← Back

Privacy Policy

Version 2026-05-01 — Published May 1, 2026

Privacy Policy

Effective Date: May 1, 2026 Version: 2026-05-01

Cyber Calling Card ("CCC," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our platform and services.

This policy is designed in accordance with the Philippines Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Full name (first name and last name)
  • Email address (used for login and account communications)
  • Password (stored in hashed form; we never store or have access to your plain-text password)
  • Mobile phone number (optional, for account purposes)

Profile Information:

  • Full name
  • Job title / position
  • Company name
  • Public contact email address
  • Mobile phone number
  • WhatsApp number
  • Website URL
  • Physical address (street, city, region, postal code, country)
  • Profile photograph
  • Company logo

Card Activation Information:

  • Card code and PIN (PIN is stored in hashed form)
  • Activation timestamp

Legal Consent Records:

  • The type of consent granted (e.g., Terms of Service, Privacy Policy, Public Display)
  • The version and cryptographic hash of the document you consented to
  • Timestamp of when consent was granted
  • Your IP address and browser user agent at the time of consent

1.2 Information Collected Automatically

Authentication and Security Logs:

  • Login and logout timestamps
  • IP addresses associated with authentication events
  • Browser user agent strings
  • Failed login attempts

Card Activation Logs:

  • IP address and browser user agent for each activation attempt
  • Whether the attempt was successful or unsuccessful

1.3 Information We Do Not Collect

  • We do not use cookies for advertising or tracking purposes.
  • We do not collect financial or payment information directly. Any payment processing is handled by third-party payment providers.
  • We do not collect biometric data.

2. How We Use Your Information

We use the information we collect for the following purposes:

Purpose Legal Basis
Providing and operating the service Performance of contract
Displaying your public profile and vCard Your explicit consent (Public Display Consent)
Sending email verification and account notifications Performance of contract
Detecting and preventing fraud, abuse, and security incidents Legitimate interest
Enforcing our Terms of Service Legitimate interest
Complying with legal obligations Legal obligation
Sending product updates and promotional communications Your explicit consent (Marketing Consent, optional)

3. Public Display of Your Information

When you activate a Cyber Calling Card and create a profile, the following information is published on a publicly accessible profile page:

  • Your full name
  • Job title and company name
  • Public contact email address
  • Mobile phone number
  • WhatsApp number (if provided)
  • Website URL (if provided)
  • Physical address (if provided)
  • Profile photograph (if uploaded)
  • Company logo (if uploaded)

This information is also encoded into a QR code and downloadable vCard (virtual contact file) accessible from your profile page and by scanning your physical card.

By activating a card, you explicitly consent to this public display. You may control visibility through the "is public" setting on your profile. Setting your profile to private will restrict the public display, though the profile URL will still be accessible.

4. Information Sharing

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating the platform, including:

  • Hosting and infrastructure providers
  • Email delivery services
  • Payment processors (if applicable)

These providers are contractually obligated to protect your information and may only use it to perform services on our behalf.

4.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to:

  • Comply with a legal obligation.
  • Protect the rights, property, or safety of CCC, our users, or the public.
  • Detect, prevent, or address fraud, security, or technical issues.

5. Data Retention

Data Type Retention Period
Account and profile information Retained while your account is active. On account deactivation (soft delete), data is retained for a grace period to allow restoration.
Consent records Retained indefinitely as legal evidence. Not deleted by account deactivation.
Authentication and security logs Retained indefinitely for forensic and security purposes.
Card activation logs Retained indefinitely for forensic and security purposes.
Retired slugs (vanity URLs) Reserved for 90 days after profile deletion, then released.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Password Security: All passwords are hashed using industry-standard algorithms (bcrypt/Argon2). We never store plain-text passwords.
  • PIN Security: Card activation PINs are hashed at rest and cleared after successful activation.
  • Access Controls: Administrative access is restricted and logged.
  • Session Management: Sessions are regenerated on login and invalidated on logout and account deactivation.
  • Rate Limiting: Authentication and activation endpoints are rate-limited to prevent brute-force attacks.
  • Audit Logging: Administrative actions are logged for accountability.

While we take reasonable measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

7. Your Rights

Under the Philippines Data Privacy Act of 2012, you have the following rights:

7.1 Right to Be Informed

You have the right to be informed about how your personal information is being collected, used, and processed. This Privacy Policy serves as our primary means of fulfilling this obligation.

7.2 Right to Access

You have the right to request access to the personal information we hold about you. You may view your profile information at any time through the member dashboard.

7.3 Right to Rectification

You have the right to correct any inaccurate or incomplete personal information. You may update your profile information at any time through the member dashboard.

7.4 Right to Erasure

You may request the deletion of your account by using the account deactivation feature in your settings. Upon deactivation:

  • Your account and profiles are soft-deleted (removed from public visibility).
  • Your email address is released for potential future re-registration.
  • Consent records, authentication logs, and activation logs are retained as required by law.
  • A complete hard deletion of all data (including legally retained records) may be requested by contacting us directly. Such requests will be processed in accordance with applicable law.

7.5 Right to Object

You have the right to object to the processing of your personal information in certain circumstances. To exercise this right, please contact us.

7.6 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format. A data export feature is available through the member dashboard.

7.7 Withdrawal of Consent

  • Marketing Consent: You may withdraw your consent to receive marketing communications at any time through your account settings. Withdrawal of marketing consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • Required Consents: Consent to the Terms of Service, Privacy Policy, Public Display, Data Accuracy, and Age Confirmation are required to use the service. If you wish to withdraw these consents, you must deactivate your account, which will cease all processing and remove your public profiles.

8. Cookies and Similar Technologies

We use only essential cookies required for the operation of the platform:

  • Session cookies to maintain your authenticated session.
  • CSRF tokens to protect against cross-site request forgery attacks.

We do not use advertising cookies, analytics cookies, or third-party tracking technologies.

9. International Data Considerations

Our services are primarily operated from and directed at users in the Philippines. If you access the service from outside the Philippines, please be aware that your information may be transferred to, stored, and processed in the Philippines, where data protection laws may differ from those in your jurisdiction.

By using the service, you consent to the transfer of your information to the Philippines and the application of Philippine data protection law.

For users in the European Economic Area (EEA), we endeavor to comply with the General Data Protection Regulation (GDPR) to the extent applicable.

10. Children's Privacy

Our service is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information as quickly as possible.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this document. For significant changes, we may provide additional notice through the platform or by email.

Your continued use of the service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

12. Data Protection Officer

For questions or concerns about this Privacy Policy, your personal data, or to exercise any of your rights under the Data Privacy Act, please contact:

Cyber Calling Card — Data Protection Email: [email protected]

You also have the right to lodge a complaint with the National Privacy Commission of the Philippines:

National Privacy Commission Website: https://www.privacy.gov.ph