Privacy Policy

This Privacy Policy describes how Ravencore IT Solutions (“we”, “our”, “us”), a Philippine-registered sole proprietorship (DTI Business Name Registration No. 7998310) based in Cebu City, Philippines and the operator of LaundryVerse, collects, uses, and protects your data when you use the LaundryVerse service (the “Service”).

1. Information We Collect

We collect the following types of information:

• Account information: Name, email address, and password when you register
• Authentication data: OAuth tokens and profile information when you sign in with Google or Facebook
• Business data: Store information, employee details (names, PINs), shift records, and order data you create within the Service
• Customer information your business collects: When your staff create customer records or orders in the Service, we store the customer details they enter (name, phone number, email, address, visit history, loyalty points). You are the Data Controller for this customer information; see Section 5 for the controller/processor relationship and your responsibilities.
• Location data (employee clock-in, optional): If your store has a configured geofence, the Stations app requests precise location (GPS) when an employee clocks in or out, in order to verify the employee is physically on-site. Location is only sampled at the moment of the clock-in/out action and is not tracked in the background. The employee may deny the browser permission; if no geofence is configured for the store, clock-in still proceeds without coordinates. Coordinates that are captured are stored on the employee's timecard record and are visible to the shop owner.
• Payment information: Billing details for LaundryVerse subscriptions are processed through PayMongo. We do not store your card details directly. Payment-method metadata for transactions in your shop's point of sale (e.g., “Cash”, “GCash”, “Maya”) is recorded as a label only — no card numbers, CVVs, or bank account numbers are entered into the Service.
• Usage data: Pages visited, features used, interactions, error events, and general performance data collected via Google Analytics 4 and Sentry. See Section 7 (Third-Party Services) for what each provider receives.

2. Loyverse Integration Data (Optional)

Connecting a Loyverse POS account is optional. If you choose to connect one during onboarding, we perform a one-time import of the following data from Loyverse:

• Items and categories
• Customer records
• Store information

This data is imported so you can start using LaundryVerse without re-entering your existing catalog. Your Loyverse API tokens are encrypted at rest using AES-256-GCM encryption and are never shared with third parties. You may disconnect your Loyverse account at any time from your dashboard settings.

3. How We Use Your Data

We use your information to:

• Provide and maintain the Service
• Sync data between LaundryVerse and your Loyverse POS
• Process subscription payments
• Send important service-related notifications
• Improve the Service based on usage patterns
• Provide customer support

4. Data Storage and Security

Your data is stored in MongoDB databases hosted on secure cloud infrastructure. We implement the following security measures:

• Encryption at rest: Sensitive data (Loyverse API tokens) is encrypted using AES-256-GCM
• Secure authentication: Passwords are hashed and salted; sessions use JWT tokens
• Multi-tenant isolation: Each business's data is isolated using tenant-specific identifiers
• HTTPS: All data in transit is encrypted via TLS

5. Customer Information — Controller and Processor Responsibilities

When your laundry shop's staff record a customer's personal information (name, phone, email, address, visit history, loyalty points) inside LaundryVerse, the legal roles are:

• You (the laundry shop owner) are the Data Controller. You decide what customer information to collect, why you collect it, and how long you keep it. You are responsible for obtaining lawful consent from your customers under the Philippine Data Privacy Act of 2012 (RA 10173).
• Ravencore IT Solutions (operating LaundryVerse) is the Data Processor. We process that customer information only on your instructions, only to deliver the Service to you (storing records, sending SMS notifications when you enable them, generating receipts).

Practical implications: when a customer of yours requests access to, correction of, or deletion of their personal data, that request should be directed to you, not to LaundryVerse. We will support you in fulfilling those requests via your dashboard (customer search, edit, delete) and, if needed, by direct support.

6. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days after the end of your billing period. After account deletion, your data is permanently removed within 30 days, unless we are required by law to retain it.

Audit logs. We keep an audit log of administrative actions inside your account — sign-ins (successful and failed), password changes, subscription and billing events, settings and role/permission changes, and store edits. Each entry records the action, timestamp, the IP address and browser user-agent of the request, and a short description. We use this log for security (detecting suspicious account activity), customer support (investigating "I didn't change this" reports), and compliance with the Philippines Data Privacy Act. Audit log entries are automatically deleted after 12 months. You can view your own audit log in Dashboard → Activity Log → Admin.

7. Third-Party Services

We integrate with the following third-party services:

• PayMongo: Payment processing for LaundryVerse subscriptions. Card details are entered on PayMongo's hosted checkout and are never seen by LaundryVerse servers.
• Loyverse: Optional one-time data import during onboarding (items, customers, categories). Used only if you choose to connect a Loyverse account.
• Semaphore: SMS delivery for customer notifications and bulk campaigns. When you enable SMS, your customers' phone numbers and templated message bodies are sent to Semaphore for transmission.
• Resend: Transactional email delivery (account verification, receipts when emailed, support replies). Receives recipient email address and message content.
• Google Analytics 4: Product analytics. Loaded across the Service to measure page views, feature adoption, and aggregate usage patterns. GA4 receives a randomly-generated client ID, IP address, user-agent, and event metadata. We do not enable GA4 advertising features or remarketing.
• Sentry: Error monitoring, performance tracing, and Session Replay. Sentry receives unhandled exceptions, performance traces (sampled), and replays of in-app sessions (10% of sessions plus 100% of error sessions). Replays mask text inputs by default. Sentry also receives the signed-in user's ID and email address (used to associate errors with accounts for faster support resolution).
• Firebase Cloud Messaging (FCM): Push notification delivery on Android via Web Push. We send notification payloads to the FCM subscription endpoint that your browser registers; FCM relays the message to your device.
• Cloudflare R2: Object storage for item images uploaded by your business. Images are served via a public CDN URL.
• Google: OAuth authentication (optional sign-in method)
• Facebook: OAuth authentication (optional sign-in method)
• Railway: Application hosting for the main product
• Vercel: Hosting for the help center
• MongoDB Atlas: Database hosting for all application data

Each third-party service has its own privacy policy. We encourage you to review their policies.

8. International Data Transfers

Some of the third-party service providers listed in Section 7 are headquartered or operate infrastructure outside the Philippines (e.g., MongoDB Atlas, Railway, Vercel, Sentry, Resend). When we transfer your personal data to these providers, we take reasonable steps to ensure an adequate level of protection, including:

• Written data-processing agreements or equivalent contractual protections with each provider
• Encryption of data in transit (TLS) and at rest where supported
• Limiting access to only the data necessary for the service provided

By using LaundryVerse, you consent to your data being processed in jurisdictions outside the Philippines, subject to the safeguards described above.

9. Your Rights

In accordance with the Philippine Data Privacy Act of 2012 (RA 10173), you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Disconnect your Loyverse account at any time
• Export your data in a standard format. Self-serve export of customers, receipts, orders, and analytical reports (CSV/PDF) is available on the Business and Pro plans from your dashboard. On the Starter plan, you may request a one-time data export by emailing support; we will provide a CSV export within 30 days at no charge, as required by the Data Privacy Act of 2012.

To exercise any of these rights, contact us at [email protected].

10. Cookies and Similar Technologies

We use the following cookies and similar storage:

• NextAuth session cookie: Essential. Maintains your signed-in state for the admin and dashboard surfaces.
• DOD session cookie: Essential. Maintains the employee's PIN-based session on a bound POS or Stations device.
• Google Analytics cookies (`_ga`, `_ga_*`): Analytics. Used by Google Analytics 4 to identify a returning browser and measure aggregate usage. We do not use these cookies for advertising or remarketing.

We do not run third-party advertising or remarketing cookies. If you wish to opt out of Google Analytics specifically, you can install Google's Analytics Opt-Out Browser Add-on.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Data Protection Officer

In compliance with the Philippine Data Privacy Act of 2012 (RA 10173), Ravencore IT Solutions has designated a Data Protection Officer (DPO) responsible for overseeing compliance with data privacy laws and handling privacy-related inquiries for the LaundryVerse service.

• Data Protection Officer: Mark Arioste
• Email: [email protected]

You may contact the DPO directly for any privacy concerns, to exercise your rights under Section 9, or to report a suspected data breach.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at [email protected].

• Legal entity: Ravencore IT Solutions
• Registration: DTI Business Name Registration No. 7998310
• Address: Cebu City, Philippines