Skip to main content
Back to Legal

hoapay Cookie Policy

Effective Date: May 1, 2025  ·  Last updated: May 1, 2025

This Cookie Policy explains how hoapay ("we," "us," or "our") uses cookies and similar technologies when you access or use the hoapay platform ("Service"). It should be read together with our Privacy Policy, which governs the processing of your personal data in compliance with Republic Act No. 10173 (Data Privacy Act of 2012, "DPA") and the regulations of the National Privacy Commission (NPC) of the Philippines.

1. What Are Cookies?

Cookies are small text files placed on your device (computer, tablet, or mobile phone) by websites you visit. They are widely used to make websites function correctly, improve efficiency, and provide information to site operators. Cookies may be "session cookies" (deleted when you close your browser) or "persistent cookies" (retained on your device until they expire or you delete them).

Under the DPA and NPC Advisory Opinions, cookies that collect personal data — such as identifiers that can be linked to a specific individual — are subject to the same data protection principles as other forms of personal data processing, including the requirements of transparency, legitimate purpose, and proportionality.

2. Cookies We Use

hoapay uses only the categories of cookies strictly necessary to operate the Service. We do not use advertising, tracking, or profiling cookies of any kind.

2.1 Strictly Necessary Cookies

These cookies are essential for you to access and use the Service. Without them, core features such as logging in and maintaining your session cannot function. Because they are strictly necessary for the performance of a service you have explicitly requested, these cookies do not require your prior consent under applicable NPC guidance.

Cookie namePurposeTypeDuration
sb-<project>-auth-tokenStores your authenticated session token issued by Supabase AuthSession / PersistentUntil sign-out or token expiry (default: 1 hour; refresh extends to 7 days)
sb-<project>-auth-token-code-verifierPKCE code verifier used during the OAuth/magic-link authentication flowSessionDeleted after authentication completes

These cookies are set by Supabase, our authentication and database infrastructure provider, acting as a subprocessor under a data processing agreement consistent with the DPA. No personal data held in these cookies is shared with any advertising network or third party beyond Supabase.

2.2 Preference Cookies (Optional)

If you select a display preference (e.g., dark mode), a lightweight preference value may be stored in your browser's localStorage — not as a cookie — to remember your choice on future visits. This value contains no personal data and cannot identify you.

3. Cookies We Do Not Use

We explicitly do not deploy:

  • Advertising or targeting cookies — We have no relationship with advertising networks, and we do not serve ads within the Service.
  • Third-party analytics cookies — We do not embed Google Analytics, Meta Pixel, or any similar cross-site tracking script. Any analytics we perform are aggregated server-side and cannot identify individual users.
  • Social media tracking pixels — No social media widgets or share buttons are embedded in the Service that would allow third parties to track your activity.

4. Legal Basis for Cookie Use

Our use of strictly necessary cookies is based on contractual necessity and legitimate interest under Sections 12(b) and 12(f) of the DPA — specifically, the need to provide you with the authenticated, secure Service you have contracted to use. We rely on the same bases recognized in NPC Advisory Opinion No. 2019-057 and subsequent issuances regarding session management.

Because we do not use non-essential cookies, we do not present a cookie consent banner. Should we introduce any non-essential cookies in the future, we will update this policy, notify you in advance, and obtain your explicit consent where required.

5. Managing and Deleting Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to:

  • View the cookies currently stored on your device
  • Block all or specific cookies
  • Delete cookies when you close the browser or on demand

Please note that blocking or deleting the strictly necessary cookies listed in Section 2.1 will prevent you from logging in to the Service, as your authenticated session cannot be maintained. For guidance specific to your browser, visit your browser's help documentation:

6. Your Rights Under the Data Privacy Act

To the extent any cookies or localStorage values process personal data, you retain all rights afforded to data subjects under Chapter III of the DPA, including the right to access, rectification, erasure, and data portability. You may exercise these rights at any time by contacting our Data Protection Officer at info@hoapay.cloud. You may also lodge a complaint with the National Privacy Commission at privacy.gov.ph.

7. Changes to This Cookie Policy

We may update this Cookie Policy as the Service evolves or as regulatory guidance from the NPC is issued. Material changes will be communicated via email or in-app notification at least fifteen (15) days before taking effect. The updated policy will be posted on this page with a revised effective date.

8. Contact Us

For questions about our use of cookies or to exercise your data subject rights, contact our Data Protection Officer:

hoapay Data Protection Officer
Email: info@hoapay.cloud