Selyo
Sign UpLog In

Privacy Policy

Effective Date: January 30, 2026

Introduction

Selyo ("Platform," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data when you use the Selyo electronic notarization platform.

This Policy applies to all users of the Platform, including principals, affiants, Electronic Notaries Public, and other parties who interact with the Platform.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal data as described herein.

This Privacy Policy is governed by and compliant with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and applicable issuances of the National Privacy Commission. We are registered with the National Privacy Commission as a personal information controller.

Data Controller

Selyo acts as the personal information controller for personal data collected through the Platform in connection with Platform operations, account management, and verification services.

For personal data processed in connection with specific notarial acts, the notary public performing the notarial act is a personal information controller with respect to the notarial records they create and maintain. The Platform processes such data on behalf of and in coordination with notaries public in accordance with applicable rules on electronic notarization.

Questions about data processing may be directed to our Data Protection Officer through the contact information provided in this Policy.

Personal Data We Collect

We collect the following categories of personal data:

  1. Identity Information: Full legal name, date of birth, nationality, gender, civil status, and other information appearing on government-issued identification documents
  2. Contact Information: Email address, telephone number, and physical address
  3. Government Identification: Images and data from valid government-issued IDs such as passport, driver's license, PhilSys ID, or other accepted identification documents
  4. Biometric Information: Facial images, photographs, and facial biometric data used for identity verification, liveness detection, and anti-spoofing measures
  5. Document Information: Content of documents submitted for notarization and related metadata
  6. Session Recordings: Audio and video recordings of remote electronic notarization sessions
  7. Electronic Signatures: Your electronic signature as applied to notarized documents
  8. Device and Technical Information: Device type, operating system, browser type, IP address, and device identifiers
  9. Geolocation Information: Coarse geolocation data derived from IP address or device settings to verify user location and detect VPN usage
  10. Transaction Information: Records of notarization sessions, documents processed, fees paid, and related transaction history
  11. Payment Information: Payment card numbers, bank account information, or e-wallet identifiers as necessary to process payments (note: we use secure third-party payment processors and do not store complete payment card numbers)
  12. Communications: Records of your communications with the Platform, including support inquiries

Sensitive Personal Information

Certain personal data we collect may constitute sensitive personal information under the Data Privacy Act, including biometric data and, in some cases, information revealing health status, legal proceedings, or other sensitive matters as may appear in documents submitted for notarization.

We collect sensitive personal information only where necessary for the legitimate purposes of electronic notarization and identity verification, and we apply heightened security measures to protect such data.

Your consent to the processing of sensitive personal information is obtained at the time of collection. You may withdraw your consent at any time, subject to legal restrictions and the consequences described in this Policy.

Purposes of Processing

We process your personal data for the following purposes:

  1. To provide Platform services, including facilitating electronic notarization, identity verification, document processing, and record-keeping
  2. To verify your identity consistent with applicable regulatory requirements
  3. To detect and prevent fraud, impersonation, and document forgery through liveness detection and anti-spoofing technology
  4. To maintain notarial journals and other records required by law
  5. To provide document verification services enabling third parties to confirm document authenticity
  6. To process payments and maintain financial records
  7. To communicate with you regarding your account, transactions, and Platform updates
  8. To comply with legal obligations, including retention requirements and lawful requests from government authorities
  9. To enforce our Terms of Service and protect our legal rights
  10. To improve and develop the Platform, including through analytics and research on anonymized or aggregated data
  11. To share data with government databases as required by applicable rules
  12. For other purposes to which you have expressly consented

Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds under the Data Privacy Act:

  1. Your consent, which you provide when registering for the Platform and using its services
  2. The necessity of processing for the performance of a contract to which you are a party, namely these Terms of Service and the notarization services you request
  3. Compliance with legal obligations to which the Platform is subject, including requirements under the Rules on Electronic Notarization and related Supreme Court issuances
  4. The protection of your vital interests or those of another person
  5. The pursuit of legitimate interests of the Platform or a third party, except where such interests are overridden by your fundamental rights and freedoms
  6. Processing necessary for the establishment, exercise, or defense of legal claims

Where we rely on consent as the legal basis, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Disclosure of Personal Data

We may disclose your personal data to the following recipients:

  1. Notaries public who perform notarial acts on documents you submit, who receive information necessary to verify your identity and complete the notarial act
  2. Government authorities and databases, including courts, law enforcement, regulatory bodies, and government databases, as required by applicable law and rules
  3. Government authorities, when required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others
  4. Third-party service providers who perform services on our behalf, including cloud storage providers, payment processors, identity verification services, and IT support, subject to appropriate data processing agreements
  5. Professional advisors, including lawyers, auditors, and insurers, where necessary for the provision of their services
  6. Any party to whom you have authorized disclosure

We require all third-party recipients to respect the confidentiality and security of your personal data and to process it in compliance with applicable law.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the Philippines where our service providers or infrastructure may be located.

When transferring personal data internationally, we ensure that appropriate safeguards are in place to protect your data, including:

  • Executing data transfer agreements incorporating standard contractual clauses or equivalent provisions
  • Ensuring that recipient countries provide an adequate level of data protection as recognized by applicable authorities
  • Relying on other lawful transfer mechanisms under the Data Privacy Act

By using the Platform, you consent to the transfer of your personal data to countries outside the Philippines, subject to the safeguards described in this Policy.

Data Security

We implement technical, organizational, and physical security measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of data at rest using industry-standard encryption algorithms
  • Role-based access controls limiting access to personal data to authorized personnel on a need-to-know basis
  • Multi-factor authentication for access to sensitive systems
  • Regular security assessments and penetration testing
  • Tamper-evident logging and audit trails for critical operations
  • Secure development practices and code review
  • Intrusion detection and prevention systems
  • Business continuity and disaster recovery plans

We maintain backup systems to ensure the availability and recoverability of your data.

Despite our efforts, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for any actions taken through your account.

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

Specific retention periods are determined based on:

  • The nature of the data and the purposes of processing
  • Applicable legal requirements, including the retention periods prescribed by law for notarial journals, notarized documents, and session recordings
  • The statute of limitations for potential legal claims
  • Legitimate business needs

Notarized documents, notarial journals, and audiovisual recordings are retained in accordance with the periods mandated by law, which may be ten (10) years or longer.

After the applicable retention period expires, personal data is securely deleted or anonymized. Certain data may be retained in archived or backup systems for longer periods as required for legal compliance or disaster recovery purposes.

Your Rights as a Data Subject

Under the Data Privacy Act, you have the following rights with respect to your personal data:

  1. Right to be Informed: You have the right to be informed of the collection and processing of your personal data, including the purposes of processing, the recipients of your data, and the existence of your rights
  2. Right to Access: You have the right to request access to your personal data held by the Platform, including a copy of such data in a commonly used electronic format
  3. Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data
  4. Right to Erasure or Blocking: You have the right to request deletion or blocking of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, subject to legal retention requirements
  5. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller
  6. Right to Object: You have the right to object to the processing of your personal data, including processing for direct marketing purposes
  7. Right to Lodge a Complaint: You have the right to lodge a complaint with the National Privacy Commission if you believe your data protection rights have been violated
  8. Right to Damages: You have the right to be indemnified for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data

Exercising Your Rights

To exercise any of your data subject rights, please contact our Data Protection Officer using the contact information provided in this Policy.

We will respond to your request within thirty (30) days, or such longer period as permitted by law for complex requests. We may request verification of your identity before processing your request to protect against unauthorized access.

Certain rights may be limited where we have compelling legitimate grounds for processing that override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defense of legal claims.

Where your request relates to data processed in connection with a specific notarial act, we may need to coordinate with the notary public of record.

There is no fee for exercising your data subject rights, but we may charge a reasonable fee for manifestly unfounded or excessive requests, or refuse to act on such requests.

Public Verification Pages

The Platform provides public verification services that allow third parties to confirm the authenticity and integrity of documents notarized through the Platform.

When a verification code is entered, the verification page displays only limited, non-sensitive metadata, including:

  • Confirmation that a document with the specified verification code exists in the Platform's records
  • The date the document was notarized
  • The document type (if categorized)
  • An indication of whether the document's integrity has been verified or shows signs of tampering

The verification page does not display the full content of notarized documents, the identities of parties, or other sensitive personal data.

Full document access is restricted to authorized parties, including the parties to the notarization and the notary public, subject to identity verification and access controls.

Verification Metadata Collection

Both QR code scans and NFC tag interactions generate limited technical metadata for security and audit purposes. This metadata may include:

  • Timestamp of the verification event
  • Verification method identifier (QR or NFC)
  • General geographic region derived from IP address
  • Device type
  • For NFC interactions: cryptographic counter data for anti-cloning verification

This metadata is collected to:

  • Maintain platform security
  • Detect potential fraud or tampering
  • Provide authorized parties with audit trail information

Detailed audit trails, including verification history, are visible only to authorized parties including document owners and the notarizing notary. Public verification pages do not display full audit history.

Cookies and Similar Technologies

The Platform uses cookies and similar technologies to enhance your experience, analyze usage patterns, and provide certain functionality. Cookies are small data files stored on your device.

We use:

  1. Strictly Necessary Cookies: Required for the Platform to function, including session management and security features. These cannot be disabled
  2. Functional Cookies: Remember your preferences and settings to provide enhanced functionality
  3. Analytics Cookies: Help us understand how users interact with the Platform by collecting aggregated, anonymous information about usage patterns
  4. Security Cookies: Help detect and prevent fraud and protect the Platform from attacks

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Platform.

Children's Privacy

The Platform is not directed to individuals under eighteen (18) years of age. We do not knowingly collect personal data from children under 18.

If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we will take steps to delete such information.

If you believe we have collected information from a child under 18, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

When material changes are made, we will notify you through the Platform interface, by email to the address associated with your account, or by other reasonable means, and will update the "Effective Date" at the top of this Policy.

We encourage you to review this Policy periodically to stay informed about how we protect your personal data. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection practices and ensuring compliance with the Data Privacy Act.

If you have questions about this Privacy Policy, our data practices, or wish to exercise your data subject rights, please contact our Data Protection Officer at the contact information provided on the Platform.

You may also contact the National Privacy Commission if you have concerns about our data processing practices. National Privacy Commission contact information is available at https://privacy.gov.ph.

Contact Information

For privacy-related inquiries, requests to exercise your data subject rights, or complaints regarding our handling of your personal data, please contact us through the official contact channels provided on the Platform.

We are committed to addressing your concerns promptly and in accordance with applicable law.