1. Introduction

Central Philippine Adventist College ("CPAC," "we," "us," or "our") operates the myVita Mobile Hub mobile application ("App") available on Google Play Store and Apple App Store. We are committed to protecting your privacy and handling your personal information with care and transparency.

This Privacy Policy explains:

• What information we collect and why
• How we use and protect your data
• Who we share your data with
• Your rights regarding your information
• How to request data deletion
• How to contact us with questions or concerns

This policy applies to all users of the myVita Mobile Hub application and is accessible both within the app and at the URL above.

2. App Store Data Safety & Privacy

This section addresses Google Play's Data Safety and Apple App Store's Privacy requirements and provides transparency about how the myVita Mobile Hub handles your data.

2.1 Data Collection Summary

2.2 Data Usage and Purpose

2.3 Data Sharing

We share data with:

• Firebase (Google) - Push notifications and analytics
• Payment processors - Secure transaction processing
• Cloud storage providers - Encrypted data backup

All data shared with third parties is:

• Encrypted in transit using HTTPS/TLS
• Subject to contractual confidentiality agreements
• Limited to what's necessary for specific services
• Never sold or used for third-party advertising

2.4 Data Security Practices

• ✓ Data encrypted in transit (HTTPS/TLS 1.3)
• ✓ Data encrypted at rest (AES-256)
• ✓ Secure authentication and session management
• ✓ Regular security audits and testing
• ✓ Access controls and monitoring

2.5 User Rights and Data Control

• ✓ You can request data deletion at any time
• ✓ You can access and download your data
• ✓ You can update or correct your information
• ✓ You control notification and location permissions

2.6 Data Deletion

You can request deletion of your account and data by:

1. In-app: Settings > Account > Delete Account
2. Email: privacy@cpac.edu.ph with subject "Data Deletion Request"
3. In-person: Visit the Data Protection Office

Deletion timeline: 30 days for most data (some records retained for legal compliance)

3. Mobile Permissions Explained

The myVita Mobile Hub requests the following permissions on Android and iOS devices. Here's what each permission is used for:

Android Permissions

Required Permissions

Optional Permissions

We Do NOT Request These Permissions (Android)

• ✗ Access to contacts
• ✗ Access to SMS or call logs
• ✗ Access to microphone (audio recording)
• ✗ Access to calendar
• ✗ Bluetooth connectivity
• ✗ NFC
• ✗ Background location (location only when app is open)

iOS Permissions

The myVita Mobile Hub requests the following iOS permissions:

Required Permissions

Optional Permissions

We Do NOT Request These Permissions (iOS)

• ✗ Access to contacts
• ✗ Access to calendars
• ✗ Access to reminders
• ✗ Microphone access
• ✗ Bluetooth
• ✗ Face ID / Touch ID (biometric data)
• ✗ Health data
• ✗ HomeKit
• ✗ Media & Apple Music
• ✗ Motion & Fitness activity
• ✗ Speech recognition
• ✗ Background location (location only when app is in use)

4. Information We Collect

4.1 Personal and Academic Information

4.2 Device and Technical Information

4.3 Location Information

We collect location data only when necessary and with your permission:

5. How We Use Your Information

5.1 To Provide Academic Services

• Display your grades, schedules, and academic records
• Track and report attendance
• Monitor academic progress and performance
• Facilitate communication with faculty and advisors
• Provide personalized academic recommendations
• Generate transcripts and academic reports
• Manage residence hall information and assignments

5.2 To Manage Financial Services

• Display current account balances and financial obligations
• Process and record payments securely
• Generate billing statements and receipts
• Send payment reminders and financial alerts
• Provide financial aid information

5.3 For Communication and Notifications

Send push notifications about:

• Class cancellations or schedule changes
• Grade postings and academic updates
• Payment deadlines and financial alerts
• Campus announcements and events
• Emergency notifications

6. Advertising and Monetization

7. Data Storage and Security

7.1 Where We Store Your Data

7.2 Security Measures We Implement

7.3 Data Retention Periods

Upon Account Deletion: Most personal data is deleted within 30 days, except where retention is required by law or legitimate institutional needs.

8. Information Sharing and Disclosure

8.1 Internal Sharing Within CPAC

Your information is shared only with authorized CPAC personnel who need it to perform their duties:

• Faculty Members: Access to grades, attendance, and academic information for their courses
• Academic Advisors: View academic progress and course history
• Registrar's Office: Manage enrollment, transcripts, and academic records
• Finance Office: Process payments and manage student accounts
• Student Services: Provide support and campus services
• IT Department: Maintain and support the app infrastructure

All internal staff are bound by confidentiality agreements and data protection policies.

8.2 Third-Party Service Providers

We work with trusted third parties who help us operate the app. They only receive data necessary for their specific services:

8.3 What We Never Do

9. Your Rights and Choices

9.1 Access and Control Your Data

9.2 How to Exercise Your Rights

Response Time: We will respond to requests within 15 business days.

10. Children's Privacy

The myVita Mobile Hub is designed for students enrolled at CPAC. While we accept students of various ages, we take additional precautions for users under 18:

• Parental consent required for students under 18 during enrollment
• Limited data collection for minor students
• Enhanced security measures for accounts of minors
• No marketing or third-party sharing of minors' data

Age Rating:

• Google Play Store: Teen (13+)
• Apple App Store: 12+ (Infrequent/Mild Medical/Treatment Information)

11. International Data Transfers

Primary Storage: Your data is primarily stored on servers in the Philippines.

Cloud Services: Some data may be processed through international cloud services (Firebase/Google Cloud), which may involve transfer to servers outside the Philippines.

Safeguards: We ensure appropriate protections through:

• Standard contractual clauses
• Data processing agreements
• Compliance with EU-US data transfer frameworks where applicable
• Encryption during transit and at rest

12. Cookies and Tracking Technologies

The myVita Mobile Hub app uses the following technologies:

• Session Management: Authentication tokens (stored securely on device), Session cookies (expire after logout or 30 minutes)
• Analytics: Firebase Analytics to understand app usage, Anonymized data collection, Opt-out available in Settings > Privacy > Analytics

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

How We Notify You:

• In-app notification for significant changes
• Email notification to your registered address
• Updated "Last Updated" date at the top of this policy
• Summary of changes posted in the app

Your Continued Use: Using the app after changes are posted constitutes acceptance of the updated policy. If you disagree with changes, you may discontinue use or contact us with concerns.

15. Compliance and Legal Framework

This Privacy Policy complies with:

• Philippine Data Privacy Act of 2012 (Republic Act No. 10173)
• Data Privacy Act Implementing Rules and Regulations
• National Privacy Commission Circulars and Advisories
• Family Educational Rights and Privacy Act (FERPA) principles
• Google Play Store Privacy Requirements
• Google Play Developer Program Policies
• Apple App Store Review Guidelines
• Apple App Store Privacy Requirements
• iOS App Tracking Transparency (ATT) Framework
• Firebase/Google Privacy Standards
• Commission on Higher Education (CHED) regulations

16. Your Consent