Privacy Policy

Effective Date: November 19, 2025

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data in compliance with Philippine law.

Governed by RA 10173 (Data Privacy Act of 2012)

1. Introduction

KaibiganGPT ("we," "us," or "our") is committed to protecting your privacy and complying with the Data Privacy Act of 2012 (RA 10173) and the regulations of the National Privacy Commission (NPC).

2. Personal Data We Collect

2.1 Account Information (Identity)

Email Address: Required for creating your account, authenticating via "Magic Link," and sending security notifications.

2.2 App Usage Data (Sensitive & Financial)

To provide the specific features of KaibiganGPT, we process the data you voluntarily input, which may include:

  • Financial Data: Income, expenses, savings logs (Ipon), loan details, and lists of debtors (Utang).
  • Health/Lifestyle Data: Dietary restrictions, allergies, family size, and meal preferences (for the Kusina module).

2.3 What We DO NOT Collect

  • Government-issued IDs
  • Mobile numbers
  • Physical Addresses (except as required for billing by our payment processor)

2.4 Legal Basis for Processing

  • Consent: You voluntarily provide your email and usage data when creating an account.
  • Contractual Necessity: Processing your financial and meal preference data is required to perform the services you requested.
  • Legitimate Interest: We monitor system performance and fix bugs to improve service reliability.

3. Payment Information

We do not store or process your credit card or banking information.

All payments for KaibiganGPT PRO are processed securely by our Merchant of Record, Lemon Squeezy. When you subscribe, Lemon Squeezy collects your billing details. Their use of your data is governed by their Privacy Policy: Lemon Squeezy Privacy.

4. How We Use Your Information

  • Authenticate your identity (log you in).
  • Provide Services: Generate meal plans, calculate loan amortization, and visualize your financial health.
  • AI Processing: We anonymize your data before sending it to AI providers. Our AI partners do not use your data to train their public models.
  • Improve Reliability: Monitor system performance and fix bugs.

5. Data Sharing and Third Parties

We generally do not share your data. However, to operate the service, we work with trusted third-party processors:

Lemon Squeezy: Payments.

AI Service Providers: OpenAI / Anthropic.

Cloud Infrastructure: Vercel / Supabase.

5.1 International Data Transfers

Because our third-party service providers (such as Vercel, Supabase, and OpenAI) are based globally, your personal data may be transferred to and processed in countries outside the Philippines (e.g., the United States or Singapore). We ensure that these providers adhere to strict security standards comparable to the Data Privacy Act of 2012.

6. Data Protection Measures

  • Encryption: Data is encrypted in transit (HTTPS) and at rest.
  • Access Control: Strict limitations on who can access the database.
  • No Passwords: We use passwordless authentication to eliminate password theft risk.

7. Your Rights as a Data Subject

  • Access & Portability: Request a copy of your data (JSON/CSV).
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion of your account.
  • File a Complaint: You may file a complaint with the National Privacy Commission (NPC).

8. Data Retention

  • If you delete your account: Your data is permanently removed from our live databases immediately upon automated deletion request.
  • Inactive Accounts: We reserve the right to delete free tier accounts that have been inactive for over 12 months.

9. Security Incidents

In the event of a serious data breach, we will:

  1. Secure the system to prevent further loss.
  2. Notify the NPC within 72 hours.
  3. Notify affected users via email with details and protective steps.

10. Updates to Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Effective Date." Significant changes may be communicated via a banner on the website or email notification.

11. Cookies & Children

Cookies: We use essential cookies for login sessions only. No tracking/ads cookies.

Children: Not intended for users under 18. We do not knowingly collect data from minors.

12. Automated Decision-Making

We use AI to generate meal plans and insights. These are recommendations only and do not make automated decisions with legal effects. You retain full control over your decisions.

13. Contact Information

For privacy concerns, please contact:

Data Protection Officer (DPO)

Email: support@kaibigangpt.com

Address: Pozorrubio, Pangasinan, Philippines