At bunny casino, your privacy is a priority. This Privacy Policy explains what personal information we collect from Filipino players, how we use it, and the steps we take to keep it secure at all times.
Last updated: June 2025 | Applies to all registered members in the Philippines
A clear breakdown of the personal data we gather, the purpose behind each category, and how long we retain it.
When you register with bunny casino, we collect your full name, date of birth, email address, mobile number, and a username of your choice. This information is required to create and verify your account, ensure you meet the minimum age requirement of 21 years as mandated under Philippine gaming regulations, and allow us to communicate important account updates with you. We also collect your preferred currency (Philippine Peso, PHP) and language settings to personalise your experience on the platform. Your account credentials are stored using industry-standard encryption and are never shared with third parties for marketing purposes. You may update most of this information at any time through your account settings page.
To process deposits and withdrawals in Philippine Pesos (PHP), we collect payment-related information including your chosen payment method, transaction reference numbers, and billing details where applicable. We do not store full card numbers or CVV codes on our servers — all sensitive payment data is handled directly by our licensed payment processing partners who operate under strict PCI-DSS compliance standards. Transaction records are retained for a minimum of five years in accordance with Philippine anti-money laundering regulations enforced by the AMLC. We may request additional documentation such as proof of payment source as part of our Know Your Customer (KYC) process. All financial data is transmitted over encrypted connections to prevent interception.
When you access our platform — whether through a mobile browser, our dedicated app, or a desktop device — we automatically collect technical data including your IP address, device type, operating system, browser version, and session duration. This data helps us optimise the platform for the devices most commonly used by Filipino players, diagnose technical issues quickly, and detect suspicious login activity that may indicate unauthorised access to your account. We also collect gameplay data such as bet history, game preferences, and session frequency to support responsible gaming monitoring and to improve our product offerings. Usage data is analysed in aggregate form and is not used to build individual advertising profiles. Retention of device and usage logs is limited to 24 months from the date of collection.
We may collect general location data derived from your IP address to verify that you are accessing the platform from within a permitted jurisdiction and to comply with our licensing obligations. We do not collect precise GPS coordinates or real-time location tracking data from your mobile device unless you explicitly grant permission for a specific feature that requires it. Location data is used solely for compliance and fraud prevention purposes and is not shared with advertisers or third-party data brokers. If you are travelling outside the Philippines and experience access restrictions, this is a result of our geo-compliance controls rather than a technical fault. You may contact our support team for guidance on account access while abroad.
Any messages you send to our customer support team — whether via live chat, email, or in-app messaging — are recorded and retained to help us resolve your queries accurately and to maintain a complete history of your interactions with us. We may also send you transactional communications such as deposit confirmations, withdrawal notifications, and security alerts via email or SMS to the contact details registered on your account. Promotional communications are only sent where you have opted in to receive them, and you may withdraw this consent at any time through your account notification settings. We do not sell or rent your contact details to third-party marketers. All communication records are stored securely and are accessible only to authorised members of our support and compliance teams.
As part of our regulatory obligations under Philippine law, we are required to verify the identity of all players before processing withdrawals above certain thresholds or when triggered by our risk monitoring systems. KYC documents we may request include a government-issued photo ID (such as a Philippine passport, SSS card, or driver's licence), proof of address (such as a utility bill or bank statement dated within the last three months), and in some cases a selfie for liveness verification. These documents are reviewed by our compliance team and stored in an encrypted document management system with strict access controls. KYC data is retained for a minimum of five years after account closure as required by the Anti-Money Laundering Act of the Philippines. We will never use your identity documents for any purpose other than regulatory compliance and fraud prevention.
You have clear rights over your personal data. Here is what you can request and how we will respond.
You have the right to request a copy of all personal data we hold about you at any time. Upon receiving a verified request, we will provide a structured summary of your data within 30 days. This includes your account information, transaction history, KYC records, and any communications data associated with your account. There is no fee for a standard access request, though we reserve the right to charge a reasonable administrative fee for repetitive or excessive requests. To submit a data access request, please contact our support team using the email address registered to your account.
If any of the personal information we hold about you is inaccurate or out of date, you have the right to request that we correct it without undue delay. You can update many details — such as your contact number, email address, and communication preferences — directly through your account settings. For changes to identity-related information such as your legal name or date of birth, we will require supporting documentation to verify the amendment before processing it. We aim to complete all correction requests within 14 business days of receiving the necessary verification. Keeping your information accurate helps us serve you better and ensures your account remains compliant with our verification requirements.
You may request the deletion of your personal data in certain circumstances — for example, if you close your account and we are no longer required by law to retain your records. Please note that we are legally obligated to retain certain data (such as transaction records and KYC documents) for a minimum period under Philippine anti-money laundering and gaming regulations, and these records cannot be deleted before the statutory retention period expires. Where deletion is possible, we will action your request within 30 days and confirm completion in writing. Requests for erasure can be submitted through our support team. We will always explain clearly which data can be deleted immediately and which must be retained for compliance reasons.
You have the right to object to certain types of data processing, including the use of your data for direct marketing purposes. If you object to marketing communications, we will stop sending them within 5 business days of receiving your request. You may also request that we restrict the processing of your data in specific circumstances — for example, while a correction request is being reviewed or while you are disputing the accuracy of data we hold. During a restriction period, we will continue to store your data but will not actively process it for any other purpose. All objection and restriction requests should be submitted in writing to our support team for prompt handling.
We do not sell your data. We only share it where strictly necessary and always under binding confidentiality agreements.
To facilitate deposits and withdrawals in PHP, we share the minimum necessary payment data with our licensed payment processing partners. These partners are contractually bound to use your data solely for the purpose of processing your transactions and are prohibited from using it for any other purpose. All payment partners we work with are required to maintain PCI-DSS compliance and operate under data processing agreements that meet applicable Philippine data protection standards. We regularly review our payment partners to ensure their security practices remain up to date. No full card numbers or sensitive authentication data are stored on our own servers at any point.
As a licensed gaming operator serving Filipino players, we are required by law to share certain player data with relevant Philippine regulatory and law enforcement authorities upon receipt of a valid legal request. This includes disclosures to PAGCOR, the AMLC, and other competent authorities where required under the Anti-Money Laundering Act, the Data Privacy Act of 2012, and other applicable legislation. We will always verify the legal basis and authority of any such request before disclosing data and will notify affected players where we are legally permitted to do so. We do not proactively share player data with government bodies beyond what is required by our licensing conditions. All regulatory disclosures are logged and reviewed by our compliance team.
Some of the games available on our platform are provided by third-party software studios. To deliver these games to you, limited technical data — such as a pseudonymous player identifier and session token — may be passed to the relevant game provider. This data does not include your full name, contact details, or financial information. All game providers we partner with are required to sign data processing agreements and are prohibited from using any player data for purposes beyond delivering the game experience. We conduct due diligence on all third-party providers before onboarding them to ensure their data handling practices meet our standards. You can find a list of our current game providers by contacting our support team.
To protect our players and the integrity of the platform, we work with specialist fraud detection and cybersecurity service providers who may process certain technical data — such as IP addresses, device fingerprints, and behavioural patterns — on our behalf. These providers operate as data processors under strict contractual obligations and are not permitted to use your data for any purpose other than providing fraud prevention services to us. Their involvement helps us detect account takeover attempts, identify suspicious betting patterns, and prevent money laundering activity on the platform. All fraud and security service providers are vetted for compliance with applicable data protection laws before engagement. Any findings from fraud investigations that involve your account will be handled in accordance with our Terms and Conditions.
If you have any questions about how bunny casino handles your personal data, or if you would like to exercise any of your data rights, our support team is available around the clock. You can also visit our FAQ page for quick answers, or head to the Register page to create your account with full confidence in how your information is protected.