Clibase Technology Inc.

Privacy Policy

How Clibase collects, uses, protects, and processes personal data in connection with our Enterprise Management System, Point-of-Sale platform, SaaS services, websites, support channels, and related business solutions.

Last Updated: May 2026

Important Notice: Clibase Technology Inc. (“Clibase,” “we,” “us,” or “our”) respects your right to privacy and is committed to protecting personal data in accordance with Republic Act No. 10173, also known as the Data Privacy Act of 2012, its Implementing Rules and Regulations, and relevant issuances of the National Privacy Commission.

1. Scope of this Privacy Policy

This Privacy Policy applies to personal data that we collect, use, store, process, disclose, or protect through our website, sales and marketing activities, client onboarding process, customer support channels, online forms, product demonstrations, subscription services, Enterprise Management System, Point-of-Sale platform, inventory modules, reporting modules, loyalty programs, online ordering tools, booking systems, payment-related integrations, and other related software services.

This Policy applies to the following individuals:

  • Business owners, merchants, companies, and authorized business representatives using or inquiring about Clibase services;
  • Client employees, staff, cashiers, managers, administrators, and users with access to the Clibase platform;
  • Customers, members, patients, guests, or end-users whose data may be encoded, uploaded, or processed by Clibase clients through the system;
  • Website visitors, sales leads, demo requesters, and persons who contact Clibase through phone, email, social media, website forms, Viber, Messenger, or support channels.

2. Our Role in Processing Personal Data

Depending on the nature of the transaction and the purpose of processing, Clibase may act either as a Personal Information Controller or as a Personal Information Processor.

2.1 Clibase as Personal Information Controller

Clibase acts as a Personal Information Controller when we determine the purpose and manner of processing personal data. This includes situations where we collect and process data for sales inquiries, demo bookings, client onboarding, billing, subscription management, account administration, technical support, internal business operations, security, compliance, and legal requirements.

2.2 Clibase as Personal Information Processor

Clibase acts as a Personal Information Processor when we process personal data on behalf of our clients through the Clibase platform. This may include sales transactions, customer profiles, employee attendance records, loyalty program records, inventory-related user activities, booking records, membership records, account receivable records, collection records, and other business data entered, uploaded, imported, or managed by our clients.

In such cases, the client remains primarily responsible for determining the purpose of processing, obtaining any required consent or lawful basis, ensuring the accuracy of data entered into the system, managing user access, and responding to requests from their own customers, employees, members, guests, or data subjects.

3. Personal Data We May Collect

The personal data we collect depends on your relationship with Clibase and the services used. This may include:

3.1 Business and Account Information

  • Business name, trade name, branch name, business address, and business type;
  • Owner, representative, manager, officer, or authorized contact name;
  • Email address, mobile number, telephone number, and communication details;
  • Billing details, subscription records, invoices, payment references, account status, and service history;
  • Documents submitted for onboarding, accreditation, compliance, support, implementation, or service verification.

3.2 Platform User Information

  • User names, employee names, user IDs, role assignments, access levels, login credentials, and user activity logs;
  • Attendance records, timekeeping records, work schedules, approvals, system actions, and transaction-related user activity;
  • Audit logs, device logs, IP addresses, browser data, timestamps, and security-related records.

3.3 Client Customer or End-User Information

  • Customer names, contact details, membership details, loyalty card information, booking details, transaction records, purchase history, and account balances;
  • Information encoded by clients in the POS, CRM, booking, loyalty, membership, collection, accounts receivable, or reporting modules;
  • Other data that clients may input, upload, import, store, or process through the Clibase platform.

3.4 Website, Support, and Communication Data

  • Information submitted through website forms, demo requests, social media inquiries, email, Viber, Messenger, phone calls, and support tickets;
  • Technical details such as device type, browser type, operating system, IP address, cookies, pages visited, and website interaction logs;
  • Support history, implementation concerns, troubleshooting records, screenshots, attachments, diagnostic information, and system-related communications.

4. Why We Process Personal Data

Clibase processes personal data for legitimate, lawful, and specific business purposes, including:

  • To provide, operate, maintain, support, and improve the Clibase Enterprise Management System and related services;
  • To create and manage client accounts, branches, users, subscriptions, modules, permissions, and service records;
  • To process sales inquiries, demonstrations, proposals, quotations, contracts, billing, payments, renewals, and account-related transactions;
  • To provide customer support, technical assistance, onboarding, training, implementation, troubleshooting, and after-sales service;
  • To generate reports, dashboards, logs, analytics, and system records required by clients for business operations;
  • To maintain platform security, prevent fraud, detect unauthorized access, monitor system performance, and protect service integrity;
  • To comply with legal, tax, accounting, regulatory, audit, and government requirements;
  • To send service announcements, product updates, system maintenance notices, renewal reminders, billing notices, and operational communications;
  • To conduct internal business analysis, service improvement, product development, quality assurance, and staff training.

5. Lawful Basis for Processing

We process personal data only when there is a lawful basis to do so. Depending on the situation, this may include:

  • The data subject has given consent;
  • The processing is necessary for the performance of a contract or to take steps prior to entering into a contract;
  • The processing is necessary for compliance with a legal obligation;
  • The processing is necessary to protect legitimate business interests, provided such interests do not override the rights and freedoms of the data subject;
  • The processing is necessary for the establishment, exercise, or defense of legal claims;
  • The processing is authorized or required by applicable law, regulation, or government authority.

6. How We Share Personal Data

Clibase does not sell, rent, or commercially disclose personal data to third parties. We do not provide client-owned personal data to service providers, vendors, or external partners for their own marketing, analytics, profiling, or independent business use.

Personal data is accessed or disclosed only when necessary, authorized, or legally required, including the following cases:

  • With authorized Clibase personnel who need access to perform their assigned duties, subject to confidentiality, role-based access, and internal data protection controls;
  • With the client or authorized representatives of the client that owns, controls, or manages the relevant business account;
  • With third-party systems, vendors, or external service providers only when expressly authorized by the client, required to deliver a client-enabled integration, necessary to process a client-requested transaction, or required by law;
  • With payment gateways, messaging providers, accounting systems, delivery platforms, e-commerce tools, or other business software integrations only when such integration is activated, requested, or authorized by the client;
  • With government agencies, regulators, courts, or law enforcement when required by law, regulation, subpoena, lawful order, or legal process;
  • With professional advisers, auditors, legal counsel, accountants, consultants, or insurers when reasonably necessary for business, legal, financial, audit, or compliance purposes.

Any third-party access, when applicable, is limited to the specific purpose for which it was authorized or legally required. Clibase requires appropriate confidentiality, security, and data protection measures from any party that may process personal data in connection with our services.

7. Client Responsibilities

Clients using the Clibase platform are responsible for ensuring that personal data entered, uploaded, imported, stored, or processed through their account is collected and used lawfully. This includes:

  • Providing proper privacy notices to their own customers, employees, members, guests, patients, or users;
  • Obtaining consent or establishing another lawful basis where required;
  • Ensuring the accuracy, relevance, and lawful use of data entered into the system;
  • Managing user access, roles, permissions, branch-level restrictions, and account security;
  • Promptly disabling accounts of resigned, transferred, inactive, or unauthorized personnel;
  • Using reports, exports, customer lists, employee records, and business data only for legitimate business purposes;
  • Complying with applicable data privacy, labor, consumer, tax, industry-specific, and business regulations.

8. Data Security

Clibase implements reasonable and appropriate organizational, technical, and physical safeguards designed to protect personal data against accidental loss, unauthorized access, unlawful disclosure, alteration, misuse, destruction, or other unlawful processing.

These safeguards may include access controls, account authentication, role-based permissions, audit logs, system monitoring, secured infrastructure, backup procedures, internal confidentiality obligations, staff access restrictions, device controls, and security review processes.

However, no method of transmission over the internet, electronic storage, or digital processing is completely secure. While we take reasonable steps to protect personal data, we cannot guarantee absolute security.

9. Data Retention

Clibase retains personal data only for as long as necessary to fulfill the purposes for which it was collected, to provide the contracted services, to comply with legal, tax, accounting, audit, and regulatory requirements, to resolve disputes, to enforce agreements, and to maintain legitimate business records.

For data processed on behalf of clients, retention may depend on the client’s subscription status, contractual terms, data export requests, backup cycles, legal requirements, and applicable service policies. Upon termination, suspension, or deactivation of services, data may be retained, exported, archived, anonymized, deleted, or restricted in accordance with the applicable agreement and Clibase’s internal retention procedures.

10. Data Subject Rights

Subject to applicable law, verification requirements, contractual obligations, and lawful exceptions, data subjects may have the right to:

  • Be informed about the collection and processing of their personal data;
  • Access their personal data;
  • Request correction of inaccurate, outdated, incomplete, or misleading personal data;
  • Object to certain types of processing;
  • Request blocking, erasure, or deletion of personal data when allowed by law;
  • Request data portability where applicable;
  • File a complaint with the National Privacy Commission;
  • Claim damages in cases provided by law.

If your personal data was collected or processed by one of our clients through the Clibase platform, please contact that client directly first. In such cases, Clibase generally processes the data on behalf of the client and will assist the client in handling valid data privacy requests where appropriate.

11. Cookies and Website Tracking

Our website may use cookies and similar technologies to improve website functionality, analyze website traffic, remember preferences, support security, and enhance user experience. You may manage or disable cookies through your browser settings. However, some website features may not function properly if cookies are disabled.

12. Payment Gateways and Third-Party Integrations

Clibase may support integrations with third-party payment gateways, messaging providers, SMS providers, accounting systems, delivery platforms, online stores, websites, booking tools, and other business applications. These third-party providers may process personal data only when such processing is necessary for a client-requested transaction, client-authorized integration, or legally required purpose.

Clients are responsible for reviewing and accepting the terms, fees, privacy policies, data processing practices, and security measures of third-party services they choose to activate, connect, or use with the Clibase platform.

13. Cross-Border Processing

Some client-authorized integrations, cloud infrastructure, support tools, communication tools, or technology providers may involve processing or storage of data in locations outside the Philippines. When this occurs, Clibase takes reasonable steps to ensure that appropriate safeguards are applied and that data is processed in accordance with applicable data protection requirements.

14. Security Incidents and Data Breach Management

In the event of a suspected or confirmed personal data breach, Clibase will assess the incident, take reasonable containment and remediation measures, coordinate with affected clients where applicable, and provide notifications when required by law or regulation.

For data processed on behalf of clients, Clibase will coordinate with the relevant client to support investigation, documentation, mitigation, and required notification procedures.

15. Children’s Personal Data

Clibase services are intended for business use. We do not knowingly collect personal data directly from children through our website or sales channels. If a client processes children’s personal data through the Clibase platform, the client is responsible for ensuring that such processing is lawful and that required parental consent, notices, and safeguards are properly obtained and maintained.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology, legal requirements, security practices, third-party integrations, or business operations. When material changes are made, we may provide notice through our website, platform notifications, email, or other appropriate communication channels.

Continued use of our website, platform, or services after the effective date of the updated Privacy Policy means that you acknowledge the updated terms, subject to applicable law and contractual rights.

17. Contact Us

For privacy-related questions, requests, concerns, complaints, or data subject rights requests, you may contact Clibase through:

Clibase Technology Inc.

Unit 204-205 Urban Hub Legian, Carsadang Bago 2, Imus City, Cavite, Philippines 4103

Data Protection Officer / Privacy Contact: founder@clibase.tech

Mobile: (+63) 917-855-7045

Please include your name, contact details, the nature of your request, and the relevant client, branch, transaction, user account, or service involved so we can properly verify and assess your concern.