Your Data, Your Rights
Privacy Policy
Straight answers about what we collect, why, and what you can do about it. No dark patterns, walay lipatlipat.
Last updated Β· 18 April 2026
Who we are
AskBantayan (askbantayan.ph) is an AI-powered island guide covering the three municipalities of Sta. Fe, Bantayan, and Madridejos on Bantayan Island, Cebu. The service is operated by CypherZero Software Development Services, a Philippine-based developer studio. Any reference to "we", "us", or "our" refers to the operator; "you" is the visitor or registered user.
What we collect
We keep data collection to the minimum needed to run the service. Here's the complete list:
- Account info. Your email address if you sign in. We never store passwords β sign-in is either a one-time email code or a single-sign-on provider. If you use single sign-on, we receive only your email and (optionally) display name.
- Chat messages. Questions you send Batad and the responses generated. Stored so you can see your own history, and so we can enforce daily rate limits and moderate abuse.
- Content you submit. Directory listings, reviews, hidden-gem submissions, photos, price reports, forum posts, lost-and-found, classifieds, job postings, and any claim requests you file. Clearly visible to other users once approved (or marked for moderation).
- Technical data. IP address, session key, request timestamps, and user agent. Used for rate limiting, abuse detection, and standard server logs. Kept briefly (see retention below).
- Anonymous analytics. Page views and feature usage via a self-hosted, privacy-respecting analytics tool on our own infrastructure. No cookies, no personal identifiers, no third-party sharing β RA 10173 compliant by design.
What we don't collect
- No ad-tracking cookies, no pixels, no fingerprinting.
- No precise location unless you voluntarily pin a map location on a submission.
- No payment data (the site is free to use).
- No data about minors β the service is intended for users 18+.
Why we collect it
- To run the service. Rendering your chat, serving directory listings, sending emails when someone replies to your forum thread, etc.
- To keep it usable. Rate limits, abuse prevention, moderation of flagged content.
- To improve it. Anonymous aggregate analytics (which pages are visited, which features are used) β never tied to a specific person.
Categories of third parties
To run Batad and deliver emails, we work with a small number of trusted infrastructure providers. We disclose them here by category rather than by name so we can change providers without rewriting this page; the categories below are authoritative:
- AI service provider. Generates Batad's responses. Your chat message (plus relevant knowledge-base context) is transmitted to this provider to produce a reply. We do not send your email or account identifiers along with the message.
- Single-sign-on providers (only if you choose to sign in with one) β used for authentication; the provider returns your email and display name to us.
- Email delivery provider. Transmits transactional emails (verification codes, reply notifications) from our server to your inbox.
- Map tile provider. Serves the background imagery for maps on directory, municipality, and discovery pages. Requests carry your IP address to the provider (normal HTTP behavior) but no account info.
- Cloud infrastructure provider. Hosts the application servers, database, and backups in a Southeast-Asia region.
We do not sell your data, run ad networks, or share it with data brokers. Analytics is self-hosted β nothing leaves our own infrastructure. If you'd like the current list of named providers for any category, email us and we'll share it.
Cookies and similar tech
We use only essential cookies: a session cookie to keep you signed in, a CSRF token cookie to protect your forms, and a short-lived rate-limit session key. No advertising or cross-site tracking cookies.
Data retention
- Chat messages: kept as long as your account is active so you can review history. Anonymous (guest) chat sessions expire and are pruned after 30 days.
- Submitted content: kept while your account is active, or until you delete it yourself. Moderated-out (REMOVED) content is retained for 90 days for abuse records, then purged.
- Server logs & rate-limit keys: auto-expire within 24 hours for rate limits; access logs are rotated out within 30 days.
- Account data: kept until you request deletion (see your rights below).
Your rights under RA 10173
The Data Privacy Act of 2012 (Republic Act 10173) gives you, as a data subject, the following rights β and we honor them:
- Right to be informed β you're reading this now.
- Right to access β email us to receive a copy of the personal data we hold about you.
- Right to object β to specific processing, including marketing (though we don't do any marketing).
- Right to erasure / blocking β request deletion of your account and submitted content; we'll comply within 30 days unless legally required to retain specific records.
- Right to rectify β correct inaccurate personal data you've submitted.
- Right to data portability β receive your data in a machine-readable format (JSON export).
- Right to file a complaint β with the National Privacy Commission if you believe your rights have been violated.
To exercise any of these, email support@askbantayan.ph. We'll verify your identity (to prevent impersonation) and respond within 30 calendar days.
How we protect your data
- HTTPS everywhere β all traffic is TLS-encrypted.
- Passwordless authentication β no password database to breach.
- Data stored in a Southeast-Asia region; encrypted daily backups with 30-day retention.
- Rate limiting, IP-abuse detection, and CSRF protection on all forms.
- Admin access is limited to the operator and protected by 2FA.
No system is perfectly secure. In the unlikely event of a breach affecting your personal data, we'll notify you and the NPC within 72 hours per RA 10173 Β§38.
Children
AskBantayan is intended for users 18 and older. We do not knowingly collect personal data from children. If you believe a child has submitted data, email us and we'll remove it.
Changes to this policy
We'll update this page if our data practices change. Material changes will be communicated via email (if you have an account) and via a banner on the landing page for at least 14 days. The "Last updated" date at the top of this page is always current.
Contact
Questions, access requests, or privacy concerns? Email support@askbantayan.ph or reach the developer directly at dev@cypherzero.dev.