Last updated: 12 July 2025

EduAITech (“we,” “our,” or “us”) respects and protects the personal data of educators, learners, and all visitors to our platform. We operate under the Republic Act 10173, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (IRR), as well as relevant circulars of the National Privacy Commission (NPC).

 
1. Personal Data We Collect
Account information
• Name, e-mail address, role (teacher / student / other)
• Encrypted (hashed) password

Content you submit
• Topics, passages, prompts, or any text you type or upload
• The AI-generated outputs you produce

Usage information
• Date and time of each TaskFlow run
• Basic device and browser details (IP address, user agent)
• Clicks and page views for service improvement

Payment information
• Billing name and address
• Tokenised card details processed by Stripe or PayPal (we never store full card numbers)

Cookies
• Session cookies to keep you signed in
• Preference cookies to remember settings
• Analytics cookies to understand aggregate site traffic

We do not knowingly collect sensitive personal information such as student grades, medical data, or government-issued IDs.
 
2. Principles of Processing
We follow the three core principles of the DPA: Transparency, Legitimate Purpose, and Proportionality. We collect only what is relevant, tell you why we need it, and use it only for that declared purpose.

 
3. Why We Process Your Data
To deliver the service – run TaskFlows, save your outputs, secure your account, and process payments.
To improve EduAITech – analyse anonymised usage patterns, fix bugs, and develop new features.
To communicate with you – send important notices, onboarding tips, and product updates (you may opt out of non-essential mail).
To comply with legal obligations – fulfil tax, accounting, fraud-prevention, and law-enforcement requirements.
 
4. Legal Bases Under Philippine Law
We process personal data under any of the following legal bases:

• Consent – you freely give permission when you sign up or opt-in to marketing mail.
• Contractual necessity – processing is needed to deliver the service you requested.
• Legitimate interest – improving security, preventing abuse, and enhancing user experience, balanced against your privacy rights.
• Legal obligation – compliance with tax, audit, and other statutory requirements.

 
5. Your Data Privacy Rights
Under the DPA you have the right to:

• Be Informed – know how, why, and where your data is processed.
• Object – withhold or withdraw consent at any time.
• Access – request a copy of the personal data we hold about you.
• Correct – rectify inaccurate or incomplete data.
• Erasure or Blocking – request deletion of data that is no longer necessary or unlawfully processed.
• Data Portability – obtain a copy of your data in a structured, commonly used format.
• Damages – be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data.

To exercise these rights, e-mail support@eduaitech.com. We respond within thirty (30) calendar days, subject to allowable extensions under the IRR.

 
6. Data Sharing and Outsourcing
We engage trusted third-party processors strictly for hosting, payment, e-mail delivery, and AI inference. Each vendor is bound by a Data Sharing or Data Processing Agreement that upholds DPA standards of security and confidentiality. We never sell or rent your personal data to advertisers.

 
7. Cross-Border Data Transfers
When data is transferred outside the Philippines (for example, to servers in the United States or Germany), it is protected by contractual safeguards and industry-standard encryption in transit and at rest. By using EduAITech you acknowledge and consent to such transfers.

 
8. Data Retention
• Account data and TaskFlow outputs stay until you delete them or close your account.
• Payment records are retained for seven (7) years to meet statutory requirements.
• Analytics logs are kept for up to twelve (12) months, after which they are anonymised or deleted.

 
9. Security Measures
• Transport Layer Security (TLS) for all data in transit
• AES-256 encryption for data at rest
• Role-based staff access and annual privacy training
• Regular vulnerability scanning and third-party penetration testing
• 72-hour breach notification to the NPC and affected users when required by law

 
10. Children’s Privacy
EduAITech may be used by children under thirteen (13) only with parent, guardian, or school authority consent and supervision. We do not knowingly process personal data of a child without such consent.

 
11. Unlimited Use & Fair-Use Policy
Our Unlimited Plan allows unrestricted TaskFlow runs for one subscriber. Excessively automated or abnormal usage that degrades the service may be investigated. Account-sharing is prohibited; please request a school or institutional licence for multi-user access.

 
12. Changes to This Privacy Policy
We may update this policy from time to time. Material changes will be announced by e-mail or in-app notice at least thirty (30) days before they take effect. Continued use after that date means you accept the updated policy.

 
13. How to Reach Us
E-mail: support@eduaitech.com

If you believe your data privacy rights have been violated, you may lodge a complaint with the National Privacy Commission (https://privacy.gov.ph).

 Your trust matters. Thank you for choosing EduAITech to empower great teaching and learning.