Overview
Akauntants ("we", "us", "our") is committed to protecting your personal data in accordance with Republic Act No. 10173, the Data Privacy Act of 2012 (RA 10173) and its implementing rules. This Privacy Policy explains what personal data we collect, why we collect it, who we share it with, and the rights you have as a data subject.
By creating an account or using the Akauntants service, you acknowledge that you have read and understood this policy.
What we collect
Account data
When you register, we collect your name, email address, and a hashed password. If you subscribe to a paid plan, we collect your billing details through our payment processor (HitPay); we do not store raw card numbers.
Business and financial data
The core function of Akauntants is to help you manage your business finances. This means we store the data you enter: transactions, invoices, receipts, payroll records, BIR form submissions, vendor and customer information, and uploaded documents. This data belongs to you and is processed solely to deliver the service.
Usage data
We collect technical data such as IP address, browser type, device type, pages visited, and actions taken within the app. We use PostHog for product analytics (self-hosted option available on enterprise plans). If you have consented, we may also use Google Analytics for marketing measurement.
Communications
When you contact support, apply for a career, or fill out any form, we collect the information you provide. Support conversations may be stored for quality assurance and to resolve recurring issues.
Cookies and tracking
We use cookies to keep you logged in and to understand how the service is used. For details, see our Cookie Policy.
How we use it
We process your personal data for the following purposes, under the following legal bases:
| Purpose | Legal basis (RA 10173) |
|---|---|
| Providing the accounting and BIR compliance service | Contractual necessity |
| Sending transactional emails (receipts, alerts, export confirmations) | Contractual necessity |
| Product analytics to improve the service | Legitimate interest |
| Marketing emails and promotional content | Consent (can be withdrawn) |
| Legal and regulatory compliance | Legal obligation |
| Fraud detection and platform security | Legitimate interest |
We do not sell your personal data to third parties. We do not use your financial data to train AI models without your explicit consent.
Who sees your data
Within Akauntants, access to your data is role-based. Our RBAC system (Phase 29) ensures that employees can only access data required for their function. Support staff can access account metadata and usage logs but not your financial records unless you explicitly grant access for troubleshooting.
If you have added team members to your organization in Akauntants, those members can access the data permitted by the role you assigned them. You are responsible for managing team access.
Third-party processors
We share data with the following sub-processors. All are bound by data processing agreements and, where applicable, Standard Contractual Clauses or equivalent cross-border transfer mechanisms.
| Processor | Purpose | Country |
|---|---|---|
| Hostinger | Cloud infrastructure (VPS hosting) | Netherlands / Lithuania |
| Cloudflare | DNS, DDoS protection, CDN | United States |
| HitPay | Payment processing | Singapore |
| Resend | Transactional email delivery | United States |
| ConvertKit | Email marketing and subscriber management | United States |
| PostHog | Product analytics | United States / EU (cloud) |
| Anthropic | AI-powered data extraction features | United States |
| OpenAI | AI-powered data extraction features (fallback) | United States |
| Google AI (Gemini) | AI-powered data extraction features (fallback) | United States |
Data sent to AI processors (Anthropic, OpenAI, Google AI) consists only of the specific document or data you submit for processing. We do not send your full account history to these providers. AI providers are not permitted to use your data for model training under our agreements.
Data retention
We retain your account data for as long as your account is active. If you close your account, we delete or anonymize your personal data within 90 days, except where we are required by law to retain it longer.
Financial records and BIR-related documents are subject to a 5-year retention obligation under the National Internal Revenue Code (NIRC) and BIR regulations. Even after account closure, we may retain these records in an archived, access-restricted state for the legally required period. You will be notified of this retention at the time of account closure.
Audit logs (including the hash-chained approval audit trail) are retained for 5 years consistent with BIR requirements.
Backup copies may be retained for up to 15 additional days before deletion from backup systems.
Your rights
Under RA 10173, you have the following rights as a data subject:
- Right to be informed. You have the right to know how your data is collected and used (this policy).
- Right to access. You may request a copy of the personal data we hold about you.
- Right to correction. You may request that we correct inaccurate or incomplete personal data.
- Right to erasure (right to be forgotten). You may request deletion of your personal data, subject to our legal retention obligations.
- Right to data portability. You may request your personal data in a machine-readable format.
- Right to object. You may object to processing based on legitimate interest or for direct marketing.
- Right to withdraw consent. Where processing is based on consent, you may withdraw it at any time.
- Right to damages. You may claim compensation for damages caused by inaccurate, incomplete, or untimely processing.
- Right to file a complaint. You may file a complaint with the National Privacy Commission (NPC) at privacy.gov.ph.
To exercise any of these rights, email us at privacy@akauntants.cloud. We will respond within 15 business days. We may request proof of identity before processing your request.
Security
We implement technical and organizational measures to protect your data, including TLS 1.3 in transit, AES-256 encryption at rest for sensitive fields, role-based access control with dual-control approvals for privileged operations, and hash-chained audit logs that make tampering detectable.
In the event of a personal data breach that is likely to result in harm to data subjects, we will notify the National Privacy Commission (NPC) within 72 hours of discovery, and notify affected data subjects without undue delay, as required by RA 10173.
No system is perfectly secure. If you discover a security vulnerability, please disclose it responsibly to security@akauntants.cloud.
Children
The Akauntants service is intended for business use by adults (18 years and older). We do not knowingly collect personal data from children under 18. If we learn we have collected such data, we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users at least 30 days before they take effect, and by a prominent notice in the app. Continued use of the service after the effective date constitutes acceptance of the updated policy.
Contact & DPO
Akauntants designates its founder as acting Data Protection Officer (DPO) during the early stage of operations, pending appointment of a formal DPO. You may contact us on all privacy-related matters at:
- Email: privacy@akauntants.cloud
- General legal: legal@akauntants.cloud
- Mailing address: (Philippine business address — pending registration)
For complaints that are not resolved to your satisfaction, you have the right to file a complaint with the National Privacy Commission (NPC).
Last updated: April 2026
This document is a draft pending review by Philippine legal counsel. Material changes will be communicated 30 days in advance.
Questions? Email legal@akauntants.cloud