Privacy Policy

Last updated: March 18, 2026

1. Introduction

OSINT.PH is a product of Protectiv IT Security Inc (“Protectiv,” “we,” “us,” or “our”). We are committed to protecting the privacy of our users in accordance with Republic Act No. 10173, also known as the Data Privacy Act of 2012, its Implementing Rules and Regulations, and all applicable issuances of the National Privacy Commission. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our platform.

2. Data Controller

Protectiv IT Security Inc, through OSINT.PH, acts as the Personal Information Controller as defined under Section 3(h) of the Data Privacy Act of 2012. For inquiries regarding your personal data, you may contact our Data Protection Officer at privacy@protectiv.ph.

3. Personal Information Collected

We collect personal information in accordance with the principles of transparency, legitimate purpose, and proportionality as required by Section 11 of the Data Privacy Act of 2012. The personal information we collect includes:

  • Account Information: Name and email address upon registration (we use passwordless authentication and do not collect or store passwords)
  • Billing Information: Payment details processed through Polar.sh, our Merchant of Record; we do not directly collect or store payment card numbers
  • Usage Data: Search types and timestamps (actual search queries are not stored)
  • Technical Data: IP address, browser type, operating system, device identifiers, and access logs
  • Communication Data: Messages or inquiries submitted through support channels

4. Legal Basis for Processing

We process your personal information based on the following criteria under Section 12 of the Data Privacy Act of 2012:

  • Consent: You provide consent upon creating an account and accepting these terms
  • Contractual Necessity: Processing is necessary to fulfill our service agreement with you
  • Legitimate Interest: Platform security, abuse prevention, fraud detection, and service improvement
  • Legal Obligation: Compliance with lawful court orders, National Privacy Commission directives, and other regulatory requirements

5. Purpose of Data Processing

Your personal information is processed for the following purposes:

  • Providing and maintaining the OSINT.PH platform
  • Authenticating users and managing accounts
  • Processing payments and managing subscriptions
  • Logging search activity for compliance, audit, and abuse prevention
  • Responding to law enforcement requests and legal processes
  • Improving platform performance and user experience
  • Communicating service updates, security notices, and billing notifications

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with the following parties under the conditions outlined below:

  • Merchant of Record: Polar.sh, for processing subscription payments, billing, and tax compliance
  • Infrastructure Providers: Cloud hosting and infrastructure services necessary to operate the platform
  • Law Enforcement: When required by a valid court order, subpoena, or lawful directive from a competent authority in the Philippines
  • National Privacy Commission: In response to National Privacy Commission orders or investigations

All third-party service providers who process personal data on our behalf are bound by data sharing agreements as required under National Privacy Commission Circular No. 2016-02.

7. Data Storage and Security

We implement reasonable and appropriate organizational, physical, and technical security measures as required by Section 20 of the Data Privacy Act of 2012 to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS) and at rest
  • Passwordless authentication to eliminate credential-based attacks
  • Role-based access controls for internal systems
  • Regular security audits and vulnerability assessments
  • Automated intrusion detection and monitoring

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with Section 11(e) of the Data Privacy Act of 2012:

  • Account Data: Retained for up to three hundred sixty-five (365) days after account deletion or last activity
  • Search Data: Search metadata (type, timestamp, hit/miss counts) is retained for up to ninety (90) days for compliance and audit purposes. Actual search queries are not stored. Search results are ephemeral and automatically deleted within two (2) minutes of completion
  • Billing Records: Retained as required by applicable tax and financial regulations
  • Technical Logs: Retained for up to ninety (90) days for security monitoring

Upon expiration of the retention period, personal data is securely deleted or anonymized in accordance with National Privacy Commission guidelines.

9. Your Rights as a Data Subject

Under Sections 16 to 18 of the Data Privacy Act of 2012, you have the following rights:

  • Right to be Informed: You have the right to be informed of the collection and processing of your personal data
  • Right to Access: You may request access to your personal data held by OSINT.PH, including the manner in which it was processed
  • Right to Rectification: You may request correction of inaccurate or incomplete personal data
  • Right to Erasure or Blocking: You may request the removal or blocking of your personal data from our systems, subject to legal retention requirements
  • Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format
  • Right to Object: You may object to the processing of your personal data, including processing for direct marketing
  • Right to File a Complaint: You may file a complaint with the National Privacy Commission if you believe your data privacy rights have been violated
  • Right to Damages: You may claim compensation for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data

To exercise any of these rights, contact our Data Protection Officer at privacy@protectiv.ph. We will respond to your request within thirty (30) days.

10. Cross-Border Data Transfers

OSINT.PH may store and process data using infrastructure located outside of the Philippines. In such cases, we ensure that adequate safeguards are in place as required by Section 21 of the Data Privacy Act of 2012 and National Privacy Commission Circular No. 2016-02. We only transfer data to jurisdictions that maintain adequate levels of data protection or where appropriate contractual safeguards are in place.

11. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. We may also use analytics to understand platform usage patterns. We do not use cookies for targeted advertising.

  • Essential Cookies: Required for platform functionality (session, authentication)
  • Analytics: Aggregated, anonymized usage statistics for service improvement

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, OSINT.PH will notify the National Privacy Commission and affected data subjects within seventy-two (72) hours of becoming aware of the breach, in accordance with National Privacy Commission Circular No. 2016-03 and Section 20(f) of the Data Privacy Act of 2012. The notification will include the nature of the breach, personal data potentially affected, measures taken to address the breach, and recommendations to mitigate potential harm.

13. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected personal data from a minor, we will take steps to delete such data promptly, in accordance with the special protection afforded to minors under the Data Privacy Act of 2012.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Material changes will be communicated through the platform or via email. Continued use of the Service after changes constitutes acceptance of the revised policy.

15. Contact and Complaints

For questions, concerns, or to exercise your data privacy rights, contact the Data Protection Officer of Protectiv IT Security Inc:

If you believe your data privacy rights have been violated, you may file a complaint with the National Privacy Commission: