← Back to Suppliq

Privacy Policy

Last Updated: April 19, 2026

Effective Date: April 14, 2026

1. Introduction

Suppliq ("we," "our," or "us") operates the Suppliq platform — a point-of-sale, inventory, HR, and analytics system for Philippine retail businesses — accessible via web browser and Android application. This Privacy Policy explains how we collect, use, store, share, and protect your personal information in compliance with the Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations, as overseen by the National Privacy Commission (NPC) of the Philippines.

By using Suppliq, you agree to the practices described in this Policy. If you do not agree, please discontinue use of the platform.

2. Information We Collect

2.1 Information You Provide

  • Full name and email address (account registration)
  • Business name, address, and TIN (for BIR-format receipts, optional)
  • Payment reference numbers submitted for subscription activation (GCash / Maya)
  • Staff profiles including names, roles, and assigned branches
  • Customer names, contact details, and credit balances
  • Supplier information, purchase orders, and transaction records
  • Product inventory data, pricing, and cost information

2.2 Information Collected Automatically

  • App usage data (pages visited, features used, session duration)
  • Device identifiers and browser type
  • IP address and approximate location (country/region level)
  • Timestamps of all actions (sales, adjustments, logins)

2.3 Camera and Photo Access

Suppliq requests camera access for the following specific purposes:

  • Attendance selfies — staff clock in and out by taking a photo. The photo and timestamp are stored as part of the attendance record.
  • Barcode scanning — the camera is used to scan product barcodes during sales and inventory operations. No images are stored during barcode scanning.
  • Product and delivery photos — optional photos attached to inventory items and delivery records.

Camera access is requested only when you initiate these actions. You may decline camera access; however, some features (attendance selfies, camera-based barcode scanning) will be unavailable.

2.4 Storage Access

Photos captured within the app (attendance selfies, item images, delivery attachments, team logos) are uploaded and stored in our secure cloud storage (Supabase Storage). We do not access photos stored elsewhere on your device.

2.5 Push Notifications

If you grant permission, Suppliq may send push notifications to your device for operational alerts such as low stock warnings, shift reminders, new team join requests, and payment confirmations. You can revoke notification permission at any time through your device settings. Notification permission is optional and does not affect core app functionality.

2.6 Local Storage and Cookies

We use your browser's localStorage and IndexedDB to:

  • Persist your login session (authentication tokens)
  • Cache team, branch, and plan data to reduce network requests
  • Store pending sales transactions when the app is offline, for sync upon reconnection

We do not use advertising cookies or third-party tracking cookies.

3. How We Use Your Information

  • Provide, operate, and improve the Suppliq platform
  • Process and activate subscription payments
  • Send transactional emails (payment confirmation, subscription renewal reminders, shift summaries) via our CRM partner
  • Send push notifications for operational events you have opted into
  • Generate payroll computations, attendance records, and business reports
  • Respond to support requests submitted to support@suppliq.app
  • Detect and prevent fraud, unauthorized access, and abuse
  • Comply with legal obligations under Philippine law

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

4. Third-Party Services

Suppliq uses the following third-party services to operate the platform. Each has its own privacy policy and data processing practices:

Supabase (supabase.com)

Our database, authentication, and file storage provider. All business data, user accounts, attendance records, and uploaded photos are stored on Supabase infrastructure. Data is stored on servers in the United States. Supabase is SOC 2 Type II certified.

GoHighLevel / HighLevel (gohighlevel.com)

Our CRM and email automation platform. We sync your name, email, and subscription status to GoHighLevel to send transactional emails (payment confirmation, renewal reminders, shift summaries). We do not share your sales, inventory, or employee data with GoHighLevel.

Vercel (vercel.com)

Our hosting and deployment platform. Vercel processes web requests and may log IP addresses and request metadata for security and performance purposes.

OpenRouter / Google Gemini (via openrouter.ai)

Powers the AI Business Insights feature (Starter+ plans). When you request AI insights, aggregated and anonymized sales and inventory summaries are sent to the AI model. No personally identifiable customer data is transmitted. Prompts are not used to train AI models.

GCash / Maya

Payment is made directly through your GCash or Maya app. Suppliq does not receive or store your GCash/Maya account credentials. Only your submitted payment reference number is recorded.

5. Data Security

  • All data is encrypted in transit using TLS (Transport Layer Security)
  • Database access is protected by Row-Level Security (RLS) policies — users can only access data belonging to their own team
  • Authentication tokens are stored locally and never transmitted in URLs
  • Role-based access control restricts sensitive financial data to authorized roles (Admin and Owner only)
  • All actions (price overrides, discounts, stock adjustments, deleted sales) are recorded in an immutable audit log
  • Supabase enforces encryption at rest for all stored data

Despite these measures, no system is 100% secure. If you suspect unauthorized access to your account, contact us immediately at support@suppliq.app.

6. Data Retention

  • Active accounts: Data is retained for as long as your account is active.
  • Expired subscriptions: Your data is preserved when your subscription lapses. Your account reverts to Free tier limits but no data is deleted.
  • Deleted accounts: Upon account deletion, all personal data is permanently removed from active production servers immediately. Residual data in encrypted backups is purged within 30 days, except where retention is required by Philippine law (e.g., BIR audit records).
  • Attendance photos: Photo files automatically deleted after 90 days. Attendance records (times, hours) are never deleted per the Labor Code of the Philippines.
  • Delivery attachment photos: Photo files automatically deleted after 30 days. The delivery record (who, when, which order) is retained for 10 years as required by BIR NIRC Sec. 235 and RR 17-2013.
  • Activity logs: Retained for 10 years then automatically purged, as required by BIR RMO 9-2021 Annex B audit trail requirements.

7. Your Rights Under the Data Privacy Act of 2012

As a data subject under RA 10173, you have the following rights:

  • Right to be informed — You have the right to know how your data is collected and used (this policy).
  • Right to access — You may request a copy of the personal data we hold about you.
  • Right to rectification — You may correct inaccurate or incomplete personal data through your account settings or by contacting us.
  • Right to erasure — You may request deletion of your account and associated data (see Section 8).
  • Right to data portability — You may request an export of your business data in a machine-readable format.
  • Right to object — You may object to processing of your personal data for direct marketing purposes.
  • Right to lodge a complaint — You may file a complaint with the National Privacy Commission at www.privacy.gov.ph.

To exercise any of these rights, contact us at support@suppliq.app. We will respond within 15 business days.

8. Account Deletion

You may delete your account and all associated data at any time through either method:

  • In-App: Go to Settings → Account → Delete Account. Deletion is immediate and permanent.
  • By Email: Send a deletion request to support@suppliq.app. We will process your request within 5 business days.

Deletion removes: your profile, team data, sales history, inventory records, employee data, customer records, and uploaded files. This action cannot be undone.

If you are the team Owner, deletion also removes all team member accounts associated with your team. We recommend notifying your team before proceeding.

9. Children's Privacy

Suppliq is a business management platform intended for use by individuals aged 18 and above. We do not knowingly collect personal information from children under 13 years of age. If we become aware that a child under 13 has provided personal information, we will delete it immediately. If you believe a child has submitted information, contact us at support@suppliq.app.

10. International Data Transfers

Your data is stored on servers operated by Supabase and Vercel, which may be located outside the Philippines (primarily the United States). By using Suppliq, you consent to the transfer of your data to these jurisdictions. We ensure our third-party providers maintain security standards equivalent to those required under the Data Privacy Act of 2012.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and notify active users via in-app announcement. Continued use of Suppliq after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related concerns, data requests, or complaints:

Privacy Policy Refund Policy Terms of Service