EggKo EggKo

Legal

Privacy Policy

Last updated: 2026-04-09

This Privacy Policy describes how CypherZero Software Development Services ("CypherZero", "we", "us") collects, uses, and protects the personal data you provide when using EggKo ("Service"). We comply with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

1. Who we are

CypherZero Software Development Services is the data controller for information collected through the Service. We are based in Madridejos, Cebu, Philippines. Our Data Protection Officer (DPO) can be reached at dpo@cypherzero.dev.

2. Data we collect

Account data:

  • Email address (required for account creation and communication)
  • Username (your choice of display name)
  • Password (hashed with bcrypt, never stored in plain text)
  • Phone number (optional)
  • Preferred language (English, Filipino, or Bisaya)

Farm operational data (you enter):

  • Farm details: name, address, contact number
  • Houses, flocks, eggs, feed, medicines, staff, suppliers, customers, orders
  • Financial records: expenses, payments, invoices
  • Any attachments, notes, or descriptions you add

Automatically collected:

  • IP address (logged for security auditing, not for tracking)
  • Browser type and operating system
  • Pages visited and actions taken within the Service (for debugging)
  • Session cookies (required for login)

3. How we use your data

  • To provide and maintain the Service
  • To authenticate you and keep your account secure
  • To send you transactional emails (verification, password reset, billing)
  • To send you alerts you've opted into (harvest missing, low feed, etc.)
  • To respond to your support requests
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations

We do NOT use your data for advertising. We do NOT sell your data. We do NOT share your data with third parties for marketing.

4. Legal basis for processing

Under the Philippine Data Privacy Act, we process your data based on:

  • Contract: processing is necessary to provide the Service you signed up for.
  • Consent: when you opt into email/push notifications.
  • Legal obligation: when required by Philippine law.
  • Legitimate interest: for fraud prevention and security.

5. Data retention

We retain your data for as long as your account is active. If you delete your account, we retain your data for 90 days to allow reactivation, then permanently delete it. Backups may retain copies for up to 30 additional days before rotating out.

Certain records (payment history, support communications) may be retained longer to comply with legal and tax obligations.

6. Data sharing

We do not share your data with third parties, except:

  • With infrastructure providers who host the Service (e.g. AWS) under strict data processing agreements.
  • With email providers when we send transactional or notification emails.
  • When required by law, subpoena, or court order.
  • To prevent imminent harm, fraud, or security incidents.

Multi-tenancy guarantee: within the Service, your farm's data is strictly isolated from other farms. Users of other farms cannot see, access, or query your data under any circumstances. This is enforced at the database query level and verified with automated tests on every code change.

7. Your rights

Under Section 16 of the Philippine Data Privacy Act, you have the right to:

  • Be informed about how your personal data is processed.
  • Access your personal data held by us.
  • Object to the processing of your personal data.
  • Rectify any inaccurate or incomplete personal data.
  • Erase or block your personal data (subject to legal retention requirements).
  • Data portability — receive your data in a structured, commonly-used format (we support PDF and Excel export).
  • Damages for violations of your rights under the Act.
  • Lodge a complaint with the National Privacy Commission (NPC).

To exercise any of these rights, contact our DPO at dpo@cypherzero.dev. We respond within 15 days.

8. Cookies

We use strictly necessary cookies for authentication (session cookies) and CSRF protection. We do NOT use third-party tracking cookies, analytics cookies, or advertising cookies. You can disable cookies in your browser, but the Service will not function without them.

9. Security

We implement organizational, physical, and technical measures to protect your data:

  • HTTPS/TLS encryption for all data in transit
  • Passwords hashed with bcrypt (industry standard)
  • Session cookies marked httpOnly and SameSite=Lax
  • CSRF protection on all form submissions
  • Rate limiting on authentication endpoints
  • Content Security Policy (CSP) headers to prevent XSS
  • HTTP Strict Transport Security (HSTS) enforced
  • Regular security audits and dependency updates

In the event of a data breach affecting your personal information, we will notify you and the National Privacy Commission within 72 hours as required by law.

10. International transfers

Your data may be stored on infrastructure located outside the Philippines (e.g. AWS Singapore region). We ensure appropriate safeguards are in place, including data processing agreements with our infrastructure providers.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email and a notice on the Service. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

For questions about this Privacy Policy or your personal data, contact our Data Protection Officer at dpo@cypherzero.dev or our general support at support@cypherzero.dev.

You may also file a complaint with the National Privacy Commission of the Philippines .

Read our Terms of Service →