Privacy Policy

Privacy Policy

Version 1.0  |  Effective Date: February 1, 2026

How BayaniChain collects, uses, stores, and protects information on the Lumen Platform


BayaniChain Tech Inc.
Email: legal@bayanichain.io | Website: www.lumenblock.io


1. Overview


BayaniChain Corporation ("BayaniChain," "we," "our," or "us") is committed to protecting the privacy of individuals and organizations that use the Lumen Blockchain-as-a-Service platform ("Lumen" or the "Platform"). This Privacy Policy explains how we collect, process, store, and protect personal and organizational data in accordance with Republic Act No. 10173, the Data Privacy Act of 2012 of the Philippines ("DPA"), its Implementing Rules and Regulations, and relevant international standards.

This Policy applies to all Clients, Authorized Users, visitors to our website, and other parties whose information we process in connection with the Lumen Platform. By accessing or using Lumen, you consent to the practices described in this Policy.



2. Data We Collect


2.1 Account and Identity Information

When onboarding to Lumen, we collect information necessary to establish and manage your account, including:

  • Organization name, business registration details, and government ID or tax identification number.

  • Names, job titles, email addresses, and contact numbers of Authorized Users and account administrators.

  • Billing information, including bank account details or payment references (processed via secure payment gateways; BayaniChain does not store raw payment card data).


2.2 Usage and Technical Data

We automatically collect technical data when you interact with the Platform, including:

  • IP addresses, device identifiers, browser type, and operating system.

  • API call logs, timestamps, and error logs.

  • Feature usage patterns and dashboard interaction data.

  • System performance metrics and audit trail data.


2.3 On-Chain Transaction Data

Lumen is a blockchain platform. Transactions committed to the chain are immutable and public within the chain's scope. The Client is responsible for determining what data is submitted to the chain. BayaniChain processes transaction metadata (such as hash values, timestamps, and block references) as part of normal platform operation.


2.4 Support and Communication Data

When you contact BayaniChain for support, training, or other communications, we may collect and retain the content of those communications, including submitted support tickets, attachments, and correspondence.


2.5 Data Submitted by Clients

Documents, records, and other content uploaded to Lumen for indexing, OCR processing, or on-chain recording are stored and processed on behalf of the Client. BayaniChain acts as a data processor for such data, with the Client as the data controller.



3. How We Use Your Data


BayaniChain uses collected information for the following purposes:

  • To provision, operate, and maintain the Lumen Platform.

  • To authenticate Authorized Users and secure account access.

  • To process billing and manage Client accounts.

  • To provide technical support and respond to service requests.

  • To monitor platform performance, detect anomalies, and prevent unauthorized access.

  • To send service-related communications, including maintenance notices and policy updates.

  • To comply with applicable legal, regulatory, and contractual obligations.

  • To improve and develop Platform features through anonymized analytics.

BayaniChain does not sell, rent, or trade personal or organizational data to third parties for marketing or advertising purposes.



4. Legal Bases for Processing


We process personal data on the following legal bases under the DPA:

  • Consent: Where you have expressly consented to specific processing activities.

  • Contractual necessity: Where processing is required to perform the Service Agreement.

  • Legal obligation: Where processing is required to comply with applicable law or regulatory requirements.

  • Legitimate interests: Where processing is necessary for BayaniChain's legitimate interests, including security monitoring and platform improvement, provided these interests are not overridden by the data subject's rights.



5. Data Retention


BayaniChain retains personal and organizational data for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods include:

  • Account and identity data: Retained for the duration of the Client relationship plus five (5) years, in compliance with applicable record-keeping laws.

  • Usage and technical logs: Retained for seventy-two (72) months for security and audit purposes.

  • Support communications: Retained for three (3) years from date of resolution.

  • Client-submitted data (off-chain): Retained for sixty (60) days post-termination of the Service Agreement, after which it is permanently deleted unless otherwise required by law.

Note: On-chain data is inherently immutable and cannot be deleted. BayaniChain has no technical capability to alter or remove data that has been committed to the blockchain.



6. Data Sharing and Disclosure


BayaniChain may share data with:

  • Service providers and subprocessors who assist in operating the Platform (e.g., cloud infrastructure providers, payment processors), under contractual data processing agreements that require equivalent privacy protections.

  • Government authorities or law enforcement agencies, when required by applicable law, court order, or to protect the rights and safety of BayaniChain or others.

  • Successors in interest in the event of a merger, acquisition, or corporate restructuring, subject to continued protection of data under terms no less restrictive than this Policy.

BayaniChain will notify Clients of any legally permissible government data requests unless prohibited from doing so by applicable law.



7. Data Security


BayaniChain implements technical, organizational, and administrative safeguards appropriate to the sensitivity of the data processed, including:

  • End-to-end encryption for data in transit (TLS 1.2 or higher).

  • Encryption at rest for stored Client data.

  • Role-based access controls and multi-factor authentication for internal systems.

  • Regular vulnerability assessments, penetration testing, and security audits.

  • Incident response and data breach notification procedures in accordance with DPA requirements.

Despite these measures, no system is completely impenetrable. BayaniChain cannot guarantee absolute security and is not liable for breaches resulting from events beyond its reasonable control.



8. Cross-Border Data Transfers


Lumen operates primarily within Philippine-based infrastructure. Where data is processed or stored outside the Philippines, BayaniChain ensures that such transfers comply with the requirements of the DPA and applicable international frameworks, including the use of standard contractual clauses or adequacy assessments where required.



9. Rights of Data Subjects


Under the Data Privacy Act of 2012, individual data subjects have the following rights, which may be exercised by submitting a request to privacy@bayanichain.io:

  • Right to be informed: The right to know what personal data BayaniChain holds and how it is used.

  • Right to access: The right to obtain a copy of personal data held by BayaniChain.

  • Right to rectification: The right to request correction of inaccurate or incomplete personal data.

  • Right to erasure or blocking: The right to request deletion or blocking of data where processing is unlawful or no longer necessary, subject to legal retention obligations and the technical limitations of immutable blockchain records.

  • Right to data portability: The right to receive personal data in a structured, machine-readable format.

  • Right to object: The right to object to processing based on legitimate interests.

  • Right to file a complaint: The right to lodge a complaint with the National Privacy Commission (NPC) of the Philippines.

BayaniChain will respond to verified data subject requests within fifteen (15) business days of receipt.



10. Cookies and Tracking Technologies


The Lumen web dashboard and associated web properties may use cookies and similar tracking technologies for session management, analytics, and security purposes. Clients may manage cookie preferences through their browser settings. Disabling essential cookies may impair Platform functionality.



11. Children's Privacy


The Lumen Platform is designed for use by organizations, government agencies, and business professionals. It is not directed at individuals under the age of 18. BayaniChain does not knowingly collect personal data from minors.



12. Changes to This Policy


BayaniChain may update this Privacy Policy to reflect changes in legal requirements, Platform features, or data processing practices. Material changes will be communicated to Clients via email or in-platform notification at least thirty (30) days before the effective date. Continued use of the Platform following notification constitutes acceptance of the updated Policy.



13. Data Protection Officer


BayaniChain has designated a Data Protection Officer (DPO) responsible for overseeing compliance with the DPA and this Policy.

Paul Soliman
Data Protection Officer


BayaniChain Corporation

Email: privacy@bayanichain.io

Enderun Design & Innovation Campus, 2nd Floor, Estancia Mall South Wing, Meralco Avenue, Brgy Oranbo, Ortigas Center, Pasig  City, 1605 Philippines