Privacy Policy

1. Introduction

IEMTech ("we," "us," or "our") operates SenseiDesk, a martial arts management platform for Philippine gyms and schools. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and other applicable Philippine privacy laws.

2. Information We Collect

2.1 Personal Information from Gym Owners

• Business name and contact information
• Owner/administrator name, email, and phone number
• Business registration details and tax information
• Payment and billing information
• Usage data and system logs

2.2 Student and Parent Information

Through gym owners using our platform, we may process:

• Student names, ages, and contact details
• Parent/guardian names and contact information
• Emergency contact details
• Attendance records and class participation
• Belt rank and achievement progress
• Payment history and billing information
• Medical information relevant to martial arts training (if provided)
• Photos for student identification (with consent)

2.3 Technical Information

• IP addresses and browser information
• Device identifiers and operating system data
• Cookies and similar tracking technologies
• Usage patterns and feature interactions
• Performance and error logs

3. How We Use Your Information

3.1 Primary Purposes

• Providing martial arts management services to gym owners
• Processing billing and payments through our platform
• Facilitating communication between gyms and students/parents
• Tracking attendance and student progress
• Generating reports and analytics for gym management
• Providing customer support and technical assistance

3.2 Secondary Purposes

• Improving our software and user experience
• Developing new features based on usage patterns
• Ensuring platform security and preventing fraud
• Complying with legal obligations and regulations
• Sending service updates and important notifications

4. Payment Data Protection

Payment processing is handled by Xendit, a PCI DSS compliant payment processor:

• We do not store credit card numbers, CVV codes, or other sensitive payment data
• Payment information is encrypted and processed securely by Xendit
• We only store payment transaction IDs and status information
• All payment data handling follows PCI compliance standards
• Students and parents interact directly with Xendit's secure payment pages

5. Data Sharing and Disclosure

5.1 We Do Not Sell Personal Data

We do not sell, trade, or rent personal information to third parties for marketing purposes.

5.2 Limited Sharing

We may share information only in these circumstances:

• Service Providers: Trusted vendors who assist with hosting, payment processing (Xendit), and technical support
• Legal Requirements: When required by Philippine law, court orders, or government requests
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with user notification)
• Safety and Security: To protect against fraud, abuse, or security threats

6. Data Security Measures

We implement multiple layers of security:

• SSL/TLS encryption for all data transmission
• Encrypted data storage using industry-standard methods
• Regular security audits and vulnerability assessments
• Multi-factor authentication for administrative access
• Regular data backups with secure offsite storage
• Staff training on data protection and privacy practices
• Access controls limiting data access to necessary personnel only

7. Cookie Policy

We use cookies and similar technologies for:

• Essential Cookies: Required for login, security, and basic functionality
• Performance Cookies: Help us understand how users interact with our platform
• Analytics Cookies: Google Analytics to improve our service (anonymized data)
• Preference Cookies: Remember your settings and customizations

You can control cookie preferences through your browser settings, though disabling essential cookies may affect platform functionality.

8. Your Privacy Rights

Under Philippine data privacy laws, you have the right to:

• Access: Request a copy of your personal data we hold
• Rectification: Ask us to correct inaccurate or incomplete information
• Erasure: Request deletion of your personal data (subject to legal obligations)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your information
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Remove consent for processing where applicable

8.1 How to Exercise Your Rights

To exercise your privacy rights, contact us at support@senseidesk.com with your request. We will respond within 30 days as required by Philippine law. For student/parent data, please contact your martial arts gym directly as they are the primary data controller for that information.

9. Data Retention

• Active Accounts: Data retained while account is active and for 90 days after closure
• Payment Records: Retained for 7 years for tax and legal compliance
• Support Records: Kept for 2 years after last contact
• Analytics Data: Aggregated, anonymized data may be retained indefinitely
• Legal Requirements: Some data may be retained longer if required by law

10. International Data Transfers

Your data is primarily stored in secure data centers within the Philippines or in countries with adequate data protection standards. When international transfers are necessary for service provision, we ensure appropriate safeguards are in place to protect your information.

11. Children's Privacy

We recognize that many martial arts students are minors. We require parental consent for students under 18 and process children's data only as necessary for martial arts education and gym management. Parents have full rights to access, modify, or delete their children's information.

12. Third-Party Links and Services

Our platform may contain links to third-party websites or integrate with external services. This privacy policy does not apply to those external sites. We recommend reviewing their privacy policies before providing personal information.

13. Data Breach Notification

In the unlikely event of a data security incident affecting personal information, we will notify affected users and relevant authorities within 72 hours as required by Philippine law. We will provide clear information about what happened, what data was involved, and steps being taken to address the issue.

14. Privacy Policy Updates

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email and posted on our website at least 30 days before taking effect. We encourage regular review of this policy.

15. Contact Us

For privacy-related questions, concerns, or requests: