SENTOCO — Privacy Policy
Version 0.1.0 · Effective July 1, 2026 · Last updated July 1, 2026
Summary
Sentoco is a product-information platform for the architecture, engineering, and construction (AEC) industry. This Privacy Policy explains what personal information we collect from Brands, Professionals, and Project Owners, how we use it (including when we send content to the Claude AI service in the United States), how we protect it, and the rights you have under the Philippines Data Privacy Act of 2012 (Republic Act No. 10173).
Who this applies to
This Privacy Policy applies to everyone who uses Sentoco, including visitors to our website, Brand accounts (brands in architecture, engineering, and construction), Professional accounts (architects, engineers, designers, contractors, and other design professionals), and Project Owner accounts (people or organizations building something). Sections marked "For Brands," "For Professionals," or "For Project Owners" address practices that are specific to those roles.
Contents
- Who we are
- The personal information we collect
- Why we process your personal information
- Legal bases for processing
- How we use artificial intelligence
- Who we share information with
- Cross-border data transfers
- How long we keep information
- Account deletion
- Your rights as a data subject
- Cookies and similar technologies
- Children
- Automated decision-making
- Data breaches
- Changes to this Privacy Policy
- How to contact us and our Data Protection Officer
1. Who we are
Sentoco is a B2B product-information and project management platform built for the architecture, engineering, and construction (AEC) industry. We connect Brands (manufacturers and suppliers of construction materials and products) with Professionals (architects, engineers, contractors, and related disciplines) and Project Owners (people or organizations building something) so that accurate, up-to-date product information can flow reliably between the three groups.
This service is currently operated by the founder of Sentoco, pending incorporation of Sentoco Technologies as a Philippine company. Once incorporation is complete, Sentoco Technologies will succeed to all rights and obligations under this Privacy Policy, and we will notify you of the update by email and through an in-app notice. Until then, the contact details at the end of this document apply.
For the purposes of the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, Sentoco acts as the Personal Information Controller for the information you provide when creating and using your account (such as your name, email, role, and usage of the service). Sentoco acts as a Personal Information Processor for personal information that Brands upload into their product pages on the Brand's instruction (such as sales-representative contact details). Different rules apply to each role, and we explain them throughout this Policy.
Sentoco is currently offered as a free beta.
2. The personal information we collect
We only collect what we need to run the service, keep it secure, comply with the law, and deliver the features you actually use. The tables below summarize the main categories. We will add to this list if we introduce new features, and when we do we will update this Policy.
2.1 Information you give us directly
| Category | Examples | Who this applies to |
|---|---|---|
| Account information | Full name, work email, job title, specialization, profile photo (optional), and the sign-in method you use (email one-time-passcode, Google, or Microsoft) | All Users |
| Onboarding information | The answers you give during onboarding, and how you heard about us (referral source) | All Users |
| Organization & brand information | Organization and brand names, descriptions, websites, logos, social links, and contact email/phone you enter | Brands, Project Owners |
| Product information | Product names, photos, datasheets, specifications, pricing, and sales-contact details (which may include personal data of your employees) | Brands |
| Project information | Project names, pages, uploaded images and documents, and messages | Professionals, Project Owners |
| Communications | Support tickets, in-app messages to your team or to Brands, beta-access (waitlist) and contact-form submissions, and feedback you send us | All Users |
2.2 Information we collect automatically
| Category | Examples |
|---|---|
| Device and technical information | IP address, browser type and version, operating system, device type, approximate (city-level) location derived from your IP, and last-active time |
| Usage information | Pages and products viewed, products saved, material-board activity, searches, and similar in-product activity |
| Cookies and similar technologies | See Section 11. We use strictly necessary cookies by default; on our marketing website we ask for your consent before running analytics |
| Security and diagnostic logs | Sign-in attempts, account changes, and error/diagnostic reports |
2.3 Information we receive from third parties
- When you sign in with Google or Microsoft, we receive your name, email address, and (for Google) profile picture from that provider. We do not receive or store your Google/Microsoft passwords.
- Other Users who add you to an organization, brand, project, or material board may provide your name and email so we can send you an invitation.
2.4 Sensitive personal information
Sentoco is not designed to process sensitive personal information as defined in Section 3(l) of the Data Privacy Act (such as information about your race, marital status, health, education, government identifiers, or offenses). Please do not upload sensitive personal information into your product pages, projects, pages, or messages. If we discover that sensitive personal information has been uploaded, we may remove it and may ask you to re-upload your content in a compliant form.
3. Why we process your personal information
We process your personal information only for the purposes explained below. We will not repurpose your information for something unrelated without first informing you and, where required by law, obtaining your consent.
3.1 Purposes that apply to all Users
- To create and manage your account, authenticate you, and provide the service you signed up for.
- To operate, maintain, secure, monitor, and improve the platform, including preventing fraud, abuse, and unauthorized access.
- To provide customer support and respond to your inquiries.
- To send service communications (such as security alerts and updates to this Policy). These are not marketing messages, and you cannot opt out of them while you have an active account.
- To comply with legal obligations, lawful requests, and tax and accounting requirements.
- To enforce our Terms of Use and other agreements, and to protect our rights, property, and safety, and those of our Users and the public.
- To produce aggregated and de-identified analytics for service improvement, in accordance with Section 6.3.
- If you opt in, to send you marketing communications about Sentoco. You can opt out at any time.
3.2 Additional purposes for specific roles
For Brands
- To host your product pages and make them available to Professionals and Project Owners on the platform, and publicly where you publish them.
- To provide the AI Product Page Generator, which drafts or enriches product page content from documents you upload (see Section 5).
- To let Professionals send you inquiries about your products, and to give you basic analytics about how your products are viewed and saved.
For Professionals
- To let you search, view, save, and organize construction products from Brands (including in material boards and project pages).
- To manage your workspaces, projects, and pages.
- To let you send inquiries to Brands; when you do, we share your identity with that Brand so they can respond (see Section 6.2).
For Project Owners
- To give you visibility into your projects and the content shared in them.
- To let you collaborate with the Professionals (and, where applicable, Brands) on your projects.
4. Legal bases for processing
Under Sections 12 and 13 of the Data Privacy Act of 2012, we must have a legal basis to process your personal information. We rely on the following bases:
| Legal basis | When we rely on it |
|---|---|
| Performance of a contract with you (Section 12(b)) | To create your account, operate the service, and provide the features you use |
| Compliance with a legal obligation (Section 12(c)) | To meet tax, accounting, anti-fraud, records-retention, and law-enforcement cooperation requirements |
| Legitimate interests (Section 12(f)) | To secure the platform, prevent abuse, analyze aggregate usage, and improve features, where our interests are not overridden by your fundamental rights |
| Your consent (Section 12(a)) | For non-essential analytics, marketing communications, and cross-border transfers where consent is offered as an additional safeguard |
| Necessity for sensitive personal information (Section 13) | We do not ordinarily process sensitive personal information; if we must, we rely on your specific and informed consent or another lawful basis in Section 13 |
You can withdraw any consent you have given at any time. Withdrawing consent does not affect the lawfulness of processing carried out before you withdrew it, and does not affect processing we continue under a different legal basis.
5. How we use artificial intelligence
Plain-language summary. Sentoco uses Anthropic's Claude AI to help draft and enrich product pages from documents you upload. When you use these features, your inputs and the AI's outputs are sent to Anthropic's infrastructure in the United States under a data-processing contract. Anthropic is contractually prohibited from using your content to train its models, and its logs are deleted on a short cycle. You can choose not to use AI features, and you can review AI output before relying on it.
5.1 The AI features we offer
For Brands — the AI Product Page Generator takes documents you provide (such as PDF catalogs) and extracts and drafts product information (names, descriptions, specifications, and images) for you. You decide whether to publish, edit, or discard the output. Where a feature is marked as AI-assisted, this Section 5 applies.
5.2 Who processes the AI inputs and outputs
Sentoco uses the commercial application programming interface of Anthropic, PBC, a United States corporation, under a commercial agreement that incorporates the European Union Standard Contractual Clauses. When you use an AI feature, your inputs (the document text, tables, and instructions you submit) and the AI's outputs are transmitted to Anthropic for the sole purpose of generating the output for you. We do not include your personal account data (such as your name or email) in what we send.
5.3 What Anthropic is contractually committed to
- Anthropic does not use your inputs or outputs to train its models.
- Anthropic retains API logs only for a short period and applies organizational and technical security controls.
- Anthropic will notify Sentoco of any confirmed security incident affecting your data within the timelines required by our agreement.
If Anthropic changes a material term, we will update this Policy and, where required by law, seek renewed consent.
5.4 Important limitations of AI outputs
AI outputs are probabilistic, not deterministic. They may contain factual errors, outdated information, or misstated specifications inconsistent with the actual attributes of a product or with applicable building codes, professional standards, or regulations. You are solely responsible for reviewing, verifying, and approving AI outputs before publishing or relying on them. For life-safety decisions, the preparation of construction documents, and any matter that requires the signature and seal of a licensed architect or engineer under Republic Act No. 9266 or Republic Act No. 544, you must obtain a human professional review.
5.5 Your choices
- You can choose not to use AI features.
- You can review AI output before it is used and edit or discard it.
- You can ask us to delete a specific AI output you have generated.
- You can object to processing by AI features, as described in Section 10.
6. Who we share information with
We do not sell your personal information. We share it only with the parties listed below, only for the purposes listed below, and only under contracts or legal requirements that protect your rights.
6.1 Service providers (processors) that help us run Sentoco
These providers process personal information on our instructions and under written contracts that meet the requirements of Section 14 of the Data Privacy Act and its Implementing Rules and Regulations:
| Category | Provider | Location |
|---|---|---|
| Cloud hosting, database, logging | Amazon Web Services (AWS) | Singapore |
| Transactional email delivery (sign-in codes, invites, notifications) | Brevo (Sendinblue) | European Union |
| AI processing | Anthropic, PBC (Claude API) | United States |
| Image, document, and media storage/delivery | Cloudinary | Global CDN |
| Sign-in (OAuth) | Google; Microsoft | United States |
| Error monitoring | Sentry | United States |
| Marketing-website analytics (no cookies) | Umami | Per Umami |
| Beta-access (waitlist) request tracking | Notion | United States |
| DNS and network security | Cloudflare | Global |
The specific providers we use may change. We will update this Policy when we make material changes.
6.2 Other Users of the platform
For All Users — Sentoco is a multi-sided platform, so information flows between Brands, Professionals, and Project Owners in specific, limited ways:
- For Brands — your published product pages are visible to Professionals and Project Owners, and, where you publish a page publicly, to any visitor to the Sentoco website. When a Professional sends you an inquiry about a product, we share with you the Professional's name and the inquiry details so you can respond.
- For Professionals — when you send an inquiry to a Brand, that Brand will see your name and the inquiry. Project collaborators will see the content you contribute to a shared project.
- For Project Owners — the Professionals (and, where applicable, Brands) on your project will see you as a collaborator and will see the content you contribute to that project. Users on projects you are not part of will not see your project information.
6.3 Aggregated and de-identified analytics
We generate aggregated and de-identified analytics from platform activity to operate and improve the service. Aggregated and de-identified data is not personal information under the Data Privacy Act once it can no longer be associated with an identifiable individual by any reasonable means. We will not publish analytics that identify an individual Brand, Professional, or Project Owner without that party's prior written consent.
6.4 Legal, safety, and corporate events
We may share your information: in response to a subpoena, court order, warrant, or other lawful request from a competent authority; to investigate or prevent fraud, security breaches, or violations of our agreements; to protect the rights, property, or safety of Sentoco, our Users, or the public; or in connection with a financing, merger, acquisition, reorganization, or sale of assets, subject to appropriate confidentiality protections and a privacy standard no less protective than this Policy.
7. Cross-border data transfers
Because we use cloud infrastructure and service providers located outside the Philippines (notably for AI processing, hosting, and email), your personal information may be transferred to, stored in, and processed in countries — principally Singapore, the European Union, and the United States — whose data-protection laws may differ from those of the Philippines.
Under Section 21 of the Data Privacy Act, Sentoco remains accountable for your information even when it is transferred abroad. To protect your information during these transfers, we rely on a combination of: written contracts with each provider that include the minimum content required by Philippine law and, where available, the model contractual clauses referenced in NPC Advisory No. 2024-01; the European Union Standard Contractual Clauses, where applicable; and your specific consent where it is the most appropriate basis (for example, for AI features). You may request a copy of the specific safeguards we use by emailing our Data Protection Officer (Section 16), subject to reasonable confidentiality redactions.
8. How long we keep information
We keep your personal information only as long as we need it for the purposes in this Policy, or as long as the law requires. The main retention practices are:
| Data category | Retention |
|---|---|
| Account and profile information (while active) | For the duration of your active account |
| Account information after deletion | Deactivated immediately on request; permanently erased 30 days later (sooner on a repeat deletion); anonymized audit/security records that no longer identify you may be kept |
| Device/session records | Deleted after 7 days of inactivity |
| Sign-in tokens | Up to 30 days; one-time use; deleted on expiry |
| One-time passcodes (OTP) | 5 minutes, then deleted |
| Invitations | Deleted after expiry |
| Support tickets | Kept only as long as necessary to resolve and document the matter, then deleted or anonymized |
| Security, access, and analytics logs | Kept only as long as necessary for security and service-improvement purposes, then deleted or anonymized |
| AI prompt/output logs at Anthropic | Deleted by Anthropic on a short cycle |
| Data preserved under Republic Act No. 10175 | Traffic data and subscriber information preserved for at least 6 months where required by law; content data for 6 months from a preservation order (extendable once) |
| Aggregated and de-identified data | Retained indefinitely, because it does not identify you |
| Data subject to a legal hold | Retained for the duration of the hold |
In all cases we keep personal data no longer than necessary for the purposes described in this Policy, unless a longer period is required by law.
9. Account deletion
You can delete your account at any time from your account settings in both the web app and the brand app. Deletion takes effect immediately — your account is deactivated and any content you published is taken offline — and your personal data is then permanently and automatically erased across all our systems after a 30-day recovery window. During that window you can cancel simply by signing back in, which restores your account and your content. If you delete your account again shortly after reactivating, the recovery window is shortened and erasure may take effect immediately.
Content that belongs to an organization or brand you joined (rather than to you personally) remains with that organization. If you are the sole remaining member of an organization, deleting your account also permanently erases that organization and its data. If you are the last administrator of an organization that still has other members, we ask you to transfer the administrator role or remove the other members first, so their access and shared data are not disrupted.
Anonymized audit and security records that no longer identify you may be retained as described in Section 8.
10. Your rights as a data subject
Under Sections 16 to 18 of the Data Privacy Act of 2012, you have the rights below. You can exercise any of them by contacting us as described in Section 16.
- Right to be informed — to know whether and how your personal information is processed. This Policy is our primary notice.
- Right to object — to object to processing, including direct marketing, profiling, and automated decision-making.
- Right to access — to request a copy of the personal information we hold about you.
- Right to correction (rectification) — to correct inaccurate or incomplete information; you can update most details directly in the service.
- Right to erasure or blocking — to ask us to delete or block personal information in the circumstances allowed by law; see Section 9 on account deletion.
- Right to damages — to be indemnified for damages sustained due to unlawful processing.
- Right to data portability — to obtain a copy of the information you provided in a commonly used, structured, electronic format.
- Right to file a complaint — to complain to the National Privacy Commission.
- Right to withdraw consent — where we rely on consent, you can withdraw it at any time.
- Transmissibility — under Section 17 of the Data Privacy Act, your rights may be transmitted to your lawful heirs and assigns.
We will respond to requests within fifteen (15) business days of receiving a complete and verified request. If we need more time because your request is complex, we will tell you and explain why. We may need to verify your identity before acting.
11. Cookies and similar technologies
We use cookies and similar technologies to make Sentoco work and, on our marketing website, to measure usage with your consent:
| Category | Purpose | Consent required? |
|---|---|---|
| Strictly necessary | Required for sign-in, security, and core functionality (HTTP-only access and refresh tokens) | No — set by default; cannot be disabled |
| Analytics (marketing website) | Privacy-friendly usage measurement via Umami, which does not use cookies | Yes — we run analytics only with your consent (cookie banner) |
We do not use functional, advertising, or cross-site tracking cookies in the web and brand apps. You can manage analytics consent through our cookie banner and can block or delete cookies in your browser settings, though some parts of the service may not work as intended if you block strictly necessary cookies.
12. Children
Sentoco is a business-to-business service and is not directed at children. We do not knowingly collect personal information from anyone under the age of eighteen (18). If you believe a child has provided personal information through our service, please contact our Data Protection Officer so we can delete it. If you upload project photographs or documents that may contain images or personal information of minors, you must obtain any consents required by law from the minor's parent or legal guardian before uploading.
13. Automated decision-making
As of the effective date of this Policy, Sentoco does not make decisions that produce legal or similarly significant effects on you based solely on automated processing. Where the AI features in Section 5 assist with drafting or organizing content, a human always makes the final decision about what is published or relied on. If we introduce features involving solely automated decision-making with legal or similarly significant effects, we will update this Policy, give you advance notice, explain the logic and consequences, and provide a way to obtain human intervention and to contest the decision, as required by the Data Privacy Act and NPC Advisory No. 2024-04.
14. Data breaches
If a security breach occurs that is likely to give rise to a real risk of serious harm to any affected data subject and concerns sensitive personal information or information that may enable identity fraud, we will notify the National Privacy Commission and the affected data subjects within seventy-two (72) hours from knowledge of, or reasonable belief in, the breach, as required by NPC Circular No. 16-03, and will file a full report within five (5) days. Our notification will describe the nature of the breach, the personal information possibly involved, the measures taken to address and reduce harm, and the contact from whom you can obtain more information. We require our service providers (including Anthropic) to notify us promptly of confirmed incidents affecting your information.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date and maintain an archive of prior versions. If a change is material (for example, it expands the purposes for which we use your information, introduces a new category of recipients, or changes a cross-border transfer), we will notify you by email and through an in-app notice in advance. For changes required by law or to address an immediate security risk, we may act more quickly but will notify you as soon as possible. Where a change requires your consent, we will ask you to re-consent.
16. How to contact us and our Data Protection Officer
You can reach Sentoco and our Data Protection Officer using the details below. We will do our best to respond within fifteen (15) business days.
Data Protection Officer
- Email: privacy@sentoco.com (subject line: "Data Subject Request" or "Privacy Inquiry")
- General inquiries: inquiry@sentoco.com
- Address: Quezon City, Metro Manila, Philippines
To file a complaint with the National Privacy Commission, visit https://privacy.gov.ph or email complaints@privacy.gov.ph.
End of Privacy Policy. Version 0.1.0. Effective July 1, 2026.

