LabanPH

Privacy Policy

Last updated: April 19, 2026

LabanPH is committed to protecting your personal information. We collect only what is necessary to process your complaint, coordinate with regulators, and build a class action if applicable. We never sell your data or use it for advertising.

1. What we collect

  • Complaint form: narrative (required), company name, issue type, incident date, amount disputed, and up to 10 evidence files (images, PDF, video).
  • Contact details (optional): email address or Telegram username — used only to follow up on your complaint. Never published.
  • Whistleblower submissions: same as above. Claim codes are stored as SHA-256 hashes only — we never store the original code.
  • Analytics: We do not run third-party analytics. Server logs record IP addresses for security purposes; logs are rotated every 30 days.

2. How we use it

  • To review, categorize, and process your complaint.
  • To pre-fill regulatory complaint letters (BSP, DTI, SEC, Small Claims).
  • To coordinate class action if 3+ people share the same issue type.
  • To publish anonymized complaint summaries on the platform (no name, email, or phone ever shown).
  • To pin evidence to IPFS — only if you explicitly opt in and confirm the permanence warning.

3. IPFS and permanent records

  • If you opt your evidence into IPFS, it is pinned to the InterPlanetary File System — a permanent, decentralized storage network. Once pinned, the content cannot be deleted by LabanPH or anyone else.
  • You are shown two confirmation prompts before any IPFS submission. Do not opt in if you need the ability to retract evidence.

4. Data sharing

  • We do not sell, rent, or trade your personal data.
  • We may share anonymized complaint statistics with journalists, researchers, and regulators.
  • If your complaint is escalated to BSP, DTI, or SEC, the formal letter you generate contains only the information you choose to include — LabanPH does not forward data to regulators on your behalf without your explicit action.
  • Evidence files are stored on our servers (Fly.io Singapore region) and optionally on IPFS. Fly.io's privacy policy applies to server-side storage.

5. Data retention

  • Complaint records are retained for 5 years from submission, or until you request deletion.
  • IPFS-pinned records cannot be deleted by LabanPH.
  • Contact details (email / Telegram) are deleted upon request.
  • Server access logs: 30 days.

6. Your rights (RA 10173 — Data Privacy Act)

  • Right to access: Request a copy of personal data we hold about you.
  • Right to rectification: Correct inaccurate personal information.
  • Right to erasure / blocking: Request deletion of personal data (except IPFS-pinned content).
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Withdraw consent to processing at any time.
  • To exercise these rights, email hello@clawback.ph with subject line "Data Request — [your complaint ref]" or message @labanph on Telegram.

7. Cookies

  • LabanPH does not use tracking cookies or third-party advertising cookies.
  • We use a single session cookie for the complaint form draft state (localStorage only, never sent to server).

8. Security

  • All traffic is encrypted via HTTPS/TLS. Evidence files are stored in an access-controlled directory, not publicly served.
  • Whistleblower claim codes are never stored in plaintext — only SHA-256 hashes.
  • We conduct periodic security reviews. Suspected breaches are reported to the National Privacy Commission (NPC) within 72 hours per NPC Circular 2023-04.

9. Children

  • LabanPH is not directed at children under 18. We do not knowingly collect personal information from minors.

10. Changes to this policy

  • We will post updates here with a revised date. Material changes will be announced on our Telegram channel @labanph.

LabanPH · hello@clawback.ph

National Privacy Commission (PH): privacy.gov.ph

Terms of UseMedia Kit
💬