Privacy Policy
Last updated: May 9, 2026
EPS Corner is committed to protecting your personal data in accordance with the Philippines Data Privacy Act of 2012 (Republic Act 10173) and applicable international privacy laws.
1. What Data We Collect
1.1 Account Data
When you register, we collect:
- Full name
- Email address
- Password (hashed — never stored in plain text)
- Profile photo (optional)
1.2 Payment Data
When you make a purchase, we collect:
- Payment provider reference ID (e.g. Stripe PaymentIntent ID)
- Amount, currency, and transaction status
- Plan purchased and access period
We do not store your card number, CVV, bank account details, or GCash PIN. These are handled entirely by our payment processors.
1.3 Device Data
To enforce device limits on premium accounts, we collect a device identifier for each device you use to access EPS Corner.
1.4 Usage Data
We may collect information about how you use the service, including pages visited, features used, and study progress, to improve the platform.
2. How We Collect Data
- Directly from you — when you register, purchase a plan, or contact support.
- Automatically — when you use the platform (device info, session data).
- From third parties — payment processors confirm transaction status via webhooks.
3. Why We Collect Data (Legal Basis)
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance |
| Processing payments | Contract performance |
| Sending receipts and notifications | Contract performance |
| Device limit enforcement | Contract performance |
| Tax compliance and record keeping | Legal obligation |
| Improving our service | Legitimate interest |
| Sending promotional emails | Consent (opt-in only) |
4. Who We Share Data With
We do not sell your personal data. We share data only with the following trusted service providers:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Card payment processing | stripe.com/privacy |
| PayPal | PayPal payment processing | paypal.com/privacy |
| PayMongo | GCash payment processing | paymongo.com/privacy |
| Resend | Transactional email delivery | resend.com/privacy |
| Supabase | Database hosting | supabase.com/privacy |
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Payment records | 10 years (BIR tax compliance) |
| Device records | Duration of account + 30 days |
| Email logs | 90 days |
| Usage analytics | 12 months |
Payment records cannot be deleted due to legal obligations under Philippine tax law (BIR). Upon account deletion, payment records are anonymized — your name and email are removed but transaction amounts and dates are retained.
6. Your Rights
Under the Philippines Data Privacy Act and applicable law, you have the right to:
- Access — request a copy of your personal data.
- Correction — request correction of inaccurate data.
- Deletion — request deletion of your account and personal data (subject to legal retention obligations).
- Data portability — request your data in a machine-readable format.
- Object — object to processing based on legitimate interest.
- Withdraw consent — for any processing based on consent (e.g. marketing emails).
To exercise any of these rights, email us at support@epscorner.com. We will respond within 30 days.
7. Cookies
EPS Corner uses minimal cookies:
- Session cookies — required for authentication. These expire when you close your browser.
- Preference cookies — store your theme and language preferences.
We do not use advertising cookies or third-party tracking cookies.
8. Security
We protect your data using:
- HTTPS encryption for all data in transit.
- Bcrypt hashing for passwords — never stored in plain text.
- Row-level security on our database.
- Payment data handled entirely by PCI-compliant processors.
No system is 100% secure. In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by law.
9. Children's Privacy
EPS Corner is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us and we will delete the account promptly.
10. International Data Transfers
Your data may be processed outside the Philippines by our service providers (Stripe in the US, Supabase in the US/EU). These transfers are protected by appropriate safeguards including standard contractual clauses.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on the platform at least 14 days before changes take effect.
12. Contact & Data Protection
For privacy-related questions, data requests, or complaints:
- Email: support@epscorner.com
- Website: https://epscorner.com
You also have the right to lodge a complaint with the National Privacy Commission of the Philippines at privacy.gov.ph.