Privacy Policy

Peyg.app (“Peyg”, “we”, “us”) is a branded mini-site platform for Filipino sellers and small businesses, operated by Ground Gurus. For this policy, we are the personal information controller under the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) for the data described below, except where we process buyer data on a seller's behalf (see section 5).

This policy covers peyg.app — the marketing site, the seller dashboard, and the public storefronts we host at peyg.app/{shop}.

• Account details — your full name, email address, and a password (stored only as a secure hash; we never see the plain text).
• Business profile — everything you choose to publish on your storefront: business name, page address (slug), branding, about and contact text, address, operating hours, social links, products, services, prices, vouchers, and photos.
• Verification documents — if you apply for a verified trust badge, your registration number (DTI, SEC, BIR, or similar) and the proof document you upload. These are stored in private storage, accessible only through short-lived signed links, and reviewed by hand by our team. They are never shown publicly unless you explicitly turn on the per-badge “show proof publicly” option.
• Inquiries and leads — messages buyers send through your storefront's inquiry form, kept in your dashboard inbox.
• Billing details — if you buy a paid plan, payment is handled by the payment provider you choose (GCash, Maya, or a card processor). We keep a record of your plan and payment status; we do not store your full payment credentials.

• Inquiry messages — when you message a seller through their storefront, we collect the name, contact details, and message you provide, and deliver them to that seller (in their dashboard and by email).
• Reviews — if you leave a review, the name and text you submit are displayed publicly on the seller's page.
• Visit counts — we count storefront visits using a salted, one-way hash of your IP address. The raw IP address is not stored, and the hash cannot be reversed into it. We use this only to show sellers an honest visit count.
• Waitlist — if you join a coming-soon waitlist on our marketing site, we keep your email address solely to tell you when that product opens.

We use strictly functional cookies: session cookies that keep sellers signed in to their dashboard. We do not use advertising or third-party tracking cookies on peyg.app.

When a buyer sends an inquiry, we process it to deliver it to the seller. From that point the seller decides how to use it — to reply, to quote, to follow up. Sellers are responsible for handling buyer information lawfully and respectfully; misusing it (for example, spamming buyers who messaged once) is a violation of our Terms of Service.

• To provide, operate, and improve the Peyg service.
• To review badge applications and display verified status.
• To deliver inquiries, account emails, and service notices.
• To keep the platform safe — preventing fraud, spam, and abuse.
• To comply with legal obligations.

We do not sell personal information, and we do not use your data for third-party advertising.

We use a small set of service providers to run Peyg, each processing data only on our instructions:

• Supabase — database and authentication.
• Vercel — application hosting.
• Cloudflare R2 — file storage (photos; verification documents in a private bucket).
• Resend — transactional email delivery.
• Sentry — error monitoring in production, so we can fix crashes.

Some of these providers store data outside the Philippines. Where they do, we rely on their contractual data-protection commitments, and this transfer is done in accordance with the Data Privacy Act. Beyond these providers, we disclose personal information only if the law requires it or to protect the rights and safety of our users.

• Account and storefront data — for as long as your account is active, and for a reasonable period after closure to handle disputes and legal obligations.
• Verification documents — while the related badge is active or under review; removed when no longer needed for verification.
• Inquiries — until the seller deletes them or the seller's account is closed.
• Waitlist emails — until the relevant product launches or you ask to be removed.

Under the Data Privacy Act of 2012 you have the right to be informed, to access, to correct, to object, to erasure or blocking, to data portability, to damages, and to lodge a complaint with the National Privacy Commission. To exercise any of these, email hello@peyg.app — we'll respond within a reasonable time, and in any case within the periods the law requires.

We protect your data with industry-standard measures: encrypted connections (HTTPS) everywhere, hashed passwords, private storage with short-lived signed links for sensitive documents, and access controls that limit what our own systems and staff can see. No system is perfectly secure, but if a breach affects your personal data we will notify you and the National Privacy Commission as the law requires.

Peyg is a business tool and is not directed at children. You must be at least 18 to create a seller account.

When we change this policy in a meaningful way, we'll update the date at the top and, for significant changes, notify sellers by email or in the dashboard. Continued use of Peyg after a change means you accept the updated policy.

Privacy questions, requests, or concerns: hello@peyg.app.