Table of Contents
1. Introduction
CareConnect PH respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the rights you have under Philippine law.
This policy is issued in accordance with Republic Act No. 10173 (the "Data Privacy Act of 2012"), its Implementing Rules and Regulations (IRR), and relevant issuances of the National Privacy Commission (NPC).
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
The "Personal Information Controller" (PIC) under RA 10173 is:
- CareConnect PH (sole proprietorship, registration pending)
- Based in: Republic of the Philippines
- Email: contact@careconnect-ph.com
3. Personal Data We Collect
We collect the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Account Identifiers | Full name, email address, phone number, password hash | Directly from you at sign-up |
| Profile Data | Profile photo, role (client/provider), service categories, skills, address or barangay | You, when completing your profile |
| Location Data | City, province, approximate GPS (only if you allow it) | You or your browser |
| Service Activity | Task postings, applications, agreements, ratings, reviews | Generated by your use of the Service |
| Communications | Chat messages, notification preferences | Generated by you through the Service |
| Verification Documents | Government-issued ID, certifications (providers only) | Provided by you during verification |
| Technical Data | Browser type, device, IP address, login timestamps | Automatically when you use the Service |
We do not currently collect payment card details. Once payment features are introduced, that data will be processed by a certified payment gateway (e.g., PayMongo, Xendit, GCash), and additional disclosures will be made at that time.
4. Why We Collect It (Purposes of Processing)
We process your personal data only for specified, legitimate purposes:
- Authentication — to verify your identity and keep your account secure;
- Matching & Discovery — to connect clients with suitable providers based on service needs and location;
- Communication — to enable chat, notifications, and transactional emails between users;
- Trust & Safety — to prevent fraud, abuse, and unauthorized activity;
- Verification — to confirm provider qualifications and build trust;
- Service improvement — to analyze usage patterns and improve our features;
- Legal compliance — to comply with applicable Philippine law, court orders, or NPC instructions.
5. Legal Basis for Processing
Under Sections 12 and 13 of RA 10173, our processing of your data is supported by one or more of the following:
- Consent — you agree to our Privacy Policy at sign-up;
- Contractual necessity — processing is required to deliver the Service you requested;
- Legal obligation — compliance with Philippine law;
- Legitimate interest — to secure the Service, prevent fraud, and improve user experience, balanced against your privacy rights.
7. Data Retention
We keep your personal data only as long as necessary:
- Active accounts — we retain your data for as long as your account remains active;
- Deleted accounts — most data is deleted within 30 days of account deletion, except where retention is required for legal, tax, or dispute-resolution purposes;
- Inactive accounts — we may delete or anonymize accounts after 5 years of inactivity;
- Chat messages & agreements — retained for up to 5 years after last activity to support dispute resolution;
- Financial records (when applicable) — retained for 10 years in line with the National Internal Revenue Code.
8. International Transfers
Our infrastructure partner, Google/Firebase, may store and process data on servers located outside the Philippines (primarily in the United States and the European Union). When we transfer personal data outside the Philippines, we ensure:
- The receiving jurisdiction affords an adequate level of protection, or
- Appropriate contractual safeguards are in place (e.g., Google's Standard Contractual Clauses).
You can review Google's privacy practices at policies.google.com/privacy.
9. Data Security
We implement reasonable and appropriate organizational, physical, and technical safeguards, including:
- Encryption in transit — all data is transmitted over HTTPS/TLS;
- Encryption at rest — provided by Google Cloud for Firestore and Cloud Storage;
- Access controls — Firebase Security Rules restrict data access by user identity and role;
- Authentication — password hashing managed by Firebase Authentication;
- Monitoring — logs and alerts for suspicious activity;
- Least privilege — internal access to personal data is limited to those who need it to operate the Service.
No system is perfectly secure. In the event of a personal data breach likely to result in serious harm, we will notify affected users and the NPC within 72 hours as required by law.
10. Your Rights Under RA 10173
As a data subject, you have the following rights:
Right to Be Informed
Know what data we process, how, and why — through this Policy and related notices.
Right to Access
Request a copy of the personal data we hold about you.
Right to Correct (Rectification)
Ask us to correct any inaccurate or outdated personal data.
Right to Object
Object to processing based on legitimate interest or for direct marketing.
Right to Erasure / Blocking
Request deletion or blocking of personal data that is outdated, unlawful, or no longer necessary.
Right to Data Portability
Receive your personal data in a commonly used, machine-readable format.
Right to Damages
Be indemnified for damages sustained due to inaccurate, incomplete, or unauthorized use of your data.
Right to File a Complaint
Lodge a complaint with the National Privacy Commission (see section 14 below).
To exercise any of these rights, contact our Data Privacy Officer (section 13). We will respond within a reasonable time, typically no more than 30 days.
12. Children's Privacy
CareConnect PH is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact our DPO and we will delete it promptly.
13. Data Privacy Officer (DPO)
For any privacy-related questions, concerns, or to exercise your rights, please contact our Data Privacy Officer:
- Email: contact@careconnect-ph.com (subject line: "DPO Request")
- Response time: within 2 business days for initial acknowledgment; within 30 days for resolution
14. National Privacy Commission
If you believe your privacy rights have been violated and we have not resolved your concern satisfactorily, you may file a complaint with the National Privacy Commission:
National Privacy Commission (NPC)
Address: 5th Floor, Philippine International Convention Center (PICC), Vicente Sotto St., Pasay City, Metro Manila 1307
Website: www.privacy.gov.ph
Email: info@privacy.gov.ph
Complaints portal: privacy.gov.ph/complaints-main
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or to comply with legal requirements. When we make material changes, we will update the "Last updated" date above and notify you through the Platform or by email. Continued use after the effective date constitutes your acceptance of the revised Policy.