Privacy Policy
ILOOPE ONLINE SHOP (operating as iLoope), Purok 5 Kalasuyan, Kidapawan City, Cotabato, Philippines.
This Privacy Policy explains how ILOOPE ONLINE SHOP (operating as iLoope, "we", "us", "iLoope") collects, uses, shares, and protects your Personal Information when you use the iLoope apps and website (the "Platform"). It is issued under the Data Privacy Act of 2012 (RA 10173), its Implementing Rules, and NPC Circular 16-01 and related issuances. It is incorporated by reference into our Terms of Service.
1. Who We Are (Data Controller)
ILOOPE ONLINE SHOP, with principal office at Purok 5 Kalasuyan, Kidapawan City, Cotabato, Philippines, is the Personal Information Controller (PIC) for data processed through the Platform.
- Operating app: iLoope
- DTI BNRS: ILOOPE ONLINE SHOP (Cert. 8058335)
- Data Protection Officer: Rodger M. Plasencia — dpo@iloope.com
2. Definitions (per RA 10173)
- Personal Data / Personal Information — information that identifies, or can reasonably identify, an individual.
- Sensitive Personal Information — e.g., government-issued ID numbers, health, and similar categories under §3(l).
- Data Subject — the individual whose Personal Information is processed (you).
- Processing — any operation on Personal Information (collection, use, storage, sharing, deletion).
- Controller (PIC) / Processor (PIP) — who decides the purpose of processing vs. who processes on the PIC's behalf.
3. Information We Collect
3.1 Information you provide
Name, mobile number, email, addresses; for KYC where required (riders, merchants, drivers): government ID, selfie/face photo, driver's license, vehicle OR/CR, business permits and TIN.
3.2 Collected automatically
Device model and OS, app version, IP address, push-notification tokens, in-app usage/analytics, and — with your permission — approximate or precise location.
3.3 From third parties
If you sign in with Google or Facebook, we receive basic profile data they share. Payment processors return transaction status and references (never your full card number, GCash PIN, or Maya password).
3.4 Per service
| Service | Information used |
|---|---|
| Ride-hailing | Real-time GPS (pickup/drop-off), trip history, vehicle/driver matching |
| Food delivery | Delivery address, order details, location for rider routing/ETA |
| E-commerce / marketplace | Shipping address, order history, returns |
| Laundry | Pickup/drop-off address, order weight/items |
| Pickleball / Events | Booking details, match/tournament records, court reviews |
| Boses (voice-first social) | Voice recordings, photos/videos, text reactions you choose to post |
| Referrals | Contacts you choose to share to invite others |
4. Legal Basis for Processing (RA 10173 §12–13)
- Consent — e.g., location, camera, microphone, contacts, marketing.
- Contract performance — fulfilling your orders, bookings, payouts, and support.
- Legal obligation — BIR, AMLA, and lawful orders.
- Legitimate interests — fraud prevention, safety (incl. rider protection), and service improvement, balanced against your rights.
5. How We Use Your Information
- Create and manage your account; process orders, bookings, and deliveries.
- Compute fees, fares, and payouts; enable rider/driver routing and safety.
- Communicate order/booking updates and provide support and dispute resolution.
- Prevent fraud and abuse; operate our Buyer Protection / violation system (see §7).
- Comply with law (tax, AML) and, with your opt-in consent, send promotions.
- Analytics to improve delivery times, pricing, and overall experience.
6. Sharing Your Information
We share Personal Information only as needed, and we do not sell it:
| Recipient | What & when |
|---|---|
| Riders / Drivers | Your name, address, and order/trip details — during an active delivery or trip only |
| Merchants | Order details to fulfill your order (restricted from other use) |
| Payment processors (PayMongo, GCash, Maya) | Amount and reference, to process payment |
| Service providers (hosting, maps, notifications, analytics) | Under confidentiality / data-processing terms |
| Law enforcement / regulators | Only upon lawful, valid orders |
Third-party services we use include: PayMongo, GCash, and Maya (payments); Google Maps and Geolocator (location/mapping); Firebase Cloud Messaging (push notifications); Open-Meteo (weather — coordinates only, no personal data); OSRM (routing — no personal data); Hostinger (hosting). Each has its own privacy policy.
7. Buyer Protection & Violation Records
To protect riders and merchants, reported violations (e.g., fake orders, no-show, payment refusal, abuse) may be permanently recorded on the relevant account as a legitimate interest in fraud prevention and rider safety. Such records may be retained even after a deletion request. They are visible only to iLoope admin and the affected party, and reports are investigated before any penalty applies.
8. Data Storage, Security & Retention
We apply organizational, physical, and technical measures: HTTPS/TLS encryption in transit, role-based access control, token-based API authentication (Laravel Sanctum), tokenization of card data via processors, and audit logging. No method is 100% secure, but we take steps appropriate to the risk.
| Data type | Retention |
|---|---|
| Account information | Until you delete your account (then purged within 30 days) |
| Transaction / invoicing records | 10 years (BIR/NIRC requirement) |
| Location history | 6 months |
| Voice recordings (Boses) | 12 months |
| Audit logs | 36 months |
| Violation records | Permanent (rider-protection legitimate interest) |
9. Your Rights as a Data Subject (RA 10173 §16–18)
Subject to law, you have the right to be informed, to access your data, to object to processing, to have data corrected, to have data erased or blocked, to data portability, and to be indemnified for damages from unlawful processing. To exercise any right, use the Data Deletion / Export page or contact our DPO. We respond within 30 days. You may also complain to the National Privacy Commission (privacy.gov.ph).
10. Cookies & Tracking
Our website may use cookies and similar technologies for authentication, preferences, analytics, and fraud prevention. You can manage non-essential cookies via your browser; some features need essential cookies. See the Cookie Policy.
11. Children's Privacy
The Platform is intended for users 18 and older. We do not knowingly process a minor's data except through a consenting, supervising parent or guardian. If we learn we collected a minor's data without proper consent, we will delete it. See the Children's Privacy Policy.
12. International Data Transfers
The Platform may use cloud infrastructure with servers located outside the Philippines. Where Personal Information is transferred abroad, we ensure a comparable level of protection through contractual and security measures consistent with RA 10173 and NPC guidance.
13. Data Breach Notification
In the event of a personal-data breach involving sensitive personal information, or one that may cause a real risk of serious harm, we will notify the National Privacy Commission and affected data subjects within 72 hours of knowledge of the breach, per RA 10173 and NPC Circular 16-03, and take remedial action.
14. Changes to This Policy
We may update this Policy; material changes will be posted in-app or on the website with a new effective date, and where required we will ask you to review and re-consent. Continued use after the effective date constitutes acknowledgment.
15. Contact — Data Protection Officer
- DPO: Rodger M. Plasencia — dpo@iloope.com
- Address: Purok 5 Kalasuyan, Kidapawan City, Cotabato, Philippines
- NPC: www.privacy.gov.ph
Ipinapaliwanag ng Privacy Policy na ito kung paano kinokolekta, ginagamit, ibinabahagi, at pinoprotektahan ng ILOOPE ONLINE SHOP (kilala bilang iLoope, "kami", "iLoope") ang iyong Personal na Impormasyon kapag ginagamit mo ang Platform. Ito ay alinsunod sa Data Privacy Act of 2012 (RA 10173) at sa mga panuntunan ng NPC.
1. Sino Kami (Data Controller)
Ang ILOOPE ONLINE SHOP, na may opisina sa Purok 5 Kalasuyan, Kidapawan City, Cotabato, Philippines, ang Personal Information Controller (PIC). Ang aming Data Protection Officer (DPO) ay si Rodger M. Plasencia — dpo@iloope.com.
2. Anong Data ang Kinokolekta Namin
Pangalan, mobile number, email, address; para sa KYC (riders/merchants/drivers): government ID, selfie, lisensya, OR/CR ng sasakyan, business permit at TIN. Awtomatikong kinokolekta: device model/OS, app version, IP address, push-notification token, in-app analytics, at — kung papayagan mo — ang iyong location.
Para sa bawat serbisyo: Ride (GPS, trip history); Food (delivery address, order); E-commerce (shipping address, order history); Laundry (pickup address, items); Pickleball/Events (booking, laro); Boses (voice recording, photo/video, text reactions); Referrals (contacts na pipiliin mong ibahagi).
Hindi namin sino-store ang credit card number, GCash PIN, o Maya password — ito ay hawak ng payment processors (PayMongo, GCash, Maya).
3. Batayan sa Batas (RA 10173 §12–13)
Pahintulot (location, camera, mic, contacts, marketing); Kontrata (pagtupad ng order/booking, payout, suporta); Obligasyon sa batas (BIR, AMLA); at Lehitimong interes (pag-iwas sa pandaraya, kaligtasan ng rider, pagpapabuti ng serbisyo).
4. Paano Namin Ginagamit ang Data Mo
- Pamamahala ng account; pagproseso ng order, booking, at delivery.
- Pagkuwenta ng bayarin, pamasahe, at payout; routing at kaligtasan ng rider/driver.
- Pag-uupdate ng order/booking; suporta at paglutas ng reklamo.
- Pag-iwas sa pandaraya; Buyer Protection / violation system (tingnan ang §6).
- Pagsunod sa batas; at, kung mag-opt-in ka, mga promo.
5. Sino ang May Access sa Data Mo
| Sino | Anong data / kailan |
|---|---|
| Riders / Drivers | Pangalan, address, order/trip — habang aktibo lang ang delivery/biyahe |
| Merchants | Order details para ma-prepare ang order |
| Payment providers | Halaga at reference, para sa bayad |
| iLoope Admin | Para sa dispute at imbestigasyon |
Hindi namin ibinebenta ang iyong personal na data para sa advertising.
6. Buyer Protection at Violation Records
Para sa kaligtasan ng mga rider at merchant, ang mga reported na paglabag (fake order, no-show, pagtanggi sa bayad, abuso) ay maaaring permanenteng naka-record bilang lehitimong interes. Maaari itong manatili kahit mag-request ka ng deletion. Nakikita lang ito ng admin at ng apektadong panig, at iniimbestigahan bago magkaroon ng parusa.
7. Seguridad at Pag-iimbak (Retention)
Gumagamit kami ng HTTPS/TLS encryption, role-based access control, token-based authentication, at audit logging. Account info: hanggang i-delete mo (pupurgahin sa loob ng 30 araw); transaction records: 10 taon (BIR); location: 6 buwan; voice (Boses): 12 buwan; violation records: permanente.
8. Iyong mga Karapatan (RA 10173 §16–18)
May karapatan kang ma-informed, mag-access, mag-object, mag-pa-correct, mag-pa-delete, mag-data portability, at ma-indemnify. Para gamitin ito, pumunta sa Data Deletion / Export o makipag-ugnayan sa aming DPO. Sasagot kami sa loob ng 30 araw. Maaari ka ring magreklamo sa National Privacy Commission (privacy.gov.ph).
9. Cookies, Bata, Transfer, at Breach
Gumagamit ang website ng cookies (tingnan ang Cookie Policy). Ang Platform ay para sa 18 pataas lamang. Kung may data na ilipat sa labas ng Pilipinas, sisiguruhin naming protektado ito. Sa anumang data breach na may panganib, magpapaalam kami sa NPC at sa mga apektado sa loob ng 72 oras.
10. Pakikipag-ugnayan — DPO
Rodger M. Plasencia — dpo@iloope.com. Address: Purok 5 Kalasuyan, Kidapawan City, Cotabato, Philippines. NPC: privacy.gov.ph.
More legal & privacy