Legal

Privacy Policy

Last updated: May 12, 2026

1. Introduction

Tagpo ("we," "our," or "us") operates tagpoconnect.com and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations (IRR), and the National Privacy Commission (NPC) guidelines.

2. Data Controller

Tagpo is the personal information controller as defined under RA 10173. Our contact details:\n\n- Email: hello@tagpoconnect.com\n- Address: Philippines\n- Data Protection Officer: hello@tagpoconnect.com

3. Information We Collect

We collect information you provide directly and information collected automatically when you use the Service.

3.1 Information You Provide

  • Account information: name, email address, phone number, password (hashed).
  • Profile information: professional details, social media links, photos, and custom URL slugs you add to your NFC card profile.
  • Payment information: billing name and email. Payment card details are processed by PayMongo — we never store full card numbers.
  • Order information: shipping address, order history, and NFC card details.
  • Communications: messages you send to our support team.

3.2 Information Collected Automatically

  • Device and usage data: IP address, browser type, device type, operating system, referring URL, pages visited, and interaction timestamps.
  • Cookies and similar technologies: session cookies for authentication, analytics cookies (Vercel Analytics) to understand usage patterns.
  • NFC tap data: when someone taps your Tagpo card, we log the card code, timestamp, and approximate geographic region (based on IP) to provide analytics to you.

4. How We Use Your Information

We process your personal data for the following lawful purposes:

  • Providing, maintaining, and improving the Service.
  • Processing orders and delivering NFC cards.
  • Creating and managing your digital profile linked to your NFC card.
  • Authenticating your account and securing the Service.
  • Sending order confirmations, shipping updates, and account notifications.
  • Responding to your inquiries and support requests.
  • Analyzing usage to improve user experience and Service performance.
  • Complying with legal obligations under Philippine law.

5. Legal Basis for Processing (RA 10173)

We process your personal data based on one or more of the following grounds:

  • Consent: when you agree to data collection during sign-up or checkout.
  • Contractual necessity: to fulfill our obligations when you purchase a card or use the Service.
  • Legitimate interest: for analytics, security, and Service improvement, provided your rights do not override these interests.
  • Legal obligation: to comply with Philippine laws, regulations, and lawful government orders.

6. Data Sharing and Disclosure

We do not sell your personal data. We share data only with:

  • Service providers: PayMongo (payment processing), Clerk (authentication), Supabase (database hosting), Vercel (application hosting and analytics).
  • Logistics partners: for order fulfillment and shipping of NFC cards within the Philippines.
  • Law enforcement: when required by Philippine law, court order, or government regulation.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity under the same privacy protections.

7. Data Retention

We retain your personal data only for as long as necessary:

  • Account data: retained while your account is active and up to 5 years after deactivation for legal compliance.
  • Transaction records: retained for 5 years as required by the Bureau of Internal Revenue (BIR).
  • Usage analytics: anonymized or deleted within 3 years.
  • You may request earlier deletion subject to legal retention obligations.

8. Your Rights Under RA 10173

As a data subject in the Philippines, you have the right to:

  • Access: request a copy of your personal data we hold.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data, subject to legal retention requirements.
  • Data portability: receive your data in a structured, machine-readable format.
  • Object: object to processing based on legitimate interest or for direct marketing.
  • Restrict processing: limit how we process your data in certain circumstances.
  • Damages: claim compensation for damages caused by negligent or unlawful processing.

To exercise these rights, contact our Data Protection Officer at hello@tagpoconnect.com. We will respond within thirty (30) days as required by the NPC.

9. Data Security

We implement reasonable and appropriate organizational, technical, and physical security measures to protect your personal data:

  • Encryption in transit (TLS/SSL) and at rest for stored data.
  • Access controls limiting data access to authorized personnel on a need-to-know basis.
  • Regular security assessments and vulnerability monitoring.
  • Secure password hashing and multi-factor authentication options.

In the event of a personal data breach, we will notify the National Privacy Commission and affected data subjects within 72 hours as required under RA 10173.

10. Cookies and Tracking

We use essential cookies for Service functionality (authentication, session management) and non-essential cookies for analytics (Vercel Analytics). You can disable non-essential cookies through your browser settings. Essential cookies cannot be disabled as the Service would not function without them.

11. Children's Privacy

The Service is not intended for individuals under eighteen (18) years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will promptly delete it. Contact hello@tagpoconnect.com if you believe a child's data has been collected.

12. International Data Transfers

Your data may be processed and stored on servers operated by our service providers (Vercel, Supabase) which may be located outside the Philippines. We ensure these transfers comply with the NPC's guidelines on cross-border data transfers and that adequate protection measures are in place.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on the Service. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

14. Contact

For privacy inquiries, data subject access requests, or complaints:\n\nTagpo\nEmail: hello@tagpoconnect.com\n\nYou may also file a complaint with the National Privacy Commission (privacy.gov.ph) if you believe your data privacy rights have been violated.