Catwang
Login
Sign up
  • Home
  • Catwang.work Privacy Policy (Philippines)

Catwang.work Privacy Policy (Philippines)

Effective date: July 2, 2025
Last updated: August 12, 2025

Catwang.work (“Catwang,” “we,” “our,” or “us”) values your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal data when you use our website, mobile experiences, and services for customers (“Clients/Customers”) and independent contractors (“Providers/Taskers”) (collectively, the “Services”).

We process personal data in accordance with the Data Privacy Act of 2012 (RA 10173) and its IRR, including the principles of transparency, legitimate purpose, and proportionality; and we follow applicable guidance of the National Privacy Commission (NPC), including breach notification rules. National Privacy Commission+3National Privacy Commission+3National Privacy Commission+3

If you do not agree with this Policy, please do not use the Services.

1) Who we are (Personal Information Controller)

Catwang.work operates as the Personal Information Controller (PIC) for the personal data we collect through our platform. Where we engage vetted third parties to process data on our behalf (e.g., hosting, payments, ID verification), they act as Personal Information Processors (PIPs) under written agreements.

  • Registered business name: Catwang.work by Flourish Forward Asia
  • Contact email: connect@catwang.work
  • Address: Pioneer Highlands, Madison Street, Mandaluyong City
  • Data Protection Officer (DPO): Anthony Martin, connect@catwang.work | +63 918 235 7999

2) Scope and applicability

This Policy covers personal data we process about website visitors, registered Customers, registered Providers, applicants to be Providers, and business contacts. It also covers data collected via our platform integrations (e.g., payment, mapping, KYC) and our communications channels (email, SMS, in-app, support chat).

3) What personal data we collect

A. Data you provide directly

  • Account & profile: name, email, mobile number, city/province, profile photo, biography, skills, service categories, rates, availability, languages.
  • Identity & verification (Providers): government-issued ID details (e.g., ID type, masked ID number), selfies/liveness checks, TIN (if required for payouts), professional certifications/licenses, proofs of address. (We minimize data shown on IDs and store copies only if necessary.)
  • Job/task data: task descriptions, addresses/approximate locations for service, scheduling preferences, photos you upload (before/after), chat messages, reviews/ratings.
  • Payments: payer/payee names, billing/shipping details, partial masked card details/token (we do not store full card numbers), payout account details (bank/Gcash identifiers).
  • Support & feedback: inquiry details, call/chat recordings where applicable.

B. Data collected automatically

  • Usage & device: IP address, device identifiers, browser type, operating system, referring pages, pages viewed, date/time stamps, clickstream, error logs.
  • Location: city-level geolocation via IP; if you allow precise location in-browser, we use it to suggest nearby Providers and estimate travel/fees.
  • Cookies & similar tech: session cookies, authentication tokens, preference cookies, analytics, and fraud-prevention technologies. See Cookies below.

C. Data from third parties

  • KYC/verification partners: results of ID checks, watchlist screening (when required by law or to prevent fraud).
  • Payment processors: payment tokens, confirmation status, chargeback/ dispute information.
  • Maps/geo partners: geocoding for addresses (e.g., to display job location and distance estimates).
  • Analytics & marketing partners: aggregated audience, campaign, and conversion metrics.

4) Lawful bases for processing

We process personal data only when permitted by law (DPA Sec. 12), and for sensitive personal information only under Sec. 13 conditions. These include: your consent, necessity to perform a contract or take steps at your request, compliance with legal obligations, and protection of vitally important interests (life and health). For sensitive information (e.g., ID images, health-related information you voluntarily share in a task), we rely on specific consent or another permitted condition in Sec. 13. National Privacy Commission

5) How we use your data (purposes)

We use your data to:

  1. Create and manage your account; enable log-in, authentication, and account recovery.
  2. Provide marketplace functionality: post and manage tasks; match Customers with Providers; display profiles and ratings; facilitate chat, scheduling, and fulfillment.
  3. Verify identities/eligibility (Providers): confirm documents and credentials; conduct fraud prevention; assess platform integrity and safety.
  4. Process payments & payouts: handle customer payments, Provider payouts, invoices, taxes/official receipts where applicable.
  5. Provide customer support and resolve disputes; investigate safety, fraud, or policy violations.
  6. Improve the Services: measure performance, fix bugs, personalize content, and develop new features.
  7. Comply with laws and enforce our Terms, including responding to lawful requests, court orders, or NPC directives.
  8. Send communications: service notices, security alerts, policy updates, marketing (with opt-out), and request feedback/reviews after a job.

We will not process your data for purposes incompatible with those stated above, and we will seek fresh consent where required.

6) Cookies and similar technologies

We use cookies and similar technologies to operate the site (e.g., session management), remember your preferences, perform analytics, and prevent fraud. You can manage cookies in your browser. Disabling certain cookies may affect functionality (e.g., staying signed in, viewing maps).

7) When we share your data

We share personal data only as needed and consistent with the DPA’s principle of accountability and the IRR. National Privacy Commission

  • Between Customers and Providers: limited profile and job information necessary to evaluate and fulfill a task (e.g., first name, ratings, rough location, job details).
  • Service providers (PIPs): hosting/cloud, content delivery, security/fraud tools, KYC/ID verification, analytics, email/SMS, customer support, and payment gateways (e.g., card processors, GCash).
  • Legal, safety, and compliance: to regulators, law enforcement, courts, or the NPC where required by law or to protect vital interests.
  • Business transfers: in a merger, acquisition, or asset sale, subject to safeguards and notice where appropriate.

We require PIPs to process data only on our documented instructions, implement appropriate security, and assist us in complying with data subject rights and breach obligations.

8) International transfers

Our cloud providers and certain processors may store or access data in other countries. Where data is transferred outside the Philippines, we implement contractual and technical safeguards that maintain an equivalent level of protection as required by the DPA/IRR (e.g., encryption in transit/at rest, access controls, and processor obligations).

9) Data retention

We retain personal data only for as long as necessary to fulfill the purposes above, perform our contracts, comply with legal/ regulatory requirements (e.g., tax and accounting records), and resolve disputes—then securely delete or anonymize it. Examples:

  • Account data: kept while your account is active; basic records retained for up to 5–7 years after closure if needed for legal/ tax purposes.
  • KYC documents (Providers): shortest period needed to verify and meet compliance/anti-fraud requirements, then minimized or deleted.
  • Transaction data: retained for statutory periods for tax/accounting.
  • Support and incident logs: retained for operational and security needs, then deleted or anonymized.

10) Your rights as a data subject

Under Sec. 16–18 of the DPA, you have the following rights (subject to limitations under Sec. 19 and other laws):

  • Right to be informed about processing activities and changes.
  • Right to access the personal data we process about you.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure/blocking where data is outdated, unlawfully obtained, used for unauthorized purposes, or no longer necessary.
  • Right to data portability for data processed by electronic means in a structured, commonly used format.
  • Right to object/withhold consent to processing in cases where consent is the basis.
  • Right to damages for inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of data. National Privacy Commission

How to exercise your rights

Email connect@catwang.work with:

  • Your full name, account email, and a description of your request; and
  • Valid proof of identity (and, when acting through an agent, a signed authorization and agent’s valid ID).

We will acknowledge within 5 business days and respond within 30 calendar days, or inform you if more time is needed as allowed by law.

11) Security measures

We apply organizational, physical, and technical safeguards appropriate to the risks, including: access controls and least-privilege, encryption in transit and at rest where appropriate, multi-factor protections for admin access, vulnerability management, secure software development practices, staff confidentiality obligations, and vendor due diligence.

We maintain a Personal Data Breach Management plan consistent with NPC Circular 16-03, including breach detection, containment, assessment of harm, documentation, and notification to the NPC and affected data subjects when there is a real risk of serious harm. National Privacy Commission

12) Children’s data

Our Services are not intended for children under 18. We do not knowingly collect personal data from minors without verifiable consent of a parent/guardian and compliance with applicable law. If you believe a minor provided data without consent, contact connect@catwang.work and we will take appropriate steps.

13) Direct marketing and notifications

We may send you service, security, and account emails/SMS that are necessary to deliver the Services. For promotional messages, you can opt-out using the unsubscribe link or by contacting us. Even if you opt-out of marketing, we may still send non-marketing notices (e.g., job updates, invoices, policy changes).

14) Third-party links and integrations

Our site may link to third-party websites or integrate third-party tools (e.g., payment gateways, maps, analytics). Those parties’ privacy practices are governed by their own policies. We encourage you to review them before sharing data.

15) Complaints and remedies

If you have concerns about our processing of your personal data, email connect@catwang.work. We will work to resolve your concern. You also have the right to lodge a complaint with the National Privacy Commission (NPC). See NPC contact information at privacy.gov.ph. National Privacy Commission

16) Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will post the updated version with a new “Last updated” date, and where appropriate, provide prominent notice or seek your consent. Continued use of the Services after an update constitutes acceptance of the revised Policy.

17) Contact us

Legal references