Legal
Privacy Policy
Last updated: April 17, 2026
This Privacy Policy explains how BatasDB collects, uses, stores, and protects your personal information in accordance with Republic Act No. 10173, the Data Privacy Act of 2012.
1. Who We Are
BatasDB is a product of Jeva Technologies OPC, a One Person Corporation registered in the Philippines ("we", "us", "our"). We operate the BatasDB platform, including the website at batasdb.ph, the web dashboard at app.batasdb.ph, and the search API at api.batasdb.com. We provide AI-powered semantic search over Philippine legal documents — Supreme Court decisions and statute provisions.
We are a Philippine-based service. All personal data we collect is stored
and processed in the Philippines on AWS Manila Local Zone infrastructure (ap-southeast-1-mnl-1a).
Jeva Technologies OPC is a corporation registered with the Philippine Securities and Exchange Commission (SEC). We comply with applicable data protection requirements under Republic Act No. 10173 and its implementing rules.
2. Our Data Protection Officer
We have designated a Data Protection Officer (DPO) responsible for overseeing compliance with the Data Privacy Act of 2012 and this Privacy Policy. You may reach our DPO at:
- Email: [email protected]
3. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Password (stored as a one-way bcrypt cryptographic hash — we never store your plaintext password)
- Account creation date and activity timestamps
API Key Information
When you create API keys, we store:
- Key name you assign
- A short prefix for display purposes
- A SHA-256 hash of the key (the plaintext is shown once at creation and never retained)
- Creation and last-used timestamps
Search Data
When you perform a search — from the dashboard or via API — we record:
- The query text you submitted
- The document type filter applied, if any
- The number of results returned
- Whether the search originated from the dashboard or an API key
- Timestamp of the search
We maintain two distinct layers of search data:
- User search history — for dashboard searches, we save the full result set and any AI summary so you can revisit without being charged again. This is visible only to you and can be deleted at any time from your dashboard settings.
- Raw query logs — backend logs used for abuse prevention and service improvement. These are automatically purged after 90 days and are never visible to you directly.
Users are responsible for ensuring that they have the legal right to submit any personal data included in their queries. BatasDB does not intentionally collect sensitive personal data and does not verify the accuracy, legality, or ownership of user-submitted content.
Usage and Technical Data
We automatically collect limited technical data to operate and improve the service:
- Request timestamps and response latencies
- HTTP status codes and error types (no personal content in error logs)
- Rate-limit counters (keyed to your API key or session, not stored permanently)
- IP addresses — temporarily processed for security, fraud prevention, and rate limiting. IP addresses are not retained longer than necessary for these purposes.
We do not use third-party advertising or behavioral tracking tools.
4. How We Use Your Information
We use the information we collect to:
- Authenticate you and secure your account
- Provide the search service and return results
- Save and display your search history on the dashboard
- Enforce rate limits on API key usage
- Calculate and display usage statistics on your dashboard
- Send transactional emails (email confirmation, password reset) — no marketing email without your explicit opt-in
- Investigate abuse, enforce our Terms of Service, and comply with legal obligations
- Improve search quality and system performance using aggregated, anonymized usage patterns
5. Legal Basis for Processing
Under the Data Privacy Act of 2012 (RA 10173), we process your personal data on the following bases:
- Contractual necessity — processing required to provide the service you signed up for (authentication, search, history)
- Legitimate interests — security monitoring, abuse prevention, and service improvement
- Consent — for any optional communications you opt into
- Legal obligation — when required by Philippine law or a lawful order
6. Data Storage and Location
All personal data is primarily stored in the Philippines on AWS Manila Local
Zone (ap-southeast-1-mnl-1a).
However, limited data — such as search queries used for AI-generated summaries — may be transferred to and processed by third-party service providers outside the Philippines, including OpenAI. We ensure that such transfers are subject to appropriate safeguards, including data processing agreements and contractual protections consistent with applicable data protection laws.
If you prefer not to have your queries sent to OpenAI, you may use the API directly — the core search API returns ranked results without triggering AI synthesis unless you explicitly call the answer-synthesis endpoint.
7. Data Retention
- Account data — retained for the lifetime of your account. Deleted within 30 days of account closure.
- User search history — retained until you clear it or close your account. You can delete individual entries or all history at any time from the dashboard.
- Raw query logs — automatically purged after 90 days.
- Usage records — aggregated usage statistics are retained for up to 2 years for billing and abuse-prevention purposes.
- API keys — revoked keys are retained for audit purposes for 1 year after revocation, then permanently deleted.
8. Sharing of Information
We do not sell, rent, or trade your personal data. We may share information only in the following limited circumstances:
- Service providers — AWS (infrastructure), OpenAI (AI summary generation). These providers process data only as directed by us and under data processing agreements.
- Legal requirements — in response to a valid court order, subpoena, or lawful request from Philippine government authorities.
- Business transfer — if Jeva Technologies OPC is acquired or merges with another entity, we will notify affected users prior to any transfer of personal data and obtain consent where required by RA 10173.
9. Your Rights Under RA 10173
As a data subject under the Data Privacy Act of 2012, you have the right to:
- Be informed — know what personal data we hold about you and how it is processed
- Access — request a copy of your personal data
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your personal data, subject to legal retention requirements
- Data portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
- Lodge a complaint — file a complaint with the National Privacy Commission (NPC) at privacy.gov.ph
To exercise any of these rights, contact us at [email protected]. We will respond within 15 business days in accordance with applicable law.
We may request reasonable verification of your identity before fulfilling a request. Requests may be limited or denied where permitted by law.
10. Personal Data Breach Notification
In the event of a personal data breach that poses a real risk to your rights and freedoms, Jeva Technologies OPC will:
- Notify the National Privacy Commission (NPC) within 72 hours of discovery of the breach
- Notify affected data subjects without undue delay, including the nature of the breach, the data involved, and remedial measures taken
- Document all breaches in our internal breach register regardless of whether notification is required
If you discover or suspect a security vulnerability, please disclose it responsibly to [email protected].
11. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Passwords stored as bcrypt hashes — never in plaintext
- API keys stored as SHA-256 hashes — plaintext shown only once at creation
- All data transmitted over HTTPS/TLS
- Database access restricted to application servers within the same private network
- Access controls and least-privilege principles applied to all internal systems
No system is perfectly secure. If you discover a security vulnerability, please contact [email protected].
12. Cookies and Tracking
The landing page (batasdb.ph) does not use cookies. The dashboard (app.batasdb.ph) uses a single session cookie strictly necessary to maintain your authenticated session. This cookie expires upon logout or after a period of inactivity.
We do not use advertising cookies, third-party trackers, or cross-site behavioral tracking tools.
13. Sensitive Data Disclaimer
BatasDB is not intended for the processing or storage of highly sensitive personal data, including but not limited to health information, financial account details, government-issued identification numbers, or confidential legal strategy. Users are advised not to submit such information through the platform.
14. Children's Privacy
BatasDB is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us at [email protected] and we will delete it promptly.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least 15 days before taking effect, and by updating the "Last updated" date above. Continued use of the service after the effective date constitutes acceptance of the revised policy.
16. Contact Us
For privacy-related inquiries, requests, or complaints:
- Data Protection Officer: [email protected]
- General privacy inquiries: [email protected]
- Security disclosures: [email protected]
- Company: Jeva Technologies OPC, Cebu, Philippines
You also have the right to lodge a complaint with the National Privacy Commission (NPC) at privacy.gov.ph if you believe your rights under RA 10173 have been violated.