Privacy Policy

Last Updated: January 1, 2026

1. Introduction

Ang Kaalaman ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered legal research platform.

This policy is compliant with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations (IRR). We respect your rights as a data subject and are committed to transparency in our data processing activities.

2. Information We Collect

We collect the following types of personal information:

2.1 Account Information

  • Google OAuth Data: When you sign in with Google, we receive your name, email address, and profile picture.
  • Email Registration: If you register directly, we collect your email address and the password you create (stored securely using industry-standard hashing).

2.2 Usage Data

  • Chat Sessions (Usap): Your conversations with our AI legal assistant, including questions and responses.
  • Quiz Sessions (Pagsusulit): Quiz attempts, answers, and performance data.
  • Flashcard Sessions: Flashcard decks generated and your study interactions.
  • Case Digest Generations: AI-generated case digests you request.
  • Legal Analysis (Mungkahing Sagot): Questions submitted for AI legal analysis.

2.3 Transaction Data

  • LX Credits: Your credit balance, purchase history, and usage records.
  • Feature Usage: Which AI features you use and their associated costs.

2.4 Technical Data

  • IP address and browser type
  • Device information and operating system
  • Access times and referring URLs
  • Session cookies for authentication

3. Legal Basis for Processing

Under the Data Privacy Act of 2012, we process your personal data based on the following lawful criteria:

  • Consent: When you create an account and agree to our terms, you consent to the processing of your data for the purposes described in this policy.
  • Contract Performance: Processing necessary to provide our AI-powered legal research services to you.
  • Legitimate Interest: Processing for platform improvement, security, and fraud prevention, balanced against your privacy rights.

4. How We Use Your Information

We use your personal information to:

  • Provide AI-powered legal research and analysis services
  • Generate personalized quizzes, flashcards, and case digests
  • Process LX credit transactions and maintain your account balance
  • Authenticate your identity and secure your account
  • Improve and optimize our platform based on usage patterns
  • Communicate important service updates and changes
  • Respond to your inquiries and provide customer support
  • Comply with legal obligations under Philippine law

5. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your personal data:

  • Database: Your data is stored in PostgreSQL databases hosted on Supabase with encryption at rest.
  • AI Context: Semantic search data is stored in ChromaDB with access controls.
  • Transmission: All data transmitted between your browser and our servers uses HTTPS/TLS encryption.
  • Access Controls: Only authorized personnel have access to personal data, on a need-to-know basis.
  • Password Security: Passwords are hashed using industry-standard algorithms and are never stored in plain text.

6. Third-Party Services

We share data with the following third-party service providers who assist in delivering our services:

6.1 Authentication

  • Google: For OAuth authentication when you choose to sign in with Google.

6.2 AI Service Providers

Your queries may be processed by third-party AI service providers to generate responses, perform semantic search, and provide context reranking.

Note: When using AI features, your queries are sent to these providers for processing. Each provider has their own privacy policies. We recommend reviewing their policies if you have concerns about AI data processing.

6.3 Infrastructure

  • Supabase: Database hosting and authentication services.
  • Amazon Web Services (AWS): File storage (S3) for uploaded content.

7. Your Rights Under the Data Privacy Act of 2012

As a data subject under Philippine law, you have the following rights:

Right to Be Informed

You have the right to be informed whether your personal data is being processed, and to access information about how your data is being used.

Right to Access

You may request access to your personal data, including information about how it was collected, stored, and used.

Right to Object

You may object to the processing of your personal data, including for direct marketing purposes.

Right to Erasure or Blocking

You may request the removal or blocking of your personal data from our systems.

Right to Rectification

You may request correction of any inaccurate or incomplete personal data.

Right to Data Portability

You may request a copy of your personal data in a structured, commonly used, and machine-readable format.

Right to Damages

You may claim compensation for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data.

Right to File a Complaint

You have the right to file a complaint with the National Privacy Commission (NPC) if you believe your rights have been violated.

To exercise any of these rights, please contact us at aljon@stcloud.io.

8. Data Retention

We retain your personal data according to the following schedule:

  • Active Accounts: Your data is retained as long as your account remains active and you continue to use our services.
  • Account Deletion: Upon request for account deletion, we will remove your personal data within 30 days, except where retention is required by law.
  • Transaction Records: LX credit transaction records may be retained for up to 7 years for accounting and legal compliance purposes.
  • Legal Requirements: Some data may be retained longer if required by Philippine law or for legitimate business purposes (e.g., resolving disputes).

9. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

  • Session Cookies: Essential for authentication and maintaining your logged-in session.
  • CSRF Tokens: Security cookies to prevent cross-site request forgery attacks.
  • Preferences: Remembering your settings and preferences.

We do not use third-party advertising cookies or tracking pixels. We do not sell your data to advertisers.

10. Children's Privacy

Ang Kaalaman is intended for users who are 18 years of age or older, or minors with parental or guardian consent. We do not knowingly collect personal data from children under 18 without appropriate consent.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at aljon@stcloud.io, and we will take steps to remove such information.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside the Philippines where our service providers are located. When such transfers occur, we ensure that appropriate safeguards are in place to protect your data in accordance with the Data Privacy Act of 2012.

We only transfer data to countries or organizations that provide an adequate level of protection for personal data, or where contractual measures are in place to ensure data protection.

12. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Ang Kaalaman

Email: aljon@stcloud.io

For data privacy concerns, please include "Data Privacy Request" in your email subject line.

13. National Privacy Commission

If you believe that your data privacy rights have been violated, you have the right to file a complaint with the National Privacy Commission (NPC):

National Privacy Commission

5th Floor, Philippine International Convention Center (PICC)

Pasay City, Metro Manila, Philippines 1307

Website: www.privacy.gov.ph

Email: complaints@privacy.gov.ph

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify registered users via email for significant changes
  • Post a notice on our platform when appropriate

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

This Privacy Policy is compliant with Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations.