Privacy Policy
Last updated: December 30, 2025
1. Introduction
CPA Review PH ("Platform", "Service", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.
This Platform involves two distinct entities with different roles in data processing:
- IOL Inc. - Technical platform developer and host. IOL Inc. provides the software infrastructure, hosting services, and technical support for the Platform. IOL Inc. processes data as a data processor on behalf of 1Punch Inc.
- 1Punch Inc. - Business operator and data controller. 1Punch Inc. operates the CPA Review PH service, handles subscriptions, customer relationships, and makes decisions about data processing.
2. Information We Collect
2.1 Information You Provide
We collect information you voluntarily provide when you:
- Create an account: Name, email address, password, phone number
- Complete your profile: Date of birth, gender, address (province, city, barangay, street address, postal code)
- Provide educational background: School name, course/program, year level (for students)
- Subscribe to services: Payment information, proof of payment for bank transfers
- Use the AI Tutor: Questions, conversations, and interactions with our AI system
- Contact support: Communications, feedback, and support requests
2.2 Information Collected Automatically
When you use our Platform, we automatically collect:
- Device information: Browser type, operating system, device type (used for account security and device verification)
- Usage data: Practice session results, mock exam scores, study progress, feature usage patterns
- Session information: Login timestamps, session duration, active sessions (for enforcing concurrent session limits)
- Log data: IP addresses, access times, pages viewed, error logs
2.3 Referral Information
If you were referred by another user, we record the referral code used during your registration to track referral commissions.
3. How We Use Your Information
3.1 Service Provision (1Punch Inc. & IOL Inc.)
- To create and manage your account
- To provide access to study materials, practice questions, and mock exams
- To power the AI Tutor with relevant context from your subscribed subjects
- To track your learning progress and generate performance analytics
- To process payments and manage subscriptions
- To send transactional emails (subscription confirmations, receipts)
3.2 Account Security (IOL Inc.)
- To verify your identity through email verification and device OTP
- To manage trusted devices and active sessions
- To detect and prevent account sharing through device fingerprinting
- To enforce concurrent session limits (maximum 2 sessions per account)
3.3 Communications (1Punch Inc.)
- To send subscription confirmations and payment receipts
- To notify you of referral sign-ups and confirmed commissions
- To send service updates and important announcements
- To respond to support inquiries
3.4 Platform Improvement (IOL Inc.)
- To analyze usage patterns and improve Platform features
- To monitor and improve AI Tutor responses
- To fix bugs and optimize performance
- To develop new features based on user needs
4. Data Sharing
4.1 Between Service Entities
Data flows between entities:
- IOL Inc. ↔ 1Punch Inc.: All user data for platform operation (IOL Inc. acts as data processor)
4.2 Third-Party Service Providers
We share data with the following third-party services:
- Anthropic (Claude AI): AI conversation content for generating tutor responses. See Anthropic's Privacy Policy.
- PayMongo: Payment processing for credit cards, e-wallets, and online payments. See PayMongo's Privacy Policy.
- Mailjet: Email delivery for transactional and notification emails. See Mailjet's Privacy Policy.
- Sentry: Error monitoring and performance tracking for platform stability. See Sentry's Privacy Policy.
- Cloudflare R2: Secure storage for study materials and backups.
4.3 Legal Requirements
We may disclose your information when required to:
- Comply with applicable laws or legal processes
- Respond to lawful requests from public authorities
- Protect the rights, property, or safety of our users or others
- Enforce our Terms and Conditions
5. Data Security
5.1 Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encrypted data transmission using HTTPS/TLS
- Secure password hashing using industry-standard algorithms
- JWT-based authentication with secure HTTP-only cookies
- Device verification and OTP for new device logins
- Session management with concurrent session limits
- Regular database backups with encrypted storage
- Access controls and audit logging for administrative actions
5.2 Data Retention
- Account data: Retained while your account is active and for 5 years after deletion
- Study progress: Retained with your account for continuous learning tracking
- AI conversations: Retained for service improvement and context continuity
- Payment records: Retained for 10 years as required by Philippine tax regulations
- Session/device data: Active sessions expire after 30 days; trusted devices after 30 days of inactivity
6. Your Rights
Under the Philippine Data Privacy Act of 2012 (RA 10173), you have the right to:
- Access: Request a copy of your personal data we hold
- Correction: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your data (subject to legal retention requirements)
- Object: Object to processing of your data for certain purposes
- Data Portability: Request your data in a structured, commonly used format
- Withdraw Consent: Withdraw consent for optional data processing
To exercise these rights, contact us at 1punchinc@gmail.com. We will respond to requests within 30 days. Note that some data may be retained for legal compliance or legitimate business purposes.
7. Cookies and Tracking
We use cookies and similar technologies for:
- Essential cookies: Authentication tokens (required for login functionality)
- Preference cookies: UI preferences and settings
- Analytics: Anonymous usage statistics to improve the Platform
You can manage cookie preferences through your browser settings. Disabling essential cookies will prevent you from using the Platform.
8. Children's Privacy
Our Platform is intended for users 16 years of age and older. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information.
9. International Data Transfers
Your data may be processed in countries outside the Philippines where our service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with Philippine data protection laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the "Last updated" date. We encourage you to review this policy periodically.
11. Contact Information
Data Controller
1Punch Inc.
Email: 1punchinc@gmail.com
Phone: (074) 665-6024
Mobile: 0926-910-8482
Facebook: 1Punch Inc.
Technical Platform Provider
IOL Inc.
Website: www.iol.ph
Data Privacy Inquiries
For data privacy concerns or to exercise your rights under the Data Privacy Act, please email: 1punchinc@gmail.com with the subject line "Data Privacy Request".
12. Regulatory Compliance
This Privacy Policy is designed to comply with the Philippine Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations. 1Punch Inc., as the data controller, is registered with the National Privacy Commission (NPC) as required by law.