BackLast updated: February 2026
Data Privacy Act of 2012 · RA 10173

Privacy Policy

This policy explains what personal information AMPS Technologies collects, why we collect it, how we protect it, and your rights as a data subject under Philippine law.

Effective: February 28, 2026·Jurisdiction: Republic of the Philippines·Governing Law: RA 10173 (Data Privacy Act of 2012)

Plain Language Summary

We only collect your email address when you voluntarily request a demo access code. We do not collect your name, payment details, or any sensitive personal information. Your email is stored securely, used only to send your access code, and deleted after 30 days. We do not sell, share, or use your email for marketing. That's it.

The personal information controller for this platform is:

AMPS Technologies

Taytay, Rizal, Philippines

Privacy inquiries: privacy@amps-technologies.com

As a registered business operating an online platform that processes personal data of individuals, AMPS Technologies is considered a Personal Information Controller (PIC) under Section 3(h) of the Data Privacy Act of 2012.

We collect the minimum personal data necessary to operate this platform. Specifically:

Email Address

Collected when you voluntarily submit the "Request Access Code" form on our landing page. This is the only personal information we actively collect.

Session Data (Technical)

When you authenticate with a valid access code, a temporary session token is stored in a secure, server-side httpOnly cookie on your browser. This token contains only a session identifier — no personal information. It expires automatically and is deleted on logout.

We do not collect your name, phone number, payment details, government ID, IP address logs, device fingerprints, or any sensitive personal information as defined under Section 3(l) of RA 10173.

Your email address is collected and processed solely for the following purpose:

  • Sending your demo access code — to deliver the unique access code you requested so you can view the platform demonstration.

The legal basis for processing under Section 12 of RA 10173 is consent — you provide your email voluntarily by submitting the request form. You may withdraw consent at any time by contacting us at privacy@amps-technologies.com.

We will never use your email address for marketing, newsletters, promotional offers, or any purpose beyond delivering your requested access code.

In accordance with the principle of storage limitation under the Data Privacy Act, we retain personal data only as long as necessary:

Email address30 days from collection date
Session token (cookie)Until logout or access code expiry

After 30 days, email addresses are permanently deleted from our systems. You may also request earlier deletion at any time (see Section 7 — Your Rights).

Your personal data is stored on servers located outside the Philippines. This constitutes a cross-border data transfer under Section 21 of RA 10173.

This platform uses Supabase as its database service. Supabase operates on Amazon Web Services (AWS) infrastructure located in the US East region (Ohio, United States). As a result, your email address is stored on servers in the United States.

The United States is not currently on the NPC's whitelist of countries with equivalent data protection standards. However, we ensure adequate safeguards through:

  • Supabase's security certifications (SOC 2 Type II, ISO 27001)
  • Row-Level Security enabled — data is inaccessible without authenticated server-side queries
  • Minimal data collection — only email address, deleted after 30 days
  • Encryption in transit (TLS) and at rest (AES-256)

We implement the following technical and organizational security measures in compliance with Section 20 of RA 10173:

  • HTTPS / TLS encryption on all data transmitted between your browser and our servers
  • httpOnly session cookies — session tokens are inaccessible to JavaScript, preventing cross-site scripting (XSS) attacks
  • Row-Level Security (RLS) — database access control ensuring only authorized server processes can read personal data
  • Server-side authentication — all access code validation happens on the server; secret keys are never exposed to client browsers
  • Rate limiting — brute-force protection on authentication endpoints
  • Environment variable isolation — all secrets and API keys are stored as server-side environment variables, never embedded in client-side code

In the event of a personal data breach, we will notify the National Privacy Commission (NPC) and affected individuals within 72 hours of discovery, in accordance with NPC Circular 16-03.

Under the Data Privacy Act of 2012, you have the following rights regarding your personal data:

  • Right to be Informed — to know what data we collect and how it is used (this policy fulfills that obligation)
  • Right to Access — to request a copy of any personal data we hold about you
  • Right to Rectification — to correct inaccurate or incomplete personal data
  • Right to Erasure / Right to be Forgotten — to request deletion of your personal data before the 30-day retention period ends
  • Right to Object — to object to the processing of your personal data
  • Right to Data Portability — to receive your personal data in a structured, commonly used format
  • Right to File a Complaint — to lodge a complaint with the National Privacy Commission at privacy.gov.ph or complaints@privacy.gov.ph

To exercise any of these rights, email us at privacy@amps-technologies.com. We will respond within 15 business days in accordance with NPC guidelines.

This platform uses a single functional cookie:

demo_session

Type: Functional / Security (strictly necessary)

Purpose: Maintains your authenticated session after entering a valid access code. Without this cookie, you cannot access the platform demonstration.

Expiry: Deleted on logout, or when your access code expires

Contains: A signed session identifier only — no personal information

Security: httpOnly, Secure, SameSite=Strict

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. No consent banner is required for strictly necessary functional cookies under applicable guidelines.

We share data only with the following service providers necessary to operate the platform:

Supabase Inc.

Role: Database service

Data shared: Email address

Location: AWS us-east-2, Ohio, USA

Privacy Policy →

Vercel Inc.

Role: Hosting / Deployment

Data shared: None (static hosting only)

Location: Global CDN

Privacy Policy →

We do not sell, rent, trade, or otherwise transfer your personal data to any other third parties.

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The "Last Updated" date at the top of this page will always reflect the most recent revision.

Continued use of the platform after any changes constitutes acceptance of the updated policy. For significant changes, we will make reasonable efforts to notify users via the platform or by email where we hold contact information.

Questions or Requests

For any privacy-related inquiries, to exercise your data subject rights, or to report a concern:

privacy@amp-technologies.com

National Privacy Commission · privacy.gov.ph · complaints@privacy.gov.ph