Skip to main content
← Back to hayah-ai.com

Privacy Policy

Effective date: April 13, 2026 ·  Hayah-AI Consulting

1. Who we are

Hayah-AI Consulting ("Hayah-AI", "we", "us") is an AI automation consulting practice operating in Las Piñas City, Metro Manila, Philippines. We provide AI systems, workflow automation, and technology consulting services to Philippine small and medium businesses.

Our designated Data Protection Officer (DPO) is Argeo Alecha, reachable at hello@hayah-ai.com.

2. What personal information we collect

When you submit an inquiry through our contact form, we collect:

  • Full name
  • Business name
  • Email address
  • Phone or WhatsApp number (optional)
  • Service interest
  • Message content describing your business situation

We do not solicit sensitive personal information as defined under RA 10173 §3(l). Please do not include government ID numbers, passwords, health information, or financial account details in your message.

This website is intended for business owners and professionals aged 18 and above. We do not knowingly collect personal information from minors. If you believe a minor has submitted information through this site, please contact our DPO immediately at hello@hayah-ai.com for deletion.

3. Why we collect it and lawful basis

We process your personal information solely to respond to your inquiry, schedule a discovery call, and deliver the free AI Readiness Audit you requested.

The lawful basis for processing is your explicit consent given at the time of form submission (RA 10173 §12(a)). You may withdraw this consent at any time by emailing hello@hayah-ai.com.

4. Data retention

We retain your personal information for a maximum of 2 yearsfrom your last interaction with us. After this period, form submissions are deleted from our processor's systems. If you wish your data deleted earlier, see Section 6 (Your rights).

5. Processors and cross-border transfers

Your form submissions are processed and stored by:

Netlify, Inc.

44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA

Role: Data Processor (form submission storage and delivery)

Transfer basis: Netlify's Data Processing Agreement (DPA), available at netlify.com/legal/dpa

This constitutes a cross-border transfer of personal data from the Philippines to the United States. The transfer is made in compliance with RA 10173 §21, and Hayah-AI has executed Netlify's DPA to establish appropriate contractual safeguards.

We do not sell, rent, or share your personal information with any other third party.

6. Your rights

Under RA 10173, you have the right to:

  • Right to be informed — be told whether your personal information is being collected, processed, and for what purpose
  • Access — request a copy of the personal information we hold about you
  • Correction — request that inaccurate information be corrected
  • Erasure or blocking — request that your personal information be deleted or that processing be suspended
  • Object — object to the processing of your personal information
  • Data portability — receive your data in a structured, machine-readable format
  • Damages — be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal information

To exercise any of these rights, email hello@hayah-ai.com with the subject line "Data Subject Request". We will respond within 15 working days as required by the NPC.

7. Automated decision-making

We do not subject personal information submitted through this website to automated decision-making, profiling, or AI-generated decisions that produce legal or similarly significant effects on you.

8. Security measures

We implement the following measures to protect your personal information:

  • All data in transit is encrypted via HTTPS (TLS 1.2+)
  • Access to form submissions is limited to authorized personnel only
  • A honeypot field is used to filter automated spam submissions
  • Security headers (HSTS, CSP, X-Frame-Options) are applied site-wide
  • Netlify maintains SOC 2 Type II certification for their infrastructure

9. Breach notification

In the event of a personal data breach that poses a real risk to data subjects, Hayah-AI will notify the National Privacy Commission (NPC) and affected data subjects within 72 hours of becoming aware of the breach, in accordance with NPC Circular 16-03. Our notification will include: the nature of the breach, the personal information likely compromised, the probable consequences, the measures taken or proposed to address the breach, and the contact details of our DPO.

10. Complaints

If you believe your data privacy rights have been violated, you may file a complaint with the National Privacy Commission (NPC) at privacy.gov.ph or contact our DPO at hello@hayah-ai.com.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the effective date above. Continued use of our website or services after changes constitutes acceptance of the revised policy.

Questions? Contact our DPO at hello@hayah-ai.com