Legal

Privacy Policy

Version 0.1-draftEffective June 20, 2026

Privacy Policy

Service: ffide Effective date: To be set on publication Version: 0.1-draft Last updated: To be set on publication

DRAFT — This document has not been reviewed by qualified legal counsel and must not be relied upon as legal advice or as a binding policy. It is not effective until reviewed, finalised, and published with an effective date.

1. Who we are

ffide is operated by BP Labs AU, a sole trader based in Melbourne, Australia (registration in process), trading in the Philippines as Blueprint Labs Business Consultancy Services (registration in process). In this Privacy Policy, "BP Labs", "we", "us", and "our" refer to BP Labs AU acting through these trading names.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have. It applies to the ffide public directory of verified insurance professionals at ffide.com and the related websites, applications, and features we operate as part of the ffide service (collectively, the Service).

This Policy addresses two categories of people whose information we handle:

  • Professionals — insurance advisors and agency leaders whose professional details appear in the ffide directory (whether as IC-sourced public-record listings or as user-claimed and enriched profiles).
  • Visitors and consumers — members of the public who search the directory, view professional profiles, or submit reviews.

If you have any questions, contact us at privacy@bp-labs.tech.

2. Scope

This Policy applies to information we collect:

  • when a professional claims or manages a profile on ffide;
  • when a visitor or consumer searches the directory, views profiles, or submits a review;
  • when we source and publish professional details from the Insurance Commission (IC) public roster and other official public-record sources;
  • when you visit our public marketing pages or any individual ffide profile page;
  • when you communicate with us through the Service or by email;
  • when you receive operational, transactional, or marketing communications from us in connection with the Service.

This Policy does not apply to third-party websites, services, or applications that may be linked from ffide profiles (such as a professional's personal website or booking tool). Those are governed by the privacy policies of the relevant third party.

3. The information we collect

3.1 Public-record data (IC roster and official sources)

ffide publishes a directory of insurance professionals licensed with the Philippine Insurance Commission (IC). The IC releases this roster as public-record data. The information sourced from the IC typically includes:

  • full professional name;
  • license number and license type (life, non-life, variable, etc.);
  • registration or accreditation status;
  • affiliated carrier or agency (where included in the IC data);
  • registration date and renewal data.

This data is public-record information made available by a government regulator. We receive and publish it to make the directory useful and searchable. Professionals who do not wish to appear can contact us as described in Section 9.

3.2 Information professionals give us when claiming or managing a profile

When a professional claims their listing or applies to become a verified leader in the directory, they may provide:

  • Identity confirmation. Name, email address, IC license number (to match their public record), and a password (stored only as a hashed value we cannot read).
  • Professional profile data. Profile photo or headshot, professional biography, specialisations, regions served, languages spoken, professional achievements or awards, and social-media or professional network links.
  • Contact and booking links. URLs the professional chooses to make publicly visible (such as a booking page, Facebook page, or personal website).
  • Leader-application materials. For agency leaders applying for the leader-vouched tier: LinkedIn, Facebook, or Instagram profile links; team photos; curriculum vitae; team size, team profile description, and office location. These are reviewed by BP Labs admin and are not published verbatim.
  • Communications. Messages you send us, including support requests and feedback, and the timestamps of those messages.

3.3 Information consumers give us when submitting reviews

When a member of the public submits a review of a professional listed on ffide, we collect:

  • the reviewer's email address (used for OTP verification to confirm the review was submitted by a real person);
  • the content of the review (star rating, written comments, and the professional being reviewed);
  • approximate submission timestamp.

Verified review content is published on the relevant professional's profile. The reviewer's email address is not published and is used only for verification and moderation purposes.

3.4 Information we collect automatically

  • Usage and device data. Pages visited, search queries entered, profiles viewed, features used, approximate location (derived from IP address), browser type and version, operating system, device identifiers, language, time zone, and referrer URLs.
  • Log data. Server logs that include IP addresses, request methods, request paths, response codes, response times, and similar diagnostic information.
  • Cookies and similar technologies. We use first-party cookies and similar technologies that are necessary to operate the Service (for example, to keep a professional signed in to manage their profile, or to remember a visitor's theme preference). Where we use any non-essential cookies in the future, we will surface a separate cookie notice and request your consent where required.

3.5 Information from third parties

  • Authentication providers. If a professional signs in using a third-party identity provider, we receive the identifiers, basic profile fields, and email address that provider shares.
  • Official public registries. We may supplement a professional's listing with information from other official or publicly accessible professional registries to the extent they confirm or enrich the IC record (for example, a regulator's public verification page).
  • Vouching leaders. When an agency leader vouches for an agent on the same team, that action (the leader's identity and the fact of vouching) is recorded and may appear as a trust signal on the agent's profile.

3.6 Sensitive information

We do not require sensitive personal information to use the core Service. Where a future verification step requires government-issued identification or biometric data (for example, a KYC check for the KYC-Verified trust tier), that feature will explain what is collected, why, and where it is sent before you submit it, and we will obtain your consent at that time.

4. How we use your information

We use information we collect to:

  • populate, maintain, and improve the ffide directory by publishing IC-sourced public-record listings of licensed insurance professionals;
  • enable professionals to claim, enrich, and manage their directory profiles;
  • operate the trust-tier and verification system (IC-Listed · Leader-Vouched · KYC-Verified) and display accurate trust signals on profiles;
  • receive, verify (via email OTP), moderate, and publish consumer-submitted reviews;
  • authenticate professional account sessions and manage access to profile-management features;
  • process leader applications through the BP Labs admin approval gate;
  • send transactional and operational communications (for example, sign-in links, profile-view notifications, review notifications, verification-status updates, and important Service notices);
  • respond to support requests, feedback, correction requests, and listing-removal requests from professionals;
  • analyse aggregate usage so we can prioritise improvements and understand how the directory is used;
  • detect, investigate, and prevent activity that violates our Terms of Service, acceptable-use rules, or the law, including fraudulent profile claims or abusive reviews;
  • comply with our legal, regulatory, contractual, audit, and reporting obligations;
  • enforce our agreements and protect the rights, property, or safety of BP Labs, professionals, consumers, or others.

We will not use your information for materially different purposes without first updating this Policy and, where required by law, obtaining your consent.

5. Legal bases for processing

Where applicable law requires us to identify a legal basis (such as the EU/UK GDPR or analogous frameworks), we rely on the following:

  • Legitimate interests. Operating a public directory of IC-licensed professionals using official public-record data; verifying the accuracy of the directory; enabling public review and accountability of professionals; securing and improving the Service; detecting and preventing fraud or abuse; communicating with professionals about their profiles.
  • Performance of a contract. To provide the profile-management features and verification services you have requested as a professional, or to take steps before entering into an agreement with you.
  • Consent. Where we ask for it (for example, before sending non-transactional marketing emails, before collecting optional profile data, or before conducting a KYC verification check). You can withdraw consent at any time.
  • Legal obligation. Where we must process information to comply with a legal, regulatory, or court-ordered requirement.

In the Philippines, we process personal information in accordance with the Philippine Data Privacy Act of 2012 (R.A. 10173) and its implementing rules. In Australia, we process personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Regarding IC public-record data: We treat the names, license numbers, and registration details sourced from the IC roster as public-record information published by a government regulator. We rely on our legitimate interest in operating an accurate and useful professional directory, and on the public-interest nature of this data, as the bases for publishing it. Professionals who believe their information has been published inaccurately or who have a specific legal ground for requesting removal should contact us at privacy@bp-labs.tech.

6. The directory and trust tiers

The ffide directory is a public service. Professional listings and profile pages are publicly accessible without requiring a visitor to create an account. The following information is or may be publicly visible on a professional's ffide profile:

  • IC-sourced data: name, license number, license type, carrier or agency affiliation, and registration status;
  • profile data the professional has chosen to publish: photo, bio, specialisations, regions served, social and booking links, and professional achievements;
  • the professional's trust tier badge (IC-Listed, Leader-Vouched, or KYC-Verified) and the signals that determine it;
  • verified consumer reviews and aggregate trust scores.

IC-sourced data and advisor-provided data are visually distinguished on profile pages so visitors understand their origin. Professionals control what optional profile data they publish beyond the IC-sourced baseline. We will not unilaterally publish optional profile information a professional has not provided for public display.

7. Consumer reviews

Consumer reviews submitted through ffide are published on the relevant professional's profile. Review submissions are email-OTP-verified to reduce fraudulent or anonymous reviews. By submitting a review, the reviewer consents to the review content being published on ffide.

We moderate reviews for compliance with our Terms of Service. We may decline to publish, or may remove, reviews that we reasonably believe are false, defamatory, spam, or otherwise in violation of our Terms. Professionals who believe a published review is inaccurate or violates our Terms may contact us to request moderation review.

Reviewer email addresses are held confidentially and are not shared with the professional being reviewed.

8. How we share your information

We share information only as follows:

  • With service providers and processors. We use third-party providers to host the Service, store data, send email and notifications, monitor and debug the Service, and manage analytics. These providers act on our instructions under written agreements that require them to keep your information confidential and to use it only for the purposes we specify.
  • Public directory listings. Professional listing data (IC-sourced and advisor-provided public profile data, trust tier badges, and published reviews) is accessible to any visitor to ffide.com as described in Section 6. This is by design and is the core function of the Service.
  • For legal reasons. We may disclose information when we reasonably believe disclosure is required to comply with a law, regulation, legal process, or government request; to enforce our terms; to protect the rights, property, or safety of BP Labs, professionals, consumers, or others; or to investigate fraud, security, or technical issues.
  • In a corporate transaction. If we are involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of all or a portion of our assets, your information may be disclosed or transferred as part of that transaction. We will require any successor to honour the protections described in this Policy or to give you notice and a meaningful choice before applying a materially different policy to information collected before the transition.

We do not sell your personal information.

9. Your rights and choices

Subject to applicable law, you have the following rights:

  • Access — to ask us what information we hold about you;
  • Correction — to ask us to correct inaccurate or incomplete information (note: IC-sourced fields can only be corrected at the IC level; we can update them when the IC data changes);
  • Erasure — to ask us to delete your information, subject to retention obligations described in Section 11, and subject to our legitimate interest in maintaining an accurate public directory of IC-licensed professionals;
  • Portability — to receive an export of your account and profile data in a commonly used format;
  • Restriction or objection — to ask us to stop or limit certain processing, including processing based on legitimate interests;
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing;
  • Listing correction or removal requests — if you are a professional whose IC-sourced listing contains an error, or if you believe you have a legal ground to request removal of your listing from ffide, contact us at privacy@bp-labs.tech and we will review your request in good faith;
  • Marketing opt-out — to unsubscribe from marketing communications using the link in any such email or by contacting us;
  • Lodge a complaint — with the Office of the Australian Information Commissioner (oaic.gov.au) or the National Privacy Commission of the Philippines (privacy.gov.ph), or with the data-protection authority of your country of residence.

To exercise any of these rights, contact us at privacy@bp-labs.tech with enough information for us to verify your identity. We will respond within the period required by applicable law (and in any case within 30 days where no specific period applies).

10. Security

We use technical and organisational measures designed to protect your information, including encryption in transit, encryption at rest for our managed database, role-based access control, audit logging of administrative actions, and the principle of least privilege. No system is perfectly secure and we cannot guarantee the security of your information; professionals are also responsible for keeping their account credentials confidential and for the security of the devices and networks they use to access the Service.

If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities within the timeframes required by applicable law.

11. Data retention

We retain personal information for as long as we need it to provide the Service, plus a reasonable period afterwards to satisfy our legal, accounting, dispute-resolution, and audit obligations. In particular:

  • IC-sourced public-record data is retained and updated in line with IC roster releases. If a license lapses or is revoked, we reflect that status in the listing. We retain historical data to the extent necessary to maintain an accurate directory record.
  • Professional profile and account information is retained while the account is active and for up to 24 months after closure, unless the professional asks us to delete it sooner or a longer retention period is required by law.
  • Leader-application materials are retained for the period necessary to process the application and for up to 12 months afterwards for audit and dispute purposes.
  • Consumer review data (review content and OTP-verification records) is retained while the review is published and for up to 24 months after removal, unless a longer retention period is required by law or ongoing dispute.
  • Audit logs and security records are retained for up to 24 months.
  • Backup copies containing your information are retained for up to 35 days after deletion from primary systems.

If you ask us to delete your information, we will do so unless we are legally required to retain it. Where we are required to retain information, we will continue to keep it confidential and will not use it for any other purpose.

12. International transfers

We are based in Australia, our team includes members based in the Philippines, and we use service providers that may host or process information in Australia, the Philippines, the United States, the European Union, Singapore, and other jurisdictions. When we transfer personal information across borders, we take steps required by applicable law, which may include reliance on standard contractual clauses, the recipient's adequacy status, your explicit consent, or the necessity of the transfer to perform our contract with you.

You can ask us for more information about the safeguards we use by contacting privacy@bp-labs.tech.

13. Children

The Service is not directed to, or intended for, individuals under 18 years of age, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided personal information to us, please contact privacy@bp-labs.tech and we will delete it.

14. Changes to this Policy

We may update this Policy from time to time. When we do, we will update the "Last updated" date at the top and, where the changes are material, we will notify you in advance through the Service or by email. Your continued use of the Service after the effective date of an updated Policy means you accept the changes; if you do not accept them, you should stop using the Service and may close your account as described in Section 9.

We will keep prior versions of this Policy available on request.

15. How to contact us

For privacy questions, complaints, correction or removal requests, or to exercise any of the rights in Section 9:

  • Email: privacy@bp-labs.tech
  • Postal (Australia): BP Labs AU, Melbourne, Victoria, Australia
  • Postal (Philippines): Blueprint Labs Business Consultancy Services, Manila, Philippines

We will route your request to the appropriate person and respond within the period required by applicable law.

This document is version 0.1-draft — a starting template adapted from the fflo privacy policy and prepared for legal review. It is not effective until reviewed by qualified counsel and published with an effective date.