Last updated: June 8, 2025
1. Who We Are MuniServe (“we,” “our,” “us”) is a cloud-based software platform that helps Philippine Local Government Units (“LGUs”) digitize permits, clearances, citizen communication, and related workflows. Our registered office is at Bonifacio Global City.
2. Scope This policy governs all personal data processed through:
The MuniServe web application (agency level, LGU sub-accounts, barangay portals) Citizen-facing forms, booking pages, and self-service portals SMS, e-mail, Facebook Messenger, and other omni-channel notifications sent via the platform Any LGU or barangay website hosted on MuniServe
3. Definitions (RA 10173 §3)
Personal Data – “Personal Information,” “Sensitive Personal Information,” and “Privileged Information.” Data Subject – The individual to whom personal data relates (citizen, LGU staff, supplier). Personal Information Controller (PIC) – The LGU that decides why and how data are processed. Personal Information Processor (PIP) – MuniServe, acting only on documented instructions from the LGU.
4. Legal Basis for Processing We rely on one or more of the following lawful bases:
Public Authority (§12(e)) – Processing necessary for the performance of public-functions vested in the LGU (e.g., issuing permits, collecting taxes). Consent (§3(b)) – For optional services such as promotional SMS/e-mails. Contract (§12(a)) – To fulfil our SaaS agreement with the LGU. Legitimate Interests (§12(f)) – Platform analytics, fraud detection, service improvement.
5. Personal Data We Collect Category Examples Source Citizen Identity Full name, address, sex, birth date, barangay Permit & clearance forms Contact Details Mobile number, landline, e-mail address, Facebook ID Forms, Messenger, or LGU import Government IDs TIN, DTI/SEC number, Cedula reference, uploaded ID scans File-upload fields Transaction Data Application number, fees paid, payment proofs, barcode/QR System-generated or Treasurer entry Appointment Data Selected service, date, time, status Booking calendar Communication Logs SMS content, e-mail headers, Messenger thread IDs Automatically logged System Data Browser, IP, device type, cookies Website/app analytics
6. How We Use Personal Data
Process Permits & Clearances – Route applications through zoning, health, fire-safety, treasurer, and mayor approval. Send Status Updates & Reminders – SMS, e-mail, Messenger, push notifications. Schedule Appointments – Citizens pick slots; confirmations and reminders are automated. Maintain Citizen Database – Smart List for LGU staff with search, filter, and export controls. Generate Dashboards & Reports – Live KPIs for LGU transparency and council reporting. Security & Compliance – Audit logs, role-based access, anomaly detection. Product Improvement – Aggregate, de-identified analytics to enhance reliability and features.
We do not use personal data for automated decision-making that produces legal or similarly significant effects without human review.
7. Cookies & Tracking Our sites use first-party cookies for:
Session management (login, CSRF protection) Preference storage (language, theme) Anonymous usage analytics (page views, click paths)
Cookies do not store sensitive personal information. You can disable cookies, but some features may not function.
8. Data Sharing & Third-Party Processors We share data only with vetted service providers under data-processing agreements: Processor Purpose Location Amazon Web Services (AWS) Cloud hosting, database storage Singapore ap-southeast-1 PhilSMS / Semaphore Outbound & inbound SMS gateway Philippines Infobip / Twilio (optional) Two-way SMS / voice fallback USA / Singapore Make.com / Zapier PDF generation, workflow automation EU / USA Google Workspace E-mail, Drive backups Singapore / USA
No data are sold to advertisers or unrelated third parties.
9. International Transfers Data are stored primarily in AWS Singapore. When processors are in other jurisdictions, we use:
Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) to maintain an equivalent level of protection.
10. Security Measures
256-bit TLS encryption in transit AES-256 encryption at rest Daily encrypted backups retained 30 days Multi-factor authentication for admin users Role-based access (department / barangay scope) Quarterly vulnerability scans & annual penetration testing
11. Data Retention Data Type Standard Retention Rationale Permit / Clearance records 10 years National Archives and COA guidelines SMS & e-mail logs 2 years Audit trail Payment receipts 6 years BIR record-keeping Cookie / analytics data 13 months Industry norm
LGUs may request customised retention via the Admin console. 12. Data Subject Rights (RA 10173 §§16–18) Citizens may exercise:
Right to Information (how data are processed) Right to Access (get a copy) Right to Rectification (correct errors) Right to Erasure / Blocking (when no longer necessary) Right to Object to non-core processing (e.g., marketing messages) Right to Data Portability (JSON/CSV export)
How to file a request:
Send an e-mail to [email protected] or submit the dedicated Privacy Request form. We will verify identity and respond within 15 working days. 13. Children’s Privacy While our services are not directed to minors, birth-certificate requests may involve data of individuals under 18. Such data are processed only with the consent of the parent/guardian or as required by law. 14. Breach Notification We will notify the affected LGU PIC and the National Privacy Commission within 72 hours of any confirmed personal-data breach, detailing scope, risks, and mitigation steps. 15. Policy Updates We may revise this policy to reflect legal changes or new features. Updates take effect once posted on our site. Major changes will be e-mailed to LGU admins at least 7 days in advance. 16. Contact & Data Protection Officer Data Protection Officer (DPO)
Name: _________
E-mail: [email protected]
Tel: (+63) _______
Office Hours: Mon–Fri 8:00 AM – 5:00 PM (PHT)
Acceptance By continuing to use MuniServe or by submitting personal data through our forms, you acknowledge that you have read, understood, and agreed to this Privacy Policy.
End of Policy