Logbook PH

Privacy Policy

Effective Date: April 29, 2026 | Last Updated: April 29, 2026

Puka Consulting | Logbook PH is a product of Puka Consulting

1. Who We Are

Logbook PH is a Software-as-a-Service platform for restaurant and food & beverage operations management. It is developed and operated by Puka Consulting, a corporation organized and existing under the laws of the Republic of the Philippines.

Note: Puka Consulting is required to register with the National Privacy Commission (NPC) as a personal information controller once the business meets the threshold for registration under NPC Circular 17-01. This registration will be completed prior to processing personal data of users at scale.

2. Our Role: Data Controller and Data Processor

Under the Data Privacy Act of 2012, different parties have different responsibilities depending on their role in processing personal data. Understanding our role is important for transparency.

Organization Admins are responsible for ensuring that personal data of their employees and users entered into Logbook PH has been collected with appropriate notice and, where required, consent under applicable law.

3. What Personal Data We Collect

We collect only the personal data that is necessary for the purposes described in this policy. The categories of data we collect are described below.

3.1 Data You Provide Directly

3.2 Data Collected Automatically

3.3 What We Do Not Collect

We do not collect or store:

• Government-issued ID numbers (e.g., SSS, PhilHealth, TIN, UMID)

• Bank account numbers or financial account details of individuals

• Biometric data of any kind

• Sensitive personal information as defined under Section 3(l) of RA 10173, unless explicitly required and disclosed

• Personal data of minors

4. Legal Basis for Processing

Under the Data Privacy Act of 2012, we process personal data on the following legal bases:

5. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

5.1 Providing the Service

• Creating and managing your organization account and user accounts.

• Authenticating users and enforcing role-based access controls.

• Storing and displaying operational records (daily closing forms, budget data, reports).

• Sending transactional emails, including invoices, payment confirmations, and system notifications.

• Sending pre-trial-end and pre-renewal reminder emails.

5.2 Improving the Service

• Analyzing anonymized and aggregated usage patterns to improve platform features.

• Identifying and resolving technical issues and performance bottlenecks.

• Developing new features based on how customers use the platform.

5.3 Security and Fraud Prevention

• Detecting and preventing unauthorized access attempts and account takeovers.

• Monitoring for suspicious login patterns and triggering account lockouts when appropriate.

• Maintaining audit logs for compliance and investigation purposes.

5.4 Legal and Compliance

• Maintaining transaction records as required by the Bureau of Internal Revenue (BIR).

• Responding to lawful requests from government authorities or courts.

• Enforcing our Terms and Conditions and other policies.

5.5 Marketing Communications (Opt-In Only)

• If you have opted in, we may send product updates, new feature announcements, and relevant offers.

• You may unsubscribe from marketing emails at any time using the unsubscribe link in each email.

• Transactional emails (invoices, account notices, security alerts) are not subject to marketing opt-out and are sent as part of the Service.

6. Data Sharing and Third-Party Processors

We do not sell, rent, or trade your personal data to third parties. We share personal data only with the service providers necessary to operate the platform, and only to the extent required for their specific function.

6.1 Our Third-Party Sub-Processors

6.2 Disclosure of Offshore Data Processing

6.3 Other Disclosure Circumstances

We may also disclose personal data in the following limited circumstances:

• To comply with a court order, legal process, or lawful request from a Philippine government authority or the National Privacy Commission.

• To protect the rights, property, or safety of Puka Consulting, our customers, or the public.

• In connection with a merger, acquisition, or transfer of business operations, with advance notice to affected users.

• With your explicit consent for any other purpose not described in this policy.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, and resolve disputes.

After the applicable retention period, data is securely deleted or anonymized. You may request early deletion of your data by submitting a written request to corporate@logbook.ph, subject to any legal retention obligations that prevent us from complying immediately.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, loss, destruction, alteration, or disclosure.

8.1 Technical Measures

• All data in transit is encrypted using TLS (Transport Layer Security).

• Passwords and PINs are hashed using industry-standard cryptographic algorithms and are never stored in plain text.

• Access to production systems is restricted to authorized personnel only.

• Database access is controlled through role-based permissions at the infrastructure level.

• Regular security updates and patches are applied to all platform components.

8.2 Organizational Measures

• Access to personal data is limited to staff who require it to perform their job functions.

• We conduct periodic reviews of access controls and security practices.

• Third-party providers are assessed for their security practices before engagement.

8.3 Limitations

No method of data transmission over the internet or method of electronic storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security. In the event of a security breach that is likely to result in harm to data subjects, we will notify affected individuals and the National Privacy Commission within the timeframes required by the Data Privacy Act of 2012 and NPC Circular 16-03.

9. Your Rights as a Data Subject

Under the Data Privacy Act of 2012, you have the following rights with respect to your personal data. These rights apply to personal data for which Puka Consulting acts as the Personal Information Controller.

9.1 How to Exercise Your Rights

To exercise any of the above rights, submit a written request to our Data Protection Officer:

• Email: corporate@logbook.ph

• Subject line: “Data Subject Rights Request — [Your Name / Organization]”

• Include: Your full name, your organization name, the right you wish to exercise, and a description of your request.

We will acknowledge your request within 3 business days and respond substantively within 15 business days. Where we are unable to fulfill a request (e.g., due to a legal retention obligation), we will explain the reason in writing.

9.2 Identity Verification

To protect your privacy, we will verify your identity before processing any data subject rights request. We may ask you to provide proof of identity or confirm account details before disclosing, correcting, or deleting personal data.

9.3 Rights of Employees Registered by an Organization

If your personal data was submitted to Logbook PH by your employer (e.g., you were registered as a Manager or Cashier user), your employer’s Organization Admin is the primary point of contact for data subject requests related to your account. You may also contact us directly, and we will coordinate with your organization’s admin where appropriate.

10. Cookies and Tracking Technologies

Logbook PH uses cookies and similar tracking technologies to operate and improve the platform. Cookies are small text files stored on your device.

10.1 Types of Cookies We Use

10.2 Cookie Consent

On your first visit to logbookph.com, you will be presented with a cookie consent banner. You may accept all cookies, accept only necessary cookies, or customize your preferences. You can update your cookie preferences at any time through the cookie settings link in the site footer.

Strictly necessary cookies cannot be disabled as they are required for the platform to function correctly.

10.3 Third-Party Cookies

Some third-party providers we use (such as analytics services) may set their own cookies. These are governed by the privacy policies of those providers. We do not use third-party advertising cookies.

11. Children's Privacy

Logbook PH is intended for use by businesses and their adult employees. We do not knowingly collect personal data from individuals under the age of 18.

If you believe that a minor’s personal data has been submitted to our platform without appropriate authority, please contact us immediately at corporate@logbook.ph and we will take steps to delete that data.

12. Links to Third-Party Sites

The Logbook PH platform or our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access through links on our platform.

13. NPC Registration and Compliance

Puka Consulting is committed to full compliance with the Data Privacy Act of 2012 and all issuances of the National Privacy Commission. As required:

• We have appointed a Data Protection Officer (DPO) responsible for overseeing data privacy compliance.

• We will register with the National Privacy Commission upon meeting the applicable registration threshold under NPC Circular 17-01.

• We will maintain a Privacy Management Program (PMP) and conduct regular Privacy Impact Assessments (PIAs) as our platform scales.

• In the event of a personal data breach that poses a risk to data subjects, we will notify the NPC within 72 hours of discovery and notify affected individuals without undue delay, in accordance with NPC Circular 16-03.

Data subjects who have concerns about how their personal data is handled may file a complaint directly with the National Privacy Commission:

• Website: www.privacy.gov.ph

• Email: complaints@privacy.gov.ph

• Address: 3rd Floor, Core G, GSIS Headquarters, Roxas Boulevard, Pasay City, Metro Manila

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Notify active users by email at least 14 days before the changes take effect.

• Update the “Last Updated” date at the top of this policy.

• Post the updated policy at logbookph.com/privacy.

Your continued use of Logbook PH after the effective date of any updated Privacy Policy constitutes your acknowledgment of the changes. We encourage you to review this policy periodically.

15. Contact Our Data Protection Officer

For any questions, concerns, or requests related to this Privacy Policy or our data privacy practices, please contact our Data Protection Officer:

This Privacy Policy is governed by the laws of the Republic of the Philippines, including Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations. The current version is always available at logbookph.com/privacy.