← Back to Sige
EN PH Tagalog 🌺 Cebuano

Privacy at Sige

Last updated: 11 May 2026 Β· Policy version 2.1

This page exists so you know β€” in plain words β€” what we sell, what we never sell, and how Sige stays free.

TL;DR: We sell aggregate insight (minimum 10 shops combined per data point) to big brands like Coca-Cola and NestlΓ©. We never sell your name, your shop's name, your customers, or your individual sales. You can opt out at any time; Sige keeps working.

1. What we sell (aggregate)

We share with brands like Coca-Cola and NestlΓ© aggregated numbers from shops like yours. Example:

"In Barangay Tres de Mayo this week, 500 bottles of Cola 1L were sold, spread across 100 morning / 150 afternoon / 250 evening sales."

The SQL that runs every brand query has a hard guardrail:

HAVING COUNT(DISTINCT shop_id) >= 10

That means every datapoint is mathematically anonymous β€” it can only be computed if at least 10 different shops contributed. Fewer than 10 = no publication, no exception.

2. What we never sell

These are lines we do not cross. Not now, not later, not for any contract:

3. Why is Sige free?

Because brands pay for the aggregate, not for your data as a shop.

Sige Tindahan is free forever for shop owners. We cover the cloud, SMS and hosting from the revenue of aggregate licenses to FMCG brands (first contract unlocks at ~500 shops, not before).

In return you get, right inside the app, a dashboard showing:

That's the deal: anonymous neighborhood insight both ways.

4. Your choices

You control what data participates in the aggregate:

Change your choices anytime in Tindahan β†’ Meer β†’ Privacy. Revoking consent stops future aggregate inclusion; past already-published aggregates cannot be retroactively unpublished (they were never identifiable to your shop anyway).

5. Technical measures

6. Cross-border data transfers

To run the app, Sige uses these third-party processors. We have appropriate contractual safeguards (Microsoft DPA, Google Cloud DPA, Semaphore Terms) in place per NPC Circular 16-01:

You can opt out of AI-features (Gemini) at any time by simply not using them. Sige's core functionality (sales, utang, vault, reminders) works fully without AI.

7. AI features β€” what we do and don't send

When you tap an AI button (translate, recipe-AI, customer-pattern, etc.), Sige asks you to acknowledge that AI is being used. After you accept once, we remember your choice on this device.

What goes to Google: aggregate counts ("5 sales today"), the message text you typed (for translation), photos of sari-sari receipts (for line-item OCR β€” not stored on Sige servers), photos of landlord utility-bills (for provider + address extraction during βœ“ Sige Verified onboarding β€” not stored on Sige servers), and photos of marketplace listings (for AI-moderation against stock-photos / NSFW β€” not stored on Sige servers). Each photo triggers one Gemini call and is then dropped. What stays on your phone: customer names, phone numbers, GCash/Maya details, all Vault documents, and tenant records.

What goes to Sige's own Azure Blob Storage (NOT to Google): marketplace listing-photos that you choose to publish (housed at listing-photos-public container for marketplace display), and move-in/out condition photos that landlords take for RA 7160 deposit-dispute prevention.

Google may temporarily process this data to generate the response. While Sige is on Google's free tier (during the build/launch phase), Google may retain prompt data for service improvement per their Gemini API terms. Sige is in the process of upgrading to Google's paid Vertex AI tier β€” under that contract Google does not retain or train on prompt data. Until upgrade, you can opt out of all AI features at any time and they remain optional. The current API tier is logged in our compliance document and updated when this changes.

8. Children and minors

Sige user accounts: Sige is for users 18 years or older. We ask you to confirm your age at sign-up. If you become aware that a minor has registered, please contact dpo@getsige.com and we will delete the account within 7 days. We do not knowingly collect data from account-holding minors per RA 10173 Β§13.

Customer records (Sari-Sari shops): A Sari-Sari shop owner (Tita) may record contact details of her customers β€” these can include minors who have utang at the shop. In that scenario:

9. Data retention

Data typeRetentionWhy
Sales records10 yearsBIR audit retention (RA 8424)
Customer name + phoneUntil you delete or revokeAnonymized after deletion request, kept linked to anonymized sales-record
OTP attempts24 hoursBrute-force prevention. Auto-purged nightly by retention-cron.
Help-chatbot log (volume only, no content)30 daysQuality + abuse detection. No message content stored.
Vault documentsUntil you deleteYour storage; you control deletion
Aggregate query logs2 yearsAudit + abuse detection
Voice / receipt-OCR / bill-OCR / listing-moderation photosNot storedOne-time Gemini API call, then dropped
Marketplace listing photosUntil you delete listingStored on Sige Azure Blob (Singapore). Quarterly orphan-cleanup removes blobs no longer referenced.
Move-in/out condition photosUntil you delete tenant recordStored on Sige Azure Blob. RA 7160 deposit-dispute evidence. DSAR-erasable on request.
Abuse-report phone-hash90 daysReporter phone-hash auto-purged nightly after 90d. Report itself (target + reason) retained for compliance proof.
DSAR + abuse-report records365 days post-fulfillmentRA 10173 Β§22 audit-floor. Pending DSAR requests never auto-purged.
Admin audit-log (admin-actions)5 yearsRA 10173 Β§22 accountability
User audit-log (auth + DSAR + abuse + saved-search actions)365 daysIncident-tracking + RA 10173 Β§22 audit-floor.
Listing inquiries (marketplace contact-form)Until DSAR-erase by emailVisitor email + name kept for landlord-forwarding + admin queue review. Anonymizable via DSAR contact at dpo@getsige.com (admin verifies email-ownership).
Saved searches (listings marketplace)Until you deleteAnonymous device-token only, no PII. Soft-delete (active=0) keeps audit-trail.
Landlord reply-time statsUntil landlord deletes accountReply timestamps stored against owner_hash (pepper-hashed). DSAR-erase wipes via landlord-data scrub.

10. Your rights (RA 10173 Β§16, Β§18)

As a Sige user you have the following rights, exercisable through Settings β†’ Account:

11. Data breach notification

If a personal data breach occurs that is likely to result in real risk to you, Sige will:

12. Anti-harassment (RA 11313 Safe Spaces Act)

If you receive harassing, threatening, or inappropriate messages via Sige's chat features (tenant ↔ landlord, marketplace), tap the 🚩 button in the conversation to report. Reports go directly to Sige's admin team and we respond within 48 hours via SMS. Repeat offenders are blocked from messaging features.

13. Legal basis

Sige complies with the Philippine Data Privacy Act (RA 10173). The legal basis for processing your data is:

Sige Software Solutions OPC, Digos City, is the Personal Information Controller. The Data Protection Officer (DPO) is reachable at dpo@getsige.com. We are registered with the National Privacy Commission (NPC) once we pass 250 data subjects, in line with the Act.

14. Security contact

If you find a vulnerability, see /.well-known/security.txt or our Security Policy. Primary contact: security@getsige.com.

15. Changes to this policy

If we materially change what's on this page, we bump the policy version and ask you to re-accept in the app. Small wording-only edits don't trigger re-prompt, but you see the "Last updated" date at the top of this page.