Backakaiin

Legal

Privacy Policy

Effective date: March 15, 2026 · Issued by Akaiin Software Development Services

This Privacy Policy explains how Akaiin Software Development Services ("Akaiin," "we," "us," or "our") collects, uses, stores, and protects your personal information when you use the Akaiin platform — including MedTipid (medicine price comparison) and Care Plan (family health management). It also explains your rights under Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines, and its Implementing Rules and Regulations.

By creating an account or using the Akaiin platform, you confirm that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not create an account or use features that require personal data.

1. Who We Are

Akaiin Software Development Services is the personal information controller responsible for the Akaiin platform. We develop and operate the Akaiin web application, which provides medicine price comparison (MedTipid) and family health management (Care Plan) services to users in the Philippines.

Contact us at any time at hello.akaiin@gmail.com.

2. Data We Collect

We collect only the data necessary to provide our services. Some data is provided directly by you; some is generated as you use the platform.

2.1 Account Data

  • Email address
  • Password (stored as a cryptographic hash by Firebase Authentication — we never see your plain-text password)
  • Display name (optional)
  • Features you expressed interest in during signup (optional)
  • Date and time of account creation

2.2 Sensitive Personal Health Information

The following data is classified as sensitive personal information under RA 10173, Section 3(l). We collect it only when you voluntarily enter it into a Care Plan circle:

  • Medication names, generic names, dosage, form, and administration schedules
  • Dose check-off records — who gave a dose, when, and whether it was taken or skipped
  • Doctor appointments — doctor name, specialty, clinic/hospital, address, phone number, reason for visit, notes
  • Daily health logs — mood, symptoms (headache, fever, cough, etc.), free-text notes, and structured vitals: blood pressure, temperature, blood sugar, oxygen saturation, pulse rate, and weight
  • Scanned medical documents — prescriptions, laboratory results, discharge summaries, and doctor's notes; these are processed by an AI model (Google Gemini) to extract structured data
  • Supply logs — medication inventory levels and restock history
  • Activity audit logs — who performed each action within a care circle and when

2.3 Usage & Commercial Data

  • Saved deals (medicines or supplies you bookmark on MedTipid)
  • Price alerts — target prices you set for medicines
  • Price alert history — when your target price was reached
  • Search queries on MedTipid (not tied to your identity in stored form)

2.4 Device & Notification Data

  • Firebase Cloud Messaging (FCM) registration token — generated by your browser to enable push notifications; does not identify you personally
  • Push notification preferences per care circle

2.5 Location Data (Optional)

If you grant location permission, we use your device's GPS coordinates only in your browser session to calculate distances to nearby pharmacies and to enable the "Near Me" filter. We do not store your location on our servers.

2.6 Data We Do NOT Collect

  • Government-issued ID numbers (Philippine National ID, SSS, PhilHealth, TIN)
  • Financial or payment information
  • Biometric data
  • Race, ethnicity, or religious beliefs

3. How We Use Your Data

3.1 To Provide the Service

  • Authenticate your identity and maintain your session
  • Display medicine prices, pharmacy deals, and PhilHealth GAMOT coverage
  • Store and display the care circle data you enter (medications, doses, appointments, health logs, records)
  • Enable role-based access for caregiver, buyer, and viewer members within a circle
  • Process scanned medical documents using AI to extract structured health data
  • Send push notifications for dose reminders, low-stock alerts, appointment reminders, and price alerts

3.2 To Improve the Platform

  • Understand which features are most used (based on aggregated, anonymized data)
  • Diagnose technical errors and improve system reliability

3.3 To Comply with the Law

  • Respond to lawful requests from Philippine government authorities
  • Meet our obligations under RA 10173

We do not sell, rent, or trade your personal data to third parties for marketing. We do not use your health data for advertising purposes.

5. Who We Share Data With

We do not share your personal data with any third party except the infrastructure and processor partners listed below, who are contractually required to protect your data and process it only on our instructions:

5.1 Infrastructure Processors

  • Google Firebase (Firebase Authentication, Cloud Firestore, Firebase Cloud Messaging, Firebase Hosting) — provides user authentication, real-time database, push notifications, and web hosting. Data is stored in Google-operated data centers. See Google's Privacy Policy at policies.google.com/privacy.
  • Supabase — provides the PostgreSQL database that stores pharmacy deal data and price history. See Supabase's Privacy Policy at supabase.com/privacy.
  • Google Gemini API (Google AI) — processes images of medical documents you upload within Care Plan. Uploaded images are sent to Google's Gemini 2.5 Flash model, processed to extract structured data, and immediately deleted from Google's servers after extraction. Google's data processing terms apply.
  • Google Cloud Run — hosts the Akaiin backend server. Operated by Google.

5.2 Within a Care Circle

Health data you enter into a care circle is visible to all members of that circle, subject to their role (Caregiver, Buyer, or Viewer). The circle creator controls who is invited and what role they are assigned. Never share your circle invite link with people you do not trust with the patient's health information.

5.3 Law Enforcement

We may disclose your data to government authorities or law enforcement if required by a valid court order, subpoena, or applicable Philippine law, or if necessary to protect the rights, property, or safety of Akaiin, our users, or the public.

5.4 Business Transfers

If Akaiin is acquired, merged, or substantially reorganized, your data may be transferred as part of that transaction. We will notify you by email and update this policy before any such transfer occurs.

6. Data Retention

  • Account data (email, name) — retained for the lifetime of your account, then deleted within 30 days of account deletion.
  • Care circle health data (medications, doses, appointments, health logs, medical records, supply logs, activity logs) — retained for the lifetime of the care circle. When you delete a circle or your account, all associated health data is permanently deleted within 30 days.
  • Scanned document images — uploaded images are sent directly to Google Gemini for processing and are not stored by Akaiin. We store only the structured data extracted from those images.
  • Medicine deal and price data — pharmacy deal data and price history are retained indefinitely as commercial market data and do not contain personal information.
  • Push notification tokens (FCM) — retained until you log out of all devices or delete your account.
  • Server logs — system-level access logs are retained for up to 90 days for security and debugging purposes.

7. Security

We implement reasonable organizational and technical safeguards to protect your personal data, including:

  • Passwords are hashed by Firebase Authentication using industry-standard algorithms — we never store or see plain-text passwords.
  • All data in transit is encrypted using TLS (HTTPS).
  • Firebase Firestore security rules restrict access so users can only read data they are authorized to see.
  • Access to backend services is protected by API keys and Firebase ID token verification.
  • Sensitive credentials (database keys, API keys) are stored in environment variables, not in source code.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

In the event of a personal data breach that is likely to harm your rights and interests, we will notify the National Privacy Commission (NPC) within 72 hours of discovery, and affected users as soon as reasonably practicable, in compliance with NPC Circular 16-03.

8. Your Rights Under RA 10173

As a data subject under the Data Privacy Act of 2012, you have the following rights:

Right to be Informed

You have the right to know what personal data we collect and how it is used — which is the purpose of this policy.

Right to Access

You may request a copy of the personal data we hold about you by emailing us at hello.akaiin@gmail.com.

Right to Rectification

You may correct inaccurate personal data directly within the app (account settings, care circle entries) or by contacting us.

Right to Erasure or Blocking

You may request deletion of your account and all associated personal data by emailing us. Deletion will be completed within 30 days. Note that some data may be retained where required by law.

Right to Object

You may object to the processing of your personal data, particularly for purposes beyond delivering the core service (e.g., aggregated analytics). Contact us at hello.akaiin@gmail.com.

Right to Data Portability

You may request a machine-readable export of your personal data. Contact us and we will provide the available data in a structured format.

Right to Withdraw Consent

You may withdraw your consent to processing sensitive personal health information at any time by deleting your account. This does not affect the lawfulness of prior processing.

Right to Lodge a Complaint

If you believe your data privacy rights have been violated, you may file a complaint with the National Privacy Commission (NPC) of the Philippines:

  • Website: privacy.gov.ph
  • Email: info@privacy.gov.ph
  • Address: 5th Floor, Delegation Building, PICC Complex, Pasay City, Metro Manila

To exercise any of these rights, email us at hello.akaiin@gmail.com. We will respond within 15 business days.

9. Minors

Akaiin accounts are intended for individuals who are 18 years of age or older. We do not knowingly collect personal data from children under 18 as account holders.

However, Care Plan is specifically designed to allow adult caregivers to manage the health records of patients of any age, including children. In this case, the adult caregiver provides consent on behalf of the minor patient and is responsible for ensuring that data entry and sharing is appropriate.

If you believe we have inadvertently collected personal data from a minor as an account holder without appropriate parental consent, please contact us immediately at hello.akaiin@gmail.com and we will delete the data promptly.

10. Third-Party Services

The Akaiin platform contains links to third-party pharmacy websites (South Star Drug, XalMeds, Meds for All, Mercury Drug, Watsons). When you click a link to a pharmacy product page, you leave Akaiin and are subject to that pharmacy's own privacy policy. We are not responsible for the privacy practices of third-party websites.

PhilHealth GAMOT information displayed in MedTipid is sourced from publicly available Philippine Health Insurance Corporation data and does not involve the exchange of your personal information with PhilHealth.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will:

  • Update the effective date at the top of this page.
  • Notify registered users by email at least 7 days before the changes take effect.
  • For changes involving new types of sensitive personal information, request fresh consent before the new processing begins.

Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

12. Contact & Data Protection Officer

For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact our Data Protection Officer (DPO):

Organization: Akaiin Software Development Services

Email: hello.akaiin@gmail.com

Response time: Within 15 business days

We are committed to working with you to achieve a fair resolution of any complaint or concern about privacy. If you are not satisfied with our response, you have the right to contact the National Privacy Commission (see Section 8).

© 2026 Akaiin Software Development Services. All rights reserved.

This policy is governed by the laws of the Republic of the Philippines.

Back to sign up