← Back to Arcade Wheel
Privacy Policy
Last updated: April 20, 2026 · Effective date: April 20, 2026
Arcade Wheel ("we", "our", "the Service") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and what rights you have. This policy complies with the Philippines' Data Privacy Act of 2012 (Republic Act No. 10173).
1. Information We Collect
| Type | Examples | Purpose |
|---|
| Account | Mobile number, hashed password, referral code | Account creation, login |
| Identity (KYC) | Name, ID photo (only for withdrawals above threshold) | Anti-fraud, regulatory compliance |
| Device | Browser fingerprint, IP address, device type, OS | Security, fraud prevention, attribution |
| Activity | Spins, deposits, withdrawals, wins, chat with support | Service operation, customer support |
| Payment | Transaction ID, amount, method (GCash/Maya account masked) | Process deposits & withdrawals |
| Marketing | Channel code, Facebook Click ID (fbc), conversion events | Ad attribution, optimization |
2. How We Use Your Information
- Operate, maintain, and improve the Service.
- Process your transactions (deposits, withdrawals, prize payouts).
- Verify your identity and prevent fraud or unauthorized access.
- Send service announcements, transaction confirmations, and (if opted in) promotional messages.
- Comply with applicable laws, regulations, and lawful requests from authorities.
- Calculate conversion events for advertising partners (aggregated where possible).
3. Legal Basis
We process your data based on:
- Consent — for marketing communications and non-essential cookies.
- Performance of contract — to provide the Service you registered for.
- Legal obligation — to comply with tax, AML (anti-money laundering), and other laws.
- Legitimate interest — fraud prevention, security, and analytics.
4. Sharing Your Information
We do not sell your personal data. We share it only with:
- Payment processors (GCash, Maya, GoTyme, FPay, LPAY, RCPay) to execute transactions.
- SMS providers (EngageLab) to deliver OTP and notifications.
- Cloud & infrastructure (Cloudflare, DigitalOcean) to host and protect the Service.
- Advertising partners (Meta, Google) in aggregated or hashed form for conversion measurement.
- Law enforcement when legally compelled by a valid order or to protect our rights.
5. Cookies & Tracking
We use the following:
- Essential cookies / localStorage — login session (
wheel_arcade_token), language preference, channel attribution (promo_ch). Required for the Service to function.
- Meta Pixel / Facebook Pixel — conversion tracking.
_fbp and _fbc cookies may be set when you arrive from an ad click.
- Server-side Conversion API (CAPI) — hashed mobile number forwarded to Meta to match your ad click.
- No Google Analytics or third-party analytics beyond the above.
You can disable cookies via your browser settings, but some features (like staying logged in) may not work.
6. Data Retention
- Account data is retained for the life of your account plus 5 years after closure, as required by AML regulations.
- Transaction logs: 5 years.
- Chat transcripts: 2 years.
- Marketing data (fbc, channel): 2 years from last activity.
- You may request earlier deletion; we will comply unless retention is legally required.
7. Your Rights (under RA 10173)
As a data subject, you have the right to:
- Access — request a copy of your personal data we hold.
- Correct — ask us to fix inaccurate data.
- Erase — request deletion (subject to legal retention).
- Object — opt out of marketing and certain processing.
- Portability — receive your data in a structured format.
- File a complaint — with the National Privacy Commission (https://privacy.gov.ph) if you believe your rights have been violated.
8. Data Security
- Passwords are hashed (bcrypt) — never stored in plain text.
- Data transmitted to and from our servers uses TLS 1.2+ encryption.
- Payment credentials are handled by the payment processors; we store only a masked identifier.
- Access to personal data is restricted to authorized staff on a need-to-know basis.
- We conduct regular security reviews and log suspicious access for audit.
9. Minors
The Service is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us immediately and we will delete it.
10. International Transfers
Our infrastructure may be hosted outside the Philippines (e.g. cloud regions in Asia Pacific). Transfers are protected by standard contractual clauses and encryption.
11. Changes to This Policy
We may update this policy. Material changes will be announced via the Service and take effect on the date indicated at the top. Continued use constitutes acceptance.
12. Contact & Data Protection Officer
To exercise your rights or ask a privacy question, contact our Data Protection Officer via the in-app customer support chat with the subject line "Privacy Request".
← Back to Arcade Wheel