Privacy Policy
Last updated: June 11, 2026
On PH ("we", "our", "us") provides subdomain landing pages with AI chat and booking features for Philippine businesses. This policy explains how we collect, use, and protect personal data.
1. Who We Are
Service: On PH — onph.online
Contact: [email protected]
Jurisdiction: Philippines
We comply with the Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules and regulations.
2. What Data We Collect
2.1 Account Information
When you sign up, we collect: business name, email address, and a password (stored as a salted hash).
2.2 Customer Booking Data
When a customer books through your page, we collect: name, email, phone number, preferred date, and service requested.
2.3 AI Chat Conversations
When a visitor chats with the AI widget on your page, the conversation text is processed through our AI provider (DeepSeek, hosted in China). Conversation logs are stored on our server for quality monitoring and dispute resolution.
2.4 Technical Data
We automatically collect: IP address, browser type, pages visited, and timestamps. This data is anonymized for analytics and not shared with third parties.
3. How We Use Your Data
- To generate and serve your business page at your subdomain
- To process booking requests and notify you via email
- To operate the AI chat widget and improve its responses
- To send service-related communications (payment reminders, updates)
- To detect and prevent abuse or unauthorized use
We do not sell your data, use conversations to train AI models across clients, or share your information with advertisers.
4. Third-Party Services
| Provider | Purpose | Data Shared | Jurisdiction |
|---|---|---|---|
| DeepSeek | AI chat processing | Conversation text | China |
| Cloudflare | CDN, DNS, SSL | IP address, traffic data | Global (anonymized) |
| Google Fonts | Web fonts (Geist) | IP address | USA |
5. Data Storage & Security
- Location: Secured on-premises server, Philippines
- Encryption: Data in transit via TLS/SSL. Passwords stored as SHA-256 hashes
- Access: Strictly limited to authorized personnel only
- Backups: Encrypted daily backups retained for 7 days
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 90 days after termination |
| Booking records | Duration of account |
| Chat conversation logs | 90 days, then anonymized |
| Technical logs (IP, analytics) | 30 days |
7. Your Rights (RA 10173)
As a data subject under the Philippine Data Privacy Act, you have the right to:
| Right | How to Exercise |
|---|---|
| Access your data | Email [email protected] — we will respond within 30 days |
| Correct inaccuracies | Update via your dashboard or email us |
| Request deletion | Email us after account termination |
| Withdraw consent | Stop using the service and request account deletion |
| Lodge a complaint | File with the National Privacy Commission at privacy.gov.ph |
8. Data Breach Procedure
In the event of a data breach affecting personal data:
- We will notify the National Privacy Commission within 72 hours (per NPC Circular 16-03)
- Affected clients will be notified within 72 hours
- We will contain the breach, investigate root cause (within 7 days), and implement preventive measures
9. Cookies
We use minimal session cookies for login functionality. No third-party tracking cookies are used. You can block cookies in your browser settings, though this may affect login functionality.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email at least 14 days before taking effect. Continued use of the service after changes constitutes acceptance.
11. Children's Privacy
Our service is not directed at individuals under 18 years of age. We do not knowingly collect data from minors.
12. Contact
For privacy-related inquiries, data access requests, or concerns, email us at [email protected]. We will respond within 30 days as required by RA 10173.