Flo Campus Marketplace ("Flo," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. This policy complies with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.
1. Information We Collect
We collect the following categories of personal information:
Account Information
When you create an account, we collect your full name, email address, school affiliation, and assigned role (buyer, seller, school administrator, or platform administrator). This information is necessary to create and manage your account and verify your affiliation with a registered school.
Seller Verification Data
If you apply to become a seller, we collect additional verification documents including government-issued identification, student identification, a written statement of intent, and contact information. This data is required to verify your identity and eligibility to sell on the platform.
Transaction Data
When you make purchases or receive payments, we collect order details, payment references, wallet balances, and bank account information necessary for processing payouts. Financial transaction data is retained in compliance with Philippine tax and commercial regulations.
Technical and Usage Data
We automatically collect certain technical information when you access the platform, including your IP address, browser type, device characteristics, operating system, and usage patterns such as pages visited and actions taken. This data helps us maintain platform security and improve user experience.
Consent Records
We maintain records of your consent to our terms of service, privacy policy, and any data processing agreements. These records are kept for compliance purposes and to demonstrate adherence to data protection requirements.
2. How We Use Your Information
We use your personal information for the following purposes:
- Account Management: Creating and maintaining your account, verifying school affiliation, and managing your role-based access to platform features.
- Transaction Processing: Facilitating purchases, processing payments through our payment processor, managing wallet balances, and disbursing seller payouts.
- Platform Operations: Enforcing community guidelines, detecting and preventing fraud, resolving disputes between buyers and sellers, and maintaining platform integrity.
- Communication: Sending service-related notifications about your orders, account status, and platform updates. We do not use your information for marketing communications without explicit consent.
- Legal Compliance: Complying with Philippine Data Privacy Act (RA 10173), E-Commerce Act (RA 8792), Tax Code requirements, and other applicable laws and regulations.
- Platform Improvement: Analyzing aggregated, anonymized usage data to improve platform features, performance, and user experience.
3. Data Sharing and Disclosure
We do not sell your personal information to third parties. We share your data only in the following limited circumstances:
- Payment Processing: Transaction data is shared with our payment processor to facilitate secure payments. This processor is PCI-DSS compliant and handles card data according to industry standards.
- Cloud Infrastructure: Data is stored on secure cloud infrastructure providers who maintain industry-standard security certifications and data protection agreements.
- School Administrators: School administrators have access to profile and transaction data for users within their school for operational and administrative purposes.
- Legal Requirements: We may disclose information when required by valid legal process, court order, or regulatory request from Philippine authorities.
- Safety and Security: We may share information when necessary to protect the safety, rights, or property of Flo, our users, or the public, or to detect and prevent fraud, abuse, or security incidents.
4. Data Security
We implement robust technical and organizational measures to protect your personal information:
- Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption.
- Access Control: We implement role-based access controls and database-level security policies that restrict data access based on your role and affiliation.
- Authentication: We use secure session management, password hashing, and optional multi-factor authentication to protect account access.
- Monitoring: We monitor our systems for unauthorized access, suspicious activity, and security vulnerabilities.
- Incident Response: In the event of a data breach, we will notify affected users and the National Privacy Commission as required by RA 10173.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes described in this policy:
- Account Data: Retained for the duration of your active account plus 12 months after account closure or deletion.
- Financial Records: Transaction records, payment data, and wallet information are retained for five (5) years from the date of the transaction, as required by Philippine tax regulations and the BIR.
- Verification Documents: Government IDs and student IDs are retained for the duration of your seller status and deleted within 30 days of seller status revocation or account deletion.
- Technical Logs: Server logs and technical data are retained for 90 days for security and debugging purposes, then permanently deleted.
- Consent Records: Records of your consent to terms and policies are retained indefinitely for compliance purposes.
6. Your Rights Under RA 10173
Under the Philippine Data Privacy Act of 2012, you have the following rights:
- Right to be Informed: You have the right to know what personal information we collect, how it is used, and how it is shared.
- Right to Access: You have the right to request a copy of the personal information we hold about you.
- Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information.
- Right to Erasure: You have the right to request deletion of your personal information, subject to our retention obligations under Philippine law.
- Right to Object: You have the right to object to the processing of your personal information for specific purposes.
- Right to Data Portability: You have the right to obtain your personal information in a structured, commonly used, and machine-readable format.
- Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time.
- Right to File a Complaint: You have the right to file a complaint with the National Privacy Commission if you believe your data privacy rights have been violated.
7. Cookies and Tracking
Flo uses session cookies and local storage to maintain your login session and store your preferences (such as theme settings and cart contents). We do not use third-party advertising cookies or tracking technologies. You can manage cookie preferences through your browser settings, though disabling cookies may affect platform functionality.
8. Children's Privacy
Flo is designed for use by students, faculty, and staff of registered schools. Users under 13 years of age must have parental or guardian consent to use the platform. We do not knowingly collect personal information from children under 13 without such consent. If we become aware that we have collected information from a child under 13 without proper consent, we will take steps to delete that information promptly.
9. International Data Transfers
Your data may be processed on servers located outside the Philippines through our cloud infrastructure providers. We ensure that such transfers comply with the Philippine Data Privacy Act and that appropriate safeguards are in place to protect your personal information regardless of where it is processed.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the platform or via email. Your continued use of Flo after such changes constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data privacy rights, please contact us through the platform or email our Data Protection Officer at the contact information provided on our website. For complaints regarding data privacy, you may also contact the National Privacy Commission (NPC) of the Philippines.