1. Introduction

Welcome to Resibilis ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy in accordance with the Republic Act No. 10173, also known as the Data Privacy Act of 2012 of the Philippines, and its Implementing Rules and Regulations.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our receipt generator service.

2. Information We Collect

2.1 Personal Information (with consent)

• Account Information: Name, email address, and profile picture (from Google OAuth)
• Business Information: Business name, address, phone, and email (optional, user-provided)
• Receipt Data: Customer names, items, prices, and notes you enter

2.2 Automatically Collected Information

• Browser type and version
• Device information
• Usage data (pages visited, time spent)
• IP address (anonymized)

2.3 Information We Do NOT Collect

• Credit card or payment card numbers
• Government-issued ID numbers
• Sensitive personal information as defined under the DPA

3. Legal Basis for Processing (DPA Compliance)

Under the Data Privacy Act of 2012, we process your personal information based on:

• Consent: You provide explicit consent when creating an account
• Contract: Processing is necessary to provide the service you requested
• Legitimate Interest: Improving our services and ensuring security

4. How We Use Your Information

• To provide and maintain our receipt generation service
• To save your receipt history (only when logged in)
• To enable product/service catalog features
• To process premium subscriptions
• To communicate service updates
• To improve user experience

5. Data Storage and Security

Your data is stored securely on Supabase infrastructure with:

• Row Level Security (RLS) ensuring you can only access your own data
• Encryption in transit (TLS/SSL)
• Encryption at rest
• Regular security audits

Guest Users: If you use Resibilis without signing in, your data is processed entirely in your browser and is NOT stored on our servers.

6. Data Sharing

We do NOT sell, rent, or trade your personal information. We may share data with:

• Service Providers: Supabase (database), Vercel (hosting), Google (authentication)
• Legal Requirements: When required by Philippine law or valid legal process

7. Your Rights Under the Data Privacy Act

As a data subject, you have the following rights:

• Right to be Informed: Know how your data is being processed
• Right to Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Object: Object to processing of your data
• Right to Data Portability: Receive your data in a portable format
• Right to Damages: Claim compensation for damages from data breach

To exercise these rights, contact us at privacy@resibilis.com

8. Data Retention

• Active Accounts: Data retained while account is active
• Deleted Accounts: Data deleted within 30 days of account deletion
• Receipt History: Retained for 5 years for record-keeping purposes

9. Cookies

We use essential cookies only for:

• Authentication session management
• Theme preference (dark/light mode)

We do NOT use tracking or advertising cookies.

10. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect information from minors. If you are a parent and believe your child has provided us with personal information, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

12. Contact Us

For privacy-related inquiries or to exercise your rights under the Data Privacy Act:

• Email: privacy@resibilis.com
• Data Protection Officer: dpo@resibilis.com

You may also file a complaint with the National Privacy Commission (NPC)of the Philippines at www.privacy.gov.ph