Privacy Policy

Last Updated: December 7, 2025

Privacy Policy

Last Updated: December 7, 2025

Plain Language Summary

NotebookLibrary.com collects your email, usage data, and chat history to provide our AI-powered study service. We store your data securely in Singapore, never sell it to third parties, and give you full control to access, correct, or delete your information anytime. We comply with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173).

1. Introduction

Welcome to NotebookLibrary.com ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered board exam preparation platform.

By using NotebookLibrary.com, you agree to the collection and use of information in accordance with this policy. This Privacy Policy complies with the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Email Address: Required for account creation and communication
  • Full Name: Optional, for personalized experience
  • Phone Number: Optional, for account recovery

2.2 Usage Data

We automatically collect usage information:

  • Chat History: Your questions and AI responses for service improvement
  • Study Activity: Topics studied, time spent, progress tracking
  • Device Information: Browser type, IP address, operating system
  • Access Logs: Login times, feature usage patterns

2.3 Payment Information

If you subscribe to paid plans:

  • Billing Details: Processed securely by PayMongo (our payment processor)
  • Transaction History: Payment dates, amounts, subscription tier

Note: We never store credit card numbers or banking credentials directly. All payment processing is handled by PayMongo in compliance with PCI DSS standards.

3. How We Use Your Information

We use collected information for:

3.1 Service Provision

  • Creating and managing your account
  • Delivering AI-powered study assistance
  • Personalizing your learning experience
  • Maintaining conversation history for context

3.2 Service Improvement

  • Analyzing usage patterns to enhance features
  • Training and improving AI models
  • Identifying and fixing technical issues
  • Developing new learning tools

3.3 Communication

  • Sending account-related notifications
  • Responding to support inquiries
  • Announcing new features or updates
  • Marketing communications (opt-out available)

3.4 Legal Compliance

  • Preventing fraud and abuse
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Protecting user safety and platform integrity

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored in:

  • Primary Database: Supabase (Singapore region)
  • AI Services: Google Cloud (Gemini 2.0 Flash) and Anthropic (Claude Sonnet 4.5)
  • File Storage: Cloudflare R2 (global CDN)

All data centers employ industry-standard security measures and encryption.

4.2 Security Measures

We implement technical and organizational measures including:

  • Encryption at Rest: AES-256 encryption for database storage
  • Encryption in Transit: TLS 1.3 for all data transmission
  • Access Controls: Row-Level Security (RLS) policies in database
  • Authentication: Secure password hashing (bcrypt) and email verification
  • Monitoring: Automated security scanning and audit logs

4.3 Data Retention

  • Chat History: 365 days (automatically purged after 1 year)
  • Audit Logs: 730 days (2 years for compliance)
  • Account Data: Retained while account is active
  • Deleted Accounts: Personal data purged within 30 days

You may request earlier deletion of your data by contacting us.

5. Third-Party Services

We share limited data with trusted third parties:

5.1 Service Providers

  • Supabase: Database and authentication services
  • Google (Gemini AI): AI language processing
  • Anthropic (Claude AI): Fallback AI service
  • PayMongo: Payment processing (Philippines)
  • Cloudflare: CDN and DDoS protection

5.2 OAuth Providers

  • Google Sign-In: If you choose to authenticate with Google

5.3 Analytics

  • Anonymous Usage Analytics: We may use aggregated, anonymized data for product insights

We never sell your personal information to third parties.

6. Your Rights Under Philippine Law

Under the Data Privacy Act of 2012, you have the right to:

6.1 Right to Access

Request a copy of all personal data we hold about you.

6.2 Right to Correction

Update or correct inaccurate personal information.

6.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal retention requirements.

6.4 Right to Data Portability

Receive your data in a structured, machine-readable format (JSON export available).

6.5 Right to Object

Object to processing of your data for direct marketing or other purposes.

6.6 Right to Lodge a Complaint

File a complaint with the National Privacy Commission (NPC) if you believe your rights have been violated.

Contact Information:

7. Cookies and Tracking

We use essential cookies for:

  • Authentication: Keeping you logged in
  • Session Management: Maintaining your preferences
  • Security: CSRF protection and fraud prevention

We do NOT use third-party advertising cookies or cross-site tracking.

You can disable cookies in your browser, but this may affect functionality.

8. Children's Privacy

NotebookLibrary.com is intended for users preparing for professional licensure exams (typically 18+ years old). We do not knowingly collect data from children under 13. If you believe we have collected data from a child, please contact us immediately.

9. International Data Transfers

Your data is primarily stored in Singapore (Supabase region). By using our service, you consent to this transfer. We ensure all international transfers comply with Philippine data protection laws through:

  • Standard Contractual Clauses
  • Adequacy decisions (Singapore has adequate data protection laws)
  • Service provider compliance with international standards (ISO 27001, SOC 2)

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email.

Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or to exercise your rights:

Email: [email protected]

Data Protection Officer: TPH Business Consultancy Services Philippines

Response Time: We aim to respond to all privacy requests within 15 business days, as required by the Data Privacy Act.

12. Legal Basis for Processing

We process your personal data based on:

  1. Consent: You explicitly agreed to data collection when creating an account
  2. Contractual Necessity: Processing required to deliver the service you subscribed to
  3. Legitimate Interests: Improving our service and preventing fraud
  4. Legal Obligation: Compliance with Philippine laws and regulations

You may withdraw consent at any time by deleting your account or contacting us.

Effective Date: December 7, 2025 Governing Law: Republic of the Philippines Compliance: Data Privacy Act of 2012 (RA 10173), National Privacy Commission regulations

← Back to Home