Your data.
Your rights.

Version 2.1 · Last updated January 15, 2026 · Effective immediately

Summary for humans: We collect only what's necessary to deliver the service. We never sell your data. You can export or delete it at any time. Our AI agents are engineered for auditability and always subject to human override. This policy is designed for alignment with the Philippine Data Privacy Act (RA 10173).

§ 1. Who We Are

Personal Information Controller (PIC):
Bleunk Studio

Data Protection Officer (DPO):
Email: hello@bleunk.com
For all privacy-related inquiries and data subject requests.

§ 2. Data We Collect

Account Data

Contract Performance

Name, email address, hashed password, plan type, consent timestamp.

Retention: 5 years post-account closure

Usage & Analytics

Legitimate Interest / Consent

Pages visited, features used, browser type, anonymized IP address, session duration.

Retention: 13 months

Payment Data

Contract Performance

Transaction reference IDs, payment method type (handled by secure providers). Billing name and address.

Retention: 7 years (BIR requirement)

AI Interaction Logs

Legal Obligation / Contract

Prompts submitted, generated outputs, agent interaction transcripts, escalation records, human override actions.

Retention: 3 years

Cookie & Consent Data

Consent

Consent timestamp, selected consent categories, anonymized session token.

Retention: 2 years

Card numbers and full payment credentials are never stored by Bleunk. All payment processing is handled by secure, regulated payment gateways.

§ 3. How We Use Your Data

Deliver and operate the Bleunk platform and all subscribed services
Process payments and manage subscription billing
Deliver custom automation solutions and web development projects
Maintain audit logs of AI agent actions for quality and accountability
Send transactional emails (receipts, service notices, security alerts)
Provide customer support and resolve disputes
Improve platform accuracy and agent performance using anonymized aggregate data
Comply with relevant legal obligations

We do not sell, rent, or trade personal data to third parties for marketing purposes.

§ 4. AI Systems & Automated Processing

Bleunk deploys AI agents that process data during interactions. To ensure accountability, we maintain:

Audit Logs

AI agent actions are timestamped and stored for review. Logs include: input received, decision/output generated, and human override actions.

Human-in-the-Loop

Agents are configured with escalation triggers for complex or sensitive requests, routing them to human operators.

Operational Guardrails

AI agents cannot execute high-value financial transactions without explicit human approval.

Transparency

We inform users when they are communicating with an AI system and disclose the agent's capability boundaries.

§ 5. Your Rights Under RA 10173

Right to be Informed

Know what data we collect, why, and how it is used.

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data, subject to retention obligations.

Right to Object

Object to the processing of your personal data for specific purposes.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Lodge a Complaint

File a complaint with the National Privacy Commission.

Right to Damages

Claim compensation for damages suffered as a result of a valid violation.

To exercise any of these rights, email hello@bleunk.com.

§ 6. Cookies & Tracking

We use cookies for three purposes, each requiring separate consent:

Required

Functional (Required)

Session management and security. Cannot be disabled.

Optional

Analytics (Optional)

Anonymized usage statistics to improve platform performance.

Optional

Marketing (Optional)

Personalized content. Only enabled with explicit consent.

Consent preferences can be updated at any time via the cookie banner.

§ 7. Data Security

AES-256 encryption at rest

TLS 1.3 in transit

Industry-standard hashing

Strict-Transport-Security headers

Cloud-native security architecture

Regular vulnerability scanning

Breach notification per RA 10173

Privacy impact assessments

§ 8. Changes to This Policy

We reserve the right to update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via our website. Continued use of the service constitutes acceptance of the updated policy.

Bleunk Studio · hello@bleunk.com
Effective January 15, 2026.

Your data. Your rights.