Privacy Statement

1. Who We Are

HOA PH (operating as hoaph.site) is a Software-as-a-Service (SaaS) platform designed for Philippine Homeowners Associations. We provide tools for billing management, resident portals, financial reporting, and community administration.

In the context of this statement, HOA PH acts as a Personal Information Processor on behalf of the HOA organizations (the Personal Information Controllers) that subscribe to our platform.

2. Information We Collect

From HOA Administrators and Board Members

• Full name, email address, and mobile number
• HOA name, subdivision address, and association registration details
• Billing and payment information (processed through PayMongo; we do not store card numbers)

From Homeowners and Residents (via HOA portals)

• Full name, address (block/lot), contact details
• Vehicle information (plate number, make, model) for car sticker and gate pass modules
• Payment records and statement of account history
• Proof of payment uploads
• Concern and maintenance ticket submissions

Automatically Collected Technical Data

• IP address, browser type, and device information
• Session logs and activity timestamps
• Cookies (see Section 9)

3. How We Use Your Information

We process personal data solely for the following purposes:

• Providing and operating the HOA PH platform and its modules
• Generating billing statements, invoices, and payment records
• Sending automated payment reminders and notifications via email
• Enabling QR-based gate passes and vehicle registry functions
• Producing DHSUD-compliant financial reports
• Responding to support tickets and platform concerns
• Ensuring system security and detecting fraudulent activity
• Complying with legal obligations under Philippine law

We do not sell, rent, or trade personal data to third parties for marketing purposes.

4. Legal Basis for Processing

We process personal data under the following lawful bases as provided by the Data Privacy Act of 2012:

• Consent — when a resident or homeowner registers through the portal and agrees to data processing
• Contract — necessary for the performance of services under the HOA subscription agreement
• Legal Obligation — compliance with DHSUD reporting, BIR requirements, and NPC regulations
• Legitimate Interest — system security, fraud prevention, and platform improvement

5. Data Sharing and Disclosure

We may share personal data with the following parties only when necessary:

• PayMongo — our payment gateway partner, for processing online dues payments. Subject to PayMongo's own privacy policy.
• Cloud Hosting Provider — our VPS infrastructure provider for data storage and system operation.
• HOA Board and Authorized Personnel — data entered through the portal is accessible to the HOA administrators who manage the subscription.
• Government Authorities — when required by law, court order, or lawful request by the NPC, DHSUD, BIR, or other regulatory bodies.

All third-party partners are required to implement adequate data protection measures consistent with RA 10173.

6. Data Retention

We retain personal data for as long as:

• The HOA subscription is active
• Required by applicable law (e.g., BIR: 10 years for financial records)
• Necessary to resolve disputes or enforce agreements

Upon subscription termination, HOA data is retained for 90 days to allow export, after which it is permanently deleted from active systems. Backup copies are purged within an additional 30 days.

7. Security Measures

We implement the following technical and organizational measures to protect your data:

• SSL/TLS encryption for all data in transit
• Encrypted storage of passwords (bcrypt hashing; plaintext passwords are never stored)
• Role-based access controls (admin, staff, guard, homeowner)
• Automated daily database backups stored off-site
• IP logging and session timeout controls
• Server firewall and intrusion detection monitoring

No system is 100% secure. In the event of a personal data breach that poses a real risk to data subjects, we will notify affected parties and the National Privacy Commission within 72 hours of discovery, as required by NPC Circular 16-03.

8. Your Rights as a Data Subject

Under RA 10173, you have the following rights with respect to your personal data:

• Right to be Informed — to know how your data is collected and used
• Right to Access — to request a copy of your personal data we hold
• Right to Rectification — to correct inaccurate or incomplete data
• Right to Erasure / Blocking — to request deletion of data when no longer necessary
• Right to Object — to object to processing based on legitimate interest
• Right to Data Portability — to receive your data in a structured, machine-readable format
• Right to Lodge a Complaint — to file a complaint with the National Privacy Commission at www.privacy.gov.ph

To exercise any of these rights, contact our Data Protection Officer at hoamsph@gmail.com.

9. Cookies and Tracking

HOA PH uses cookies to maintain session state and improve platform performance. We do not use third-party advertising trackers. For full details, see our Cookie Policy.

10. Changes to This Statement

We may update this Privacy Statement periodically to reflect changes in our practices or applicable law. The effective date at the top of this page will be updated accordingly. Continued use of the platform after changes constitutes acceptance of the revised statement.

For material changes, we will notify active subscribers via email at least 15 days in advance.

11. Contact the Data Protection Officer

For questions, requests, or complaints regarding your personal data:

• Email: hoamsph@gmail.com
• Subject line: Data Privacy Request — HOA PH
• Response time: Within 5 business days

You may also reach us via the Contact page.