Privacy Policy

1. Introduction

Goohom (“we”, “our”, or “us”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard data when you use our Platform, in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines.

2. Information We Collect

We collect three categories of information:
Information you provide directly — name, email, phone number, profile photo, home or service address, barangay, and (for providers) bio, skills, service areas, availability, rate, and 1–2 valid Philippine government IDs.Information generated by your use of the Platform — booking history, applications and offered prices, payment and wallet ledger records, in-app chat messages, ratings and reviews, misconduct flags, dispute submissions, search queries (including AI-search queries), and notification preferences.Technical data — device type, IP address, browser type, app version, approximate location used to compute distance to a service address, and audit-log entries for administrative actions.

3. How We Use Your Information

We use your data to create and manage your account, verify provider identity through superadmin review, process bookings and payments through Xendit, hold funds in escrow and release or refund them, match customers with providers serving their barangay and skill category, power AI-assisted search (subject to a per-user daily limit), send service confirmations and updates, deliver in-app and email notifications, surface re-engagement offers (such as the RETURN50 voucher) where eligible, provide customer support, resolve disputes, improve our Platform through analytics, and comply with legal obligations.

4. Sharing Your Information

We do not sell your personal data. We share information only with: the service provider or customer involved in a specific booking (limited to what is necessary to deliver the service — for example, name, contact details, and service address); Xendit, our payment processor, to complete digital transactions and process refunds; AI providers (Google’s Gemini API via the Vercel AI SDK) for natural-language search; Resend for transactional email; Supabase, our database and storage provider; and Vercel, our hosting provider — each bound by data-processing terms. We may also disclose information when required by Philippine law or to protect the rights, safety, or property of users and the Platform.

5. Provider ID Documents — NPC-Compliant Handling

Government-issued IDs uploaded during provider onboarding are stored in a private, encrypted Supabase Storage bucket and are accessible only to Goohom superadmins via time-limited signed URLs. ID images are automatically deleted within 30 days of an application being approved or finally rejected — only the verification status (approved, rejected with reason, re-submission cooldown) is retained for compliance and re-application purposes. By submitting an application, you give explicit consent to this handling, in line with the Data Privacy Act of 2012.

6. Data Retention

We retain your personal data for as long as your account is active or as required by law. Provider ID images are deleted within 30 days of approval or final rejection (see §5). When you delete your account, we anonymize or delete your data within 30 days, except where retention is required for legal, tax, regulatory, fraud-prevention, or audit-trail purposes (for example, completed-booking records, payment ledger entries, and admin audit logs).

7. Data Security

We use industry-standard encryption (TLS) for data in transit and at rest. Row-Level Security is enforced on every database table so users can access only the records they are authorized to see; in-app chat channels are isolated per booking; and ID documents are never publicly accessible. Access to administrative tooling is limited to authorized personnel, and every administrative action is logged to an immutable audit trail. We conduct regular security assessments to protect against unauthorized access.

8. Your Rights

Under the Data Privacy Act, you have the right to: access your personal data, correct inaccurate information, request deletion of your data, object to certain processing activities, opt out of optional re-engagement nudges (for example, the dormant-pair “Welcome back” banner — toggleable from your profile settings), withdraw consent where processing is consent-based, and file a complaint with the National Privacy Commission (NPC). To exercise these rights, contact our Data Protection Officer through the in-app support chat.

9. Cookies and Tracking

Our web Platform uses cookies and similar technologies to maintain your authenticated session, remember preferences, and improve user experience. You may disable cookies in your browser settings, though some features (including login) may not function correctly without them.

10. Children's Privacy

Our Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If we learn that a minor has provided us with personal data, we will delete it promptly.

11. International Data Transfers

Some of our service providers (for example, Vercel hosting, Supabase, Resend, and the Gemini AI API) may process data on servers located outside the Philippines. Where this occurs, we ensure transfers are protected by contractual safeguards consistent with the Data Privacy Act and applicable NPC guidance.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of the Platform after changes constitutes acceptance of the updated Policy.

13. Contact Us

For privacy-related concerns or to exercise your data rights, contact our Data Protection Officer through the in-app support chat or message us on our official Facebook page.