Privacy Notice

Privacy Policy

1. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed when you:

• visit our website, landing pages, or public-facing pages;
• register for a free trial, paid membership, or account;
• log in to the Barrister Portal or any protected area of the Services;
• access, purchase, download, receive, or use our flowcharts, study materials, digital resources, or future offerings;
• submit forms, payment proofs, screenshots, uploads, notes, inquiries, feedback, refund requests, account-adjustment requests, or support requests;
• communicate with us by email, website forms, chat, social media, or other channels;
• subscribe to updates, announcements, newsletters, or promotional communications;
• use our study tools, dashboards, quizzes, trackers, bookmarks, notes, or similar features; or
• otherwise interact with us in connection with the Services.

This Privacy Policy also applies to future products and features that are substantially related to our educational, review, training, subscription, digital content, productivity, and legal study ecosystem, unless a separate privacy policy or privacy notice is issued for a particular offering.

2. Personal Data We May Collect

Depending on how you use the Services, we may collect and process the following categories of personal data:

A. Identity and Account Information

• full name;
• username;
• email address;
• password and authentication credentials;
• membership level, account status, access level, and account history;
• profile details you choose to provide.

B. Contact Information

• email address;
• mobile number or other contact details, if you provide them;
• communication preferences.

C. Transaction and Payment Information

• selected plan, subscription, membership, upgrade, or product;
• payment method used;
• transaction reference number;
• payer name;
• amount paid;
• proof of payment, including uploaded screenshots or attachments;
• records relating to payment verification, activation, renewals, upgrades, refunds, reversals, proration, account adjustments, or disputes.

D. Website, Device, and Usage Information

• IP address;
• browser type and version;
• device type and operating system;
• referring pages and URLs;
• timestamps, login history, and session activity;
• page visits, clicks, feature usage, and dashboard activity;
• cookies, pixels, tags, local storage, and similar technologies.

E. User Submissions and Support Content

• messages, inquiries, support requests, feedback, complaint details, and refund or account-adjustment requests;
• attachments, files, notes, uploads, screenshots, and other information you voluntarily submit.

F. Compliance, Security, and Fraud-Prevention Information

• logs and records necessary for authentication, account protection, security monitoring, fraud prevention, dispute handling, legal compliance, enforcement of our rights, and investigation of possible misuse.

3. Sources of Personal Data

We may collect personal data from the following sources:

• Directly from you, when you register, log in, make a purchase, upload payment proof, submit a form, request support, request a refund or account adjustment, or otherwise interact with the Services;
• Automatically from your use of the Services, through logs, cookies, local storage, analytics, and similar technologies;
• From third parties acting on your instructions or in connection with the Services, such as payment processors, hosting providers, email service providers, analytics providers, and form or support tool providers;
• From lawful public or internal sources, where necessary for fraud prevention, account verification, payment verification, dispute handling, or legal compliance.

4. Purposes of Processing

We may process personal data for the following purposes:

A. To Provide the Services

• create and manage your account;
• authenticate logins and maintain secure sessions;
• grant access to free trials, memberships, subscriptions, downloads, dashboards, and protected content;
• provide the Barrister Portal, flowcharts, study tools, and related services;
• save or display account-based settings, progress, access status, or user-selected features where applicable.

B. To Process Purchases, Upgrades, Renewals, Refunds, and Account Adjustments

• process payments, payment confirmations, renewals, and upgrades;
• verify proof of payment and transaction details;
• activate, renew, downgrade, upgrade, suspend, or terminate membership or access levels;
• review refund, proration, account-adjustment, and dispute requests;
• administer subscriptions, product access, and related records.

C. To Communicate With You

• send account, service, billing, security, renewal, payment, refund, and policy notices;
• respond to inquiries, support requests, feedback, refund requests, account-adjustment requests, and complaints;
• send service announcements, updates, and promotional communications where permitted by law.

D. To Improve and Secure the Services

• monitor performance and usage;
• troubleshoot errors and maintain system integrity;
• detect, investigate, and prevent fraud, unauthorized access, payment abuse, account sharing, scraping, and other harmful activity;
• improve content, functionality, product offerings, and user experience.

E. To Comply With Legal and Regulatory Requirements

• comply with lawful orders, requests, subpoenas, and legal processes;
• establish, exercise, or defend legal claims;
• maintain records required for legal, accounting, tax, audit, regulatory, and compliance purposes.

Under the Data Privacy Act of 2012, processing must rest on a lawful basis. Depending on the activity, we may rely on consent, contract, legal obligation, protection of lawful rights and interests, legitimate interest, or other lawful grounds recognized by applicable law.

5. Lawful Bases for Processing

We may process your personal data on one or more of the following lawful bases:

A. Consent

We may process your personal data based on your consent where consent is required or chosen as the lawful basis, such as for certain optional communications, optional cookies, or specific uses that require your clear agreement.

Where we rely on consent, we aim to obtain it in a manner that is freely given, specific, informed, and evidenced by a clear affirmative act, consistent with applicable guidance. You may withdraw consent at any time, subject to legal and contractual limitations and the consequences of such withdrawal.

B. Contract or Steps at Your Request Before Entering Into a Contract

We process personal data where necessary to provide the Services you request, including account registration, account administration, access to memberships and digital products, payment verification, refund or account-adjustment review, and customer support.

C. Legal Obligation

We may process personal data where necessary to comply with legal, regulatory, tax, accounting, or governmental requirements.

D. Legitimate Interest

We may process personal data where necessary for our legitimate interests or those of a third party, such as for website and account security, fraud prevention, service improvement, internal administration, dispute handling, business continuity, and enforcement of our rights, provided those interests are not overridden by your fundamental rights and freedoms.

E. Other Lawful Grounds Recognized by Law

We may also process personal data on any other lawful basis recognized under the Data Privacy Act of 2012 and applicable regulations, including where necessary to establish, exercise, or defend legal claims.

6. Cookies and Similar Technologies

We may use cookies, web beacons, tags, scripts, local storage, pixels, and similar technologies to:

• keep you signed in;
• remember settings and preferences;
• analyze website traffic and feature usage;
• maintain security and detect abuse;
• improve functionality and user experience;
• support analytics, performance measurement, and communications.

Where required by law or appropriate under applicable guidance, we will seek consent before placing or using non-essential cookies or similar technologies. You may manage cookies through your browser settings, though doing so may affect the functionality of the Services.

7. Sharing and Disclosure of Personal Data

We do not sell personal data. We may share or disclose personal data only as reasonably necessary and subject to appropriate safeguards, including with the following:

A. Service Providers and Processors

We may share personal data with third-party providers that process data on our behalf, such as:

• website hosting providers;
• cloud storage providers;
• email delivery providers;
• payment processors or facilitators;
• form and support tool providers;
• analytics and security vendors;
• contractors, consultants, and professional advisers.

These parties may act as our personal information processors or service providers and are expected to process personal data only for authorized purposes and with appropriate safeguards.

B. Payment and Verification Channels

Where relevant, we may process, receive, or verify payment-related information through payment channels, facilitators, or manual verification workflows to confirm transactions, activate access, review upgrades, or process account-adjustment requests.

C. Legal and Regulatory Authorities

We may disclose personal data when required by law, court order, subpoena, lawful request, or where necessary to protect our rights, investigate fraud, enforce our terms, or comply with legal obligations.

D. Business Transfers

If we undergo a merger, acquisition, restructuring, sale of assets, or similar transaction, personal data may be transferred or disclosed as part of that process, subject to lawful handling and appropriate safeguards.

E. With Your Direction or Consent

We may share your personal data with third parties where you specifically direct, authorize, or consent to such sharing.

8. Cross-Border Processing and Storage

Some of our service providers, systems, plugins, platforms, or infrastructure may store or process personal data outside the Philippines. Where cross-border processing occurs, we will take reasonable and appropriate steps to ensure that personal data remains protected in a manner consistent with the Data Privacy Act of 2012, its Implementing Rules and Regulations, and applicable issuances.

Such steps may include contractual safeguards, access controls, vendor review, security controls, and other appropriate measures depending on the nature of the processing.

9. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, for the provision of the Services, for legal and regulatory compliance, for dispute resolution, for fraud prevention, for security, and for legitimate business purposes consistent with applicable law.

Retention periods may vary depending on the nature of the data and the purpose of processing. By way of example:

• account records may be retained while the account is active and for a reasonable period thereafter;
• transaction and payment records may be retained for accounting, reconciliation, audit, legal, tax, and fraud-prevention purposes;
• support records, refund requests, account-adjustment requests, and verification submissions may be retained to resolve issues, maintain service quality, and defend legal claims;
• logs and security records may be retained as necessary to protect the Services and investigate incidents;
• backups may persist for a limited period in accordance with operational backup schedules.

When personal data is no longer necessary, we will take reasonable steps to securely delete, anonymize, redact, or dispose of it, subject to technical, legal, and operational requirements.

10. Security Measures

We implement reasonable and appropriate organizational, physical, and technical security measures designed to protect personal data against accidental or unlawful destruction, alteration, disclosure, misuse, unauthorized access, and other unlawful processing.

These measures may include, where appropriate:

• access controls and role-based restrictions;
• authentication and password protections;
• secure hosting configurations;
• encryption or equivalent safeguards for data in transit and, where appropriate, at rest;
• monitoring, logs, and anomaly detection;
• internal confidentiality measures;
• vendor due diligence and contractual safeguards;
• backup, continuity, and recovery measures;
• secure disposal and deletion procedures;
• periodic review and improvement of safeguards.

No system can be guaranteed to be completely secure. You are also responsible for using strong passwords, keeping your login credentials confidential, protecting your devices, and promptly informing us of suspected unauthorized access.

11. Personal Data Breaches and Security Incidents

We maintain procedures for detecting, evaluating, containing, documenting, and responding to security incidents and personal data breaches.

Where a personal data breach occurs and notification is required by law, we will notify the National Privacy Commission and affected data subjects in accordance with applicable legal requirements.

12. Your Rights as a Data Subject

Subject to the Data Privacy Act of 2012, its Implementing Rules and Regulations, and applicable exceptions, you may have the following rights:

• the right to be informed;
• the right to access your personal data;
• the right to object to processing in certain circumstances;
• the right to correct inaccurate or incomplete personal data;
• the right to suspend, withdraw, or order the blocking, removal, or destruction of personal data in certain cases;
• the right to data portability, where applicable;
• the right to damages where authorized by law; and
• the right to lodge a complaint with the National Privacy Commission.

Where processing is based on consent, you may withdraw consent, subject to applicable limitations, legal requirements, contractual consequences, and the continued processing that may be necessary for legitimate, legal, accounting, security, or dispute-related purposes.

13. How to Exercise Your Privacy Rights

To exercise your rights as a data subject, request access or correction, withdraw consent where applicable, raise a privacy concern, or ask questions about this Privacy Policy, you may contact us through our designated privacy contact.

We may ask you to verify your identity and provide sufficient information to allow us to locate the relevant records and properly evaluate the request. We may decline, limit, or defer a request where allowed by law, such as where the request is manifestly unfounded, excessive, legally restricted, affects the rights of others, or conflicts with legal, security, accounting, fraud-prevention, or dispute-resolution obligations.

14. Marketing and Optional Communications

Where permitted by law, we may send newsletters, updates, product announcements, promotions, community updates, or other marketing communications. You may opt out of receiving promotional communications at any time by using the unsubscribe mechanism provided or by contacting us directly.

Service-related, transactional, and legally required communications may still be sent where necessary for account administration, security, billing, payment verification, refund or account-adjustment review, support, renewal, or compliance.

15. Minors

Our Services are generally intended for individuals who are legally capable of entering into the relevant arrangements or who are otherwise authorized to use the Services. If you are a minor, you should use the Services only with the consent and supervision of a parent, guardian, or legally authorized representative where required by law.

If we become aware that personal data has been collected from a minor in a manner inconsistent with applicable law or policy, we will take appropriate steps to address the matter.

16. User-Generated Content and Public Disclosures

If you voluntarily submit content, comments, uploads, messages, or materials in areas that may be shared with others, you understand that such information may become accessible to other users, administrators, moderators, service providers, or authorized viewers, depending on the nature of the feature.

Please avoid posting or uploading personal data that is unnecessary, excessive, confidential, sensitive, or that you do not wish to disclose.

17. Third-Party Links and Platforms

The Services may contain links to third-party websites, apps, services, payment channels, social platforms, embedded content, or external platforms. We do not control and are not responsible for the privacy, content, security, or data protection practices of such third parties.

Their own privacy policies, terms, and security practices will govern their processing activities.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, regulations, regulatory guidance, our products, our business practices, our technology, security needs, or our Services.

When material changes are made, we may take appropriate steps to inform users, such as by posting a notice on the website, updating the effective date or last updated date, or using other suitable means.

19. Additional Note on Current and Future Products

This Privacy Policy currently applies to our Barrister Portal, our flowcharts, our free-trial and paid membership systems, downloadable and digital study materials, support workflows, payment-verification workflows, refund or account-adjustment workflows, community-related forms, and other substantially related digital offerings we may launch in the future, unless a separate privacy notice is issued for a specific product or service.

20. Contact Us

For privacy-related questions, data subject requests, concerns, or complaints, you may contact us through our official privacy email at [email protected].

For general support, FAQs, account access concerns, payment-related questions, product guidance, or other non-privacy inquiries, please visit our Help Center.

This Privacy Policy should be read together with our Terms and Conditions, refund or account-adjustment rules, payment verification notices, and any product-specific privacy notices or disclosures shown at the time of registration, purchase, upgrade, submission, or use.