Privacy Policy

Proxima Technologies ("Proxima", "we", "us", or "our") is committed to protecting your privacy and ensuring the responsible handling of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you access or use the Proxima platform at proxima.com.ph (the "Platform").

This Policy is issued in compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations, as administered by the National Privacy Commission (NPC) of the Philippines.

By registering an account or using the Platform, you consent to the collection, use, and processing of your personal data as described in this Privacy Policy. If you do not agree with the terms of this Policy, please do not use the Platform.

1. Who We Are

Proxima Technologies is the personal information controller (PIC) responsible for your personal data collected through the Platform. We determine the purposes and means of processing your personal information.

Our designated Data Protection Officer (DPO) can be reached at [email protected].

2. Personal Data We Collect

We collect personal data that you provide directly, that we generate through your use of the Platform, and that we receive from third parties.

2.1 Information You Provide

• Account Registration: Full name, email address, password (stored in hashed form), phone number, and role (Customer or Service Provider).
• Profile Information: Profile photo, bio, and any additional information you choose to provide.
• Address Information: Street address, barangay, city/municipality, province, postal code, and geographic coordinates (latitude and longitude) for service delivery and map display.
• Service Provider Information: Business name, service categories, service descriptions, pricing, availability schedule, government-issued identification, licenses, permits, certifications, and any documents uploaded for verification.
• Communications: Messages exchanged with other Users through the in-Platform chat system, as well as communications you send to us (e.g., support emails).
• Reviews and Ratings: Content of reviews and ratings you submit about Service Providers.

2.2 Information We Collect Automatically

• Usage Data: Pages visited, features used, booking history, search queries, time and duration of visits, and actions taken on the Platform.
• Device and Technical Data: IP address, browser type and version, operating system, device identifiers, referring URLs, and language settings.
• Location Data: Approximate location derived from IP address. Precise location data (coordinates) is only collected when you explicitly input or select it on a map when adding an address.
• Cookies and Similar Technologies: Session cookies for authentication and preferences. See Section 10 for details.

2.3 Information from Third Parties

• Payment Processor (PayMongo): We receive payment status, transaction reference numbers, and partial payment instrument details (e.g., masked card number, card type) from PayMongo after a payment transaction. We do not receive or store full card numbers, CVVs, or bank account numbers.
• Google Maps API: When you use the address input feature, your coordinates may be sent to Google's geocoding service to resolve an address. This is governed by Google's Privacy Policy.

3. Sensitive Personal Information

Under the Data Privacy Act, certain categories of information are classified as sensitive personal information and warrant heightened protection. We may collect and process the following sensitive personal information from Service Providers only:

• Government-issued identification documents (e.g., passport, national ID, driver's license) — for identity verification purposes;
• Professional licenses and permits — to verify qualifications and regulatory compliance.

Such sensitive data is processed solely for the purpose of verifying Provider identity and credentials. It is encrypted at rest, accessible only to authorized Proxima personnel, and retained only as long as necessary for the verification purpose or as required by law.

4. How We Use Your Personal Data

We process your personal data for the following purposes, each grounded in a lawful basis under the Data Privacy Act:

4.1 Performance of Contract / Service Delivery

• Creating and managing your account;
• Facilitating bookings between Customers and Service Providers;
• Processing Platform Fee payments via PayMongo;
• Managing Proxima Wallet credits and refunds;
• Enabling in-Platform messaging between Users;
• Displaying service listings and Provider profiles to Customers;
• Sending booking confirmations, status updates, and transactional notifications;
• Providing customer support.

4.2 Legitimate Interests

• Verifying Service Provider identity and credentials to protect Customers;
• Detecting, preventing, and investigating fraud, abuse, and violations of our Terms of Service;
• Monitoring Platform usage to improve features and performance;
• Sending service-related emails and in-app notifications;
• Maintaining security and integrity of the Platform;
• Conducting internal analytics to understand how the Platform is used.

4.3 Compliance with Legal Obligations

• Complying with applicable Philippine laws, including the Data Privacy Act, Electronic Commerce Act (RA 8792), and tax regulations under the National Internal Revenue Code;
• Responding to lawful requests from government authorities or law enforcement;
• Maintaining records for audit and regulatory compliance purposes.

4.4 With Your Consent

• Sending promotional emails, newsletters, or marketing communications about new features or offers. You may withdraw consent at any time by clicking "Unsubscribe" in any marketing email or contacting us at [email protected].

5. How We Share Your Personal Data

We do not sell your personal data. We share personal data only in the following limited circumstances:

5.1 Between Users on the Platform

When a booking is made, certain information is shared between the Customer and the Service Provider as necessary to fulfill the service:

• Customers can see Provider names, profile photos, service descriptions, ratings, and reviews;
• Providers can see the Customer's name, profile photo, and service address for confirmed bookings;
• Both parties can communicate via the in-Platform chat.

5.2 Third-Party Service Providers (Personal Information Processors)

We engage trusted third parties to process personal data on our behalf, bound by data processing agreements:

• PayMongo, Inc. — Payment processing for Platform Fees. PayMongo is licensed by the Bangko Sentral ng Pilipinas (BSP) and maintains its own privacy and security standards. Your payment data is processed directly by PayMongo.
• Resend — Transactional email delivery (booking confirmations, verification emails, password resets). Only email addresses and email content are shared.
• DigitalOcean, LLC — Cloud infrastructure hosting (servers, managed database, object storage). Your data is stored on DigitalOcean's servers, which maintain SOC 2 Type II and ISO 27001 certifications.
• Google LLC (Google Maps Platform) — Address geocoding and map display. Coordinate data may be transmitted to Google APIs when using the address input feature.

5.3 Legal Requirements

We may disclose your personal data if required to do so by law, court order, subpoena, or other governmental or regulatory authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Proxima, our Users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the successor entity. We will notify you via email or prominent notice on the Platform prior to any such transfer and before your data becomes subject to a different privacy policy.

6. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account data: Retained for the duration of your account and for up to 3 years after account deletion, to comply with tax and legal obligations;
• Booking and transaction records: Retained for 5 years following the transaction, in compliance with Philippine tax laws;
• Service Provider credentials and documents: Retained for the duration of Provider account registration and for 2 years after account termination;
• Chat messages: Retained for 1 year following the completion or cancellation of the related booking;
• Support communications: Retained for 2 years from the date of the last communication;
• Access logs and usage data: Retained for 90 days.

After the applicable retention period, personal data is securely deleted or anonymized.

7. Your Rights Under the Data Privacy Act

As a data subject under Republic Act No. 10173, you have the following rights with respect to your personal data:

7.1 Right to Be Informed

You have the right to be informed whether your personal data is being collected and processed, and to receive notice of the purposes for processing, your rights as a data subject, and our identity and contact details.

7.2 Right to Access

You have the right to request a copy of your personal data that we hold, as well as information about how it is being processed.

7.3 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data held about you. You may update most of your information directly through your account settings.

7.4 Right to Erasure or Blocking

You have the right to request the deletion or blocking of your personal data where it is no longer necessary for the purpose it was collected, where consent has been withdrawn, or where the data has been unlawfully processed. Note that certain data may be retained to comply with legal obligations or legitimate interests even after a deletion request.

7.5 Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes, or where processing is based on our legitimate interests. Upon a valid objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

7.6 Right to Data Portability

You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

7.7 Right to Lodge a Complaint

You have the right to file a complaint with the National Privacy Commission (NPC) of the Philippines if you believe your data privacy rights have been violated. Complaints may be filed at www.privacy.gov.ph.

Exercising Your Rights

To exercise any of the above rights, please submit a written request to [email protected]. We will respond within 15 business days of receiving a verifiable request. We may need to verify your identity before processing your request.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit: All data transmitted between your browser and the Platform is encrypted using TLS (HTTPS);
• Encryption at rest: Sensitive data, including documents and credentials, is encrypted at rest on our database and storage systems;
• Password security: Passwords are never stored in plain text; they are hashed using industry-standard cryptographic algorithms (bcrypt);
• Access controls: Access to production systems and personal data is restricted to authorized personnel on a need-to-know basis;
• Payment security: We do not store payment card details; all payment processing is handled by PayMongo, which is PCI-DSS compliant;
• Infrastructure security: The Platform is hosted on DigitalOcean's cloud infrastructure, which maintains SOC 2 Type II and ISO 27001 certifications;
• Regular audits: We conduct periodic security reviews of our systems and access logs.

Despite these measures, no security system is impenetrable. In the event of a personal data breach that poses a real risk to data subjects, we will notify affected Users and the National Privacy Commission within 72 hours of becoming aware of the breach, in accordance with the Data Privacy Act.

9. Children's Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe that your minor child has provided us with personal data, please contact us immediately at [email protected]. Upon verification, we will promptly delete such information from our records.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

• Session Cookies (Essential): Required for authentication and maintaining your logged-in session. These are automatically deleted when you close your browser and cannot be disabled without affecting core Platform functionality.
• Security Cookies: Used to detect authentication fraud and protect the Platform (e.g., CSRF tokens).

We do not currently use advertising cookies, analytics trackers from third-party ad networks, or cross-site tracking technologies.

10.2 Managing Cookies

You can configure your browser to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies will prevent you from logging in and using the Platform. Please refer to your browser's help documentation for instructions on cookie management.

11. International Data Transfers

Proxima is based in the Philippines and processes personal data primarily within the country. However, some of our third-party service providers (including DigitalOcean and Resend) may process and store data on servers located outside the Philippines. When we transfer data internationally, we ensure that appropriate safeguards are in place — including contractual data processing agreements — to protect your data in accordance with the Data Privacy Act and NPC regulations.

12. Third-Party Links

The Platform may contain links to third-party websites or services (such as payment pages hosted by PayMongo or external documentation). This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any external sites you visit, as we have no control over and assume no responsibility for their content, privacy practices, or policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform features. When we make material changes, we will:

• Post the updated Policy on this page with a revised "Last Updated" date;
• Send an email notification to registered Users at the email address on file;
• Display a notice on the Platform for a reasonable period.

Continued use of the Platform following the effective date of a revised Policy constitutes your acceptance of the changes. If you do not agree with the updated Policy, you must discontinue use of the Platform and may request deletion of your account.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact our Data Protection Officer:

You also have the right to file a complaint with the National Privacy Commission at www.privacy.gov.ph if you believe your data privacy rights have been violated.