaming — to implement and enforce self-imposed gaming limits, self-exclusion, cooling-off periods, and to monitor play patterns for indicators of problem gambling;
• Communications — to send you transactional notifications (deposit confirmations, withdrawal updates, OTP codes), service updates, and — where you have consented — promotional communications regarding jilulu offers and games;
• Platform improvement — to analyse aggregated usage data to improve jilulu's features, game recommendations, load performance, and overall user experience;
• Dispute resolution — to investigate and resolve complaints, disputes, and chargebacks using account and transaction records.

3.2 jilulu does not use personal data for automated decision-making that produces legal or similarly significant effects on Players without human review, except where required by law (for example, automatic PAGCOR exclusion list screening).

4.1 Under the Data Privacy Act of 2012, jilulu processes personal data on the following legal bases:

• Contractual necessity — processing required to perform our obligations under the Terms & Conditions you accepted at registration, including account management, game access, deposits, and withdrawals;
• Legal obligation — processing required to comply with PAGCOR licensing conditions, the AMLA, BSP financial regulations, NPC directives, and any lawful order from a competent Philippine authority;
• Legitimate interests — processing necessary for jilulu's legitimate interests in fraud prevention, platform security, abuse detection, and business analytics, where such interests are not overridden by your privacy rights;
• Consent — processing for promotional communications and non-essential analytics, where you have given your explicit, informed, and freely withdrawable consent.

4.2 Where jilulu relies on your consent as the legal basis for processing, you have the right to withdraw that consent at any time by contacting jilulu support or adjusting your account communication preferences. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

5.1 jilulu does not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share personal data only in the circumstances described below:

• Payment processors — GCash, Maya, BPI, BDO, Metrobank, and other payment service providers receive the minimum personal and transaction data necessary to process your deposits and withdrawals securely;
• Identity verification providers — third-party KYC and age verification services receive identity data (name, date of birth, ID scans) solely for the purpose of verifying your eligibility to hold a jilulu account;
• PAGCOR — as a condition of our operating license, jilulu may be required to submit player data, transaction records, and game logs to PAGCOR upon regulatory request or as part of routine compliance reporting;
• Anti-Money Laundering Council (AMLC) — jilulu is a covered institution under the AMLA and is legally required to report covered transactions and suspicious transactions to the AMLC;
• Law enforcement and courts — we will disclose personal data to Philippine law enforcement agencies, courts, or government regulators when required to do so by a valid legal order, subpoena, warrant, or equivalent legal process;
• Game providers — licensed game software providers may receive anonymised session data (such as game ID, wager amounts, and outcomes) to support game delivery and RNG auditing. No directly identifiable personal data (such as your name or contact details) is shared with game providers;
• Professional advisors — jilulu's legal counsel, accountants, and auditors may access personal data to the extent necessary to provide their professional services, subject to strict confidentiality obligations.

5.2 All third parties who receive personal data from jilulu are required to process it only for the specified purpose, to maintain appropriate security measures, and to comply with applicable Philippine data protection law.

6.1 jilulu uses cookies and similar tracking technologies on the platform to enable core functionality, improve performance, and — where you have consented — to deliver personalised game recommendations. The categories of cookies used are as follows:

• Essential cookies — strictly necessary for the platform to function, including session management, login authentication, and security tokens. These cannot be disabled without impairing core platform functionality;
• Performance cookies — collect aggregated, anonymised data about how Players navigate the jilulu platform to help us identify technical issues and improve loading speed, particularly on Philippine mobile networks;
• Functional cookies — remember your preferences, such as your preferred game lobby view, language settings, and whether you have dismissed certain notifications;
• Analytics cookies — used with your consent to analyse usage patterns at a platform level. Data is processed in aggregated form and is not used to identify individual players for profiling purposes.

6.2 You can manage your cookie preferences through your browser settings. Note that disabling essential cookies will impair your ability to log in and use core jilulu features. Instructions for managing cookies are available in the help documentation for Chrome, Firefox, Safari, and other major browsers.

6.3 jilulu does not use cross-site tracking technologies or third-party advertising cookies that profile your behaviour across websites outside of jilulu.club.

7.1 jilulu retains personal data for no longer than is necessary for the purposes for which it was collected, subject to the following minimum retention periods required by law:

• Account and KYC data — retained for a minimum of five (5) years from the date of account closure, as required by PAGCOR licensing conditions and the Anti-Money Laundering Act;
• Transaction records — all deposit, withdrawal, wager, and bonus transaction records are retained for a minimum of five (5) years from the date of each transaction, in compliance with AMLC record-keeping requirements;
• Game session logs — retained for a minimum of three (3) years to support dispute resolution, RNG auditing, and regulatory review;
• Customer support records — live chat transcripts, email correspondence, and complaint records are retained for a minimum of three (3) years from the date of the interaction;
• Marketing consent records — records of your consent to receive promotional communications are retained for the duration of your account and for three (3) years following account closure or consent withdrawal.

7.2 Following the expiry of applicable retention periods, jilulu will securely delete or anonymise personal data in accordance with our internal data disposal procedures. Anonymised, aggregated data that can no longer be used to identify any individual may be retained indefinitely for statistical and business analysis purposes.

8.1 jilulu implements technical, organisational, and physical security measures designed to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include, but are not limited to:

• 256-bit SSL/TLS encryption for all data transmitted between your device and jilulu's servers;
• Encryption at rest for stored sensitive personal data and financial records;
• One-way cryptographic hashing (bcrypt) for all account passwords — jilulu staff cannot read your password;
• Role-based access controls limiting internal access to personal data to authorised personnel with a legitimate need;
• Regular security vulnerability assessments and penetration testing by qualified third-party security auditors;
• Two-factor authentication available for player accounts (strongly recommended) and mandatory for all internal administrative access;
• Automated monitoring systems for suspicious login activity, unusual transaction patterns, and potential data access anomalies.

8.2 In the event of a personal data breach that is likely to result in risk to your rights and freedoms, jilulu will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, and will notify affected individuals within a reasonable period, in accordance with NPC Circular No. 16-03 and applicable NPC advisories.

9.1 The Data Privacy Act of 2012 grants you the following rights with respect to your personal data held by jilulu. You may exercise these rights by submitting a written request to jilulu's Data Privacy Officer (see Section 14):

9.2 jilulu will respond to data rights requests within twenty (20) working days of receipt of a complete, verified request. If your request cannot be fulfilled within this period, you will be notified of the reason and an expected completion date.

9.3 Where jilulu declines to fulfil a data rights request — for example, where legal retention obligations prevent erasure — we will explain the specific legal basis for the refusal in writing.

9.4 If you are not satisfied with jilulu's response to a data rights request, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

10.1 jilulu strictly prohibits persons under twenty-one (21) years of age from registering an account or accessing any gambling service. The platform does not knowingly collect personal data from individuals under 21 years of age.

10.2 Age verification is conducted during the KYC process and upon any withdrawal request. Where jilulu discovers that an account has been registered by a person under 21, the account will be immediately closed, all pending transactions will be voided, and the personal data collected from the minor will be securely deleted in accordance with applicable law.

10.3 If you believe that a person under 21 has registered an account on jilulu, please contact our Data Privacy Officer or support team immediately. Reports of underage accounts are treated as a high-priority compliance matter and investigated within twenty-four (24) hours.

11.1 jilulu's primary data storage and processing infrastructure is located within the Philippines or in jurisdictions recognised by the NPC as providing adequate levels of data protection. Where personal data is transferred outside the Philippines — for example, to cloud infrastructure providers or international payment processors — such transfers are made only where appropriate safeguards are in place, including contractual data processing agreements consistent with NPC requirements.

11.2 jilulu does not transfer personal data to jurisdictions that have been assessed by the NPC as providing inadequate data protection without implementing supplementary measures sufficient to bring the transfer into compliance with the Data Privacy Act.

11.3 Where international transfers involve sensitive data (such as KYC documentation), additional contractual protections and security controls are applied to the transfer in accordance with jilulu's internal data transfer policy.

12.1 The jilulu platform may include references to third-party services (such as GCash, Maya, BPI, and BDO) in the context of payment processing. These services operate under their own terms and privacy policies, which are independent of jilulu. jilulu is not responsible for the privacy practices of third-party services.

12.2 When you use a third-party payment service in connection with your jilulu account, your interaction with that service is governed by the privacy policy of the relevant provider. jilulu receives only the minimum necessary data to confirm transaction outcomes — it does not receive or process your payment credentials directly.

12.3 jilulu's game library includes titles from licensed third-party game software providers. These providers may receive anonymised game session data as described in Section 5.1. They do not receive your personally identifiable information unless specifically required for game dispute resolution, in which case disclosure is limited to the minimum data necessary.

13.1 jilulu reserves the right to update or amend this Privacy Policy at any time to reflect changes in our data practices, applicable law, regulatory requirements, or operational changes to the platform. The date of the most recent revision is stated at the top of this document and in the hero section above.

13.2 Where amendments are material — meaning they significantly affect how your personal data is processed or reduce your rights — jilulu will notify registered players via SMS or email at least fourteen (14) days before the changes take effect.

13.3 Your continued use of the jilulu platform after the effective date of any amended Privacy Policy constitutes acceptance of the revised policy. If you do not agree to the revised policy, you should stop using jilulu and request account closure.

13.4 The current version of this Privacy Policy is always accessible on this page at jilulu.club/privacy-policy. Previous versions are available upon request from jilulu's Data Privacy Officer.

14.1 jilulu has appointed a Data Privacy Officer (DPO) as required under the Data Privacy Act of 2012 and NPC Circular No. 17-01. The DPO is responsible for overseeing jilulu's compliance with the DPA and this Privacy Policy, and for handling data rights requests and privacy-related complaints from players.

14.2 For any questions, concerns, data rights requests, or privacy complaints related to jilulu's processing of your personal data, you may contact the Data Privacy Officer at:

14.3 If you are not satisfied with jilulu's response to your data privacy concern, you have the right to lodge a complaint with the National Privacy Commission of the Philippines. The NPC's complaint procedures are available on the official NPC website and through NPC regional offices in Metro Manila and other major Philippine cities.

14.4 For security verification purposes, jilulu may require you to confirm your identity before processing a data rights request. This is to prevent unauthorised access to another person's data — a safeguard that protects you as well as others.