mm77 is committed to protecting the privacy and personal data of every Filipino player on our platform. This Privacy Policy explains in clear terms what personal information we collect, how we use it, who we share it with, how we protect it, and what rights you have under Philippine law. We handle your data the same way we handle your money — with care, transparency, and accountability.
Before diving into the full legal text, here are the six core principles that guide how mm77 handles personal data across the platform.
mm77 tells you clearly what data we collect, why we collect it, and exactly how it is used. We do not collect data without a stated purpose, and we do not use data for purposes beyond what is explained in this Policy.
mm77 collects only the personal data necessary for platform operation, legal compliance, and service delivery. Data minimization is a standing principle — if we don't need it, we don't collect it.
Personal data stored by mm77 is protected using 256-bit SSL encryption, access-controlled databases, and security monitoring. Data access is restricted to authorized personnel with a legitimate operational need.
mm77 does not sell, rent, or trade your personal information to third-party advertisers, data brokers, or commercial buyers under any circumstances. Your data is not a product on this platform.
Under RA 10173 and PAGCOR data governance requirements, you have the right to access, correct, delete, and object to processing of your personal data. mm77 provides mechanisms to exercise all of these rights.
mm77 retains personal data only for as long as legally required or operationally necessary. Account data is held for a minimum of 5 years post-closure per PAGCOR record-keeping regulations, then securely deleted.
This Privacy Policy applies to all personal data collected, processed, stored, and used by mm77 in connection with the mm77 online gaming platform accessible at mm77.bio and all associated services, features, and communications provided to registered and prospective players.
mm77 acts as the Data Controller in respect of your personal information, as defined under Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 of the Philippines (hereinafter "RA 10173"), and its Implementing Rules and Regulations. mm77 is subject to the oversight of the National Privacy Commission (NPC) of the Philippines with respect to its personal data processing activities.
This Policy governs data processed in relation to all Filipino players and any other individuals whose personal information is handled by mm77 in the course of its operations, including but not limited to account holders, identity verification subjects, and support correspondents.
Regulatory basis: mm77 processes personal data in compliance with RA 10173 (Data Privacy Act 2012), BSP Anti-Money Laundering Act obligations as applicable, PAGCOR licensee data governance requirements, and applicable implementing rules and regulations of the National Privacy Commission.
mm77 collects personal data in several categories depending on the nature of your interaction with the platform. The following table outlines the categories of personal data collected and their purpose at the point of collection:
| Data Category | Specific Data Points | Primary Purpose |
|---|---|---|
| Identity Data | Full legal name, date of birth, nationality, government ID number, ID document scans (PhilSys, passport, driver's license) | Account registration, KYC verification, age verification, AML compliance |
| Contact Data | Philippine mobile number, email address, home address (for KYC) | Account communications, OTP delivery, support, regulatory correspondence |
| Financial Data | GCash account reference, PayMaya reference, bank account name (for withdrawal), transaction history, deposit and withdrawal amounts | Payment processing, withdrawal verification, AML transaction monitoring |
| Account Data | Username, account ID, login timestamps, password hash (never stored in plain text), two-factor authentication settings | Account access, security monitoring, fraud prevention |
| Gaming Activity Data | Game session records, wagers placed, game outcomes, bonus usage, win/loss history, session duration | Platform operation, responsible gaming monitoring, bonus integrity, regulatory audit |
| Technical Data | IP address, device type, browser version, operating system, device identifiers, geolocation (country/city level) | Security, fraud prevention, compliance with jurisdictional restrictions |
| Support Data | Live chat transcripts, support ticket contents, email correspondence, account dispute records | Customer service, dispute resolution, quality assurance |
| Usage Data | Page views, feature interactions, session duration, navigation paths within the platform | Platform improvement, user experience optimization, service analytics |
mm77 does not collect special categories of sensitive personal data as defined under RA 10173 (such as health information, racial or ethnic origin, political opinions, or biometric data) unless specifically required for regulatory identity verification purposes and with explicit consent where applicable.
mm77 collects personal data through the following channels and mechanisms:
mm77 processes personal data only where a legitimate legal basis exists under RA 10173. The following table sets out the primary purposes of data processing and the corresponding legal bases relied upon:
| Processing Purpose | Legal Basis (RA 10173) |
|---|---|
| Account registration and identity verification (KYC) | Contractual necessity; legal obligation (PAGCOR / AMLA) |
| Processing deposits and withdrawals via GCash, PayMaya, and banks | Contractual necessity; legal obligation (BSP payment regulations) |
| Providing gaming services and maintaining game session records | Contractual necessity; legitimate interests (regulatory audit trail) |
| Fraud prevention, security monitoring, and abuse detection | Legitimate interests; legal obligation |
| Anti-money laundering (AML) transaction monitoring and reporting | Legal obligation (AMLA / PAGCOR regulatory requirement) |
| Responsible gaming monitoring (deposit limits, self-exclusion) | Legal obligation (PAGCOR responsible gaming mandate); vital interests |
| Customer support, complaint handling, and dispute resolution | Contractual necessity; legitimate interests |
| Promotional communications and bonus delivery to opted-in players | Consent |
| Platform analytics and service improvement | Legitimate interests |
| Compliance with PAGCOR audit, reporting, and record-keeping obligations | Legal obligation |
mm77 does not sell, rent, or commercially trade your personal data. Personal information is shared only with the following categories of recipients, strictly on a need-to-know basis and where a legitimate purpose and legal basis exist:
Data sharing commitment: All third-party recipients are bound by contractual data processing obligations requiring them to maintain at minimum the same standard of data protection applied by mm77. mm77 does not permit third-party recipients to use your personal data for their own commercial purposes.
Certain data processing activities — particularly those involving certified international game providers, cloud infrastructure providers, and cybersecurity services — may involve the transfer of personal data outside the Republic of the Philippines.
Where such transfers occur, mm77 ensures they are conducted in compliance with RA 10173 and NPC regulations governing cross-border data flows. Specifically, mm77 takes appropriate safeguards including: contractual clauses requiring the overseas recipient to provide protection equivalent to RA 10173 standards; verification that the destination jurisdiction has adequate data protection laws; or explicit consent from the data subject where required.
For the avoidance of doubt, KYC identity document data and Philippine financial transaction records are processed and stored on infrastructure located within or contractually governed by Philippine law obligations wherever operationally feasible.
mm77 retains personal data only for as long as necessary to fulfill the purpose for which it was collected or as required by applicable legal and regulatory obligations. The following retention periods apply:
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymized using industry-standard data destruction methods. Data that has been anonymized to a standard where individual re-identification is not reasonably possible may be retained for platform analytics and service improvement indefinitely.
mm77 implements a multi-layered information security framework to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. Security measures include, but are not limited to, the following:
Your role in security: No technical security system is fully effective without responsible behavior on your part. Use a strong, unique password for your mm77 account. Never share your credentials with anyone. Enable 2FA in your account settings. Be cautious of phishing sites impersonating mm77. The official mm77 domain is mm77.bio — bookmark it to avoid navigating to fraudulent imitations.
mm77 uses first-party cookies and similar browser-based technologies to operate the platform effectively. No third-party advertising cookies are used on mm77. The following cookie categories are used:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Session management, login authentication, security tokens. Cannot be disabled without breaking core platform functionality. | Session / 24 hours |
| Functional | Language preference, remembered device for 2FA bypass, interface display preferences, "Remember me" login state. | 7–14 days |
| Analytics | Anonymized usage statistics: page load times, navigation paths, game category performance. Used for platform optimization only. | 30–90 days |
| Security | Device fingerprinting tokens for fraud detection, CSRF protection tokens, rate-limiting identifiers. | Session / 30 days |
You may manage cookie preferences through your browser settings. Note that disabling strictly necessary cookies will prevent you from logging in and using core mm77 platform features. mm77 does not use cookies to deliver third-party advertising or to track your activity on websites outside of mm77.bio.
Under RA 10173, you have the following rights in relation to the personal data mm77 holds about you. These rights may be exercised by contacting mm77's Data Protection Officer as described in Section 14.
You have the right to request a copy of the personal data mm77 holds about you, including the categories processed, sources, purposes, and any third parties with whom it has been shared.
You have the right to request correction of any inaccurate, incomplete, or outdated personal data in your mm77 account. Basic account details can be updated directly from Account Settings.
You may request deletion of your personal data where it is no longer necessary for its original purpose, subject to mm77's legal retention obligations under PAGCOR and AMLA requirements.
You may object to processing based on legitimate interests, including objecting to receiving promotional communications. Opt-out from marketing emails is available directly from any marketing email received.
In certain circumstances, you may request that mm77 restrict active processing of your personal data — for example, while an accuracy dispute is being resolved.
You may request a machine-readable export of personal data you directly provided to mm77, where technically feasible and where processing is based on consent or contract.
mm77 will respond to data subject requests within 30 days of receipt. In complex cases requiring additional investigation, mm77 may extend this period by a further 30 days with written notification to the requester. Data subject requests that are manifestly unfounded or excessive may be refused with written explanation.
If you are not satisfied with mm77's response to a data subject request, you have the right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.
mm77 does not knowingly collect personal data from individuals under the age of 21. Under PAGCOR regulations and Philippine law, access to real-money online gaming is restricted to adults aged 21 years and above. mm77 employs age verification processes as part of account registration and KYC review to enforce this requirement.
If mm77 becomes aware that personal data has been collected from a person under 21 years of age, the relevant account will be immediately suspended, all associated data will be reviewed and handled in accordance with child data protection obligations under RA 10173, and any real funds deposited will be returned in accordance with applicable law.
Parent or guardian notice: If you believe a person under the age of 21 has registered on mm77 or provided personal information to the platform, please contact mm77 immediately via live chat or at [email protected]. mm77 takes the protection of minors' data with the utmost seriousness and will act promptly on any such report.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, mm77 will comply with the breach notification requirements under RA 10173 and NPC Circular No. 16-03 (Personal Data Breach Management).
Specifically, mm77 will notify the National Privacy Commission within 72 hours of becoming aware of a qualifying breach, as required. Where the breach is likely to present a high risk to the rights and freedoms of affected data subjects, mm77 will also notify affected individuals without undue delay, via their registered email address or in-platform notification, providing information on the nature of the breach, the data affected, likely consequences, and the measures mm77 has taken or proposes to take to address it.
mm77 maintains an incident response plan specifically addressing data security events, including procedures for containment, impact assessment, notification, and remediation. All suspected or confirmed data security incidents are managed by mm77's designated Data Protection Officer.
mm77 reserves the right to update this Privacy Policy from time to time to reflect changes in applicable law, regulatory guidance from PAGCOR or the NPC, platform feature additions, or operational changes that affect data processing activities.
Where amendments are material — meaning they substantively affect your rights or the manner in which your data is processed — mm77 will provide advance written notice to registered players via the email address on file and/or through a prominent notice on the platform prior to the revised Policy taking effect. The effective date of any revised Privacy Policy will be clearly displayed at the top of the document.
Continued use of mm77 following notice of a material Privacy Policy update constitutes your acknowledgment of the revised Policy. If you do not agree with any material changes, you may close your account as described in mm77's Terms & Conditions.
mm77 has designated a Data Protection Officer (DPO) in compliance with RA 10173 requirements. The DPO is responsible for overseeing mm77's data protection compliance, handling data subject requests, managing data breach response, and liaising with the National Privacy Commission.
To exercise any of your data subject rights, raise a privacy concern, or report a potential data security issue, please contact mm77 through the following channels:
You also have the right to escalate unresolved privacy concerns to the National Privacy Commission of the Philippines. The NPC accepts complaints through its official channels as published on the NPC's official government website. mm77 cooperates fully with any NPC inquiry or investigation.
mm77 is built on transparency, compliance, and genuine respect for every Filipino player's privacy. Ready to experience a licensed, secure, and Filipino-first gaming platform? One account. GCash deposits. 1,000+ games. Must be 21+ to play.