Legal
Data Protection
How AralSync protects personal data and meets its obligations under the Data Privacy Act of 2012 (RA 10173).
Version 1.1 Effective May 25, 2026 RA 10173 compliant
AralSync is built offline-first so classroom data stays on the teacher’s own device by default. As a Personal Information Processor (PIP) under RA 10173, we process data only on behalf of teachers and schools (the Personal Information Controllers) and never for advertising, profiling, or sale.
The authoritative, full detail lives in our Privacy Policy. This page is a quick map to the parts that matter most for data protection.
1
Our Data Protection Principles
- Local-first — data is stored on the teacher’s device (IndexedDB); cloud backup is optional and teacher-controlled
- Minimal collection — we collect only what DepEd record-keeping requires; no biometrics, no location, no advertising identifiers
- No selling, no ads — personal and student data is never sold, traded, or shared for marketing
- Encryption — TLS 1.2+ in transit, AES-256 at rest for cloud backups; passwords hashed with bcrypt
- Heightened care for minors — student records are accessible only to assigned teachers and authorized admins
2
Where to Read More
- Storage & security controls — Privacy Policy §5
- Data retention & deletion — Privacy Policy §6
- Your rights as a data subject — Privacy Policy §8
- Breach response — Privacy Policy §10
- Data Protection Officer & NPC — Privacy Policy §14
Data protection questions?
Data Protection Officer: privacy@aralsync.com
Response time: within 15 business days