Privacy Policy

Effective Date: February 15, 2026

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data in compliance with Philippine law.

Governed by RA 10173 (Data Privacy Act of 2012)

1. Introduction

KabanKo (“we,” “us,” or “our”) is committed to protecting your privacy and complying with the Data Privacy Act of 2012 (RA 10173) and the regulations of the National Privacy Commission (NPC).

2. Personal Data We Collect

2.1 Account Information (Identity)

Email Address: Required for creating your account, authenticating via “Magic Link” or Google Sign-In, and sending security notifications.

Google OAuth Data: If you sign in with Google, we receive your email address and basic profile information (name, profile picture) from Google. We do not access your Google contacts, calendar, or any other Google services.

2.2 App Usage Data (Sensitive & Financial)

To provide the specific features of KabanKo, we process the data you voluntarily input, which may include:

  • Financial Data: Income, expenses, savings logs (Ipon), loan details, and lists of debtors (Utang).
  • Health/Lifestyle Data: Dietary restrictions, allergies, family size, and meal preferences (for the Kusina module).

2.3 What We DO NOT Collect

  • Government-issued IDs
  • Mobile numbers
  • Physical Addresses

2.4 Legal Basis for Processing

  • Consent: You voluntarily provide your email and usage data when creating an account.
  • Contractual Necessity: Processing your financial and meal preference data is required to perform the services you requested.
  • Legitimate Interest: We monitor system performance and fix bugs to improve service reliability.

3. How We Use Your Information

  • Authenticate your identity (log you in).
  • Provide Services: Generate meal plans, calculate loan amortization, and visualize your financial health.
  • AI Processing: Where feasible, we minimize personal data in AI requests. Some features may include user-provided names or free-text you submit (e.g., debt reminders or chat). Avoid entering highly sensitive information into free-text fields.
  • Improve Reliability: Monitor system performance and fix bugs.

4. Data Sharing and Third Parties

We generally do not share your data. However, to operate the service, we work with trusted third-party processors:

Google: Authentication (Google Sign-In). See Google Privacy Policy.

AI Service Providers: AI APIs used to generate recommendations and content (provider may vary).

Cloud Infrastructure: Vercel / Supabase / Render.

4.1 International Data Transfers

Because our third-party service providers (such as Vercel, Supabase, and AI providers) are based globally, your personal data may be transferred to and processed in countries outside the Philippines (e.g., the United States or Singapore). We take steps to work with reputable providers and apply reasonable safeguards.

5. Data Protection Measures

  • Encryption: Data is encrypted in transit (HTTPS) and at rest.
  • Access Control: Strict limitations on who can access the database.
  • No Passwords: We use passwordless authentication to eliminate password theft risk.

6. Your Rights as a Data Subject

  • Access & Portability: Request a copy of your data (JSON/CSV).
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion of your account.
  • File a Complaint: You may file a complaint with the National Privacy Commission (NPC).

7. Data Retention

  • If you delete your account: We delete your data from active systems. Some residual copies may remain in backups for a limited period until they are rotated out.
  • Inactive Accounts: We reserve the right to delete free tier accounts that have been inactive for over 12 months.

8. Security Incidents

In the event of a serious data breach, we will:

  1. Secure the system to prevent further loss.
  2. Notify the NPC within 72 hours.
  3. Notify affected users via email with details and protective steps.

9. Updates to Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Effective Date.” Significant changes may be communicated via a banner on the website or email notification.

10. Cookies & Children

Cookies / Local Storage: We use essential browser storage to keep you signed in and to secure sessions. We also use first-party product analytics and performance monitoring to improve reliability. We do not use advertising cookies.

Children: Not intended for users under 18. We do not knowingly collect data from minors.

11. Automated Decision-Making

We use AI to generate meal plans and insights. These are recommendations only and do not make automated decisions with legal effects. You retain full control over your decisions.

12. Contact Information

For privacy concerns, please contact:

Data Protection Officer (DPO)

Email: support@kabanko.app

Address: Pozorrubio, Pangasinan, Philippines