Privacy Policy

Last updated: April 5, 2026

1. Information We Collect

We collect information you provide directly:

  • Account information: Name, email address, password, organization name
  • Employee data: Personnel records, payroll information, certifications, attendance (entered by your organization)
  • Operational data: Equipment records, fuel logs, work orders, materials, disbursements, safety incidents
  • Location data: GPS coordinates from mobile fuel entries and equipment tracking (when enabled)
  • Usage data: Log files, browser type, IP address, pages visited, features used

2. How We Use Information

  • Provide, maintain, and improve the Tatagan platform
  • Process payroll calculations including government deductions (SSS, PhilHealth, Pag-IBIG, BIR)
  • Generate reports, analytics, and anomaly detection alerts
  • Send service notifications, security alerts, and support communications
  • Monitor system performance and detect/prevent abuse
  • Comply with legal obligations under Philippine law

3. Data Isolation & Multi-Tenancy

Each organization's data is strictly isolated. We use row-level security at the database level, ensuring that no organization can access another's data. Your subdomain (e.g., yourcompany.tatagan.com) serves as your organization's unique namespace.

4. Data Sharing

We do not sell your data. We share data only in these circumstances:

  • Service providers: Hosting (Vercel), database (Supabase), image storage (Cloudinary), payment processing (Stripe) — all bound by data processing agreements
  • Legal compliance: When required by Philippine law, court order, or government regulation
  • Business transfer: In connection with a merger, acquisition, or asset sale, with advance notice
  • With your consent: When you explicitly authorize sharing

5. Data Retention

We retain your data for as long as your account is active. Soft-deleted records (equipment, fleet) are retained for audit purposes. Upon account termination, data is retained for 30 days for retrieval, then permanently deleted. Payroll records may be retained longer to comply with Philippine labor law requirements (minimum 3 years per DOLE regulations).

6. Security

We implement industry-standard security measures:

  • TLS encryption for all data in transit
  • Encrypted database storage at rest
  • Row-level security for multi-tenant data isolation
  • JWT-based authentication with secure session management
  • Daily automated backups with point-in-time recovery
  • Regular security audits and vulnerability scanning

7. Your Rights

Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Export your data in standard formats (CSV, PDF)
  • Object: Object to processing of your data for specific purposes

To exercise these rights, contact our Data Protection Officer at privacy@tatagan.com.

8. Cookies & Tracking

We use essential cookies for authentication and session management. We use analytics to understand feature usage and improve the Service. We do not use third-party advertising trackers. You may disable non-essential cookies through your browser settings.

9. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active subscribers of material changes at least 14 days before they take effect via email or in-app notification.

11. Contact

For privacy inquiries, contact our Data Protection Officer at privacy@tatagan.com.

Tatagan Technologies
Cebu City, Philippines