Privacy Notice

How we handle your data

Last updated: 29 April 2026 · Effective immediately for all NotariPro accounts.

This Privacy Notice explains how NotariPro ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the NotariPro service. We comply with Republic Act No. 10173, the Data Privacy Act of 2012, its Implementing Rules and Regulations, and issuances of the National Privacy Commission (NPC) of the Philippines.

1. Personal Information Controller

NotariPro is the Personal Information Controller (PIC) for the data described in this notice. For privacy concerns, requests to exercise your rights, or breach reports, contact us at privacy@notaripro.app.

2. Data we collect

From you, the notary public

• Identity: full name, email, password (hashed), Roll of Attorneys Number, Notarial Commission Number, IBP Number, PTR Number, MCLE Compliance Number, territorial jurisdiction.
• Verification: photo of your IBP/SC ID and Notarial Commission Order, uploaded for manual review.
• Profile: your photo (if you upload one), commission validity dates, OCS dispatch email, BCC archive.
• Activity: register entries you create, audit logs of your actions (login, upload, dispatch), files you upload.

About the principals in your notarized documents

• Names, addresses, civil status, profession, organization, identity references, contact emails — extracted by you from each notarial document and stored in your private register.
• The notarized PDFs themselves, stored privately and accessible only to you.

Technical data

• Browser type, IP address (for security and audit), session cookies, login timestamps.

3. Why we collect it

• Service delivery: to provide the digital notarial register and dispatch workflow you signed up for.
• Compliance: to help you fulfill obligations under the 2004 Notarial Practice Rules and the 2025 Amendments (A.M. No. 02-8-13-SC).
• Verification: to confirm you are an active notary public — we require this before unlocking notarial actions on your account.
• Security: to detect and prevent unauthorized access to your account or to the documents you store with us.
• Communication: to send service notices, security alerts, and (only with your consent) product updates.

4. Where your data lives

Your account data and notarized documents are stored on Supabase infrastructure hosted on Amazon Web Services in the ap-southeast-1 (Singapore) region. Data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Documents live in a private storage bucket with row-level security policies that ensure no other notary can access your files even with full knowledge of the storage path.

For the OCR feature, we send your notarized PDF to Anthropic's Claude API for metadata extraction. Anthropic processes this data under their Privacy Policy and Data Processing Agreement; they do not retain your documents for training. For email dispatch, we use Resend (resend.com) as our email service provider.

5. How long we keep it

Notarial register entries and the corresponding notarized PDFs are retained for the period required by the 2004 Notarial Practice Rules (currently a minimum of ten years from notarization), or longer if required by court or regulator. Audit logs are retained for the life of your account plus three years. If you request account deletion, we anonymize your account but retain your notarial records for the legally mandated period before permanent deletion.

6. Your rights as a data subject

Under the Data Privacy Act, you have the right to:

• Be informed — this notice serves that purpose.
• Access your personal data we hold about you (Settings → Privacy & Data → Export JSON).
• Object to processing for marketing purposes — write to us and we will stop.
• Erasure or blocking — request account deletion in Settings, subject to retention obligations described above.
• Damages for inaccurate, false, or unlawfully processed data.
• Data portability — export your data as a JSON archive at any time (Settings → Privacy & Data).
• File a complaint with the National Privacy Commission at privacy.gov.ph.

7. Sharing

We do not sell your personal data. We share data only with:

• Subprocessors we use to operate the service: Supabase (database/storage/auth), AWS (infrastructure), Anthropic (OCR), Resend (email), Vercel (hosting). Each is bound by their own privacy commitments and our agreements with them.
• Authorities, only when compelled by valid legal process, and only the minimum required.
• Recipients you choose: when you dispatch a notarial PDF to a client or to the Office of the Clerk of Court, you direct us to send your data to those recipients.

8. Cookies and tracking

NotariPro uses only strictly-necessary cookies (your authentication session). We do not use marketing cookies, analytics trackers, or fingerprinting.

9. Security

We protect your data with: TLS encryption in transit; AES-256 encryption at rest; row-level security in our database scoped to each user; private file storage with per-user access policies; SHA-256 fingerprinting on every uploaded document; multi-factor authentication available for all accounts; audit logs on every action; least-privilege access controls for our team.

10. Data breach notification

If a personal-data breach affecting you occurs, we will notify you and the National Privacy Commission within seventy-two (72) hours of discovery, in compliance with NPC Circular 16-03.

11. Changes

We may update this notice as we change the service. Material changes will be notified to you by email and surfaced in the app.

12. Contact

Privacy concerns: privacy@notaripro.app · Data Protection Officer (interim): NotariPro Founders.

By creating a NotariPro account, you confirm you have read this Privacy Notice and consent to the collection and processing of your personal data as described above.