ogeeda
Book Demo

Privacy Policy

Last Updated: March 23, 2026

Service Provider: John Cedrick Bermejo, operating as Ogeeda  |  Molave, Zamboanga del Sur, Philippines  |  support@ogeeda.com

1. Introduction

We respect your privacy. This policy explains what information Ogeeda collects, how we use it, and how we protect it. This policy is designed to meet the requirements of the Republic of the Philippines' Data Privacy Act of 2012 (Republic Act No. 10173) and applicable data protection regulations of the Apple App Store and Google Play Store.

2. Information We Collect

We collect the following personal information to provide our services. All data is linked to your identity. We do not use any of it for tracking or advertising.

A. Contact Information

  • Full Name: For account management and personalization.
  • Email Address: For authentication, password resets, and important account notifications.
  • Phone Number (optional): For business communication preferences, if provided.

B. Identifiers

  • User ID: Your unique account identifier.
  • Device ID: To deliver push notifications to your specific device.

C. Device & Technical Information

  • Push Notification Token: To deliver booking alerts and reminders. Only collected if you grant notification permission.
  • Local Storage: App settings and cached data stored on your device for offline functionality.

D. Purchases

  • Subscription Status & History: Managed via RevenueCat to validate your plan and unlock premium features.

E. Business Data You Enter

You own all data you create within the app. This includes, but is not limited to:

  • Customer records: Names, email addresses, phone numbers, driver's license numbers and expiry dates, home addresses, and emergency contact information (names and phone numbers of third parties you enter).
  • Vehicle records: Make, model, year, license plate numbers, VIN numbers, photos, and operational data.
  • Booking records: Rental dates, pickup and return addresses, assigned customer and vehicle, pricing, fees, discounts, commission data, and affiliate assignment details.
  • Financial records: Expenses, revenue summaries, and commission calculations.
  • Affiliate records: Per-booking affiliate assignments, commission types (percentage or fixed), commission rates, ownership direction (whether the affiliate or the business owns the vehicle), and calculated commission amounts.
  • Other records: Staff profiles, promotions, pricing groups, and notes.

Emergency contact information entered for customers constitutes third-party personal data. You are responsible for ensuring you have a legitimate basis for storing this information within the app.

F. Camera & Photos — AI Auto-Fill (Optional Feature)

The AI Auto-Fill feature (available on Pro and Suite plans) lets you scan a booking screenshot or photo to automatically extract booking details. When you use this feature:

  • You choose to capture a photo with your camera or select one from your gallery — this is always optional and user-initiated.
  • The image is sent securely to Google Gemini AI for text extraction only.
  • Images are never stored by Ogeeda or by Google beyond the duration of the request. Only the extracted text fields (e.g., customer name, dates) are retained as part of your booking record.
  • Camera and photo library permissions are requested on first use and are never accessed in the background.

This data type is classified as not linked to identity and not used for tracking — it is processed ephemerally solely for app functionality.

G. Invoice & Receipt Generation (Optional Feature)

When you use the invoice or receipt generation feature, the following applies:

  • Customer names and email addresses from your existing booking records are used to populate the generated document and to pre-fill the recipient field in your device's native mail app. Ogeeda does not send any email on your behalf — the mail app is opened with fields pre-filled, and you choose whether to send it.
  • Generated PDF files are temporarily saved to your device's local cache solely for the purpose of attaching them to an email or sharing them. These files are never uploaded to our servers.
  • Your business details — including company name, bank account information, signatory name and title, tax settings, and business logo — are saved to your device's local storage (AsyncStorage) to pre-fill future invoices and receipts. This data is stored only on your device and is never transmitted to our servers.
  • If you upload a business logo, it is stored locally on your device as part of your invoice/receipt settings. It is not shared with or uploaded to Ogeeda servers.

Invoice and receipt sequence counters (last used number and date) are also stored locally to auto-increment document numbers across sessions.

H. Financial Report Export (Optional Feature)

When you use the financial report export feature, the following applies:

  • The exported XLSX file may include customer names, phone numbers, and email addresses from your booking records, along with financial data such as revenue, commissions, and booking details.
  • The file is generated and cached locally on your device. It is never uploaded to our servers.
  • Sharing is initiated by you through your device's native share sheet (e.g., email, messaging apps, cloud storage). Ogeeda does not control or track where you send the file.
  • You are solely responsible for ensuring that exported data is handled, stored, and shared in compliance with applicable data protection laws in your jurisdiction.

We do NOT collect:

  • GPS or device location data (we store pickup and return addresses that you manually enter in booking records, but we never access your device's location)
  • Camera or photos in the background or without your explicit action
  • Persistent copies of any photos you use for AI Auto-Fill — images are discarded immediately after AI processing
  • Contacts from your address book
  • Browsing history
  • Advertising identifiers (IDFA/GAID)
  • Analytics or behavioral tracking data

2.1 Android Permissions

When using Ogeeda on Android, we request the following permissions:

  • INTERNET: Required for all app functionality.
  • ACCESS_NETWORK_STATE: To detect offline/online status.
  • POST_NOTIFICATIONS: To send booking reminders and alerts. Optional — you can decline.
  • VIBRATE: For notification vibration delivery.
  • READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE: For offline data caching and local file storage.
  • CAMERA: To capture photos for the AI Auto-Fill feature. Optional — only requested when you initiate an AI Auto-Fill scan using your camera.
  • READ_MEDIA_IMAGES: To select photos from your gallery for the AI Auto-Fill feature and to upload your business logo for invoices and receipts. Optional — only requested when you use these features.

You can manage permissions at any time in Settings → Apps → Ogeeda → Permissions.

Background Processing Disclosure

Ogeeda uses background services to deliver scheduled booking reminders, overdue return alerts, and subscription status updates — even when you are not actively using the app. This processing uses only your booking and notification data. It does not collect new data while running in the background.

3. How We Use Your Information

We use your data to:

  • Authenticate your identity and maintain your session.
  • Display your business data securely.
  • Manage your subscription status via RevenueCat.
  • Send push notifications for booking updates and alerts (with your permission).
  • Send important account emails such as password resets.
  • Enable offline functionality via local device caching.
  • Run automated processes such as booking time alerts, overdue return reminders, and subscription status syncs via our serverless infrastructure.
  • Maintain internal notification logs to prevent duplicate alerts.
  • Process photos or screenshots you submit through the AI Auto-Fill feature to extract booking details. Images are transmitted to Google Gemini AI solely for text extraction and are discarded immediately after. Only the extracted booking fields are saved.
  • Track your daily AI extraction usage count to enforce plan limits.
  • Generate invoice and receipt PDF documents on your device using booking and customer data you select. PDFs are temporarily cached on your device and never uploaded to our servers. Your business settings (company name, bank details, tax configuration, logo) are saved locally on your device to pre-fill future documents.
  • Generate financial report spreadsheets (XLSX) on your device containing revenue summaries, vehicle performance, and booking details — including customer names, phone numbers, and email addresses. Reports are cached locally and shared only when you choose to do so via your device's share sheet. They are never uploaded to our servers.
  • Track per-booking affiliate assignments and calculate commissions on outsourced bookings. Affiliates can only access commission reports and booking data for bookings they are assigned to.

4. How We Share Your Information

We do not sell your personal data. We share data only with trusted service providers required to operate Ogeeda:

Infrastructure & Services

  • Supabase (Database Hosting): Stores your account and business data securely. Data may be stored in the United States. Privacy Policy
  • RevenueCat (Subscription Management): Syncs your subscription status across devices. Privacy Policy
  • Expo (Push Notifications): Delivers booking alerts and reminders when you opt in. Privacy Policy
  • Google Gemini AI (AI Auto-Fill): When you use the AI Auto-Fill feature, the photo or screenshot you select is sent to Google's Gemini API for text extraction. Google processes the image ephemerally to extract booking fields — the image is not retained or used for model training by Google under their API terms. Google Privacy Policy
  • Email Service Provider: To send password reset emails and important account notifications.

Platform Providers

Apple App Store / Google Play handles in-app purchases and subscriptions. We only receive an anonymized receipt to confirm your subscription status — we do not receive your payment details.

Within Your Organization

If your organization uses the Affiliate feature, limited booking and commission data is visible to affiliate members for bookings they are assigned to. Affiliates can only see data related to their own assigned bookings — they cannot access other organization data such as customer personal information, financials, or unrelated bookings.

We do not use analytics services, advertising networks, or data brokers.

5. Data Retention

  • Active Account: Data is retained for as long as your account is active.
  • Subscription Cancellation: Your subscription entitlement data is cleared. Your account and business data remain intact on the free Starter plan.
  • Account Deletion: Your account is deactivated immediately upon request. After a 30-day grace period: your authentication account (login credentials and identity) is permanently deleted; your personal data in your profile (name, email, phone) is anonymized — replaced with non-identifiable placeholders. An anonymized profile record is retained solely to preserve the integrity of historical business data (bookings, transactions) as required by BIR regulations. See Section 7 for deletion instructions.
  • Financial Records: Booking and transaction records may be retained for up to 10 years as required by Bureau of Internal Revenue (BIR) regulations.
  • Audit Logs: Internal system logs that track data changes for security and integrity purposes may be retained beyond the 30-day personal data deletion window. These logs are used solely for security auditing and are not shared with any third party.
  • Notification Logs: Records of push notifications sent are retained temporarily to prevent duplicate alerts and are not linked to personal data after the associated booking is resolved.

6. Security

We protect your data using:

  • TLS encryption for all data in transit.
  • Infrastructure-level encryption at rest provided by Supabase (disk encryption). Data values are not individually encrypted at the column level.
  • Row-level security to ensure your data is only accessible by authorized members of your organization.
  • No third-party analytics or tracking tools.

7. Your Rights & Data Deletion

You have the right to access, correct, or delete your personal data. Under the Philippine Data Privacy Act (RA 10173), you also have the right to data portability and to withdraw consent at any time.

Delete Account

You can delete your account and all associated data at any time using either of the following methods:

Option 1 — In-App (immediate)

  1. Go to the Business tab.
  2. Tap Delete Account below the Sign Out button.
  3. Enter your password and tap Delete to confirm.

Option 2 — Web Request

Submit a deletion request through our support page: ogeeda.com/support or email support@ogeeda.com with the subject line "Account Deletion Request." We will process your request within 7 business days.

Your account will be deactivated immediately. After a 30-day grace period, your authentication account (login credentials) is permanently deleted and your personal data (name, email, phone) is anonymized — replaced with non-identifiable placeholders. Your push notification tokens are permanently deleted. An anonymized profile record is retained to preserve the integrity of historical business records as required by BIR regulations.

Financial transaction records (bookings, payments) are retained for up to 10 years as required by BIR regulations. Audit logs may be retained for security purposes as described in Section 5.

Withdraw Consent for Push Notifications

You can withdraw your consent for push notifications at any time without deleting your account:

  • iOS: Settings → Notifications → Ogeeda → toggle off
  • Android: Settings → Apps → Ogeeda → Notifications → toggle off

Withdrawing notification consent does not affect your access to any app features.

For other data requests (access, correction, portability), contact us at support@ogeeda.com.

8. Children's Privacy

Ogeeda is a business management tool not directed at children. We do not knowingly collect personal information from anyone under 13 years of age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@ogeeda.com and we will delete that information promptly.

9. Changes to This Policy

We may update this policy occasionally. If we make significant changes, we will notify you via email to your registered address.

10. Contact

Ogeeda

Operated by John Cedrick Bermejo

Molave, Zamboanga del Sur, Philippines

Email: support@ogeeda.com

Support: https://ogeeda.com/support

Privacy requests (access, correction, deletion): support@ogeeda.com