Privacy Policy

When you use BarBridge we collect the following categories of personal information: **Account Information** — When you sign in with Google, we receive your name, email address, and profile photo from your Google account. **Profile Information** — You may voluntarily provide additional information such as a display name, phone number, short biography, professional credentials, and subject specializations. **Usage Data** — We collect information about how you interact with the platform, including pages visited, features used, session timestamps, and device information (browser type, operating system). **Communication Data** — Messages you send to coaches or students through our in-app messaging feature are stored on our servers. **Payment Data** — When you submit payment proofs or request payouts, we store transaction amounts, reference numbers, and uploaded proof images. We do **not** store credit card numbers or bank account numbers directly; payout banking details are stored in encrypted form. **Assessment Data** — Answers, scores, and feedback you submit or receive through assessments.

Under the Philippine **Data Privacy Act of 2012 (Republic Act No. 10173)**, we process your personal information based on the following lawful criteria: - **Consent** — By creating an account and using BarBridge, you consent to the collection and processing of your personal information as described in this policy. - **Contractual necessity** — Processing is necessary to provide you with the coaching services you request (e.g., enrollment, scheduling, assessments). - **Legitimate interest** — We may process data for platform improvement, fraud prevention, and ensuring platform safety, balanced against your rights and freedoms.

We use personal information for the following purposes: - To create and manage your account - To match students with coaches and facilitate enrollments - To enable in-app messaging between coaches and students - To process and verify payments - To deliver assessments, track progress, and generate performance reports - To send notifications about sessions, assessments, and account activity - To improve platform features and user experience - To detect and prevent fraud or abuse - To comply with legal obligations

We share your information only in these circumstances: - **Between coaches and students** — When you enroll in a program, your coach can see your display name, profile information, assessment results, and progress data. - **Service providers** — We use Supabase for database hosting and authentication, Google for OAuth sign-in, and Vercel for web hosting. These providers process data on our behalf under data processing agreements. - **Legal requirements** — We may disclose information if required by law, regulation, or legal process, including requests from the National Privacy Commission. - **With your consent** — We may share information for purposes you have explicitly approved. We do **not** sell your personal information to third parties.

We retain your personal information for as long as your account is active or as needed to provide services. Specifically: - **Account and profile data** — Retained until you delete your account or request deletion. - **Messages** — Retained for the duration of the conversation. Deleted messages are soft-deleted (marked as deleted) but removed from view. - **Payment records** — Retained for a minimum of 10 years to comply with Philippine tax and accounting regulations (BIR requirements). - **Assessment data** — Retained for the duration of your enrollment plus 2 years. - **Usage logs** — Retained for up to 1 year for analytics and troubleshooting. When you request account deletion, we will delete or anonymize your personal data within 30 days, except for records we are legally required to retain.

As a data subject under RA 10173, you have the following rights: - **Right to be informed** — You have the right to know how your personal data is being processed. - **Right to access** — You may request a copy of your personal data that we hold. - **Right to object** — You may object to the processing of your personal data, including processing for direct marketing. - **Right to erasure or blocking** — You may request the deletion or blocking of your personal data if it is incomplete, outdated, falsely obtained, or no longer necessary for the declared purpose. - **Right to rectification** — You may request correction of inaccurate or incomplete personal data. - **Right to data portability** — You may request your personal data in a structured, commonly used, and machine-readable format. - **Right to file a complaint** — You may file a complaint with the National Privacy Commission if you believe your data privacy rights have been violated. To exercise any of these rights, contact us at **privacy@barbridge.ph**. We will respond to your request within 30 days.

We implement appropriate organizational and technical security measures to protect your personal information: - All data is transmitted over HTTPS (TLS encryption). - Database access is controlled through Row Level Security policies. - Sensitive fields (such as bank payout details) are encrypted at rest. - Authentication is handled through Google OAuth with Supabase Auth — we never store your Google password. - Access to administrative functions is role-gated and limited to authorized personnel. While we strive to protect your information, no method of electronic transmission or storage is completely secure. If you discover a security vulnerability, please contact us immediately at privacy@barbridge.ph.

BarBridge uses the following browser storage technologies: - **Authentication cookies** — Supabase sets secure, HTTP-only cookies to maintain your login session. These are strictly necessary and cannot be disabled. - **Local storage** — We store display preferences (such as dark mode and compact view settings) in your browser's local storage. These are not used for tracking. We do **not** currently use third-party analytics cookies or advertising trackers. If we introduce analytics in the future, we will update this policy and obtain your consent before setting non-essential cookies.

BarBridge is intended for law students and legal professionals. We do not knowingly collect personal information from children under 18 years of age. If we learn that we have collected data from a child under 18, we will delete it promptly.

Your data may be processed on servers located outside the Philippines (e.g., Supabase infrastructure in Singapore/US, Vercel edge network). When data is transferred internationally, we ensure that appropriate safeguards are in place in compliance with the Data Privacy Act and NPC Circular 2016-02.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through in-app notifications or by posting a notice on our website. Your continued use of BarBridge after changes take effect constitutes acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or our data practices, or to exercise your data privacy rights, contact us at: **BarBridge Data Protection Officer** Email: privacy@barbridge.ph You may also file a complaint with the **National Privacy Commission**: [privacy.gov.ph](https://www.privacy.gov.ph/complaints-assistance/)