jl22 Privacy Policy

1. Scope and Data Controller

This Privacy Policy applies to all personal information collected, processed, or stored by jl22 in connection with your use of the jl22 platform at jl22.bid — including account registration, gaming activity, financial transactions, customer support interactions, and any other service made available by jl22 to players in the Philippines.

jl22 is the data controller responsible for the personal data of players and visitors processed through jl22.bid. As data controller, jl22 determines the purposes and means of processing your personal information and is accountable under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, as amended) and its implementing rules and regulations.

This Policy does not apply to third-party websites or services that may be referenced through the jl22 platform. jl22 is not responsible for the privacy practices of third parties.

2. Categories of Personal Data We Collect

jl22 collects the following categories of personal data, depending on how you interact with the platform:

Category	Examples	When Collected
Identity Data	Full name, date of birth, government-issued ID number (PhilSys, SSS, UMID, driver's licence, passport)	Registration and KYC verification
Contact Data	Philippine mobile number (09xxxxxxxx), email address, residential address	Registration; address required for enhanced KYC
Financial Data	GCash account identifier, Maya account, bank account details (BPI, BDO, Metrobank), deposit/withdrawal history, wallet balance	Deposit and withdrawal processing
Gaming Activity Data	Game session logs, bet history, win/loss records, bonus activity, responsible gaming settings and activity	Ongoing during platform use
Technical Data	IP address, device type, operating system, browser, session timestamps, login history	Automatically upon site access
Communications Data	Live chat transcripts, support ticket content, email correspondence with jl22	When you contact jl22 support
Verification Documents	Photographs or scans of government-issued identification, selfie verification images (where required by KYC process)	KYC and identity verification

Sensitive Personal Information: Government-issued ID numbers and verification document images fall within the definition of sensitive personal information under RA 10173. jl22 processes this category of data only to the extent required for legal KYC and AMLA compliance obligations, with enhanced security controls applied to its storage and access.

3. How We Collect Personal Data

jl22 collects personal data through the following mechanisms:

Direct provision: Information you voluntarily provide when registering an account on jl22, completing KYC verification, making deposits or withdrawals, or contacting jl22 support.
Automated technical collection: Technical and session data collected automatically when you access jl22.bid, including IP address, device identifiers, and browser activity logs, via server logs and analytics tools operated by jl22.
Cookies and similar tracking technologies: As described in Section 7 of this Policy.
Third-party identity verification providers: Where jl22 uses accredited KYC providers to verify the authenticity of identity documents submitted by players, these providers may return verification results and associated data to jl22.
Payment processors: Transaction confirmation data, payment status, and tokenised payment identifiers received from GCash, Maya, InstaPay, and banking partners as part of deposit and withdrawal processing.
Fraud and risk management systems: jl22 may receive signals or risk scores from fraud detection services as part of account security and AML monitoring processes.

4. Purposes for Which We Process Your Data

jl22 processes personal data for the following clearly defined purposes:

Account creation and management: Registering your jl22 account, authenticating your identity at login, maintaining your account profile, and managing your wallet balance.
Identity verification (KYC): Verifying that you meet jl22's eligibility requirements, including the 21+ age requirement, and satisfying AMLA and PAGCOR Know Your Customer obligations before processing withdrawals.
Payment processing: Processing deposits via GCash, Maya, GrabPay, BPI, BDO, Metrobank, InstaPay, and QR Ph, and processing withdrawal requests to verified payment methods.
Platform provision and game delivery: Enabling your access to jl22's game library, recording gaming activity, computing results, and delivering winnings to your wallet.
Regulatory compliance: Fulfilling jl22's legal obligations under the AMLA, PAGCOR operating requirements, RA 10173, and any other applicable Philippine law, including suspicious transaction reporting.
Fraud prevention and security: Detecting and preventing unauthorised account access, duplicate account creation, money laundering, and other prohibited conduct described in jl22's Terms and Conditions.
Responsible gaming: Monitoring gaming activity to detect patterns indicative of problem gambling, administering player-set deposit limits and self-exclusion arrangements, and fulfilling jl22's duty of care obligations to players.
Customer support: Responding to enquiries, resolving disputes, and administering formal complaints through jl22's internal complaints process.
Marketing communications (where consented): Sending promotional offers, bonus notifications, and platform updates to players who have opted in to marketing communications. Players may withdraw marketing consent at any time.
Analytics and platform improvement: Analysing aggregated and anonymised usage data to understand player behaviour, improve platform performance, and inform product development decisions.

5. Legal Bases for Processing

Under the Philippine Data Privacy Act of 2012, jl22 processes personal data on the following legal bases:

Contractual necessity: Processing required to perform the contract between jl22 and the player — including account management, game delivery, and payment processing.
Legal obligation: Processing required to comply with applicable Philippine law, including the AMLA, PAGCOR regulations, and tax obligations.
Legitimate interests: Processing for jl22's legitimate interests in fraud prevention, platform security, responsible gaming monitoring, and business analytics — where such interests are not overridden by the player's fundamental rights.
Consent: Processing for marketing communications and optional platform features, where jl22 relies on your freely given, specific, and informed consent. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

6. Third-Party Data Sharing

jl22 does not sell, rent, or trade personal data to third parties for commercial purposes. Personal data is shared only in the following circumstances and only to the extent necessary:

Payment processors: GCash, Maya, GrabPay, BPI, BDO, Metrobank, and InstaPay receive transactional data necessary to process deposits and withdrawals on the player's behalf.
KYC and identity verification providers: Accredited third-party providers process identity document data on jl22's behalf to verify player eligibility and satisfy KYC requirements.
Game software providers: Providers whose games are integrated into jl22's platform receive the minimum data necessary to deliver the game session (typically a session token and stake amount) and return results.
Fraud and AML services: Specialist providers that assist jl22 in detecting suspicious activity, preventing account fraud, and fulfilling AMLA reporting obligations.
Regulatory authorities: jl22 will disclose personal data to PAGCOR, the Anti-Money Laundering Council (AMLC), the National Privacy Commission (NPC), law enforcement, or courts when required to do so by law or valid legal process.
IT and infrastructure providers: Cloud hosting, content delivery, and platform operations providers who process data as processors under written data processing agreements with jl22.

All third-party processors engaged by jl22 are required by contract to implement appropriate technical and organisational security measures, process data only on jl22's documented instructions, and refrain from any unauthorised sub-processing or commercial use of jl22 players' personal data.

7. Cookies and Tracking Technologies

jl22.bid uses cookies and similar client-side technologies to support the operation of the platform, maintain session state, detect fraud, and — where you have consented — personalise your experience and deliver relevant communications. The following categories of cookies are used:

Strictly necessary cookies: Essential to the operation of jl22.bid. These include session authentication cookies that keep you logged in to your jl22 account and security tokens that protect against cross-site request forgery. These cannot be disabled without impairing platform functionality.
Functional cookies: Remember your preferences on jl22, such as language settings, responsible gaming display preferences, and last-used payment method (stored as a tokenised reference, not raw account data).
Analytics cookies: Used by jl22 to understand how players navigate the platform — which game categories are most visited, where players encounter friction, and how platform updates affect usage patterns. Data collected is aggregated and anonymised where feasible.
Marketing cookies: Used only where you have explicitly consented to receive personalised communications from jl22. These help jl22 understand whether promotional messages have been opened or acted on. You may withdraw marketing consent at any time via your jl22 account settings.

You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will impair your ability to use jl22.bid, including logging in to your account.

8. Data Retention

jl22 retains personal data for the following periods, after which data is securely deleted or irreversibly anonymised:

Account and identity data: Retained for the duration of the player's active account relationship with jl22, plus a minimum of five (5) years following account closure — consistent with AMLA requirements applicable to online gaming operators.
Transaction records: Deposit and withdrawal records are retained for a minimum of five (5) years as required by the AMLA and jl22's PAGCOR operating obligations.
KYC verification documents: Retained for the duration of the account plus five (5) years post-closure, or longer where a regulatory hold has been placed on the account data.
Gaming activity logs: Retained for a minimum of two (2) years from the date of each recorded session, to support dispute resolution, responsible gaming monitoring, and regulatory audit requirements.
Customer support communications: Retained for two (2) years from the date of the last communication, to support follow-up enquiries and dispute resolution.
Marketing consent records: Retained until marketing consent is withdrawn by the player, plus one (1) year to evidence the withdrawal of consent.

9. Security Measures

jl22 implements a layered set of technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction:

All data transmitted between your device and jl22.bid is encrypted using TLS 1.3 with forward secrecy.
Personal data at rest is encrypted using AES-256 symmetric encryption. Database access credentials are managed through privileged access management (PAM) controls.
Access to personal data within jl22's internal systems is governed by role-based access control (RBAC), with access granted only where required for a specific, documented operational purpose.
Payment instrument data is never stored in plain text. Where tokenisation is provided by the payment processor (as is standard for GCash and Maya integrations), jl22 stores only the token and never the raw account credential.
jl22 conducts periodic security assessments of its platform, including vulnerability scanning and review of third-party processor security posture.
Employee access to production systems and personal data is subject to mandatory security training, confidentiality obligations, and access logging.

While jl22 implements robust security measures, no digital platform can guarantee absolute security. You are responsible for maintaining the confidentiality of your jl22 account credentials. If you suspect your account has been compromised, contact jl22 support immediately.

10. Your Rights Under the Philippine Data Privacy Act (RA 10173)

As a data subject under the Philippine Data Privacy Act of 2012, you have the following rights in relation to personal data held by jl22:

Right to be Informed

The right to be informed that your personal data is being collected and processed, the purpose for processing, the scope of processing, and how to exercise your rights. This Privacy Policy fulfils jl22's obligation in this regard.

Right to Access

The right to request a copy of the personal data jl22 holds about you, information about how it is processed, and with whom it has been shared. Requests will be fulfilled within 15 business days.

Right to Correction / Rectification

The right to request correction of inaccurate or incomplete personal data held by jl22. Account profile corrections can be made directly in account settings; contact information and KYC data corrections require support assistance and re-verification.

Right to Object

The right to object to the processing of your personal data where jl22 relies on legitimate interests as the legal basis. Note that objection to processing necessary for legal obligations (KYC, AMLA) cannot be accommodated without account closure.

Right to Erasure / Blocking

The right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected and no legal retention obligation applies. Erasure requests will be assessed against retention obligations under AMLA and PAGCOR requirements.

Right to Data Portability

The right to receive a copy of your personal data in a structured, commonly used, machine-readable format. Submit portability requests via jl22 support.

Right to Lodge a Complaint

If you believe jl22 has processed your personal data in breach of RA 10173, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines. jl22 encourages players to contact us first to resolve data privacy concerns directly.

To exercise any of the above rights, submit a written request to jl22 via live chat or email at [email protected]. Include your registered mobile number or email, a description of your request, and a copy of a valid Philippine government-issued ID for identity verification purposes. jl22 will respond within 15 business days of receiving a complete and valid request.

11. Children's Privacy and Age Restrictions

jl22's services are strictly restricted to individuals who are at least 21 years of age, as required by PAGCOR's regulations governing online gaming in the Philippines. jl22 does not knowingly collect, use, or retain personal data from individuals under the age of 21.

Where jl22 discovers, through KYC verification or any other means, that an account is being operated by a person under 21 years of age, the account will be immediately suspended pending investigation and subsequently closed. Any balance associated with an underage account will be handled in accordance with jl22's Terms and Conditions and applicable regulatory guidance.

If you believe that a person under 21 has registered or is using a jl22 account, please notify jl22 support immediately so that appropriate protective action can be taken.

12. Cross-Border Data Transfers

Certain of jl22's third-party service providers — including cloud infrastructure providers, game software providers, and fraud detection services — may process personal data in data centres or operational locations outside the Philippines. Where this occurs, jl22 ensures that appropriate safeguards are in place to protect the data in transit and at rest in accordance with RA 10173 and NPC guidelines, including:

Contractual clauses that bind the receiving party to data protection standards equivalent to those required under RA 10173;
Selection of providers who have demonstrated compliance with internationally recognised data protection standards such as ISO 27001 or SOC 2 Type II; and
Evaluation of the data protection legal framework of the recipient country prior to commencing transfers.

Players may request information about the specific cross-border transfers applicable to their personal data by contacting jl22 support.

13. Changes to This Privacy Policy

jl22 may update this Privacy Policy from time to time to reflect changes in applicable law, regulatory requirements, or jl22's data processing activities. The revised Policy will be posted at jl22.bid/privacy-policy with an updated effective date.

Where an amendment materially affects the rights of existing players or introduces new purposes for processing personal data, jl22 will notify affected players via their registered email address or through a prominent notice on the platform, at least 7 days before the change takes effect. Where the change requires consent (for example, a new marketing processing activity), jl22 will request fresh consent before commencing processing.

Your continued use of jl22.bid after the effective date of a revised Policy constitutes your acknowledgment that you have reviewed the updated Policy. If you do not agree with the revised Policy, you may request account closure in accordance with jl22's Terms and Conditions.

14. Contact and Data Protection Officer

jl22 has designated a Data Protection Officer (DPO) as required under the Philippine Data Privacy Act of 2012. The DPO is responsible for overseeing jl22's compliance with RA 10173 and serving as the primary point of contact for data subjects exercising their rights and for the National Privacy Commission.

jl22 Data Protection Officer

Privacy Enquiries & Rights Requests: [email protected] — include "Data Privacy Request" in the subject line.

Live Chat: Available 24/7 at jl22.bid — for urgent account-related data concerns.

Response time: Within 3 business days for acknowledgment; within 15 business days for substantive response to data rights requests.

For complaints that jl22 has not resolved to your satisfaction, you have the right to escalate to the National Privacy Commission of the Philippines (NPC), the independent supervisory authority responsible for enforcing RA 10173.

This Privacy Policy was last reviewed and updated on 1 January 2026. The version published at jl22.bid/privacy-policy is the currently operative version.

What jl22 Stands For When It Comes to Your Data

Minimal Collection

Secure by Design

Your Rights, Honoured

Defined Retention Periods

Controlled Third-Party Sharing

Transparent Breach Notification

Table of Contents