Legal

Privacy Policy

Last updated: May 1, 2026

This Privacy Policy explains how Teachers Performance ("we", "us") handles personal information when you visit our marketing site or use the Service. We comply with the Republic Act No. 10173 (the Philippine Data Privacy Act of 2012) and align our practices with the principles of the EU GDPR for international users.

1. Roles

For data submitted to a School's tenant (faculty profiles, evaluation responses, comments, performance results), the School is the Personal Information Controller and we act as the Personal Information Processor. For account data on our marketing/checkout site, we act as the Controller.

2. Information We Collect

2.1 You provide it

  • Checkout & account info: School name, school admin name and email, billing details, plan selection.
  • Tenant content: Faculty and student profiles, departments, courses, evaluation criteria and responses, comments, signatures, uploaded files.
  • Support communications: Messages you send via the contact form or email.

2.2 Collected automatically

  • Usage data: Pages visited, IP address, browser type, device, timestamps, audit-log events.
  • Cookies: Session cookies for authentication and CSRF protection. We do not use third-party advertising cookies.

3. How We Use Information

  • Provide, operate, secure, and improve the Service.
  • Authenticate users and enforce tenant isolation.
  • Process payments and send transactional emails (activation codes, password resets, evaluation-period notifications, registration approvals).
  • Generate AI-driven analytics for the School that submitted the data — never across Schools.
  • Detect, prevent, and respond to abuse, fraud, and security incidents.
  • Comply with legal obligations.

4. Legal Bases (for users in the EU/EEA or UK)

  • Contract: Most processing is necessary to provide the Service you've subscribed to.
  • Legitimate interests: Securing the platform, preventing abuse, improving features.
  • Consent: Where required (e.g., optional analytics or marketing emails); withdrawable at any time.
  • Legal obligation: Tax, accounting, and lawful government requests.

5. Sharing

We do not sell personal information. We share it only with:

  • Sub-processors we use to run the Service — currently: Railway (hosting and database), Resend (transactional email). They are bound by contract to handle data only on our instructions.
  • Your School — administrators, HR, and authorized roles within your School can access tenant data per their permissions.
  • Legal authorities when required by valid process, and only the minimum necessary.
  • Successors in connection with a merger, acquisition, or asset sale, with notice to you.

6. Data Storage and Security

  • Each School's data is isolated in a separate tenant database.
  • Connections are encrypted in transit via HTTPS/TLS.
  • Passwords are hashed using bcrypt; we never store plaintext passwords.
  • Access to production systems is restricted, logged, and audited.
  • We perform regular backups; you can request a one-time export on cancellation.

7. Retention

We keep tenant data while your subscription is active and for up to 30 days after cancellation, unless you request earlier deletion. Audit logs and billing records may be retained longer where required by law (typically up to 10 years for financial records under Philippine tax law).

8. Your Rights

Subject to local law, you have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Request deletion ("right to be forgotten");
  • Object to or restrict certain processing;
  • Receive a portable copy of your data;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with the National Privacy Commission (Philippines) or your local data protection authority.

For tenant data submitted by your School, please contact your School's administrator first — they are the Controller. For platform-level requests, contact us via the contact page and we will respond within 30 days.

9. Children's Privacy

The Service is intended for use by accredited educational institutions and their authorized end users. End users under the age of 18 (e.g., students) participate only under their School's authority. We do not knowingly collect personal information directly from children for our own purposes.

10. International Transfers

Our infrastructure may store and process data in jurisdictions outside the Philippines. We rely on contractual safeguards (including Standard Contractual Clauses where applicable) to protect data during such transfers.

11. AI Processing

Sentiment analysis and prediction features run on data within your tenant only. We do not train shared AI models on your tenant data, and we do not transmit your tenant content to third-party LLM providers without your School's explicit configuration.

12. Cookies

We use strictly necessary cookies only — session and CSRF tokens. No advertising or cross-site tracking cookies are set.

13. Changes

We may update this Policy from time to time. We will post the new effective date at the top of this page and, for material changes, notify School Admins via email at least 14 days in advance.

14. Contact

Privacy questions, data subject requests, or to reach our Data Protection Officer — use the contact page and tag your message "Privacy".