Privacy Policy

This Privacy Policy describes how Symph Reseller Management ("we," "us," or "our") collects, uses, and protects your personal information in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

1. Information We Collect

We collect the following types of personal information:

• Contact Information: Name, email address, mobile number, and business contact details
• Account Information: Username, password, account preferences, and role assignments
• Billing Information: Subscription plan details, invoices, and payment method metadata (processed securely through third-party payment processors)
• Reseller Operations Data: Customer records, reseller accounts, product catalogs, transactions, and entitlement status that you manage within the platform
• Google OAuth & Cloud Channel Data: Google account identifiers, reseller accounts, customer accounts, entitlements, and user directory data accessed via the Google Cloud Channel API to sync and manage subscriptions on your behalf
• Technical Information: IP address, browser type, device information, cookies, and usage data
• Communications: Any information you provide when contacting customer support

2. Legal Basis and Purpose for Processing

We process your personal information for the following lawful purposes:

• Contract Performance: To deliver reseller management features, provisioning workflows, and subscription lifecycle support
• Consent: For marketing communications and optional integrations (you may withdraw consent at any time)
• Legitimate Interest: To improve our services, prevent fraud, and ensure platform security
• Legal Compliance: To comply with Philippine laws and regulations

3. How We Use Your Information

We use your personal information to:

• Provision and manage reseller customer accounts, entitlements, and subscriptions
• Sync reseller account data with Google Cloud Channel and related services
• Manage your account, roles, and administrative permissions
• Process payments securely through authorized payment processors
• Send billing updates, service notifications, and operational alerts
• Improve our products, services, and user experience
• Send promotional materials (only with your consent, which you may withdraw anytime)
• Prevent fraud and ensure platform security
• Comply with legal obligations and regulatory requirements

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service Providers: Third-party vendors who assist with hosting, analytics, support, payment processing, and platform operations (under strict data protection agreements)
• Google APIs: Google Cloud Channel and OAuth services to sync reseller account data and manage subscriptions as authorized by you
• Payment Processors: Authorized payment gateways to process your transactions securely
• Legal Authorities: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notification to affected users)

All third-party service providers are required to maintain the confidentiality and security of your personal information.

5. Data Security

We implement organizational, physical, and technical security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Employee training on data privacy and security

While we strive to protect your personal information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When your information is no longer needed, we will securely delete or anonymize it.

7. Google API Data Access and Limited Use

This application uses Google APIs to access user data. We use the Cloud Channel API (apps.order) and the Directory API to sync reseller subscriptions, manage customer entitlements, and verify directory users you authorize within your reseller account.

Symph Reseller Management's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In practice, this means we:

• Access only the Google data needed to provide the reseller management features you request
• Use Google data only to provide and improve the requested features and support workflows
• Do not sell Google user data or use it for advertising
• Do not allow human access to Google user data unless necessary for support, security, or compliance and with your explicit consent
• Store Google OAuth tokens securely and revoke access when you disconnect your account

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and deliver personalized content. You can control cookie settings through your browser preferences. Note that disabling cookies may affect certain features of our service.

9. Your Rights Under the Data Privacy Act

As a data subject under the Data Privacy Act of 2012, you have the following rights:

• Right to be Informed: You have the right to be informed about the collection and processing of your personal data
• Right to Access: You may request access to your personal information we hold
• Right to Object: You may object to the processing of your personal data
• Right to Erasure or Blocking: You may request deletion or blocking of your personal information under certain circumstances
• Right to Rectification: You may request correction of inaccurate or incomplete personal data
• Right to Data Portability: You may request a copy of your personal data in a structured, commonly used format
• Right to File a Complaint: You may file a complaint with the National Privacy Commission if you believe your rights have been violated
• Right to Damages: You may claim compensation for damages sustained due to inaccurate, incomplete, or unlawful processing of your personal data

To exercise these rights, please contact us at privacy@reseller.symph.co or support@reseller.symph.co. We will respond to your request within fifteen (15) days as required by law.

10. Children's Privacy

Our service is not intended for use by children under the age of 18 without parental consent. We do not knowingly collect personal information from children under 18 without proper parental or guardian authorization.

11. International Data Transfers

Your personal information is primarily stored and processed within the Philippines. If we transfer data internationally, we will ensure appropriate safeguards are in place as required by the Data Privacy Act.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the effective date below. Your continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.

13. Data Storage and Retention

We store data in secure, access-controlled systems hosted by approved cloud providers. Retention periods vary based on the data type and legal requirements:

• Account and reseller records: Retained for the life of your account and up to 7 years after closure to meet financial and audit obligations
• Billing and transaction records: Retained for 7 years to comply with tax and accounting requirements
• Google Cloud Channel data snapshots: Retained for up to 24 months for reconciliation, reporting, and support
• Directory user data: Cached for up to 30 days to reduce repeated directory lookups and removed when no longer needed
• Support communications: Retained for up to 3 years to improve support quality and resolve disputes
• Logs and security events: Retained for up to 12 months for security monitoring and incident response

You may request deletion of your data. We will honor deletion requests unless we must retain information to comply with legal obligations or resolve disputes.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

You may also file a complaint with the National Privacy Commission: