Privacy Policy
Patakaran sa Pagkapribado
Your privacy is important to us. This policy explains how Homesure Health Plan collects, uses, and protects your personal information in compliance with the Philippine Data Privacy Act (RA 10173).
1. Introduction
Welcome to Homesure Health Plan, a health insurance management platform operated in the Philippines and underwritten by Philcare Inc.
This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website and services. We are committed to protecting your privacy in accordance with:
- Republic Act No. 10173 - Data Privacy Act of 2012 (Philippines)
- Implementing Rules and Regulations of the Data Privacy Act
- National Privacy Commission (NPC) issuances and advisories
- General Data Protection Regulation (GDPR) principles where applicable
By using our services, you consent to the collection and use of your information as described in this policy.
2. Data Controller Information
Data Controller
Homesure Health Plan
Underwriter
Philcare Inc.
Data Protection Officer
emm@claim135.net
Support Contact
Homesureph@gmail.com
3. Data We Collect
Personal Information
| Data Type | Examples | Purpose |
|---|---|---|
| Identity | Full name, birthdate, gender, civil status | Member identification and eligibility |
| Contact | Email address, phone number, home address | Communication and policy delivery |
| Employment | Occupation, employer name | Risk assessment and underwriting |
| Government IDs | Uploaded ID documents | Identity verification |
Health Information
| Data Type | Examples | Purpose |
|---|---|---|
| Medical History | Pre-existing conditions, previous illnesses | Coverage determination and PEC evaluation |
| Family Health | Dependent medical information | Family plan processing |
| Previous HMO | Prior coverage details, card expiration | Continuity of coverage assessment |
Financial Information
| Data Type | Examples | Purpose |
|---|---|---|
| Payment References | Transaction IDs, payment confirmations | Payment tracking and reconciliation |
| Invoice Data | Billing amounts, payment history | Account management |
Technical Data
| Data Type | Examples | Purpose |
|---|---|---|
| Device Info | IP address, browser type, device type | Security and fraud prevention |
| Usage Data | Pages visited, session duration | Service improvement |
Important Note
We do NOT store credit card numbers, bank account details, or CVV codes. All payment processing is handled securely by DragonPay, our PCI-DSS compliant payment processor.
4. Purpose of Data Collection
Insurance Application Processing
To evaluate and process your health insurance application
Coverage Administration
To manage your health plan, claims, and benefits
Payment Processing
To generate invoices and process premium payments
Communication
To send important updates about your coverage
Legal Compliance
To comply with insurance regulations and Philippine laws
Service Improvement
To enhance our platform and customer experience
Fraud Prevention
To protect against fraudulent activities
5. Legal Basis for Processing
Under the Philippine Data Privacy Act (RA 10173), we process your personal data based on the following legal grounds:
Consent
Your explicit consent provided during application submission
Contractual Necessity
Processing necessary to fulfill our insurance contract with you
Legal Obligation
Compliance with insurance regulations and tax laws
Vital Interests
Protection of your life or health in emergency situations
Legitimate Interests
Fraud prevention and service improvement, balanced against your rights
6. Data Sharing and Third Parties
We share your personal data only with trusted third parties necessary to provide our services:
| Third Party | Type | Purpose | Location |
|---|---|---|---|
| Philcare Inc. | Insurance Underwriter | Policy underwriting and claims processing | Philippines |
| Supabase Inc. | Cloud Database | Secure data storage and authentication | Singapore (AWS) |
| DragonPay Corp. | Payment Processor | Payment processing and verification | Philippines |
| Resend Inc. | Email Service | Transactional email delivery | USA |
| Vercel Inc. | Web Hosting | Website hosting and delivery | Global CDN |
We DO NOT:
- Sell your personal data to any third party
- Share your data for third-party marketing purposes
- Transfer data to unapproved processors
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Active Member Data | Duration of membership + 7 years | Insurance regulations |
| Inactive Applications | 2 years | Business necessity |
| Payment Records | 10 years | Tax regulations |
| Communication Logs | 3 years | Service records |
| Technical Logs | 90 days | Security purposes |
8. Your Rights Under Philippine DPA
As a data subject under the Philippine Data Privacy Act, you have the following rights:
Right to Be Informed
Know what personal data we collect and how we use it
Right to Access
Request a copy of your personal data we hold
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data (with limitations)
Right to Object
Object to certain types of data processing
Right to Data Portability
Receive your data in a portable, machine-readable format
Right to Damages
Seek compensation for privacy violations
How to Exercise Your Rights
Limitations: We may retain data required by law (insurance records). Active coverage data cannot be erased without policy cancellation.
9. Security Measures
We implement comprehensive security measures to protect your personal data:
Encryption in Transit
All data transmitted via HTTPS/TLS 1.3
Encryption at Rest
Database encryption via Supabase with AES-256
Access Control
Role-based access control (member, agent, admin)
Row-Level Security
Database policies restrict data access per user
Audit Logging
All data access and changes are logged
PII Redaction
Sensitive data automatically redacted from logs
Security Headers
8 industry-standard HTTP security headers
Regular Audits
Periodic security assessments and penetration testing
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:
- We will notify you via email at least 30 days before the changes take effect
- We will update the "Last Updated" date at the top of this policy
- Continued use of our services after changes constitutes acceptance
12. Contact Us
For Privacy Inquiries
For General Support
13. Filing Complaints with NPC
If you believe your privacy rights have been violated and we have not adequately addressed your concerns, you have the right to file a complaint with the National Privacy Commission:
National Privacy Commission (NPC)
3rd Floor, Core G, GSIS Headquarters Building
Financial Center, Roxas Boulevard, Pasay City, Philippines