Privacy Policy

1. About this policy

This Privacy Policy describes how Humanae Ventures (operating under the brand Bihasa) collects, uses, shares, and protects personal data across the following products and services:

• The marketing website at bihasa.ph
• The Bihasa Compliance+ web dashboard
• The PC GLASS mobile application (iOS and Android)
• The Moodle Learning Management System instances operated for our enterprise clients

It applies to adult learners, administrators, and employer accounts that use any of these surfaces. It does not apply to third-party services that you reach by clicking links inside our products — those are governed by the third party's own privacy policy.

2. Who we are

Humanae Ventures is the legal entity behind Bihasa. Our registered office is:

No. 26 Almond Nut St., San Roque
City of Marikina, NCR 1801
Philippines

For any privacy-related question, request, or complaint, contact our Data Protection Officer at dino@bihasa.ph.

3. Information we collect

Account information

Your name, work email address, the name of your employer or training sponsor, and your role (learner, manager, administrator). This information is typically provided to us by the employer or sponsor that enrolled you.

Learning activity

Your course enrollments, course progress, quiz and assessment attempts (including the answers you submitted), and certificates that have been issued to you.

Technical data

Device model, operating system version, application version, IP address, and push notification tokens — used to deliver the service, troubleshoot, and send transactional notifications.

Mobile-specific data

Course content that you choose to make available offline is cached locally on your device. This cache stays on the device until you clear the application data or uninstall the app. We do not upload or back up this cache to our servers.

What we do not collect

We do not collect: your precise or approximate physical location, your contacts, microphone or camera access, photos, files outside the application's own storage, financial information, health or fitness data, or your web browsing history outside of our own products.

4. How we use your information

We use the information described above to:

• Deliver the service — authenticate you, show you your courses, record your progress, issue certificates.
• Report progress to your employer or training sponsor — the organisation that enrolled you receives your learning progress and compliance status, because that is the purpose for which they paid for your account.
• Improve the product — aggregate, anonymised usage analytics help us prioritise features and find bugs.
• Send transactional communications — login confirmations, password resets, course reminders, certificate availability, and material updates to this policy.

5. Legal bases under the Data Privacy Act of 2012

We rely on the following legal bases under the Philippines Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules:

• Contract — processing necessary to deliver the service that your employer or sponsor has contracted us to provide.
• Consent — for optional features that you actively turn on (for example, opting in to non-essential email updates).
• Legitimate interest — for product analytics, security monitoring, and fraud prevention, where our interest does not override your rights.
• Legal obligation — to respond to lawful requests from regulators, courts, or law enforcement.

6. Sharing and disclosure

Your employer or training sponsor

If you were enrolled by an employer or training sponsor, they have access to your learning progress, course completions, quiz results, and the certificates issued to you. This is the core purpose of the service they purchased.

Sub-processors

We use the following sub-processors to operate the service. Each one is bound by a contract that limits how they may use your data.

• Amazon Web Services — hosting infrastructure, in the AWS ap-southeast-1 (Singapore) region.
• Moodle — the open-source learning platform that powers our LMS, deployed on AWS infrastructure under our control.
• Push notification services — Apple Push Notification service (APNs) and Google Firebase Cloud Messaging (FCM), reached via Expo Push, for delivering mobile notifications.
• Email delivery — a transactional email provider (the specific vendor will be named once selected; this section will be updated accordingly).

Legal disclosures

We may disclose personal data to law enforcement, regulators, or courts when required to do so by a valid legal process, and only to the extent required.

We do not sell personal data

We do not sell, rent, or trade personal data to advertisers, data brokers, or any other third party.

7. International transfers

Your personal data is stored on servers in Singapore (AWS ap-southeast-1). Transfers outside the Philippines are covered by AWS's contractual safeguards and by the cross-border transfer provisions of the Data Privacy Act (§21). If we ever change the storage region we will update this section and, for material changes, notify affected accounts.

8. Retention

We retain personal data for the following periods, unless a longer period is required by law or by your employer's regulatory obligations:

• Active accounts — for the duration of your employer's subscription, plus 90 days after the subscription ends.
• Learning records and certificates — 7 years from the date of completion, which is the typical retention period for corporate compliance training records in the Philippines.
• Server and application logs — 90 days.

You may request earlier deletion under section 10 (Your rights).

9. Security

We protect your data with the following controls:

• Encryption in transit using TLS 1.2 or higher.
• Encryption at rest in AWS S3 (server-side AES-256) and AWS RDS.
• Role-based access controls within our team, with the principle of least privilege.
• Audit logging of administrative actions.

In the event of a personal data breach affecting Philippine residents, we will notify the National Privacy Commission and the affected users within 72 hours of confirming the breach, as required by the Data Privacy Act.

10. Your rights

Under the Data Privacy Act, you have the right to:

• Be informed about how your personal data is processed.
• Access a copy of your personal data that we hold.
• Correct inaccurate or outdated information.
• Erase or block processing where the law allows.
• Object to processing based on legitimate interest.
• Data portability — receive your data in a structured, commonly used format.
• Withdraw consent at any time, for any processing based on consent.
• Lodge a complaint with the National Privacy Commission.

To exercise any of these rights, email dino@bihasa.ph from the email address associated with your account. We will respond within 30 days.

11. Cookies and similar technologies

The web surfaces (bihasa.ph and the Compliance+ dashboard) use first-party cookies for authentication and to remember your session. We do not use third-party advertising cookies. The PC GLASS mobile application does not use web cookies.

12. Children

Bihasa products are intended for users 18 years of age and older. We do not knowingly collect personal data from children under 18. If you believe a child has registered for or used the service, contact dino@bihasa.ph and we will delete the associated data.

13. Changes to this policy

We may update this policy from time to time. For material changes (changes that meaningfully affect how we collect, use, or share your data) we will notify active accounts by email and post an in-app notice at least 30 days before the change takes effect. Non-material changes (clarifications, typo fixes) take effect when published. The version number and effective date at the top of this page identify the current version.

14. Contact

Data Protection Officer
dino@bihasa.ph

Humanae Ventures
No. 26 Almond Nut St., San Roque
City of Marikina, NCR 1801
Philippines

National Privacy Commission
info@privacy.gov.ph
+63 2 8234 2228
privacy.gov.ph