Privacy Policy

1. Introduction

MyBayad ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our debt tracking service.

We comply with the Philippines Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules and regulations, as well as applicable international data protection standards.

2. Information We Collect

2.1 Information You Provide

• Account information: Name, email address via Google OAuth authentication
• Profile information: Display name, avatar preferences
• Financial tracking data: Debt sources, credit card details, payment records, transaction history
• Preferences: Theme settings, mode preferences (Calm/Control/Crisis), notification settings
• Communications: Messages to Gab AI assistant, support inquiries

2.2 Information Collected Automatically

• Device information: Browser type, operating system, device identifiers
• Usage data: Features used, pages visited, timestamps, session duration
• IP address: For security, fraud prevention, and consent verification
• Cookies: Essential cookies for authentication and functionality (see Cookie Policy)

2.3 Google Calendar Integration

If you connect Google Calendar, we access only the specific calendar events created by MyBayad for payment reminders. We do not read or modify your other calendar events.

3. How We Use Your Information

• Provide, maintain, and improve the MyBayad service
• Process and manage your financial tracking data
• Generate AI-powered insights through Gab assistant
• Send payment reminders and important account notifications
• Create Google Calendar events for due date reminders
• Personalize your experience based on emotional mode preferences
• Ensure security and prevent fraud
• Comply with legal obligations
• Analyze usage patterns to improve the service (aggregated, anonymized)

4. AI and Gab Assistant

Gab, our AI assistant powered by Google Gemini, processes your financial data to provide personalized suggestions. Your conversations with Gab and financial data may be sent to Google's AI services for processing. We do not store conversation history beyond your current session unless explicitly saved by you.

Google's use of this data is governed by their AI services terms and privacy policy.

5. Data Storage and Security

Your data is stored securely using industry-standard encryption and security practices:

• Encryption in transit: All data transmitted via HTTPS/TLS
• Encryption at rest: Database encryption for sensitive financial data
• Access controls: Strict role-based access, audit logging
• Infrastructure: Hosted on Supabase (PostgreSQL) with enterprise-grade security
• Regular audits: Security assessments and penetration testing

6. Your Rights Under Data Privacy Act

Under the Philippines Data Privacy Act, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Data Portability: Export your data in a portable format (JSON/CSV)
• Right to Object: Object to processing of your personal data
• Right to Be Informed: Know how your data is being processed
• Right to Damages: Claim compensation for damages from data breach

To exercise any of these rights, contact us at privacy@mybayad.com

7. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only:

• With your explicit consent
• With household members you invite (for shared debt tracking)
• With service providers under strict confidentiality (Supabase, Google, Sentry)
• To comply with legal obligations or valid legal processes
• To protect our rights, privacy, safety, or property

8. Household Data Sharing

If you join or create a household, designated debts may be visible to other household members based on your sharing settings. You control which debts are shared vs. personal. Household admins can see member activity (e.g., "Maria viewed household debt on Jan 15") but cannot access personal debts you haven't shared.

9. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion:

• Personal data is deleted within 30 days
• Anonymized analytics data may be retained
• Audit logs are retained for 1 year for security purposes
• Data required for legal compliance is retained as required by law

10. Children's Privacy

MyBayad is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately.

11. International Data Transfers

Your data may be processed in countries outside the Philippines (for cloud hosting and AI services). We ensure appropriate safeguards are in place in compliance with the Data Privacy Act's requirements for cross-border data transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.

13. Contact Information

For questions about this Privacy Policy or to exercise your data rights: