Privacy Policy

Effective date: March 1, 2026

1. Introduction

Sinking Fund (“the Platform”) is committed to protecting the privacy of its users. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal data. This policy applies to all users of the Platform, including fund managers, members, and visitors.

2. Information We Collect

2.1 Account Information

  • Full name
  • Email address
  • Password (stored in hashed form)

2.2 Fund and Financial Data

  • Fund configuration (contribution amounts, penalty rules, interest rates)
  • Contribution records and payment evidence (uploaded files)
  • Loan applications, repayment records, and interest calculations
  • Penalty records

2.3 Contact Form Submissions

  • Name, email, phone number, company name
  • Fund size estimate and message content

2.4 Automatically Collected Data

  • IP address and browser information
  • Pages visited and usage patterns (via Vercel Web Analytics)
  • Device type and operating system

3. How We Use Your Information

  • Account management: To create and maintain your account, authenticate your identity, and send email verification codes.
  • Fund operations: To track contributions, calculate penalties, manage loans, compute interest distributions, and generate fund forecasts.
  • Notifications: To send contribution reminders, due-date alerts, loan status updates, and fund invitations via email.
  • Support: To respond to contact form inquiries.
  • Improvement: To analyze usage patterns and improve the Platform.

4. Data Storage and Security

Your data is stored securely using the following infrastructure:

  • Database: PostgreSQL hosted on Neon with encrypted connections.
  • File storage: Contribution evidence and documents are stored in Vercel Blob with access controls.
  • Authentication: Sessions use HTTP-only cookies with JWT tokens. Passwords are hashed using industry-standard algorithms.
  • Hosting: The Platform is deployed on Vercel with HTTPS encryption for all traffic.

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your data.

5. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

  • Within your fund: Fund managers can view member contributions, loan details, and penalty records for funds they manage.
  • Service providers: We use third-party services (Vercel for hosting, Neon for database, Gmail for email delivery) that process data on our behalf.
  • Legal requirements: If required by Philippine law, court order, or government regulation.

6. Data Retention

We retain your account data and fund records for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law or necessary for legitimate business purposes (such as maintaining financial records for completed fund cycles).

7. Your Rights

Under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), you have the following rights:

  • Right to access: Request a copy of your personal data.
  • Right to correction: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to object: Object to the processing of your personal data for specific purposes.
  • Right to data portability: Request your data in a structured, machine-readable format.

To exercise these rights, please contact us through our Contact page.

8. Cookies

The Platform uses essential cookies for authentication and session management. We also use Vercel Web Analytics, which collects anonymized usage data without using cookies for tracking.

9. Children's Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through an in-app notification. The “Effective date” at the top of this page indicates when the policy was last revised.

11. Contact

For questions or concerns about this Privacy Policy or how your data is handled, please visit our Contact page.