Privacy Policy

Trussfolio ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and share data when you use the Trussfolio platform at trussfolio.com.

This Policy is compliant with Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines, and its implementing rules and regulations. By using the Platform, you consent to the data practices described in this Policy.

The data controller responsible for your personal information is Trussfolio. For questions about how we handle your data, contact us at hello@trussfolio.com.

3.1 Information You Provide

When you register or use the Platform, we may collect:

• Account information: name, email address (via Google OAuth)
• Contractor profile: company name, business description, PCAB license number, service areas, contact number, contact email, company logo
• Portfolio content: project photos, project descriptions, completed work details
• Documents: business registration documents uploaded during the verification process
• Payment information: billing details processed by SymphPay (we do not store full payment card numbers)
• Communications: inquiries sent through the Platform, feedback submitted via the feedback form

3.2 Information Collected Automatically

When you visit the Platform, we automatically collect:

• Browser type and version
• Device type and operating system
• IP address and approximate location
• Pages visited and time spent on each page
• Search terms used on the Platform
• Referring website or link

3.3 Information from Third Parties

We receive basic profile information (name, email, profile picture) from Google when you sign in using Google OAuth.

Contractor listings are initially sourced from the publicly available database of the Philippine Contractors Accreditation Board (PCAB). This data includes company names, license categories, and accreditation status. This information is treated as business data rather than personal data for the purpose of this Policy.

When a contractor claims or registers their profile, they take ownership of and responsibility for the accuracy of this data going forward. For more information, see our PCAB Data Attribution page.

We use collected information to:

• Create and manage your contractor account and profile
• Display your profile to property owners searching for contractors
• Deliver inquiries from property owners to contractors
• Process subscription payments and manage billing
• Send transactional emails (inquiry notifications, account alerts, payment receipts)
• Improve platform features and user experience based on usage patterns
• Respond to your feedback and support requests
• Comply with legal obligations under Philippine law
• Detect and prevent fraud, abuse, or violations of our Terms of Service

We rely on the following legal bases for processing: (a) performance of a contract when providing our services to you; (b) your consent where explicitly given; and (c) our legitimate interests in operating and improving the Platform.

We use the following third-party services that may process your data:

• Google OAuth (Google LLC): Authentication provider. When you sign in with Google, Google processes your credentials and shares your basic profile with us. Subject to Google's Privacy Policy.
• Firebase / Google Cloud (Google LLC): Cloud infrastructure provider for authentication, database, and file storage. Data is stored in Google Cloud infrastructure.
• SymphPay: Payment processing for contractor subscriptions. Your payment information is processed and stored by SymphPay. We receive only transaction confirmation and billing summary data.
• Resend: Transactional email delivery for inquiry notifications, account alerts, and payment receipts.

We require all third-party processors to handle your data in accordance with applicable data protection laws.

We do not sell your personal information. We share data only in the following circumstances:

• Between users on the Platform: Contractor profile information (including name, company, service areas, portfolio) is publicly visible. Contact information (phone, email) is visible only to property owners where the contractor's plan permits.
• Service providers: We share data with third-party providers as described in Section 6 to operate the Platform.
• Legal requirements: We may disclose data if required by law, court order, or government authority in the Philippines.
• Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the successor entity with prior notice to users.

We retain your personal data for as long as your account is active or as needed to provide the Platform's services. If you close your account:

• Your public profile and portfolio will be removed from the Platform within 30 days
• Account data (name, email, subscription history) may be retained for up to 3 years for legal and billing compliance
• Inquiry and communication records may be retained for up to 1 year
• Uploaded documents will be deleted within 90 days of account closure

Anonymized, aggregated data (e.g., usage statistics) may be retained indefinitely as it cannot be used to identify you.

Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the following rights with respect to your personal data:

• Right to be informed: to know how your data is collected and used
• Right of access: to request a copy of the personal data we hold about you
• Right to rectification: to correct inaccurate or incomplete data
• Right to erasure: to request deletion of your data where permitted by law
• Right to object: to object to certain types of processing
• Right to data portability: to receive your data in a structured, machine-readable format
• Right to damages: to be indemnified for damages suffered due to inaccurate, incomplete, or unauthorized use of your data

To exercise any of these rights, contact us at hello@trussfolio.com. We will respond within 15 business days.

You may also file a complaint with the National Privacy Commission (NPC) at privacy.gov.ph if you believe your data privacy rights have been violated.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. These measures include:

• HTTPS encryption for all data in transit
• Firebase Authentication for secure session management
• Role-based access controls limiting who can access personal data internally
• Secure credential management via Google Cloud Secret Manager
• Regular security reviews of our infrastructure

While we take reasonable precautions, no system is completely secure. In the event of a data breach affecting your personal information, we will notify you and the National Privacy Commission within 72 hours of becoming aware of the breach, as required by RA 10173.

Trussfolio uses session cookies to maintain your login state. These are essential for the Platform to function and cannot be disabled while using authenticated features.

We may also use analytics tools to understand how the Platform is used. These tools collect anonymized usage data (pages visited, feature usage, error rates) to help us improve the Platform. We do not use third-party advertising cookies.

Trussfolio is intended for use by businesses and adults aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us at hello@trussfolio.com and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered users via email and post the updated Policy on this page with a revised "Last updated" date. Your continued use of the Platform after the changes take effect constitutes acceptance of the updated Policy.

For privacy-related questions, data subject requests, or to reach our Data Protection Officer, contact us: