This deployment is operated by the organization operating this JuanResponse deployment. For privacy questions, correction or removal requests, or data-subject rights requests, contact the current incident command or moderation team. Deployment operators should replace this with the actual Personal Information Controller, Data Protection Officer, or Compliance Officer for Privacy before public launch.

• Reports and offers: type of help, category, urgency, title, description, barangay or area, optional exact location, photos, and optional contact name or phone.
• Accounts and responder access: name, phone, password credentials, role, organization details when provided, incident membership, claim and moderation actions, and security logs.
• Resource directory updates: resource names, status, capacity, occupancy, barangay or area, address, public contact details, and notes intended for public coordination.
• Technical data: timestamps, device/browser data, IP-derived request logs, upload metadata, abuse reports, and operational security logs.

We process data to publish situational reports, match needs with offers and responders, verify and moderate reports, prevent fraud or abuse, manage responder access, protect life and safety during incidents, comply with legal obligations, and maintain incident accountability records.

Depending on the context, processing may rely on consent, account or service necessity, legitimate interests in safety and security, vital interests involving life or health, public safety or emergency response, legal obligation, or other lawful bases under Republic Act No. 10173 and National Privacy Commission issuances. Sensitive personal information is handled only where necessary and with additional safeguards.

• Public views may show report titles, descriptions, categories, urgency, status, photos, barangay or approximate map locations, and resource directory addresses, contacts, and availability notes.
• Restricted fields include report contacts, exact report locations, responder notes, verification records, and security or audit logs.
• Trusted responders and incident staff may access restricted fields only when needed for response, verification, safety, moderation, or incident operations.

Public users see only public fields. Trusted responders, moderators, incident staff, LGUs, emergency services, hospitals, shelters, NGOs, or other response partners may receive data when needed for safety or response. Hosting, database, object storage, map, and support providers may process data under appropriate confidentiality and security expectations.

Public maps should use approximate report locations. Exact coordinates, if submitted, are restricted to authorized response roles. Upload only media that is necessary for response or verification. Avoid IDs, graphic images, children's private details, exact home addresses, diagnoses, or private family information unless urgently necessary for safety.

Data should be kept only while useful for response, safety follow-up, moderation, legal obligations, security, audit, or accountability. Operators should review public reports, uploads, contact details, and logs after incident closure and delete, anonymize, or archive them according to a documented retention schedule.

Data subjects may have rights to be informed, access their personal data, request correction, object or withdraw consent where applicable, request erasure or blocking, request portability where applicable, claim damages, and file a complaint with the National Privacy Commission. Parents, guardians, heirs, or authorized representatives may exercise rights for minors, incapacitated persons, or deceased persons when allowed by law.

Operators should use least-privilege access, role-based controls, trusted responder vetting, confidentiality expectations, secure transport, monitoring, and incident-response procedures. If a personal data breach is suspected, operators should contain the issue, preserve evidence, assess risk, and notify affected data subjects and the National Privacy Commission when required.

This Privacy Policy may be updated as the incident, deployment, or law changes. Significant changes should be communicated in the app or through the current incident communication channels.