How Bantay handles personal data.

Plain-language summary

• Search is open and does not require login or signup.
• Report intake currently uses Google sign-in, abuse checks, and at least one proof file before manual review.
• Public search is limited to reviewed summaries, signal counts, evidence counts, recency, channel, and incident type.
• Reporter identity, contact numbers, uploaded evidence, internal notes, and audit logs stay private.

Controller and contact

Bantay Verify acts as the personal information controller for the workflows described on this page. Privacy requests, correction requests, and security notices may currently be sent to support@bantayverify.com.

Bantay's formal DPO designation and dedicated DPO mailbox are separate launch tasks tracked in the internal compliance pack. Until those are completed, this general support mailbox is the published privacy contact.

Bantay is operated for the Philippine market and is designed around the Data Privacy Act of 2012, related NPC issuances, and the principle that public results are reviewed risk signals rather than legal judgments.

Personal data Bantay processes

• Search-abuse and rate-limit records such as hashed client keys, query kind, query fingerprint, result risk level, and timestamps.
• Report intake data such as the identifier being reported, incident type, channel, amount, summary, happened-at date, sign-in provider, reporter label, reporter contact number, and verification level.
• Private evidence uploads such as screenshots, receipts, chat images, and PDF files, together with file names, MIME types, sizes, and storage paths.
• Appeal data such as contact email, appeal reason, review notes, status history, and linked report references.
• Internal moderation and security logs such as admin email, action type, target record, action metadata, and timestamps.

Purposes and lawful bases

• To receive, verify, moderate, and follow up on reports and evidence submitted through the service. Depending on the workflow, Bantay relies on the user's request or consent, Bantay's legitimate interests in operating the review service, and where necessary the establishment, exercise, or defense of legal claims.
• To operate the public search experience using reviewed-only signals and summaries rather than raw accusations or raw evidence files. Bantay relies on legitimate interests in fraud-risk review and public-safety signaling, subject to moderation safeguards.
• To receive and resolve correction requests, recycled-number claims, and other appeals. Bantay relies on data subject requests, legitimate interests, and where necessary lawful claims handling.
• To secure the service through rate limiting, Turnstile checks, allowlisted admin access, and audit logging. Bantay relies on legitimate interests in abuse prevention and system security.
• To comply with lawful orders, subpoenas, regulatory requests, or other legal obligations when Bantay is required to disclose or preserve records.

Bantay does not ask users to upload passwords, OTPs, or unrelated third-party government IDs. Users should not upload unnecessary sensitive personal information.

What Bantay makes public and what stays private

• Public search may show reviewed signal counts, recency, channel, incident type, evidence count, and a short fact-first public summary.
• Bantay does not publish uploaded evidence files, reporter identity hashes, reporter contact numbers, internal review notes, admin audit trails, or appeal correspondence in public search.
• Reports are not published automatically. Human review is required before a public signal can appear.

Recipients, processors, and transfers

Bantay limits access to moderators and operators with a need to know. Personal data may also be processed by service providers used for hosting, storage, authentication, bot protection, and analytics. Based on the current stack, this can include Supabase, Vercel, Cloudflare Turnstile, and PostHog, depending on the production setup.

Some providers may process or store data outside the Philippines. Bantay's operational baseline is to use contractual, organizational, and technical safeguards when cross-border processing is involved and to disclose data externally only when operationally necessary, legally required, or needed to defend lawful claims.

Retention baseline

Bantay applies a need-based retention approach and may keep data longer when required for legal claims, abuse investigations, or regulatory compliance. The current operational baseline is:

• Search logs and daily rate-limit counters: generally up to 30 days.
• Admin login attempts: generally up to 90 days.
• Pending, duplicate, rejected, or abandoned report intake records and their associated evidence: generally up to 180 days after final closure.
• Approved or resolved reports, linked appeals, evidence tied to those reports, and admin audit records: while the case is active and generally up to 2 years after final closure.

Automated decision-making

Bantay does not use fully automated decision-making to publish a public signal. Search responses use reviewed records and cached snapshots, but release decisions remain subject to human moderation.

Data subject rights

Subject to Philippine law and applicable exceptions, data subjects may request to be informed, access, correct, object, erase or block data, seek damages, lodge a complaint with the NPC, and request portability where applicable.

Requests may be sent to support@bantayverify.com. Bantay may ask for enough information to verify identity, confirm the record involved, and protect other users' privacy and security.

Some rights may be limited where records are needed for fraud review, security incidents, legal claims, or investigations, as allowed by law.

Security and breach response

Bantay's current controls include private evidence storage, signed URLs for file access, allowlisted admin access, audit logging, rate limiting, and bot checks on abuse-sensitive forms.

If Bantay reasonably believes a personal data breach has occurred and notification is required under Philippine law, Bantay's operational baseline is to investigate, contain, preserve evidence, and notify the NPC and affected data subjects using the required channels and timelines.