AYUDA AYUDA
About Programs Privacy
Login Sign Up
Effective date: May 31, 2026

PHILIPPINES PRIVACY NOTICE & DATA PRIVACY CONSENT (AYUDA)

This Privacy Notice and Data Privacy Consent ("Notice") explains how AYUDA (the "System") collects, uses, stores, shares, and protects your personal data when you register, log in, submit applications, upload documents/photos, receive notifications, or otherwise use the System.

This Notice is issued in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and relevant issuances of the National Privacy Commission (NPC).

1) Who controls your personal data

Personal Information Controller (PIC): The organization/office operating the AYUDA system deployment (e.g., LGU office/department or institution administering the assistance programs).

Personal Information Processors (PIPs): Third parties (if any) providing hosting, database, cloud storage, email/SMS delivery, and security services strictly to operate and maintain the System under contract.

2) What information do we collect?

We may collect personal information, sensitive personal information, and technical data, depending on what features you use.

A. Account and identity details

  • Email address
  • Full name (first, middle, last)
  • Password (stored as a hashed value, not in plain text)
  • User role (community/admin/super admin)
  • Profile picture (if provided)
  • Account activity timestamps (e.g., registration time, last activity)

B. Profile and demographic data (community users)

  • Age and birth details (month/day/year)
  • Gender
  • Mobile number
  • Address information (e.g., municipality, barangay, sitio/street/address)
  • Civil status, religion, place of birth, educational attainment
  • Employment/occupation and related descriptors
  • Indicators such as senior citizen, PWD, solo parent (if applicable)
  • Verification IDs and verification documents for senior citizen, PWD, or solo parent requests, including status and review timestamps (if applicable)
  • Disability type (if applicable)
  • Income details (e.g., annual income and income category)
  • Selected areas of concern for recommendations/personalized service
Some of the above may be sensitive personal information under RA 10173 depending on how it is used and what it reveals.

C. Application and program-related information

  • Program applied to, application date, status, remarks
  • Submission deadlines and submission status
  • Review/verification details (review date, reviewed by, verification status)
  • Assessment/interview/home visit records, schedules, findings, and recommendations (when applicable)
  • Claim scheduling information (date/time/location/instructions/status)
  • Beneficiary list snapshots and payout scheduling details for subsidy releases (when applicable)
  • Verification codes for submissions and related timestamps
  • Cancellation requests and reasons (if any)

D. Uploaded files, documents, and photos

  • Document files and metadata (filename, type, size, upload timestamp)
  • Photos (e.g., shelter/assessment photos) and captions
  • Admin feedback/notes related to uploads

E. Communications, announcements, and notifications

  • Notifications (message, title, read/unread status, related records)
  • Announcement content and attached images/links (where applicable)

F. Technical data and audit logs

  • IP address
  • Login/logout events
  • Actions performed (e.g., submissions, approvals/denials, downloads/exports)
  • Search queries and filters used in the system (when logged for auditing)
  • Time, date, and system event metadata

G. Preference and engagement data

  • Saved programs and hidden/not interested programs
  • Preference signals used to personalize recommendations (e.g., saved/hidden programs)

3) How do we use your information?

We use your personal data for legitimate and specific purposes, including:

A. To provide and operate the service

  • Create and manage accounts
  • Authenticate users and maintain sessions
  • Provide role-based access (community/admin/super admin)
  • Display and manage your profile and application history

B. To process applications and deliver program services

  • Accept applications and supporting documents
  • Evaluate eligibility, verify submissions, and administer approval/denial workflows
  • Schedule claim/pickup and provide instructions
  • Maintain records required for program implementation and auditing

C. To communicate with you

  • Send in-system notifications about application status, deadlines, schedules, and announcements
  • Respond to user support requests or administrative inquiries (if implemented by the operator)

D. To maintain security, integrity, and accountability

  • Monitor suspicious activity and prevent abuse
  • Maintain audit logs of actions taken by users and admins
  • Troubleshoot issues and ensure system reliability

E. To comply with law and government/accountability requirements

  • Meet lawful obligations, reporting, auditing, and records retention requirements (when applicable to the operator)

4) Legal bases for processing (PH context)

Under RA 10173, AYUDA may process personal data based on one or more of the following, as applicable:

  • Consent (e.g., when you register and submit information/documents)
  • Contract / performance of a contract (to deliver the requested service/program processing)
  • Compliance with a legal obligation (record-keeping, lawful requests)
  • Legitimate interests (system security, fraud prevention, audit trails), balanced against your rights and freedoms

For sensitive personal information, processing may require higher protection and may be based on consent or other grounds allowed by law, depending on the program context.

5) Who do we share your information with?

We do not sell your personal data.

We may share your data only as necessary with:

  • Authorized staff/admin reviewers of the program (role-based access)
  • IT/hosting providers acting as processors under contract and confidentiality
  • Auditors/oversight bodies, if required by rules of the operating organization
  • Law enforcement/regulators/government entities when required by law or valid legal process

6) How long do we keep your information?

We retain information only for as long as necessary to:

  • Provide services and manage your account
  • Complete application processing and program administration
  • Maintain audit trails and comply with legal/administrative retention requirements

Retention periods may differ by record type (account data vs. applications vs. uploaded documents vs. logs). When retention is no longer required, we will securely delete, anonymize, or archive data as appropriate and feasible.

7) How can you manage or delete your information and exercise your rights?

A. Managing your information in the System

Depending on the features enabled by the system operator, you may be able to:

  • Review and update profile details
  • Track applications and upload required documents
  • Update some fields (subject to validation and program rules)

If self-service editing/deletion is limited, you may request assistance from the administrator/DPO.

B. Your Data Subject Rights (RA 10173)

Subject to conditions and exceptions under law, you may exercise:

  • Right to be informed
  • Right to access
  • Right to object
  • Right to erasure or blocking (when applicable)
  • Right to rectification (correction)
  • Right to data portability (where applicable)
  • Right to file a complaint with the NPC

C. How to submit a request

Submit a request to the Privacy Contact/DPO listed in Section 1. Include:

  • Full name and registered email
  • Specific request (access/correction/erasure/objection/etc.)
  • Relevant application reference (if any)
  • Proof of identity (reasonable verification may be required)

Timeframes: The PIC will respond within a reasonable period consistent with RA 10173 and NPC guidance, and may extend where allowed, with notice.

D. Account deletion / erasure requests (important notes)

  • Some data may be retained if required for legal compliance, audits, dispute resolution, or to protect system integrity (e.g., logs tied to security or program accountability).
  • Uploaded documents tied to approved/processed applications may need to be retained under program rules.

8) Security measures

We use reasonable organizational, physical, and technical measures, such as:

  • Hashed password storage
  • Role-based access controls
  • CSRF protection for form submissions
  • Access control for documents/files and admin-only data
  • Secure configuration via environment variables and secret keys
  • Logging/auditing for accountability and incident response

No system is 100% secure; you acknowledge that online transmission and storage have inherent risks.

9) Consent

By registering, logging in, submitting applications, and/or uploading documents/photos, you:

  1. Confirm that the information you provide is accurate and you are authorized to provide it; and
  2. Consent to the collection, use, storage, and disclosure of your personal data as described in this Notice, for the purposes stated above.

If you do not agree, please do not register or use AYUDA.