Packsilogan, a Philippine-based business operating this marketplace, is the personal-information controller for the data we collect from you. Reach our DPO at privacy@packsilogan.com.

• Account: name, email, phone, hashed password, profile photo, optional username.
• Shop (sellers only): shop name, slug, banner / logo, contact info, shipping & return policy text.
• Transactions: orders, bids, watchlist, cart contents, invoice line items, shipping address per order, courier + tracking number.
• Payments: we don't store card numbers, wallet balances, or bank credentials. PayMongo holds these. We do store a payment intent ID, payment status, and the amount.
• Communications: support emails, dispute attachments, in-platform notifications you've received.
• Behavioral data: search queries, listing views, login times, device + browser info from server logs.
• Cookies / local storage: session cookie set by Supabase Auth, a cart key (packs:cart:v1), and recent-search history (packs:recent-searches:v1).

• To run the marketplace: orders, escrow, shipping notices.
• To process payments and payouts via PayMongo and the seller's chosen payout method.
• To send transactional emails via Resend (order confirmations, shipping updates, dispute correspondence, password resets).
• To detect and prevent fraud, abuse, and policy violations.
• To improve the platform — aggregate analytics on what people search for, which listings convert, and where flows break.

We do not run third-party advertising networks or behavioral ad targeting on Packsilogan.

• Supabase — hosts our database and authentication. Data resides on Supabase's infrastructure (Singapore region).
• PayMongo — processes payments. Subject to its own privacy policy.
• Resend — sends transactional email on our behalf.
• Vercel — hosts and serves the application.
• Couriers (when shipping): sellers share the buyer's shipping address with the courier they choose (J&T, LBC, GrabExpress, etc.).
• Authorities: when legally compelled, or when necessary to investigate fraud or protect users.

We do not sell or rent your personal data to anyone.

Some information is public by design:

• Shop names, logos, banners, slugs, and listing pages.
• Shop ratings and aggregate review counts (no buyer email is shown).
• Bid amounts and high-bidder usernames (not full names) on auction pages.
• Anonymized preorder counts on a product page (we mask buyer names to first letter + asterisks).

Your email, phone, and shipping address are never shown to other users without your action (e.g., the seller you ordered from sees your shipping address for that order).

• Order, transaction, invoice, and payout records: kept for 7 years to satisfy Philippine tax and accounting requirements.
• Account profile data: kept while your account is active. After deletion, identifiers are scrubbed but transaction records are retained per the line above.
• Server logs: 90 days.
• Payment receipts uploaded by buyers: kept for the dispute window (90 days), then purged unless a dispute is open.

Under the Philippine Data Privacy Act (RA 10173), you have the right to:

• Access the data we hold about you.
• Correct inaccurate data.
• Erasure of data we no longer need to retain (see retention section).
• Object to certain processing (e.g., marketing — we don't do this currently, but the right is yours to enforce if we did).
• Data portability — export your account data in machine-readable form.

To exercise any of these, request via the data deletion page or email privacy@packsilogan.com. We respond within 30 days.

We use encryption in transit (HTTPS) and at rest. Passwords are hashed (we never see your plaintext). Access to production data is limited to a small team and audited. Payment credentials are never stored on our servers.

That said, no system is impenetrable. If we discover a breach affecting your data, we will notify you within 72 hours per the National Privacy Commission's rules.

Some of our service providers (Vercel, PayMongo's upstream partners, Resend) may process data outside the Philippines. We rely on those providers' certifications and standard contractual terms to keep your data protected.

Packsilogan is not directed at children under 18. We do not knowingly collect personal data from minors without parental oversight. If you believe a minor has signed up without consent, email privacy@packsilogan.com and we will delete the account.

We will update this policy as the platform evolves. Material changes are announced on-platform. The “last updated” date at the top reflects the most recent revision.

Privacy questions: privacy@packsilogan.com. For everything else, see contact us.