Your data.
Your rights.

Version 2.1 · Last updated January 15, 2026 · Effective immediately

Summary for humans: We collect only what's necessary to deliver the service. We never sell your data. You can export or delete it at any time. Our AI agents are logged, auditable, and always subject to human override. This policy complies with the Philippine Data Privacy Act (RA 10173) and NPC Advisory No. 2024-04.

§ 1. Who We Are

Personal Information Controller (PIC):
Bleunk Technologies Inc.
10th Floor, One/NEO Building, 32nd Street
Bonifacio Global City, Taguig, Metro Manila 1634
Philippines

Data Protection Officer (DPO):
Email: hello@bleunk.com
For all privacy-related inquiries, data subject requests, and NPC compliance matters.

§ 2. Data We Collect

Account Data

Contract Performance

Name, email address, hashed password, plan type, consent timestamp.

Retention: 5 years post-account closure

Usage & Analytics

Legitimate Interest / Consent

Pages visited, features used, browser type, anonymized IP address, session duration.

Retention: 13 months

Payment Data

Contract Performance

Transaction reference IDs, payment method type (not card numbers — handled by PayMongo). Billing name and address.

Retention: 7 years (BIR requirement)

AI Interaction Logs

Legal Obligation / Contract

Prompts submitted, generated outputs, agent interaction transcripts, escalation records, human override actions.

Retention: 3 years (NPC Advisory 2024-04 compliance)

Cookie & Consent Data

Consent

Consent timestamp, selected consent categories, anonymized session token.

Retention: 2 years

Card numbers and full payment credentials are never stored by Bleunk. All payment processing is handled by PayMongo, a BSP-regulated payment gateway with its own PCI-DSS compliance.

§ 3. How We Use Your Data

Deliver and operate the Bleunk platform and all subscribed services
Process payments and manage subscription billing
Generate AI-created websites and agent configurations based on your prompts
Maintain immutable audit logs of AI agent actions per NPC Advisory 2024-04
Send transactional emails (receipts, service notices, security alerts)
Provide customer support and resolve disputes
Improve platform accuracy and agent performance using anonymized aggregate data
Comply with Philippine legal obligations (BIR, SEC, NPC, DTI)

We do not sell, rent, or trade personal data to third parties for marketing purposes. We do not use personal data for automated profiling that produces legal or similarly significant effects without a human review step.

§ 4. AI Systems & Automated Processing

Bleunk deploys AI agents that process personal data during interactions. In compliance with NPC Advisory No. 2024-04 on AI systems, we maintain:

Immutable Audit Logs

Every AI agent action is timestamped and stored in an append-only audit log. Logs include: input received, decision/output generated, escalation triggered (Y/N), and human override (Y/N).

Human-in-the-Loop Escalation

Agents are configured with escalation triggers (e.g. complaints, refund requests, transactions above threshold). When triggered, the agent pauses and routes to a human operator within 2 business hours.

Financial Guardrails

AI agents cannot execute financial transactions exceeding user-defined limits without explicit human approval. Default maximum: ₱10,000 per transaction.

Bias Monitoring

Agent outputs are monitored for systematic bias patterns. Anomalies trigger human review and, where necessary, model retraining or agent suspension.

Transparency to Data Subjects

Any person interacting with a Bleunk AI agent is informed they are communicating with an AI system. The agent's capability boundaries and escalation path are disclosed upfront.

§ 5. Your Rights Under RA 10173

Right to be Informed

Know what data we collect, why, and how it is used — as described in this policy.

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data, subject to legal retention obligations.

Right to Object

Object to the processing of your personal data for specific purposes.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Lodge a Complaint

File a complaint with the National Privacy Commission (privacy.gov.ph).

Right to Damages

Claim compensation for damages suffered as a result of a data breach or RA 10173 violation.

To exercise any of these rights, email hello@bleunk.com. We will respond within 15 calendar days.

§ 6. Cookies & Tracking

We use cookies for three purposes, each requiring separate consent:

Required

Functional (Required)

Session management, authentication, CSRF protection. Cannot be disabled.

Optional

Analytics (Optional)

Anonymized usage statistics to improve platform performance. No cross-site tracking.

Optional

Marketing (Optional)

Personalized content and retargeting. Only enabled with explicit consent.

Consent preferences can be updated at any time via the cookie banner.

§ 7. Data Security

AES-256 encryption at rest

TLS 1.3 in transit

Bcrypt password hashing (cost factor 12)

Strict-Transport-Security headers

SOC 2 Type II aligned infrastructure

Automated vulnerability scanning

Breach notification within 72 hours (RA 10173)

Regular privacy impact assessments (PIA)

§ 8. Changes to This Policy

We reserve the right to update this Privacy Policy to reflect changes in our practices, legal requirements, or service offerings. Material changes will be communicated via email to registered users and/or a prominent notice on bleunk.com at least 30 days before taking effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

Bleunk Technologies Inc. · 32nd Street, BGC, Taguig, Metro Manila 1634, Philippines · hello@bleunk.com
This Privacy Policy is governed by Philippine law. Effective January 15, 2026.

Your data. Your rights.