Privacy Policy

1. Information we collect

We collect information you provide directly when you sign up and use our services:

• Account information: email address (required for sign-in via magic link or Google OAuth), and optionally a display name and phone number.
• Booking information: contact email, phone, guest name, the attraction or experience booked, party size, date and time slot, payment receipt reference, and any special-requests text you provide.
• Trip itinerary: attractions you save to your trip plan and the dates you plan to visit (stored locally in your browser by default; only synced to our servers if you sign in).
• Crowd reports: if you submit a crowd-level report for an attraction, we store the attraction, the level, and the time. Your identity is not displayed publicly with the report.

We collect automatically when you use the service:

• Authentication audit log:for every sign-in, sign-out, account-change, or account-deletion event, we record the timestamp, the event type (e.g. “magic_link_sent”), the outcome (success or failure), the IP address from which the request came, and the User-Agent string of your browser. This is used for security forensics if your account is compromised.
• Cookies: we set a first-party session cookie when you sign in. This is HttpOnly + Secure + SameSite=Lax and expires 7 days after issue. We do NOT use third-party advertising cookies, marketing pixels, or ad-tech tracking, and we do NOT sell or share your activity with advertisers.
• Product & usage analytics:we use a first-party analytics tool (PostHog) to understand how the app is used — which pages and features are popular, and aggregate funnels such as how many visitors complete a booking. Analytics events are tied to an opaque account identifier (a random ID), notto your name, email, or phone number. We honour your browser’s “Do Not Track” setting. See “Third-party services” below for where this data is processed.
• Error monitoring: when something breaks, we use an error-tracking tool (Sentry) to capture the technical details so we can fix it. Email addresses and phone numbers are stripped from error reports before they are sent.
• Server logs: our hosting provider (Vercel) records request URLs, status codes, and timing for operational purposes.

2. How we use your information

• To create and manage your account so you can book and review past bookings.
• To process bookings, send confirmation emails, and provide QR codes for attraction entry.
• To detect and respond to abuse (rate limits, audit log review for suspicious activity).
• To improve the service (aggregate, anonymized analysis of which attractions are popular, what crowd levels look like by time of day, which features are used).
• To send transactional emails (sign-in links, booking confirmations, reminders 24 hours before your visit, email change confirmations). We do NOT send marketing emails.
• To comply with legal obligations and enforce our Terms of Service.

Our legal basis. Under the Data Privacy Act we process your personal data on these grounds: to perform our agreement with you (creating your account and completing bookings); with your consent (optional profile fields, the operator-interest form, and crowd reports you choose to submit); for our legitimate interests (keeping the service secure, preventing abuse, and understanding usage through aggregate analytics); and to meet a legal obligation (retaining booking records for tax and accounting).

Automated processing.Our crowd indicators and attraction suggestions are generated automatically — for example, aggregating crowd reports into a low / medium / high level, or ranking attractions by popularity. These do not make legal or similarly significant decisions about you. You may object to this automated processing (see “Your rights” below).

3. Third-party services

We use the following processors. Each handles a narrow slice of data and is bound by their own privacy policies:

• Supabase— hosts our database and authentication system. Your account email, profile, and bookings are stored on Supabase’s infrastructure.
• Vercel— hosts our web application. Receives every request you make to baguiovisit.com.
• PayMongo— processes payment for paid bookings (GCash, Maya, cards, bank transfer). Receives only the data needed to complete the transaction. We never store card numbers.
• Resend— sends transactional emails from our verified baguiovisit.com domain.
• Google— if you sign in with Google OAuth, Google authenticates your identity and shares your email and profile name with us. Google’s privacy policy: https://policies.google.com/privacy.
• Cloudflare— provides DNS, email forwarding, and CDN services for our domain.
• OpenFreeMap (MapLibre)— serves the base map tiles when you view attractions on the map. No personal data is sent to OpenFreeMap.
• Wikimedia Commons— hosts some of the attraction photos we display. No personal data is sent to Wikimedia.
• PostHog— our product and usage analytics provider (United States). Receives pageviews and aggregate product events tied to an opaque account identifier — never your name, email, or phone number. Used to understand which features are used and how the booking funnel performs.
• Sentry— our error-monitoring provider (United States). Receives technical error reports when something breaks in the app. Email addresses and phone numbers are stripped from these reports before they are sent.

We do not sell your personal information to anyone. We do not share your information with advertising networks or data brokers.

Some of these processors are located outside the Philippines (for example, in the United States and Singapore). When your personal data is processed abroad, we remain accountable for it under the Data Privacy Act and rely on each provider’s contractual data-protection commitments to keep it protected.

3a. Operator lead capture (/for-business)

If you operate a Baguio business (hotel, attraction, restaurant, vendor) and submit our operator-interest form at /for-business, we collect a separate category of information for operator acquisition outreach. This is distinct from tourist account data above and never feeds the public catalog without your explicit follow-up consent.

• Data we collect: business name, your name, email, business type, and optionally phone, your role, and a free-text message. Submission is by your initiative (consent via form submission).
• Where it is stored:the submission is emailed to the founder’s inbox via Resend(our transactional email provider, United States). The email body and Resend’s transactional logs hold the same fields you submit.
• Retention:kept in the founder’s inbox indefinitely until you ask us to delete it, OR until founder triage clears it. Resend’s own log retention applies in parallel per Resend’s policy.
• Purpose:operator acquisition outreach only — we contact you about listing your business on BaguioVisit. We do NOT share these submissions with third parties, advertisers, or data brokers, and we do NOT use them for marketing campaigns to tourists.
• Opt-out / data deletion: reply to abuse@baguiovisit.com to be removed (we investigate every report), OR email support@baguiovisit.com to request a data export or deletion of your operator-lead record.

3b. Bookings made on your behalf by a hotel or operator

A Baguio hotel front desk (or another partner operator) can book a paid attraction on your behalf— for example, when you ask the front desk to arrange a visit. When that happens, the operator enters your name, phone number, and email so the booking can be completed. You may not have a BaguioVisit account at all.

• What we collect: the guest name, phone, and email the operator enters, plus the usual booking details (attraction, party size, date and time slot, payment receipt reference). We process this as part of the booking, the same way we process a booking you make yourself.
• Why we collect it: to confirm the booking and issue your entry QR code, and to send you the booking confirmation. The operator collects these details on our behalf so the attraction visit can go ahead. We do NOT use them for marketing.
• Deletion if you do NOT have an account: because the booking is stored under its booking reference (not under a user account), you do not need an account to have it removed. Email support@baguiovisit.com with the booking reference (or the contact details the operator used) to request a copy of, or the deletion of, the data we hold about that booking. We keep booking records for the tax and audit period required by Philippine law (see “Data retention” below); within that constraint we will delete your contact details on request.

4. Your rights

Under the Philippines Data Privacy Act (RA 10173) and similar laws, you have the right to:

• Access— request a copy of the personal data we hold about you. Email us at the address below.
• Correct— update your name, phone, email, and language preference at any time from your profile page.
• Delete— permanently delete your account from your profile page. Bookings tied to your account become guest bookings (linked to the booking reference and contact email), retained for tax and audit purposes for the period required by Philippine law.
• Withdraw consent— you can sign out and stop using the service at any time.
• Object— object to our processing of your personal data, including the automated crowd and suggestion processing described above, on grounds relating to your particular situation.
• Data portability— obtain a copy of the personal data you provided to us in a structured, commonly used, electronic format. Email us at the address below.
• Lodge a complaint— with the Philippines National Privacy Commission (privacy.gov.ph) if you believe we are mishandling your data.

5. Data retention

• Active account data— retained while your account is open. Deleted within minutes when you delete your account.
• Authentication audit log— retained for security forensics. Tied to your account ID, but the account ID is nulled when you delete your account; what remains is the IP address and User-Agent string for attack-detection purposes.
• Booking records— retained for tax, accounting, and audit purposes per Philippine law (10 years for receipts and invoices).

6. Children

BaguioVisit is intended for users 18 years and older. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, contact us and we will delete it.

7. Security

We protect your data with industry-standard security practices: HTTPS for all traffic, HttpOnly + Secure cookies for sessions, server-side validation of every privileged operation, comprehensive audit logging, and rate limits to slow brute-force attacks. We do NOT store passwords; we use magic-link authentication or OAuth.

No system is perfectly secure. If a security incident affects you, we will notify you and the National Privacy Commission within 72 hours of confirming the scope, as required by the Data Privacy Act.

8. Changes to this policy

We may update this Privacy Policy as the service evolves. Material changes will be announced on this page with an updated “Last updated” date and, when warranted, an in-product notification. Continuing to use the service after a change means you accept the updated policy.

9. Contact us

Questions, requests, or concerns about your data? Contact us at support@baguiovisit.com.