Data Protection

myBoardHub is committed to protecting your personal data in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations.

• All data transmitted over HTTPS/TLS encryption
• Database encryption at rest (Supabase managed PostgreSQL)
• Passwords hashed with bcrypt (never stored in plain text)
• Secure session management via Redis with HTTP-only cookies
• File storage with access controls (Cloudflare R2)
• Role-based access control for all API endpoints
• Rate limiting to prevent abuse

We only collect data that is necessary to provide our services:

• Account creation requires only name, email, and password
• Payment card details are processed by Xendit — we never store card numbers
• Student ID OCR verification is processed server-side and only extracted text is stored
• Location data is used solely for distance-based boarding house search

Under the Data Privacy Act, you have the right to:

• Be informed about how your data is collected and processed
• Access your personal data that we hold
• Object to the processing of your personal data
• Erasure — request deletion of your personal data
• Rectification — correct inaccurate personal data
• Data portability — receive your data in a common format
• File a complaint with the National Privacy Commission

To exercise these rights, email us at privacy@myboardhub.com.