Back to Home

Privacy Policy

Last updated: March 28, 2026

Tax Assistant PH ("we", "our", or "the Service") is committed to protecting your personal information in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines and its Implementing Rules and Regulations.

This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and your rights as a data subject.

1. Data Controller

The data controller responsible for your personal information is the operator of Tax Assistant PH. For privacy-related concerns, contact us at:

Email: admin@taxassistantph.com

2. Information We Collect

We collect the following categories of personal data when you use the Service:

CategoryExamplesPurpose
Account DataFull name, email address, password (hashed)Account creation and authentication
Tax Profile DataTIN, business type, tax method, income typeTax calculation and BIR form preparation
Financial RecordsIncome amounts, client names, expense records, OR numbersIncome/expense tracking, tax computation
Usage DataLogin timestamps, feature usage, error logsService improvement and security
Payment ReferenceGCash reference number (Pro plan)Payment verification and Pro plan activation

We do not collect your GCash account number, bank account details, or any payment card information.

3. Legal Basis for Processing

  • Consent — you provide consent when you create an account and agree to this policy.
  • Contractual necessity — processing is required to provide the Service you subscribed to.
  • Legitimate interest — error logging and security monitoring to protect the Service.

4. How We Use Your Information

  • Provide and operate the Tax Assistant PH service
  • Calculate estimated tax liabilities under Philippine TRAIN Law
  • Generate BIR form draft guides (PDF)
  • Send deadline reminder emails (if you opt in)
  • Verify Pro plan payments and activate upgrades
  • Maintain service security and prevent abuse
  • Respond to support requests

5. Data Sharing and Third Parties

We do not sell or rent your personal data to any third party. We share data only with the following service providers necessary to operate the Service:

  • Supabase (database and authentication) — data stored on AWS infrastructure in the ap-southeast-1 (Singapore) region. Supabase is SOC 2 Type II certified.
  • Brevo (email delivery) — your email address and name are shared only to deliver deadline reminder emails you have opted into.
  • Vercel (hosting) — server-side request logs may be retained for up to 30 days.

All third-party providers are contractually bound to process your data only as instructed and are prohibited from using it for their own purposes.

6. Data Retention

  • Your data is retained for as long as your account is active.
  • When you delete your account, all personal data — including income records, expense records, filing history, and uploaded receipts — is permanently deleted immediately.
  • Anonymized, aggregated usage statistics may be retained indefinitely.
  • Server access logs are automatically deleted after 30 days.

7. Data Security

  • All data is transmitted over HTTPS/TLS encryption.
  • Passwords are hashed using bcrypt — we never store plaintext passwords.
  • Database access is protected by Row-Level Security (RLS) — each user can only access their own data, enforced at the database level.
  • API endpoints are protected by authentication and rate limiting.

8. Your Rights Under RA 10173

As a data subject under Philippine law, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — update inaccurate or incomplete information via Settings.
  • Erasure — delete your account and all associated data via Settings → Danger Zone.
  • Portability — export your income and expense records as CSV (available in Reports).
  • Object — withdraw consent for email reminders at any time via Settings → Email Notifications.
  • File a complaint — lodge a complaint with the National Privacy Commission (NPC) at privacy.gov.ph if you believe your rights have been violated.

9. Cookies and Local Storage

Tax Assistant PH uses authentication cookies (set by Supabase) to maintain your login session. These are strictly necessary for the Service to function and cannot be disabled while using the app. No third-party advertising or tracking cookies are used.

10. Children's Privacy

The Service is intended for adults (18 years and above) who are engaged in self-employment or freelance work. We do not knowingly collect information from minors. If you believe a minor has registered, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by displaying a notice in the app at least 15 days before the changes take effect. Continued use of the Service after that date constitutes acceptance of the updated policy.

12. Contact Us

For any questions, data requests, or privacy complaints, please contact us at:

Tax Assistant PH — Privacy Office

admin@taxassistantph.com

We will respond to data subject requests within 15 business days as required by RA 10173.

Terms of Service · Back to Home