Skip to main content
Back to Legal

hoapay Privacy Policy

Effective Date: May 1, 2025  ·  Last updated: May 1, 2025

hoapay ("we," "us," or "our") is committed to protecting your privacy and personal data in compliance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations (IRR), and the issuances of the National Privacy Commission (NPC) of the Philippines. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the hoapay platform.

By using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.

1. Personal Information Controller

hoapay acts as the Personal Information Controller (PIC) as defined under Section 3(h) of the DPA for the personal data collected through the Service. For inquiries or to exercise your data subject rights, contact our Data Protection Officer at info@hoapay.cloud.

2. Personal Data We Collect

We collect and process the following categories of personal data, limited to what is necessary (principle of proportionality) for the purposes stated herein:

  • Account and Identity Data: Full name, email address, mobile number, and password (stored as a secure hash).
  • Profile Data: Profile photo (avatar), household address, and subdivision membership details including your role within the association.
  • Community and Transaction Data: Announcements you post, complaints you file, permit applications, amenity reservations, visitor logs, and emergency incident reports.
  • Visitor Data: Names, government-issued ID types, and contact details of guests you register through the visitor management module.
  • Technical and Usage Data: IP addresses, browser and device type, operating system, pages visited, and timestamps — collected automatically through server logs and cookies.

3. Lawful Basis for Processing

We process your personal data on one or more of the following lawful bases under Sections 12 and 13 of the DPA:

  • Consent — You have given your free, specific, and informed consent (e.g., account registration, optional features).
  • Contractual Necessity — Processing is necessary to perform our obligations under our Terms of Service.
  • Legitimate Interests — Processing is necessary for the legitimate interests of hoapay or your homeowners association, provided these do not override your fundamental rights.
  • Legal Obligation — Processing is required to comply with applicable Philippine law.

4. Purposes of Processing

We use your personal data to:

  • Create, maintain, and manage your account and subdivision membership
  • Provide, operate, and improve the Service and its features
  • Facilitate community management activities within your subdivision
  • Send service-related notices, updates, and notifications (e.g., complaint status updates, announcement alerts, permit approvals)
  • Ensure the security and integrity of the platform
  • Generate anonymized or aggregated analytics to improve the Service
  • Comply with legal obligations, including those under RA 9904 and NPC regulations
  • Investigate and resolve disputes or complaints

5. Sharing and Disclosure of Personal Data

We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:

  • Within Your Subdivision: Your profile and community data are visible to other members and administrators of your subdivision, subject to your role's access level as defined in the Service.
  • Service Providers and Subprocessors: We engage trusted third-party service providers (e.g., cloud infrastructure, email delivery) who process data on our behalf under strict data processing agreements consistent with the DPA.
  • Legal and Regulatory Authorities: We may disclose personal data when required by a court order, subpoena, or applicable Philippine law, or when necessary to protect the rights, safety, or property of hoapay, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction, subject to equivalent privacy protections.

6. Multi-Subdivision Data Isolation

If you are a member of multiple subdivisions, your profile data (name, email, photo) may be visible to administrators of each subdivision you join. Community data (complaints, permits, announcements) is strictly isolated per subdivision and is not accessible across subdivisions unless you are a member of each.

7. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., session tokens) solely to:

  • Maintain your authenticated session
  • Remember your preferences and settings
  • Ensure the security of your account

We do not use third-party advertising cookies. You may configure your browser to refuse cookies, but this may prevent you from using certain features of the Service. For more information on managing cookies, please refer to your browser's help documentation.

8. Data Security

We implement organizational, physical, and technical security measures appropriate to the sensitivity of the data we process, in compliance with Section 20 of the DPA, including:

  • Encryption of data at rest and in transit (TLS/HTTPS)
  • Row-level security (RLS) policies in our database to enforce strict data access controls
  • Access controls and role-based permissions for all Service features
  • Regular security assessments and vulnerability monitoring

However, no system is completely secure. In the event of a personal data breach that is likely to result in serious harm, we will notify the NPC and affected data subjects within seventy-two (72) hours of discovery, as required under NPC Circular 16-03.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes set out in this Policy, or as required by law. Account data is retained for the duration of your active account plus a reasonable period thereafter for legal and audit purposes. Community data (complaints, announcements, permits) may be retained by your subdivision administrators as part of the association's records in accordance with applicable retention requirements.

10. Your Rights as a Data Subject

Under Chapter III of the DPA and NPC regulations, you have the following rights with respect to your personal data:

  • Right to be Informed — To know how your personal data is being processed.
  • Right to Access — To obtain a copy of your personal data held by us.
  • Right to Rectification — To correct inaccurate or incomplete personal data.
  • Right to Erasure or Blocking — To request deletion or suspension of processing of your data under lawful grounds.
  • Right to Object — To object to processing based on legitimate interests or for direct marketing.
  • Right to Data Portability — To receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Lodge a Complaint — To file a complaint with the National Privacy Commission at privacy.gov.ph if you believe your rights under the DPA have been violated.

To exercise any of these rights, send a written request to info@hoapay.cloud. We will respond within fifteen (15) days of receiving your request, as required by the DPA IRR.

11. Children's Privacy

The Service is not directed to children under the age of eighteen (18). We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data without parental consent, we will take steps to delete such information promptly.

12. Links to Third-Party Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. Material changes will be communicated via email or in-app notification at least fifteen (15) days before they take effect. The updated Policy will be posted on this page with a revised effective date. Your continued use of the Service after the effective date constitutes your acceptance of the updated Policy.

14. Contact Us

For privacy-related inquiries, requests to exercise your data subject rights, or to reach our Data Protection Officer, please contact:

hoapay Data Protection Officer
Email: info@hoapay.cloud