Privacy Policy

1. Information We Process

We process information categorized under RA 10173 as Personal Information (Names, Emails, Contacts) and Sensitive Personal Information (Birthdates, Academic Grades, LRNs). All data is encrypted at rest and in transit via HTTPS.

2. AI & Data Anonymization

Our Smart Assessment features utilize third-party AI models. We implement a strict de-identification protocol: student names, LRNs, and specific identifiers are NEVER transmitted to AI sub-processors. AI prompts are limited to curriculum topics and general parameters provided by the teacher.

3. Third-Party Disclosures

TeachCRM does not sell or rent data. Data is shared only with infrastructure providers necessary for operation:

• Cloud Hosting: Render (Secured Servers).
• Payments: PayMongo (PCI-DSS Compliant).
• Authentication: Google OAuth (Secure Identity).

4. Security Breach Protocol

In the event of a suspected security incident, TeachCRM will notify the User (the PIC) within the timeframe mandated by the National Privacy Commission (NPC). It is the User's responsibility to further notify the affected data subjects (students/parents) in accordance with the law.

5. Exercise of Rights

Pursuant to RA 10173, students/parents wishing to exercise their "Right to Object" or "Right to Access" must contact the Teacher or School directly. TeachCRM will provide the technical tools for the User to fulfill these requests.