Sandalan

Privacy Policy

Last updated: April 11, 2026

This Privacy Policy explains how Sandalan (“we,” “our,” or “us”) collects, uses, stores, and protects your personal information in accordance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 of the Philippines, and its implementing rules and regulations.

1. Who We Are (Data Controller)

Sandalan is a personal organization and adulting guide application designed for individuals in the Philippines, developed by Tajie Tech. We act as the Personal Information Controller for the data you provide when using our services.

Contact: sandalan.app.ph@gmail.com

2. Information We Collect

We collect only the information necessary to provide the app's features:

Account Information:

  • Email address (for authentication and communication)
  • Full name (for personalization)
  • Profile photo / avatar (optional, for account personalization)

Financial Data (all manually entered by you):

  • Transactions (income and expenses)
  • Accounts and balances
  • Budgets
  • Financial goals
  • Debts
  • Bills
  • Insurance policies
  • Government contributions (SSS, PhilHealth, Pag-IBIG)
  • Tax records

Usage Data:

  • Life stage selection
  • Checklist progress (adulting journey milestones)
  • Feature usage patterns

Device Information:

  • Device token (for push notifications only)

We do NOT collect bank account numbers, credit card numbers, government ID numbers (TIN, SSS number, PhilHealth number), or any payment credentials. All financial figures are manually entered by you.

3. Legal Basis for Processing

We process your personal data based on your freely given, specific, informed, and unambiguous consent, provided when you create an account and agree to this Privacy Policy. You may withdraw your consent at any time by deleting your account.

4. How We Use Your Information

  • To provide, maintain, and improve the core service (financial tracking, budgeting, adulting guides)
  • To generate personalized insights and recommendations
  • To send notifications and reminders (bill due dates, contribution schedules, etc.)
  • To improve the app experience
  • To authenticate your identity and secure your account
  • To respond to bug reports and support requests

We do NOT sell, rent, or share your personal data with third parties for marketing purposes. We do not use your data for profiling, behavioral advertising, or any purpose beyond operating the app. No advertising trackers are used.

5. Data Storage

Cloud Storage:

Your data is stored on Supabase, hosted on Amazon Web Services (AWS) in the Singapore region. Supabase is SOC 2 Type II certified and ISO 27001 compliant.

Local Storage:

A cached copy of your data is stored locally on your device using SQLite to enable offline access and faster load times. This data remains on your device and is not shared with any third party.

Guest Mode:

When using the app in guest mode, all data is stored locally on your device only. No data is uploaded to our servers. Guest mode data is never synced to the cloud unless you create an account.

6. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, all associated data — including transactions, accounts, goals, debts, budgets, contributions, bills, insurance records, and tax records — is permanently deleted from our systems within 30 days. Backups may retain data for up to 30 additional days before being overwritten.

7. Data Sharing

We do NOT sell or share your personal data with third parties. The only third-party services used are:

  • Supabase (supabase.com): Database and authentication infrastructure. All user data is stored on Supabase servers. Data may be stored in servers outside the Philippines.
  • Google Sign-In (optional): If you sign in with Google, we receive your name, email, and profile photo. We do not access your Google Drive, Gmail, contacts, or any other Google service data.
  • ExchangeRate-API (open.er-api.com): Currency exchange rates. No personal data is sent.

8. Your Rights Under RA 10173

As a data subject, you have the following rights:

Right to be Informed:

Know what data we collect and why — this Privacy Policy fulfills that obligation.

Right to Access:

Request a copy of all personal data we hold about you via the Data Export feature in Settings > Privacy & Data.

Right to Object:

Object to processing by withdrawing consent (deleting your account).

Right to Erasure:

Delete your account and all associated data permanently via Settings > Privacy & Data > Delete Account.

Right to Data Portability:

Export all your data in JSON format via Settings > Privacy & Data > Download My Data.

Right to Rectification:

Correct inaccurate data directly within the app at any time (edit your profile, transactions, accounts, etc.).

Right to File a Complaint:

If you believe your rights under RA 10173 have been violated, you may file a complaint with the National Privacy Commission at www.privacy.gov.ph.

To exercise any right not available in-app, email us at sandalan.app.ph@gmail.com. We will respond within 15 business days.

9. Data Security

We implement the following security measures to protect your data:

  • All data is encrypted in transit using TLS (HTTPS)
  • All data is encrypted at rest using AES-256 on Supabase infrastructure
  • Row-Level Security (RLS) ensures users can only access their own data
  • Passwords are hashed using bcrypt via Supabase Auth — we never store plaintext passwords
  • Local database on your device is protected by the operating system's app sandbox
  • Administrative access is limited and does not include individual financial figures

10. Data Breach Notification

In the event of a personal data breach that is likely to result in harm to affected individuals, we will notify the National Privacy Commission (NPC) within 72 hours of becoming aware of the breach, and notify affected users within a reasonable period, in accordance with NPC Circular No. 16-03.

11. Children's Privacy

Sandalan is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. Users between 13 and 17 must have parent or guardian consent to use the app, as stated in our Terms of Service. If you believe a child under 13 has created an account, please contact us at sandalan.app.ph@gmail.com and we will delete the account promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice within the app. Your continued use of Sandalan after changes take effect constitutes acceptance of the revised policy.

13. Contact

For privacy-related concerns, contact us at:
Email: sandalan.app.ph@gmail.com

If you believe your rights under RA 10173 have been violated, you may file a complaint with the National Privacy Commission at www.privacy.gov.ph.

← Back to home