Data Protection & Security
How E-Rat protects your data in compliance with Philippine laws
Last Updated: December 29, 2025
E-Rat is fully compliant with Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA). We adhere to the principles of transparency, legitimate purpose, and proportionality in processing personal data.
Registration Status
E-Rat is registered with the National Privacy Commission (NPC) as a Personal Information Controller (PIC).
Data Protection Officer
Appointed DPO ensures compliance with DPA and handles data subject requests.
Infrastructure Security
- •Cloud Infrastructure: Hosted on Vercel with global CDN for optimal performance and security
- •Database Security: Supabase PostgreSQL with encryption at rest and in transit
- •DDoS Protection: Enterprise-grade DDoS mitigation and rate limiting
- •Backup & Recovery: Automated daily backups with point-in-time recovery
Encryption & Authentication
- •TLS 1.3: All data transmitted over HTTPS with modern encryption standards
- •AES-256: Data at rest encrypted using industry-standard algorithms
- •Multi-Factor Authentication: Required for all accounts with sensitive data
- •Password Hashing: Bcrypt with salt for secure password storage
Access Controls
- •Row-Level Security: Database policies ensure users only access their own data
- •Role-Based Access: Granular permissions based on user roles (Principal, Notary, Admin)
- •Session Management: Secure token-based authentication with automatic expiration
- •Audit Logging: All access attempts logged with blockchain anchoring
Personal Data Categories
- • Full name, email, phone
- • Government-issued ID
- • Biometric data (facial recognition)
- • Documents for notarization
- • Payment information
- • Digital signatures
- • IP address, device info
- • Session logs
- • Usage analytics
- • Audio-visual recordings
- • Audit trails
- • Notarial certificates
Storage Locations
All data is stored within secure, compliant infrastructure:
- Primary Database: Supabase PostgreSQL (Singapore region)
- File Storage: Supabase Storage with redundancy
- Backup Storage: Encrypted backups in geographically diverse locations
As a data subject, you have the following rights which E-Rat is committed to upholding:
1. Right to be Informed
You have the right to know how we collect, use, and protect your personal data. We provide clear privacy notices before collecting any information.
2. Right to Access
You can request a copy of all personal data we hold about you. We will provide this within 15 days of your request.
3. Right to Rectification
You can correct inaccurate or incomplete personal data through your account settings or by contacting our DPO.
4. Right to Erasure
You can request deletion of your data, subject to legal retention requirements (e.g., notarized documents must be kept for 10 years per A.M. No. 24-10-14-SC).
5. Right to Object
You can object to certain processing activities, including direct marketing and automated decision-making.
6. Right to Data Portability
You can request your data in a structured, machine-readable format for transfer to another service provider.
In the unlikely event of a data breach, E-Rat follows a strict notification protocol:
- Immediate Response: Security team activated within 1 hour of breach detection
- Containment: Immediate steps to contain and mitigate the breach
- NPC Notification: National Privacy Commission notified within 72 hours
- User Notification: Affected users notified within 72 hours via email
- Remediation: Comprehensive security review and corrective measures
- Documentation: Full incident report maintained for regulatory compliance
For any data protection concerns or to exercise your rights:
Data Protection Officer
Email: dpo@e-rat.ph
Phone: +63 2 8123 4567
Address: DotJPGE Labs, Manila, Philippines
Response Time: We respond to all data protection requests within 15 calendar days as required by the Data Privacy Act.