Privacy Policy

Last updated: February 2026

Philippine Data Privacy Act Compliance

T-Park is committed to protecting your personal data in accordance with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), and its Implementing Rules and Regulations (IRR). We are registered with the National Privacy Commission (NPC) as a Personal Information Controller (PIC).

1. Introduction

T-Park Technologies Inc. ("T-Park," "we," "us," or "our") operates the T-Park mobile application, website, and related services (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform.

We are committed to protecting your privacy and ensuring that your personal data is handled responsibly and in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as well as the issuances and circulars of the National Privacy Commission (NPC).

By accessing or using the Platform, you consent to the collection, use, and processing of your personal data as described in this Privacy Policy. If you do not agree with any part of this policy, please do not use the Platform. We encourage you to read this Privacy Policy carefully and contact our Data Protection Officer if you have any questions.

2. Data We Collect

We collect information that you provide directly, information generated through your use of the Platform, and information obtained from third-party sources. The types of data we collect include:

2.1 Information You Provide

  • Account information: Full name, email address, mobile phone number, and password when you register for an account
  • Profile information: Profile photo (optional) and account preferences
  • Vehicle information: License plate number, vehicle make, model, color, and type (sedan, SUV, motorcycle, etc.)
  • Facility information (Owners): Facility name, address, description, operating hours, photos, amenities, Bay configuration, Rate Plans, and business documents submitted for verification (business permits, proof of ownership or lease)
  • Payment information: Payment method details (e.g., GCash account, credit/debit card information). Note: Card details are processed by our PCI-DSS compliant payment partner and are not stored on our servers.
  • Communications: Messages sent through the Platform's support or dispute resolution system, feedback, and survey responses

2.2 Information Collected Automatically

  • Device information: Device type, operating system version, unique device identifiers, mobile network information, and app version
  • Usage data: Pages and screens viewed, features used, actions taken (searches, bookings, check-ins), time spent on the Platform, and interaction patterns
  • Location data: GPS coordinates, Wi-Fi access point data, and cell tower data when you grant location permission (see Section 9 for details)
  • Log data: IP address, browser type, access times, referring URLs, and error logs
  • Transaction data: Booking history, parking Session records, payment amounts, timestamps, and receipt information

2.3 Information from Third Parties

  • Payment processors: Transaction confirmation, payment status, and limited account details from GCash or card payment networks
  • Map services: Geographic data from Google Maps used for Facility location and navigation features
  • Analytics providers: Aggregated usage analytics and crash reports from services like Firebase

3. How We Use Your Data

We process your personal data for the following purposes:

3.1 Providing Our Services

  • Creating and managing your account
  • Processing parking Bookings, Reservations, and Sessions
  • Facilitating check-in and check-out via QR codes
  • Processing payments and generating digital receipts
  • Managing Parking Passes and subscriptions
  • Providing location-based Facility search and in-app navigation
  • Enabling Facility management tools for Owners (bay management, staff management, dashboards)
  • Handling disputes between Drivers and Facility Owners

3.2 Communication

  • Sending booking confirmations, check-in/check-out notifications, and session reminders
  • Alerting you about overstay warnings and grace period expiration
  • Sending Facility verification status updates to Owners
  • Responding to your support requests and dispute filings
  • Delivering service announcements, maintenance notices, and policy updates

3.3 Improvement and Analytics

  • Analyzing usage patterns to improve Platform features and user experience
  • Generating aggregated analytics for Facility Owners (occupancy trends, revenue reports, peak hours)
  • Conducting internal research to develop new features and services
  • Diagnosing technical issues, debugging, and improving Platform stability

3.4 Safety and Security

  • Detecting and preventing fraud, abuse, spam, and policy violations
  • Verifying user identity and Facility legitimacy
  • Enforcing our Terms of Service and protecting the rights and safety of our users
  • Complying with legal obligations, court orders, and regulatory requirements
  • Maintaining activity logs for security auditing and accountability

4. Legal Basis for Processing (RA 10173 Compliance)

Under the Data Privacy Act of 2012 (Republic Act No. 10173), we process your personal data based on the following lawful criteria:

Consent (Section 12(a) of the DPA)

You provide your consent when you create an account and agree to this Privacy Policy. For certain types of processing, such as location data collection and marketing communications, we obtain your explicit, informed consent. You may withdraw your consent at any time, though this may affect your ability to use certain Platform features.

Contractual Necessity (Section 12(b) of the DPA)

Processing your data is necessary to fulfill our contractual obligations to you, including processing Bookings, managing parking Sessions, facilitating payments, and providing the services you have requested through the Platform.

Legal Obligation (Section 12(c) of the DPA)

We process certain data to comply with our legal obligations under Philippine law, including tax reporting requirements (National Internal Revenue Code), anti-money laundering regulations (RA 9160), electronic commerce requirements (RA 8792), and requests from law enforcement or regulatory bodies.

Legitimate Interest (Section 12(f) of the DPA)

We process data based on our legitimate interest in operating and improving the Platform, preventing fraud and abuse, ensuring platform security, and providing aggregated analytics to Facility Owners. We ensure that our legitimate interests do not override your fundamental rights and freedoms.

4.1 Sensitive Personal Information

T-Park does not intentionally collect sensitive personal information as defined under Section 3(l) of the DPA, which includes information about an individual's race, ethnic origin, marital status, age, color, religious or political affiliations, health, education, genetic or sexual life, proceedings for any offense, government-issued identifiers (SSS, GSIS, TIN, etc.), or any information established by an executive order or act of Congress to be kept classified.

If we ever need to collect sensitive personal information (for example, PWD status for accessible parking verification), we will obtain your explicit consent and clearly explain the purpose of collection. Such information will be processed with the highest level of protection as required by the DPA.

5. Data Sharing

We do not sell your personal data. We share your information only in the following circumstances and only to the extent necessary:

5.1 With Facility Owners

When you make a Booking or park at a Facility, we share limited information with the Facility Owner to facilitate the parking service. This includes your name, vehicle details (plate number, make, model, type), booking details, and check-in/check-out times. We do not share your email address, phone number, or payment details with Facility Owners.

5.2 With Service Providers

We engage trusted third-party service providers who process data on our behalf, including:

  • Payment processors: GCash (G-Xchange Inc.) and card payment networks for processing transactions
  • Cloud hosting: For securely storing data and running our Platform infrastructure
  • Map services: Google Maps Platform for location search and navigation
  • Push notification services: Firebase Cloud Messaging for delivering app notifications
  • Analytics providers: For aggregated usage analytics and crash reporting
  • Email delivery services: For sending transactional emails (verification codes, receipts)

All service providers are contractually bound to process your data only for the purposes we specify, to maintain its confidentiality, and to implement appropriate security measures. We conduct due diligence on our service providers' data protection practices.

5.3 For Legal Reasons

We may disclose your personal data when required to do so by law, in response to valid legal processes (such as a court order or subpoena), or when we believe in good faith that disclosure is necessary to:

  • Comply with Philippine law or regulation
  • Respond to requests from the National Privacy Commission, law enforcement, or other government agencies
  • Protect the rights, property, or safety of T-Park, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy resulting from it. The acquiring entity will be bound by the same data protection obligations.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, and in accordance with the Data Privacy Act's proportionality principle. Our specific retention periods are as follows:

Data Type Retention Period
Account information Duration of account + 2 years after deletion
Booking & Session records 5 years from transaction date (tax compliance)
Payment records & receipts 10 years (BIR record-keeping requirement)
Vehicle information Duration of account + 1 year after deletion
Location data (raw GPS) 90 days (then aggregated/anonymized)
Usage logs & analytics 2 years (then aggregated/anonymized)
Support communications & disputes 3 years from resolution date
Facility verification documents Duration of listing + 3 years after removal
Activity logs (security audit) 5 years

When the retention period expires, your personal data is securely deleted or anonymized so that it can no longer be associated with you. Anonymized data may be retained indefinitely for statistical and analytical purposes. If you request deletion of your account, we will delete your personal data within thirty (30) days, except for data we are required to retain by law.

7. Your Rights Under RA 10173

As a data subject under the Data Privacy Act of 2012, you have the following rights regarding your personal data. You may exercise these rights by contacting our Data Protection Officer (see Section 14).

Right to Be Informed (Section 16(a))

You have the right to be informed of the collection and processing of your personal data, including the purpose, scope, and method of processing; the recipients or classes of recipients to whom your data may be disclosed; the methods utilized for automated access; the identity and contact details of the Personal Information Controller (PIC) and our Data Protection Officer; and the existence of your rights as a data subject.

Right to Access (Section 16(b))

You have the right to reasonable access to your personal data held by T-Park. Upon request, we will provide you with the contents of your personal data that were processed, the sources from which it was obtained, the names and addresses of recipients, the manner by which such data were processed, the reasons for the disclosure to recipients (if any), information on automated processes where the data will or is likely to be made as the sole basis for any decision that significantly affects you, and the date when your personal data was last accessed or modified.

Right to Correction (Section 16(c))

You have the right to dispute and request correction of any inaccuracy or error in your personal data. T-Park shall correct the data immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal data has been previously disclosed to a third party, we will ensure that the corrected information is communicated to the relevant recipients.

Right to Erasure or Blocking (Section 16(d))

You have the right to request the suspension, withdrawal, blocking, removal, or destruction of your personal data from our filing system. This right applies when: (a) your personal data is incomplete, outdated, false, or unlawfully obtained; (b) it is being used for a purpose not authorized by you; (c) it is no longer necessary for the purpose for which it was collected; (d) you withdraw your consent and there is no other legal ground for processing; or (e) it concerns prejudicial data whose accuracy is contested and processing is restricted.

Right to Data Portability (Section 18)

You have the right to obtain your personal data from T-Park in a structured, commonly used, and machine-readable format (such as JSON or CSV). This includes data you provided to us, as well as data generated through your use of the Platform. You may request that we transmit this data directly to another Personal Information Controller, where technically feasible.

Right to Object (Section 16(e))

You have the right to object to the processing of your personal data, including processing for direct marketing, automated processing, or profiling. When you object, T-Park will no longer process the data, unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is needed for the establishment, exercise, or defense of legal claims.

Right to File a Complaint (Section 16(f))

If you believe that your personal data has been misused, maliciously disclosed, or improperly disposed of, or that any of your data privacy rights have been violated, you have the right to file a complaint with the National Privacy Commission (NPC). You may also file a complaint with T-Park directly through our Data Protection Officer, and we will investigate and respond within fifteen (15) business days.

Right to Damages (Section 16(g))

You are entitled to compensation if you have suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your rights and freedoms as a data subject.

We will respond to all valid data subject requests within fifteen (15) business days of receipt. In certain circumstances, we may need to verify your identity before processing your request. There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.

8. Cookies & Tracking

Our mobile application does not use browser cookies. However, our website and web-based admin dashboard may use cookies and similar tracking technologies. Here is how we use them:

8.1 Essential Cookies

These cookies are strictly necessary for the operation of our website and admin dashboard. They include session cookies for authentication and CSRF (Cross-Site Request Forgery) protection tokens. You cannot opt out of these cookies as the website will not function properly without them.

8.2 Analytics Cookies

We may use analytics cookies to understand how visitors interact with our website. These cookies collect information in an aggregated form, including the number of visitors, the pages they visited, and their source. We use this information to improve our website. You may opt out of analytics cookies through your browser settings.

8.3 Mobile App Tracking

Our mobile application may use device identifiers and Firebase Analytics for crash reporting and usage analytics. This data is collected in accordance with the permissions you grant on your device. You can control tracking permissions through your device's operating system settings (Android: Settings > Privacy; iOS: Settings > Privacy & Security > Tracking).

9. Location Data

Location data is central to the T-Park parking experience. Here is how we handle it:

9.1 Why We Collect Location Data

  • To show you nearby parking Facilities on the map
  • To calculate distances between your location and Facilities
  • To provide turn-by-turn navigation to your selected Facility
  • To verify that you are at or near a Facility when checking in
  • To enable real-time tracking during active navigation sessions

9.2 How Location Access Works

The T-Park app requests your device's location permission before collecting any location data. You can grant or deny this permission, and you can change your preference at any time in your device settings. The app functions with limited capability without location access -- you can still browse Facilities by searching for an address, but map-based search and navigation will be unavailable.

9.3 Location Data Retention

Raw GPS coordinates collected during your use of the Platform are retained for a maximum of ninety (90) days. After this period, location data is aggregated and anonymized for analytical purposes (e.g., understanding popular search areas or peak traffic zones). Anonymized location data cannot be traced back to you.

9.4 Background Location

T-Park may request background location access only during active navigation sessions (when you are being guided to a Facility). Background location is not collected at any other time. You will be clearly informed when background location tracking is active through a persistent notification on your device. You can stop background location tracking at any time by ending the navigation session.

10. Children's Privacy

T-Park is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal data from minors. If you are a parent or guardian and believe that your child has provided personal data to T-Park without your consent, please contact our Data Protection Officer immediately.

If we become aware that we have collected personal data from a minor without verified parental consent, we will take steps to delete that information from our servers as promptly as possible. In accordance with the DPA and the Cybercrime Prevention Act (RA 10175), we take the protection of minors' data seriously and implement additional safeguards where necessary.

11. Data Security

T-Park implements organizational, physical, and technical security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

11.1 Technical Measures

  • Encryption in transit: All data transmitted between the app and our servers is encrypted using TLS 1.2 or higher (HTTPS)
  • Encryption at rest: Sensitive data stored in our databases is encrypted using industry-standard encryption algorithms
  • Authentication: Token-based authentication (Laravel Sanctum) with secure token generation and automatic expiration
  • Password security: Passwords are hashed using bcrypt with a cost factor of 12 and are never stored in plain text
  • API rate limiting: Protects against brute-force attacks and abuse
  • Input validation: All user inputs are validated and sanitized to prevent SQL injection, XSS, and other common attacks
  • CSRF protection: Cross-site request forgery tokens on all form submissions

11.2 Organizational Measures

  • Access to personal data is restricted to authorized personnel on a need-to-know basis
  • Regular security training for all employees who handle personal data
  • Data processing agreements with all third-party service providers
  • Regular security assessments and vulnerability scanning
  • Incident response procedures for data breach detection and notification

11.3 Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, T-Park will notify the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach, as required by NPC Circular 16-03. We will also notify affected data subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms. The notification will include the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address the breach.

12. International Data Transfers

T-Park primarily stores and processes your personal data within the Philippines. However, some of our third-party service providers (such as cloud hosting, payment processors, and analytics services) may process data in locations outside the Philippines.

When your personal data is transferred outside the Philippines, we ensure that adequate safeguards are in place in accordance with Section 21 of the DPA and NPC Circular 2022-01, including:

  • Verifying that the recipient country has adequate data protection laws recognized by the NPC
  • Entering into data processing agreements that include standard contractual clauses ensuring data protection
  • Ensuring the service provider is bound by corporate rules or codes of conduct approved by a competent authority
  • Obtaining your consent for the transfer where required

You may contact our Data Protection Officer to obtain a list of countries where your data may be processed and the specific safeguards in place for each transfer.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:

  • The "Last updated" date at the top of this page will be revised
  • For significant changes, we will provide prominent notice through the Platform (e.g., an in-app notification or banner on our website)
  • For material changes that affect how we process your personal data, we will notify you via the email address associated with your account at least fifteen (15) days before the changes take effect
  • Where required by law, we will obtain your consent to any material changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes are posted constitutes your acceptance of the revised Privacy Policy. Previous versions of this Privacy Policy are available upon request from our Data Protection Officer.

14. Contact Our Data Protection Officer

T-Park has designated a Data Protection Officer (DPO) to oversee our compliance with the Data Privacy Act of 2012 and to serve as your point of contact for all data privacy concerns. If you wish to exercise any of your rights as a data subject, have questions about this Privacy Policy, or need to report a data privacy concern, please reach out through any of the following channels:

Data Protection Officer
T-Park Technologies Inc.
Email
dpo@T-Park.com
Office Address
Metro Manila, Philippines
General Support
support@T-Park.com

National Privacy Commission

If you are not satisfied with our response or handling of your data privacy concern, you may file a complaint directly with the National Privacy Commission (NPC):

  • Website: www.privacy.gov.ph
  • Email: complaints@privacy.gov.ph
  • Hotline: (02) 8234-2228
  • Address: 5th Floor, Delegation Building, PICC Complex, Roxas Boulevard, Pasay City 1307, Philippines

By using T-Park, you acknowledge that you have read, understood, and consent to the collection and processing of your personal data as described in this Privacy Policy.