Pamana — Create Your Philippine Will in 20 Minutes

Introduction

Pamana.ph ("we," "us," or "our") operates the pamana.ph website and provides online estate planning services for Filipino families. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and applicable circulars of the National Privacy Commission (NPC).

Data Controller

Pamana.ph is the Personal Information Controller (PIC) responsible for your data. For questions or concerns about your personal information, contact our Data Protection Officer at [email protected].

Information We Collect

We collect the following categories of information:

Account Information

Name, email address, and password when you create an account.

Sensitive Personal Information

Civil/marital status and date of birth. Under Section 3(l) of RA 10173, these are classified as sensitive personal information. We collect these because they are legally required to determine compulsory heir shares under Philippine Civil Code Articles 886–909.

Family and Estate Planning Information

Details about your family members (spouse, children, parents), beneficiaries, guardians, executors, property, final wishes, and personal messages. This information is necessary to generate your will document.

Payment Information

Payment transactions are processed by PayMongo. We do not store your credit card numbers, GCash, or Maya account details. We receive only transaction confirmations (amount, status, reference number).

Technical Information

IP address, browser type, device information, and pages visited. We use essential cookies (httpOnly, signed) for authentication. We also collect anonymized product-usage events from the in-app Help system (e.g. which educational tips you open or dismiss) keyed by a per-tab session identifier. No form answers, names, or other personal information are included in these events. We do not use advertising or third-party tracking cookies.

Information About Others

When you designate beneficiaries, executors, or guardians, you provide their names and contact information. You confirm that you have the authority to share this information and that you have informed them of this privacy policy.

Legal Basis for Processing

We process your information under the following lawful bases:

Consent (Section 12(a) and Section 13(a), RA 10173) — You provide explicit consent when creating your account and entering your estate planning information. For sensitive personal information (civil status, date of birth), we obtain your specific consent prior to processing as required by Section 13.
Contractual Necessity (Section 12(b), RA 10173) — Processing is necessary to fulfill our service agreement with you: generating your will document, computing heir shares, and delivering your PDF.
Legal Claims (Section 13(f), RA 10173) — Processing of sensitive personal information is necessary for the establishment of legal claims. A will is a legal instrument, and family composition data determines forced heirship shares under the Civil Code.
Legal Obligation (Section 12(c), RA 10173) — We may process data when required by law, court order, or government authority.

How We Use Your Information

We use your information to: generate your will documents based on Philippine succession law; compute compulsory heir shares using our legitime engine; process your payments; send transactional emails (account confirmation, payment receipts, will-ready notifications); provide customer support; improve our platform and fix technical issues; and comply with legal obligations. We never sell your personal data to any third party.

Data Sharing and Third-Party Processors

We share your data only with the following service providers who act as Personal Information Processors (PIPs) under our instruction:

PayMongo — Payment processing (GCash, Maya, credit/debit cards). PayMongo's privacy policy governs payment data they collect directly.
Resend — Transactional email delivery. Receives only your email address and email content.
DigitalOcean — Cloud infrastructure and storage. Hosts our application and database in the Singapore (SGP1) region.
We may disclose information when required by law, subpoena, court order, or to protect our legal rights.

International Data Transfers

Your data is stored on servers in Singapore operated by DigitalOcean. Under Section 21 of RA 10173 (Principle of Accountability), we remain responsible for your data regardless of where it is stored. Singapore's Personal Data Protection Act provides a comparable level of data protection. We use industry-standard security measures and contractual safeguards to protect your information during transfer and storage.

Data Retention

We retain your personal data for as long as your account is active and you maintain a service relationship with us. When you delete your account, we anonymize your personal information within 30 days. Transaction records may be retained for up to 5 years after account closure for legal compliance purposes. Generated will documents are deleted upon account deletion.

Security Measures

We implement organizational, physical, and technical security measures as required by Section 20 of RA 10173, including: encrypted data transmission (TLS/SSL); signed, httpOnly authentication cookies; hashed passwords (never stored in plain text); rate limiting to prevent abuse; role-based access controls; and regular security reviews.

Your Rights Under the Data Privacy Act

Under Sections 16–18 of RA 10173, you have the following rights:

Right to Be Informed — Know what personal data we collect and how we process it.
Right to Access — Obtain a copy of your personal data upon reasonable request.
Right to Object — Object to the processing of your personal data, including for direct marketing.
Right to Erasure or Blocking — Request deletion or blocking of your data if it is incomplete, outdated, false, or unlawfully obtained.
Right to Rectification — Dispute inaccuracies and have your data corrected.
Right to Data Portability — Obtain your data in a structured, commonly used electronic format. You can export your data from your account settings.
Right to Damages — Be indemnified for damages sustained due to inaccurate, unlawfully obtained, or unauthorized use of your personal data.
Right to File a Complaint — File a complaint with Pamana.ph or directly with the National Privacy Commission.

Under Section 17 of RA 10173, your lawful heirs and assigns may invoke these rights on your behalf in case of death or incapacity.

To exercise any of these rights, contact us at [email protected]. We will respond within 15 business days.

Cookies

We use only essential cookies required for authentication and session management. These are httpOnly, signed cookies that cannot be accessed by third-party scripts. We do not use advertising or third-party tracking cookies. We collect anonymized product-usage events from the in-app Help system (which educational tips you engage with) to improve content quality; these events carry no personal information and are keyed by a per-tab session identifier that is discarded when you close the tab.

Children's Privacy

Our services are intended for users aged 18 and above, consistent with the minimum age for making a will under Philippine law (Civil Code Article 797). We do not knowingly collect personal information from individuals under 18.

Data Breach Notification

In the event of a personal data breach involving your information, we will notify the National Privacy Commission and affected data subjects within 72 hours of discovery, as required by Section 20(f) of RA 10173 and NPC Circular No. 2016-03.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on our website with a new effective date. Continued use of our services after changes constitutes acceptance of the updated policy.

National Privacy Commission

If you believe your data privacy rights have been violated, you may file a complaint with the National Privacy Commission at https://privacy.gov.ph or [email protected].

Contact Us

For privacy questions or to exercise your data rights, contact our Data Protection Officer at [email protected].