1. Introduction
Kinsweldo is a cloud-based payroll and HRIS software operated by QV Technologies OPC, a corporation duly registered under the laws of the Republic of the Philippines. This Privacy Policy explains how we collect, use, store, share, and protect personal data you provide to us, in full compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and its Implementing Rules and Regulations.
By accessing or using Kinsweldo, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy. If you do not agree, please discontinue use of the service.
2. Data We Collect
We collect the following categories of personal data:
- Personal identifying information — full name, email address, mobile number, date of birth, home address
- Government-issued identification numbers — SSS number, PhilHealth number, Pag-IBIG (HDMF) number, TIN (Tax Identification Number). These are encrypted at rest using AES-256-GCM.
- Employment data — position, department, employment type, hire date, salary grade, pay schedule
- Payroll data — gross pay, deductions (SSS, PhilHealth, Pag-IBIG, withholding tax, loan amortizations), net pay, 13th month pay, leave balances
- Attendance records — time-in, time-out, overtime hours, late deductions, absences, leave applications
- Account and usage data — login timestamps, IP addresses, browser/device type, pages visited, feature usage events
- Cookies and session data — see Section 7 for details
3. How We Use Your Data
We process personal data only for the following purposes:
- Payroll computation — computing employee net pay, statutory contributions, and withholding taxes in accordance with applicable Philippine law
- Government report generation — producing BIR Form 2316, SSS R3, PhilHealth RF-1, and Pag-IBIG reports
- Employee self-service portal — allowing employees to view their payslips, file leave requests, and manage their profile
- Customer support — responding to queries, resolving disputes, and improving service quality
- Product improvement — analyzing aggregated, anonymized usage data to improve features
- Legal compliance — fulfilling obligations under RA 10173, the National Internal Revenue Code, the Labor Code, and other applicable laws
- Security and fraud prevention — detecting and preventing unauthorized access to your account
4. Data Sharing
We do not sell, rent, or trade your personal data to any third party. We share personal data only in the following limited circumstances:
- Cloud infrastructure providers — Supabase (database and authentication, hosted on AWS) processes data on our behalf under a Data Processing Agreement
- Email service provider — Resend processes email addresses solely to deliver transactional emails (payslip notifications, password resets)
- Error monitoring — Sentry receives anonymized error stack traces to help us fix bugs; no payroll data is sent
- Government agencies — we transmit contribution and tax data to SSS, PhilHealth, Pag-IBIG, and BIR as required by law
- Legal compulsion — we may disclose personal data if required by valid legal process (court order, NPC directive, or lawful government request)
All sub-processors are listed in our Data Processing Agreement (DPA), available at kinsweldo.com/dpa.
5. Data Security
We implement the following technical and organizational security measures:
- Encryption at rest — all government ID numbers (SSS, PhilHealth, Pag-IBIG, TIN) are encrypted using AES-256-GCM before storage
- Encryption in transit — all data transmitted between your browser and our servers is protected using TLS 1.2 or higher
- Row-level security (RLS) — database-level access controls ensure each company's data is isolated; no cross-company data access is possible
- Immutable audit logging — every sensitive mutation (payroll run, employee record change, access event) is recorded with before/after state
- Access control — role-based access ensures employees can only view their own data; payroll approvers cannot modify records
- Data retention — financial and payroll records are retained for 10 years to comply with BIR requirements (per Revenue Regulations No. 17-2013)
6. Your Rights Under RA 10173
As a data subject under the Data Privacy Act of 2012, you have the following rights:
- Right to be informed — you have the right to know that your personal data is being collected and processed
- Right to access — you may request a copy of your personal data held by us
- Right to object — you may object to the processing of your personal data, subject to legitimate grounds
- Right to erasure or blocking — you may request deletion or blocking of inaccurate, outdated, or unlawfully processed data, subject to legal retention obligations
- Right to damages — you may claim compensation for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data
- Right to data portability — you may request your data in a structured, commonly used, machine-readable format
- Right to file a complaint — you may lodge a complaint with the National Privacy Commission (NPC) at www.privacy.gov.ph
To exercise any of these rights, contact our Data Protection Officer at admin@kinsweldo.com. We will respond within fifteen (15) business days.
7. Cookies
We use the following types of cookies:
- Strictly necessary cookies — session cookies used to maintain your authenticated session. These cannot be disabled without affecting service functionality.
- Analytics cookies — used to understand how users interact with the platform in aggregate. You may opt out of analytics cookies at any time via your account settings or browser settings.
We do not use advertising or tracking cookies. We do not share cookie data with advertising networks.
8. Data Retention
We retain personal data for the following periods:
- Financial and payroll records — 10 years from the end of the taxable year, as required by BIR Revenue Regulations No. 17-2013
- Employee records — duration of active employment plus 5 years following separation, in compliance with DOLE record-keeping requirements
- Account data (post-cancellation) — 30 days from subscription cancellation, after which data is permanently deleted unless retained by law
- Audit logs — 5 years from the date of the logged event
9. Children's Privacy
Kinsweldo is a business software platform intended solely for use by companies and their authorized HR and payroll personnel. The service is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor's data has been submitted to our system in error, please contact us immediately at admin@kinsweldo.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by email to the address associated with your account and via an in-app notice at least fifteen (15) days before the changes take effect. Continued use of Kinsweldo after the effective date constitutes your acceptance of the revised policy.
11. Contact / Data Protection Officer
For any questions, requests, or complaints regarding this Privacy Policy or our data processing practices, please contact our Data Protection Officer: