Privacy Policy

1. Information We Collect

We collect the following types of information:

• Account information: Name, email address, and password when you register
• Authentication data: OAuth tokens and profile information when you sign in with Google or Facebook
• Business data: Store information, employee details (names, PINs), and order data you create within the Service
• Payment information: Billing details processed through Xendit (we do not store your card details directly)
• Usage data: Pages visited, features used, and general interaction patterns

2. Loyverse Integration Data (Optional)

Connecting a Loyverse POS account is optional. If you choose to connect one during onboarding, we perform a one-time import of the following data from Loyverse:

• Items and categories
• Customer records
• Store information

This data is imported so you can start using LaundryVerse without re-entering your existing catalog. Your Loyverse API tokens are encrypted at rest using AES-256-GCM encryption and are never shared with third parties. You may disconnect your Loyverse account at any time from your dashboard settings.

3. How We Use Your Data

We use your information to:

• Provide and maintain the Service
• Sync data between LaundryVerse and your Loyverse POS
• Process subscription payments
• Send important service-related notifications
• Improve the Service based on usage patterns
• Provide customer support

4. Data Storage and Security

Your data is stored in MongoDB databases hosted on secure cloud infrastructure. We implement the following security measures:

• Encryption at rest: Sensitive data (Loyverse API tokens) is encrypted using AES-256-GCM
• Secure authentication: Passwords are hashed and salted; sessions use JWT tokens
• Multi-tenant isolation: Each business's data is isolated using tenant-specific identifiers
• HTTPS: All data in transit is encrypted via TLS

5. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days after the end of your billing period. After account deletion, your data is permanently removed within 30 days, unless we are required by law to retain it.

6. Third-Party Services

We integrate with the following third-party services:

• PayMongo and Maya: Payment processing for subscriptions
• Loyverse: Optional one-time data import during onboarding (items, customers, categories)
• Semaphore: SMS delivery for customer notifications and bulk campaigns
• Resend: Transactional email delivery
• Google: OAuth authentication (optional sign-in method)
• Facebook: OAuth authentication (optional sign-in method)
• Railway: Application hosting for the main product
• Vercel: Hosting for the help center
• MongoDB Atlas: Database hosting
• Sentry: Error monitoring and performance tracking

Each third-party service has its own privacy policy. We encourage you to review their policies.

7. International Data Transfers

Some of the third-party service providers listed in Section 6 are headquartered or operate infrastructure outside the Philippines (e.g., MongoDB Atlas, Railway, Vercel, Sentry, Resend). When we transfer your personal data to these providers, we take reasonable steps to ensure an adequate level of protection, including:

• Written data-processing agreements or equivalent contractual protections with each provider
• Encryption of data in transit (TLS) and at rest where supported
• Limiting access to only the data necessary for the service provided

By using LaundryVerse, you consent to your data being processed in jurisdictions outside the Philippines, subject to the safeguards described above.

8. Your Rights

In accordance with the Philippine Data Privacy Act of 2012 (RA 10173), you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Disconnect your Loyverse account at any time
• Export your data in a standard format. Self-serve export of customers, receipts, orders, and analytical reports (CSV/PDF) is available on the Business and Pro plans from your dashboard. On the Starter plan, you may request a one-time data export by emailing support; we will provide a CSV export within 30 days at no charge, as required by the Data Privacy Act of 2012.

To exercise any of these rights, contact us at [email protected].

9. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party tracking cookies or advertising cookies. Session cookies include:

• NextAuth session cookie: For admin authentication
• DOD session cookie: For employee PIN-based authentication on devices

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Data Protection Officer

In compliance with the Philippine Data Privacy Act of 2012 (RA 10173), LaundryVerse has designated a Data Protection Officer (DPO) responsible for overseeing compliance with data privacy laws and handling privacy-related inquiries.

• Data Protection Officer: Mark Arioste
• Email: [email protected]

You may contact the DPO directly for any privacy concerns, to exercise your rights under Section 8, or to report a suspected data breach.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at [email protected].