Privacy Policy

1. Introduction

Welcome to instorereviews.com, operated by InStoreReviews Digital Marketing Services, registered under the DTI in the Philippines ("we," "us," or "our").

We value your privacy and comply with the Philippine Data Privacy Act of 2012 (RA 10173) and international standards, including the EU/UK GDPR.

This Policy explains how we collect, use, store, and protect your personal data when you use our software-as-a-service ("Service").

By using the Service, you agree to this Policy and our Terms and Conditions.

2. Information We Collect

• Provided by you: name, business name, email, contact number, billing details (processed securely via Paddle), feedback or support inquiries.
• Collected automatically: IP address, browser/device type, usage statistics, and cookies.
• From third parties: sign-in data from Google, Facebook, or Paddle if you link those accounts.

3. How We Use Your Data

We use data to:

• Provide and maintain the Service.
• Manage subscriptions and payments through Paddle.
• Communicate updates, service alerts, or support.
• Detect fraud and improve functionality.
• Comply with legal obligations.

We never sell or rent your data.

4. Legal Bases for Processing (for EU/UK users)

We process personal data based on:

• Contractual necessity – to provide the Service.
• Legal obligation – compliance with laws.
• Legitimate interests – ensuring security and improvement.
• Consent – for optional analytics or marketing, withdrawable anytime.

5. Data Retention

We retain data only as long as needed:

• Account & billing data: 7 years (legal/accounting).
• Account activity: while active + 2 years post-termination.
• Analytics & logs: up to 12 months or anonymized sooner.

After these periods, data is securely deleted or anonymized.

6. International Data Transfers

We may transfer data globally. When doing so, we rely on safeguards including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Equivalent legal mechanisms

7. Processors and Subprocessors

We use trusted third parties ("subprocessors") including:

• Paddle (billing and payment processing)
• Hosting providers (infrastructure and data storage)
• Analytics tools (usage statistics and performance monitoring)

A current list of subprocessors is published at processors, and we'll notify users of significant updates.

8. Cookies and Tracking

We use essential cookies for site operation and optional cookies for analytics or marketing (only with consent).

Manage preferences via our cookie banner or see our Cookie Policy.

9. Your Rights

You may request to:

• Access, correct, or delete your data.
• Withdraw consent or object to processing.
• Request data portability.
• File a complaint with your data-protection authority.

Email info@instorereviews.com to exercise these rights.

We respond within 5 business days and complete requests within 30 days.

10. Security Measures

We apply administrative, physical, and technical controls including:

• TLS encryption for data in transit
• AES-256 encryption for sensitive data at rest
• Access controls and audits
• Regular backups and vulnerability scans

No system is fully secure, but we continually improve our protection.

11. Data Breach Notification

If a breach affects your personal data, we will:

• Notify you within 72 hours of confirmation
• Notify the relevant data protection authority within 72 hours
• Explain the scope of the breach and actions taken to address it

12. Marketing and Communication

We send marketing emails only if you've opted in. You can unsubscribe via the link in each email or email info@instorereviews.com.

Opt-out requests are processed within 7 days.

13. Children's Privacy

Our Service targets users aged 18 and above. If minors access the Service under local law thresholds, parental consent is required.

We promptly delete any data inadvertently collected from minors.

14. Accountability and Documentation

We maintain accountability through:

• Internal Records of Processing Activities (RoPA)
• Data Protection Impact Assessments (DPIA) where required
• Documentation summaries available upon request

15. Updates

We may update this Policy periodically. The revised version will be posted here with a new "Last Updated" date and, where appropriate, communicated via email.

16. Contact / Data Protection Officer

For questions, privacy concerns, or to exercise your rights: