Privacy Policy

When you create a Kitaan account and use our tools, we collect the following information: Account information: Your name, email address, and hashed password when you register. Business data: All records you create within the Service — including property details, tenant information, appointment schedules, invoice data, delivery records, and farm logs. This data is entirely yours and is stored on your behalf. Usage data: Basic server logs including your IP address, browser type, and pages accessed, used solely for security and service reliability purposes. We do not collect payment card information. Kitaan is a free service with no billing.

We use the information we collect to: • Provide, operate, and maintain the Kitaan platform • Authenticate your identity and manage your account sessions • Send account-related emails (e.g., email verification, password reset) via Gmail/Nodemailer • Monitor for security threats, abuse, and unauthorized access • Improve and develop new features of the Service • Comply with applicable legal obligations under Philippine law We will never use your data to send unsolicited marketing emails. We will never sell, rent, or trade your personal information to third parties for commercial purposes.

Your data is stored in a PostgreSQL database managed by Supabase, a third-party infrastructure provider. Supabase stores data on secure cloud servers, and all data is encrypted at rest and in transit using industry-standard TLS encryption. Kitaan does not operate its own physical database servers. By using the Service, you acknowledge that your data is stored on Supabase's infrastructure. Supabase's privacy practices are described at supabase.com/privacy. We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or destruction. However, no system is 100% secure, and we cannot guarantee absolute security.

Kitaan uses HTTP-only cookies to manage your authentication session. When you sign in, a secure, HTTP-only JWT (JSON Web Token) cookie is set in your browser. This cookie: • Cannot be accessed by JavaScript, protecting against cross-site scripting (XSS) attacks • Is used solely to verify your identity on subsequent requests • Expires when your session ends or after an inactivity timeout • Is transmitted only over HTTPS (secure connections) We do not use third-party tracking cookies, advertising cookies, or analytics cookies. We do not use cookies to track your behavior across other websites.

Kitaan integrates with the following third-party services to operate the platform: Supabase (supabase.com): Our database and backend infrastructure provider. Supabase stores all user account data and business records. They operate under their own Privacy Policy. Gmail / Nodemailer: We use Gmail's SMTP service via Nodemailer to send transactional emails, including account verification emails and password reset links. We do not store your email content on our systems beyond what is necessary to deliver it. These are the only third-party services we use. We do not integrate with advertising networks, social media trackers, or data brokers.

We retain your account data and business records for as long as your account is active. If you request account deletion, we will permanently delete your account and all associated data within 30 days of your request, except where retention is required by applicable law. Server logs (IP addresses, access logs) are retained for up to 90 days for security and diagnostic purposes, after which they are automatically purged. You may request an export of your data at any time by contacting us at support@kitaan.net.

Under Philippine law and applicable data protection principles, you have the following rights with respect to your personal data: Right to access: You may request a copy of the personal data we hold about you. Right to correction: You may request that we correct any inaccurate or incomplete personal data. Right to erasure: You may request deletion of your account and all associated personal data, subject to legal obligations. Right to data portability: You may request an export of your data in a structured, machine-readable format. Right to object: You may object to certain types of processing of your personal data. To exercise any of these rights, contact us at support@kitaan.net. We will respond within 30 days.

This Privacy Policy is governed by the laws of the Republic of the Philippines, including the Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules and regulations. We are committed to complying with our obligations under applicable Philippine data protection law.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out: Email: support@kitaan.net Website: kitaan.net We take privacy seriously and will respond to your inquiry within 5 business days.