This page exists so you know β in plain words β what we sell, what we never sell, and how Sige stays free.
We share with brands like Coca-Cola and NestlΓ© aggregated numbers from shops like yours. Example:
"In Barangay Tres de Mayo this week, 500 bottles of Cola 1L were sold, spread across 100 morning / 150 afternoon / 250 evening sales."
The SQL that runs every brand query has a hard guardrail:
HAVING COUNT(DISTINCT shop_id) >= 10
That means every datapoint is mathematically anonymous β it can only be computed if at least 10 different shops contributed. Fewer than 10 = no publication, no exception.
These are lines we do not cross. Not now, not later, not for any contract:
Because brands pay for the aggregate, not for your data as a shop.
Sige Tindahan is free forever for shop owners. We cover the cloud, SMS and hosting from the revenue of aggregate licenses to FMCG brands (first contract unlocks at ~500 shops, not before).
In return you get, right inside the app, a dashboard showing:
That's the deal: anonymous neighborhood insight both ways.
You control what data participates in the aggregate:
Change your choices anytime in Tindahan β Meer β Privacy. Revoking consent stops future aggregate inclusion; past already-published aggregates cannot be retroactively unpublished (they were never identifiable to your shop anyway).
AggregateQueryLog), per customer and per timestampTo run the app, Sige uses these third-party processors. We have appropriate contractual safeguards (Microsoft DPA, Google Cloud DPA, Semaphore Terms) in place per NPC Circular 16-01:
You can opt out of AI-features (Gemini) at any time by simply not using them. Sige's core functionality (sales, utang, vault, reminders) works fully without AI.
When you tap an AI button (translate, recipe-AI, customer-pattern, etc.), Sige asks you to acknowledge that AI is being used. After you accept once, we remember your choice on this device.
What goes to Google: aggregate counts ("5 sales today"), the message text you typed (for translation), photos of sari-sari receipts (for line-item OCR β not stored on Sige servers), photos of landlord utility-bills (for provider + address extraction during β Sige Verified onboarding β not stored on Sige servers), and photos of marketplace listings (for AI-moderation against stock-photos / NSFW β not stored on Sige servers). Each photo triggers one Gemini call and is then dropped. What stays on your phone: customer names, phone numbers, GCash/Maya details, all Vault documents, and tenant records.
What goes to Sige's own Azure Blob Storage (NOT to Google): marketplace listing-photos that you choose to publish (housed at listing-photos-public container for marketplace display), and move-in/out condition photos that landlords take for RA 7160 deposit-dispute prevention.
Google may temporarily process this data to generate the response. While Sige is on Google's free tier (during the build/launch phase), Google may retain prompt data for service improvement per their Gemini API terms. Sige is in the process of upgrading to Google's paid Vertex AI tier β under that contract Google does not retain or train on prompt data. Until upgrade, you can opt out of all AI features at any time and they remain optional. The current API tier is logged in our compliance document and updated when this changes.
Sige user accounts: Sige is for users 18 years or older. We ask you to confirm your age at sign-up. If you become aware that a minor has registered, please contact dpo@getsige.com and we will delete the account within 7 days. We do not knowingly collect data from account-holding minors per RA 10173 Β§13.
Customer records (Sari-Sari shops): A Sari-Sari shop owner (Tita) may record contact details of her customers β these can include minors who have utang at the shop. In that scenario:
| Data type | Retention | Why |
|---|---|---|
| Sales records | 10 years | BIR audit retention (RA 8424) |
| Customer name + phone | Until you delete or revoke | Anonymized after deletion request, kept linked to anonymized sales-record |
| OTP attempts | 24 hours | Brute-force prevention. Auto-purged nightly by retention-cron. |
| Help-chatbot log (volume only, no content) | 30 days | Quality + abuse detection. No message content stored. |
| Vault documents | Until you delete | Your storage; you control deletion |
| Aggregate query logs | 2 years | Audit + abuse detection |
| Voice / receipt-OCR / bill-OCR / listing-moderation photos | Not stored | One-time Gemini API call, then dropped |
| Marketplace listing photos | Until you delete listing | Stored on Sige Azure Blob (Singapore). Quarterly orphan-cleanup removes blobs no longer referenced. |
| Move-in/out condition photos | Until you delete tenant record | Stored on Sige Azure Blob. RA 7160 deposit-dispute evidence. DSAR-erasable on request. |
| Abuse-report phone-hash | 90 days | Reporter phone-hash auto-purged nightly after 90d. Report itself (target + reason) retained for compliance proof. |
| DSAR + abuse-report records | 365 days post-fulfillment | RA 10173 Β§22 audit-floor. Pending DSAR requests never auto-purged. |
| Admin audit-log (admin-actions) | 5 years | RA 10173 Β§22 accountability |
| User audit-log (auth + DSAR + abuse + saved-search actions) | 365 days | Incident-tracking + RA 10173 Β§22 audit-floor. |
| Listing inquiries (marketplace contact-form) | Until DSAR-erase by email | Visitor email + name kept for landlord-forwarding + admin queue review. Anonymizable via DSAR contact at dpo@getsige.com (admin verifies email-ownership). |
| Saved searches (listings marketplace) | Until you delete | Anonymous device-token only, no PII. Soft-delete (active=0) keeps audit-trail. |
| Landlord reply-time stats | Until landlord deletes account | Reply timestamps stored against owner_hash (pepper-hashed). DSAR-erase wipes via landlord-data scrub. |
As a Sige user you have the following rights, exercisable through Settings β Account:
If a personal data breach occurs that is likely to result in real risk to you, Sige will:
If you receive harassing, threatening, or inappropriate messages via Sige's chat features (tenant β landlord, marketplace), tap the π© button in the conversation to report. Reports go directly to Sige's admin team and we respond within 48 hours via SMS. Repeat offenders are blocked from messaging features.
Sige complies with the Philippine Data Privacy Act (RA 10173). The legal basis for processing your data is:
Sige Software Solutions OPC, Digos City, is the Personal Information Controller. The Data Protection Officer (DPO) is reachable at dpo@getsige.com. We are registered with the National Privacy Commission (NPC) once we pass 250 data subjects, in line with the Act.
If you find a vulnerability, see /.well-known/security.txt or our Security Policy. Primary contact: security@getsige.com.
If we materially change what's on this page, we bump the policy version and ask you to re-accept in the app. Small wording-only edits don't trigger re-prompt, but you see the "Last updated" date at the top of this page.