Privacy Policy

Last Updated: January 2026

1. Introduction

Jewelry Shop Cavite ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, how we keep it safe, and your rights regarding your data.

By using Jewelry Shop Cavite, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the Platform.

2. Information We Collect

2.1 Account and Profile Information

When you create an account, we collect:

  • First name and last name
  • Email address
  • Password (encrypted and stored securely)
  • User role (Customer, Company/Seller, Supplier)
  • Profile picture (if uploaded)

2.2 Address and Location Information

During the onboarding process, we collect:

  • Street address
  • City and barangay
  • Province (Cavite)
  • Postal/ZIP code

Why we collect this: To process orders, enable deliveries, and verify business locations. Admins can view business addresses for safety and verification purposes.

2.3 Business Documents (Companies and Suppliers Only)

Companies and Suppliers must submit:

  • Valid government-issued ID
  • Certificate of Registration (COR)
  • BIR registration documents
  • Other business permits or licenses

Why we collect this: To verify the legitimacy of businesses and ensure compliance with laws. Admins review these documents before approving accounts.

2.4 Order and Transaction Information

When you place or fulfill orders, we collect:

  • Product details (name, price, quantity)
  • Order status (pending, confirmed, shipped, delivered)
  • Payment method (GCash, Grab Pay, Card)
  • Payment status and transaction IDs
  • Shipping and delivery information

2.5 Messages and Attachments

Our platform includes a messaging system. We collect:

  • Message content between customers, sellers, suppliers, and support
  • Files and photos uploaded in messages (receipts, product images, delivery proofs)
  • Timestamps and sender/receiver information

Why we collect this: To facilitate communication, resolve disputes, and provide support. Admins may review messages and attachments if there is a dispute or reported violation.

2.6 Security and Login Information

To keep your account secure, we collect:

  • Login attempts (successful and failed)
  • IP addresses and device information
  • Two-Factor Authentication (2FA) OTP codes and timestamps
  • Multi-Factor Authentication (MFA) PIN attempts (for customers who enable MFA)
  • Account activity logs (password changes, profile updates)

Why we collect this: To detect suspicious activity, prevent fraud, and protect your account.

2.7 Inventory and Product Data (Companies and Suppliers Only)

We collect:

  • Product names, descriptions, prices, and images
  • Stock quantities and inventory updates
  • Purchase orders between companies and suppliers

2.8 Support Tickets

When you contact support, we collect:

  • Your name, email, and user role
  • Subject and message content
  • Attached files (if any)
  • Ticket status and admin responses

2.9 Usage and Analytics Data

We automatically collect:

  • Pages visited and time spent on the Platform
  • Browser type and operating system
  • IP address (for general location, not GPS tracking)
  • Cookies for session management and preferences

3. How We Use Your Information

We use your information to:

  • Create and manage your account
  • Verify your identity and approve business registrations
  • Process orders, payments, and deliveries
  • Enable communication between customers, sellers, and suppliers
  • Send notifications about orders, messages, and account activity
  • Provide customer support and resolve disputes
  • Track inventory and manage stock levels
  • Generate sales reports and analytics for businesses
  • Secure accounts with 2FA and MFA
  • Detect and prevent fraud, scams, and unauthorized access
  • Improve the Platform and fix technical issues
  • Comply with legal requirements and enforce our Terms & Conditions

4. How We Protect Your Information

We take security seriously and use multiple measures to protect your data:

  • Password Encryption: Passwords are hashed using bcrypt (industry-standard encryption)
  • Secure Connections: Data is transmitted over HTTPS (SSL/TLS encryption)
  • Two-Factor Authentication (2FA): OTP codes sent via email for verification
  • Multi-Factor Authentication (MFA): Optional PIN codes for extra account security (customers)
  • Database Security: Sensitive data is stored securely with access controls
  • Rate Limiting: Failed login/PIN attempts lock accounts temporarily to prevent brute-force attacks
  • Audit Logs: All major actions are logged for security monitoring
  • Admin Access Control: Only authorized admins can access user data, and only for legitimate purposes

Important: While we take every precaution, no system is 100% secure. Please keep your password and PIN private and report any suspicious activity immediately.

5. Who Can Access Your Information

5.1 Admins

Admins can access user information for:

  • Reviewing and approving business registrations
  • Viewing business addresses for safety and verification
  • Mediating disputes and reviewing support tickets
  • Investigating fraud, scams, or violations
  • Deactivating or reactivating accounts
  • Generating reports and monitoring platform activity

Admins will not misuse your information and will only access data when necessary.

5.2 Other Users

  • Customers can see seller names, shop information, and product listings
  • Sellers can see customer names and delivery addresses for orders
  • Users in a conversation can see messages and attachments shared in that conversation

5.3 Third-Party Services

We use trusted third-party services for:

  • Payment Processing: Xendit (for GCash, Grab Pay, and card payments)
  • Email Delivery: PHPMailer with SMTP for OTP and notifications

These services have their own privacy policies. We do not sell or share your information with third parties for marketing purposes.

6. Data Retention

We keep your information for as long as:

  • Your account is active
  • Required to provide services (e.g., order history)
  • Required by law or for legal disputes

If you delete your account, we will remove your personal information, but may keep anonymized data for analytics and legal compliance.

7. Your Rights and Choices

You have the right to:

  • Access Your Data: Request a copy of the information we have about you
  • Correct Your Data: Update your profile, address, or account information
  • Delete Your Data: Request account deletion (subject to legal retention requirements)
  • Opt-Out of Notifications: Manage notification preferences in your settings
  • Enable/Disable MFA: Turn on or off Multi-Factor Authentication for extra security
  • Contact Support: Ask questions or request help with your data

To exercise these rights, contact us at support@jewelryshop.cavite or submit a support ticket through the Platform.

8. Cookies

We use cookies to remember your login session and preferences. Cookies do not contain personal information. You can disable cookies in your browser settings, but some features may not work properly.

9. Children's Privacy

Jewelry Shop Cavite is not intended for users under 18 years old. We do not knowingly collect information from children. If we discover that a child has created an account, we will delete it immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you via email or platform notification for major changes

Your continued use of the Platform after changes means you accept the updated Privacy Policy.

11. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your data, contact us:

Jewelry Shop Cavite

Email: support@jewelryshop.cavite

Phone: +63 919 123 4567

Location: Cavite, Philippines

You can also submit a support ticket through the Contact Support feature in your dashboard.