Privacy Policy

Effective Date: [DATE] · Last Updated: [DATE]

Jen Store ("we", "us", "our") operates the website at jhen.shop (the "Site"). This Privacy Policy describes how we collect, use, store, and share personal information when you visit the Site or place an order. We are committed to protecting your privacy in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

In plain language: We collect only the information needed to fulfill your order and contact you about it. We do not sell your data. We share it only with delivery partners who need it to ship your package.

1. Information We Collect

1.1 Information you provide directly

When you place an order through our Site, we collect:

Full name
Mobile phone number
Delivery address (for shipping orders)
Order details (items, quantities, prices)
Payment proof image (screenshot of your GCash / Maya / bank transfer)
Optional notes you choose to include with your order

1.2 Information we collect automatically

Device and browser information
IP address
Pages visited and time spent on the Site
Referring website

We use Google Analytics. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

1.3 Information we do NOT collect

We do not collect your bank account or credit card numbers. Payment is sent directly through GCash, Maya, or your bank app — we only see the screenshot you upload.
We do not collect government IDs unless required by law.

2. How We Use Your Information

To process and fulfill your order
To verify your payment
To arrange delivery or notify you about pickup
To contact you about your order
To prevent fraud
To comply with legal obligations (BIR, DTI, NPC)
To improve our Site and customer experience

We do not use your personal information for marketing emails unless you have explicitly opted in.

3. How We Share Your Information

3.1 With delivery partners

We share your name, phone number, and delivery address with our courier partner (J&T Express or other accredited couriers) solely to deliver your package.

3.2 With service providers

Our Site is hosted on Vercel and uses Supabase for database and storage. These providers may access your data only to provide their services and are bound by their own data protection obligations.

3.3 Legal requirements

We may disclose your information if required by law, court order, or government request, including for tax compliance with the Bureau of Internal Revenue.

3.4 What we do NOT do

We do not sell, rent, or trade your personal information
We do not share your information for marketing purposes
We do not share your payment proof images outside our internal admin team

4. How Long We Keep Your Information

Order records: 5 years (BIR requirement)
Payment proof images: 2 years from order date, then automatically deleted
Customer contact information: 5 years from your last order, then anonymized or deleted
Analytics data: Up to 26 months in Google Analytics

5. How We Protect Your Information

HTTPS encryption for all data in transit
Database-level Row-Level Security policies
Cryptographically secure tokens for accessing your order details
Limited admin access — only verified team members
Regular security reviews and dependency updates

Your role in security: Please protect any links we send you containing your order tracking. These links contain a private token. Do not share them publicly. If you believe your link has been shared without your permission, contact us immediately.

6. Your Rights Under the Data Privacy Act

Under RA 10173, you have the right to:

Be informed about how your data is collected and used
Access a copy of the personal data we hold about you
Object to processing of your data for purposes you have not consented to
Rectify inaccurate or outdated information
Request erasure or blocking of your data (subject to legal retention)
Data portability
File a complaint with the National Privacy Commission
Claim damages for misuse of your data

7. Cookies and Tracking

Our Site uses essential cookies to remember your shopping cart and order tracking session. We also use Google Analytics cookies. By continuing to use our Site, you consent to these cookies. You can disable cookies in your browser, but some features may not work properly.

8. Children's Privacy

Our Site is not intended for individuals under 18 years old. We do not knowingly collect data from minors. If you are under 18, please do not place orders without your parent or guardian's involvement.

9. Changes to This Privacy Policy

We may update this Privacy Policy. The "Last Updated" date will indicate the latest revision. Material changes will be announced on the Site.

10. Contact Us

For privacy-related questions or to exercise your rights:

Data Protection Officer: [DPO NAME]

Email: [DPO EMAIL]

Phone: [DPO PHONE]

Address: [BUSINESS ADDRESS]

If you are not satisfied with our response, you may file a complaint with the:

National Privacy Commission (NPC)

5th Floor, Philippine International Convention Center, Pasay City

Email: complaints@privacy.gov.ph

Website: privacy.gov.ph