Contents
This Privacy Policy explains how your personal data is handled when you visit or use The Good Harvest Knowledge Grid (the "Platform", tgh.dfvfoundation.com). We are committed to protecting your privacy and processing your data lawfully, fairly, and transparently in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, and — where applicable — international standards such as the EU General Data Protection Regulation (GDPR). By using the Platform, you acknowledge you have read and understood this Policy.
1. Who We Are
The Platform is owned and operated by the Defending Family Values Foundation, Inc. ("DFVF", "we", "us"), a non-stock, non-profit foundation in the Philippines, which acts as the Personal Information Controller. The Platform is built and maintained on DFVF's behalf by Morph Tech Inc., which acts as a Personal Information Processor. For privacy questions, see Contact below.
2. Information We Collect
Information you give us
- Account information — your full name, email address, and password (passwords are stored only as secure cryptographic hashes; we never see them in plain text).
- Purchases & enrollments — the courses, resources, and live trainings you buy or enroll in, including access codes you redeem.
- Payment details — when you pay, your card or e-wallet details are entered directly with our payment processor (PayMongo). We receive only a transaction reference and status — we do not collect or store your full card number.
- Content you submit — testimonials, messages, support requests, and similar communications.
- Donations — amounts, designated programs, and optional messages you provide through "Take a Byte".
Information collected automatically
- Usage data — pages viewed, courses and lessons accessed, progress, and similar activity.
- Device & technical data — IP address, browser type, device type, and timestamps, used for security and to keep the service working.
- Cookies & local storage — see Cookies.
3. How We Use Your Information
- To create and manage your account and authenticate your sign-ins.
- To deliver courses, resources, and live trainings — including sending Zoom links and access codes to enrolled participants.
- To process payments, enrollments, and donations, and to issue confirmations and receipts.
- To provide customer and technical support.
- To send service-related communications (e.g., confirmations, schedule changes, security notices).
- To maintain security, prevent fraud and abuse, and comply with legal obligations.
- To improve the Platform and understand how it is used.
We do not sell your personal data. We do not use your data for unrelated third-party advertising.
4. Legal Bases for Processing
We process personal data on one or more of the following bases: your consent (which you may withdraw at any time); the performance of a contract with you (e.g., delivering a course you purchased); compliance with a legal obligation; and our legitimate interests in operating, securing, and improving the Platform, balanced against your rights.
5. Cookies & Similar Technologies
We use a minimal set of cookies and browser local storage that are necessary for the Platform to function — for example, to keep you signed in and to remember which "What's New" notices you have seen. We do not use advertising or cross-site tracking cookies. You can clear or block cookies in your browser settings, but some features (like staying logged in) may stop working.
6. Sharing & Third-Party Service Providers
We share personal data only as needed to operate the Platform, and only with providers bound to protect it. These include:
- Supabase — database, authentication, and file storage.
- Vercel — website hosting and content delivery.
- PayMongo — payment processing for purchases and donations.
- Resend — delivery of transactional emails (confirmations, access codes).
- Zoom — hosting of live training sessions; if you join a session, your participation is also subject to Zoom's policies.
- Google Fonts — typography delivery.
Each provider processes data under its own privacy terms. We may also disclose data where required by law, to protect rights and safety, or in connection with a lawful request from a competent authority.
7. Payments
Payments are processed by PayMongo. Your sensitive payment credentials are submitted directly to PayMongo over an encrypted connection and are governed by PayMongo's privacy and security practices. The Platform stores only non-sensitive records such as the amount, status, and a transaction reference.
8. Data Retention
We keep personal data only as long as necessary for the purposes described here — for the life of your account, and afterward as required for legitimate business, accounting, tax, or legal purposes. You may request deletion of your account and associated personal data (subject to records we must retain by law).
9. Security
We apply organizational and technical safeguards appropriate to the risk, including encrypted connections (HTTPS), hashed passwords, role-based access controls, and row-level security on our database so that users can only access data they are permitted to see. No method of transmission or storage is completely secure, but we work to protect your information and to address any incident responsibly.
10. Your Rights
Subject to applicable law, you have the right to:
- Be informed about how your data is processed;
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase or block data, and to request deletion of your account;
- Object to or restrict certain processing, and to withdraw consent;
- Data portability — obtain a copy of your data in a usable format;
- Lodge a complaint with the National Privacy Commission (NPC) of the Philippines, or your local data protection authority.
To exercise any right, contact us using the details below. We will respond within the timeframes required by law.
11. Children's Privacy
The Platform is intended for users 18 years and older. Minors may use it only with the involvement and consent of a parent or guardian, who accepts responsibility for that use. We do not knowingly collect data from children under 13. If you believe a child has provided us data without proper consent, contact us and we will delete it.
12. International Data Transfers
Some of our service providers may process data on servers located outside the Philippines. Where data is transferred internationally, we take steps to ensure it remains protected by appropriate safeguards consistent with this Policy and applicable law.
13. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, notify you. Continued use of the Platform after changes take effect means you accept the updated Policy.
14. Contact Us
Defending Family Values Foundation, Inc. — Personal Information Controller
Email: coritob2009@gmail.com
Platform & technical processor: Morph Tech Inc. — developer@morphtechinc.com
If you have concerns we cannot resolve, you may contact the National Privacy Commission of the Philippines (privacy.gov.ph).