ogeeda
Book Demo
/ LEGALPRIVACY POLICY

Your data,
your rules.

Last updated · June 10, 2026

Service Provider

John Cedrick Bermejo, operating as Ogeeda · Molave, Zamboanga del Sur, Philippines · support@ogeeda.com

1. Introduction

We respect your privacy. This policy explains what information Ogeeda collects, how we use it, and how we protect it. This policy is designed to meet the requirements of the Republic of the Philippines' Data Privacy Act of 2012 (Republic Act No. 10173) and applicable data protection regulations of the Apple App Store and Google Play Store.

2. Information We Collect

We collect the following personal information to provide our services. All data is linked to your identity. We do not use any of it for tracking or advertising.

A. Contact Information

  • Full Name: For account management and personalization.
  • Email Address: For authentication, password resets, and important account notifications.
  • Phone Number (optional): For business communication preferences, if provided.

B. Identifiers

  • User ID: Your unique account identifier.
  • Device ID: To deliver push notifications to your specific device.

C. Device & Technical Information

  • Push Notification Token: To deliver booking alerts and reminders. Only collected if you grant notification permission.
  • Local Storage: App settings and cached data stored on your device for offline functionality.

D. Purchases

  • Subscription Status & History: Managed via RevenueCat to validate your plan and unlock premium features.

E. Business Data You Enter

You own all data you create within the app. This includes, but is not limited to:

  • Customer records: Names, email addresses, phone numbers, driver's license numbers and expiry dates, home addresses, and emergency contact information (names and phone numbers of third parties you enter).
  • Vehicle records: Make, model, year, license plate numbers, VIN numbers, photos, and operational data.
  • Booking records: Rental dates, pickup and return addresses, assigned pickup and return garage, assigned customer and vehicle, pricing, fees, discounts, commission data, and affiliate assignment details.
  • Payment records: Customer payment entries you record against a booking, including the amount, payment method (e.g., cash, GCash, Maya, bank transfer, card, or other e-wallet), reference number, payment date, notes, and internal review status (pending, approved, rejected, reconciled, or voided). These are a record-keeping ledger only — Ogeeda does not process, hold, or transfer any customer payment.
  • Handover & inspection records: Vehicle checkout and return readings such as odometer values, fuel levels, the units used, inspection notes, and the staff member and timestamp for each reading.
  • Charge records: Charges you raise against a booking — including fuel, distance/mileage, damage, late return, cleaning, and manual charges — together with their amounts, status (pending, applied, waived, or voided), and any waive or void reason.
  • Garage records: Garage or location name, address, contact number, person-in-charge name, operating hours, and pickup/return requirements that you enter. Contact numbers and person-in-charge names you enter for a garage constitute third-party personal data.
  • Financial records: Expenses, revenue summaries, commission calculations, and any manual ledger entries or corrections (undo / reversal) you make to reconcile a cash account.
  • Cash accounts & wallets: The names you give to cash accounts or wallets, their type, the garage or location each belongs to, and the staff member or owner you designate as holding each account ("held by"). Balances are derived from your payment and expense entries, not stored separately. The name of a person you designate as an account holder constitutes third-party personal data of that individual.
  • Affiliate records: Per-booking affiliate assignments, commission types (percentage or fixed), commission rates, ownership direction (whether the affiliate or the business owns the vehicle), and calculated commission amounts.
  • Other records: Staff profiles, promotions, pricing groups, email templates, and notes.

Emergency contact information entered for customers, and contact numbers or person-in-charge names entered for a garage, constitute third-party personal data. You are responsible for ensuring you have a legitimate basis for storing this information within the app.

F. Camera & Photos — AI Auto-Fill (Optional Feature)

The AI Auto-Fill feature (available on Pro and Suite plans) lets you scan a booking screenshot or photo to automatically extract booking details. When you use this feature:

  • You choose to capture a photo with your camera or select one from your gallery — this is always optional and user-initiated.
  • The image is sent securely to Google Gemini AI for text extraction only.
  • Images are never stored by Ogeeda or by Google beyond the duration of the request. Only the extracted text fields (e.g., customer name, dates) are retained as part of your booking record.
  • Camera and photo library permissions are requested on first use and are never accessed in the background.

This data type is classified as not linked to identity and not used for tracking — it is processed ephemerally solely for app functionality.

G. Invoice & Receipt Generation (Optional Feature)

When you use the invoice or receipt generation feature, the following applies:

  • Customer names and email addresses from your existing booking records are used to populate the generated document and to pre-fill the recipient field in your device's native mail app. For invoices and receipts, Ogeeda does not send the email for you — the mail app is opened with fields pre-filled, and you choose whether to send it. (Automated booking lifecycle emails are separate and are sent from our servers — see Section 3.)
  • Generated PDF files are temporarily saved to your device's local cache solely for the purpose of attaching them to an email or sharing them. These files are never uploaded to our servers.
  • Your business details — including company name, bank account information, signatory name and title, and tax settings — are saved to your organization's settings on our servers (Supabase) so they persist across your devices and team, pre-fill future invoices and receipts, and populate the automated booking emails we send on your behalf (see Section 3). Bank account information you enter is stored as part of these settings and is used only to display your payment details on the documents and emails you generate.
  • If you upload a business logo (logo upload requires the Pro plan), it is uploaded to our object storage and served from a permanent, public (unauthenticated) URL so it can be embedded in invoices, receipts, emails, and shared booking pages. Anyone with the link can view the logo. Because a logo is brand artwork meant to be shown to your customers, it is intentionally public; do not upload a logo containing private information.

Invoice and receipt sequence counters (last used number and date) are stored with your organization's settings on our servers so document numbers increment consistently across your devices and team.

H. Financial Report Export (Optional Feature)

When you use the financial report export feature, the following applies:

  • The exported XLSX file may include customer names, phone numbers, and email addresses from your booking records, along with financial data such as revenue, commissions, and booking details.
  • The file is generated and cached locally on your device. It is never uploaded to our servers.
  • Sharing is initiated by you through your device's native share sheet (e.g., email, messaging apps, cloud storage). Ogeeda does not control or track where you send the file.
  • You are solely responsible for ensuring that exported data is handled, stored, and shared in compliance with applicable data protection laws in your jurisdiction.

I. Meta Business Chat — Facebook & Instagram Messaging (Optional Feature)

Note: Meta Business Chat is not yet generally available. The disclosures below describe how the feature handles data and apply once it is enabled for your organization.

If your organization connects a Facebook Page or Instagram account using the Meta Business Chat feature (available on Suite plans), the following data is collected and processed when customers message your page:

  • Customer Messaging Data: Messages sent by customers to your Facebook Page or Instagram account are received via Meta's Webhooks API and processed by our servers. Message content is stored temporarily (up to 30 minutes of inactivity) to maintain conversation context.
  • Meta Sender ID: A platform-specific identifier assigned by Meta to each customer who messages your page. This is used to maintain conversation state and is not linked to any Facebook profile data beyond the customer's first and last name.
  • Customer Name: The first and last name associated with the customer's Facebook or Instagram account is retrieved via the Meta Graph API to personalize responses.
  • Customer-Provided Personal Data: During a booking conversation, customers may voluntarily provide their phone number, email address, full name, and booking preferences (dates, locations, vehicle preferences). This data is extracted by AI and stored as part of your organization's customer and booking records.
  • AI Processing: Customer messages are processed by Google Gemini AI to understand intent, extract booking details, and generate responses. The AI receives the conversation history (last 20 messages), your vehicle catalog, pricing, and availability data to provide accurate responses. Google processes this data ephemerally under their API terms — it is not used for model training.
  • Conversation Logs: All AI interactions are logged in an audit trail (meta_ai_logs) that records inbound and outbound messages, detected intent, actions taken, and AI model metrics. These logs are accessible only to your organization and are used for quality assurance and dispute resolution.
  • Page Access Tokens: When you connect your Facebook Page, we securely store a long-lived Page Access Token to send and receive messages on your behalf. This token is refreshed periodically and can be revoked at any time by disconnecting the integration.
  • Rate Limiting Data: We track per-sender message counts and booking attempt counts to prevent abuse. Senders who exceed thresholds may be temporarily blocked from the AI chat service.

Important: Customers who message your Facebook Page or Instagram account are interacting with Meta's platform. Meta's own Data Policy governs how Meta collects and processes their data. Ogeeda only processes the message content and limited profile information (name) that Meta delivers to us via webhooks.

As the organization owner, you are responsible for ensuring that your use of the Meta Business Chat feature complies with Meta's Platform Terms, applicable data protection laws, and that your customers are informed they are interacting with an AI-powered assistant.

J. Public API & Webhooks (Optional Feature)

If your organization uses the Public API (available on Suite plans), you can generate API keys and configure webhook endpoints to integrate Ogeeda with your own systems. When you use these features:

  • API Keys: Each key is scoped to specific permissions (for example, reading your fleet, reading your clients, or creating bookings) and may be restricted to specific IP addresses and given an expiry date. We store the key's prefix, label, scopes, allowed IPs, and the date it was last used. The secret portion of the key is shown only once at creation and is stored only as a hashed value — we cannot recover or display it again.
  • Programmatic Access: Any system holding a valid key can read or write the organization data permitted by that key's scopes — including booking, fleet, and client records that may contain personal data. You are responsible for keeping your API keys secret and for the actions of any system you grant access to.
  • Webhooks — Data Sent to You: When you register a webhook endpoint, Ogeeda sends event payloads (for example, when a booking is created, confirmed, cancelled, or completed) to the external URL you specify. These payloads may include booking and customer data. Because the destination is chosen and controlled by you, you act as the data controller for any data delivered to your endpoint, and you are responsible for securing it and handling it in compliance with applicable law. Each payload is signed with a secret so your endpoint can verify it originated from Ogeeda.
  • Delivery Metadata: We store your endpoint URL, the events it subscribes to, delivery timestamps, and consecutive-failure counts so we can retry, disable failing endpoints, and help you troubleshoot.

K. Photos & Attachments You Upload (Optional Feature)

On paid plans you can attach photos to your records — vehicles, customers, payments, and handovers. Unlike the AI Auto-Fill images in section F (which are never stored), these photos are stored persistently so they remain attached to the record. When you use this feature:

  • Uploading is always optional and user-initiated. You select images from your photo library; the app compresses them on your device before upload.
  • Storage & access: Record photos (vehicle, customer, payment, handover) are stored in our infrastructure provider's object storage (Supabase). They are private by default and served only through short-lived, signed links. Access is limited to members of your organization whose role permits viewing that record — for example, payment and handover photos are restricted to higher roles. (Your organization logo is the one exception: it is intentionally public — see Section G.)
  • Public publishing (Suite, opt-in per image): For vehicle and customer records only, you may choose to mark a specific photo as public. A public photo is moved to a public bucket and becomes accessible via a permanent, unauthenticated URL through your Public API — meaning anyone with the link can view it. Payment and handover photos can never be made public. Marking a photo public is reversible (it is moved back to private storage), but copies already cached by third parties or CDNs may persist for a time.
  • Deletion & limits: You can delete any photo you uploaded; deletion removes the stored object. Storage is subject to a per-organization limit by plan.
  • Your responsibility: You must have the rights and any necessary consent for every image you upload — in particular photos of or relating to your customers — and for any image you choose to publish publicly. As the organization, you are the data controller for this content; Ogeeda processes it on your behalf.

We do NOT collect:

  • GPS or device location data (we store pickup and return addresses that you manually enter in booking records, but we never access your device's location)
  • Camera or photos in the background or without your explicit action
  • Persistent copies of any photos you use for AI Auto-Fill — images are discarded immediately after AI processing
  • Contacts from your address book
  • Browsing history
  • Advertising identifiers (IDFA/GAID)
  • Analytics or behavioral tracking data

2.1 Android Permissions

When using Ogeeda on Android, we request the following permissions:

  • INTERNET: Required for all app functionality.
  • ACCESS_NETWORK_STATE: To detect offline/online status.
  • POST_NOTIFICATIONS: To send booking reminders and alerts. Optional — you can decline.
  • VIBRATE: For notification vibration delivery.
  • READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE: For offline data caching and local file storage.
  • CAMERA: To capture photos for the AI Auto-Fill feature. Optional — only requested when you initiate an AI Auto-Fill scan using your camera.
  • READ_MEDIA_IMAGES: To select photos from your gallery for the AI Auto-Fill feature and to upload your business logo for invoices and receipts. Optional — only requested when you use these features.

You can manage permissions at any time in Settings → Apps → Ogeeda → Permissions.

Background Processing Disclosure

Ogeeda uses background services to deliver scheduled booking reminders, overdue return alerts, and subscription status updates — even when you are not actively using the app. This processing uses only your booking and notification data. It does not collect new data while running in the background.

3. How We Use Your Information

We use your data to:

  • Authenticate your identity and maintain your session.
  • Display your business data securely.
  • Manage your subscription status via RevenueCat.
  • Send push notifications for booking updates and alerts (with your permission).
  • Send important account emails such as password resets.
  • Enable offline functionality via local device caching.
  • Run automated processes such as booking time alerts, overdue return reminders, and subscription status syncs via our serverless infrastructure.
  • Maintain internal notification logs to prevent duplicate alerts.
  • Process photos or screenshots you submit through the AI Auto-Fill feature to extract booking details. Images are transmitted to Google Gemini AI solely for text extraction and are discarded immediately after. Only the extracted booking fields are saved.
  • Track your daily AI extraction usage count to enforce plan limits.
  • Generate invoice and receipt PDF documents on your device using booking and customer data you select. PDFs are temporarily cached on your device and never uploaded to our servers. Your business settings (company name, bank details, tax configuration, logo, and document-number counters) are saved with your organization's settings on our servers to pre-fill future documents and keep numbering consistent across your devices and team.
  • Send automated booking lifecycle emails to your customers on your behalf (available on the Suite plan) — for example when a booking is requested, confirmed, started, completed, cancelled, or rejected, and as a pickup reminder. These emails use your customizable templates and your business details (company name, contact info, logo) and are sent through our email provider (Resend) from a bookings@ogeeda.com address with replies directed to your organization's contact email. They are off by default — you choose to enable them — and you can disable the automation, or any individual email, at any time in your settings.
  • Generate financial report spreadsheets (XLSX) on your device containing revenue summaries, vehicle performance, and booking details — including customer names, phone numbers, and email addresses. Reports are cached locally and shared only when you choose to do so via your device's share sheet. They are never uploaded to our servers.
  • Track per-booking affiliate assignments and calculate commissions on outsourced bookings. Affiliates can only access commission reports and booking data for bookings they are assigned to.
  • Process customer messages received via Facebook Messenger or Instagram Direct (Meta Business Chat) using Google Gemini AI to understand booking inquiries, provide vehicle availability and pricing information, and create draft bookings. Conversation data is retained for up to 30 minutes of inactivity, after which the conversation expires. AI interaction logs are retained for auditing purposes.
  • Send automated replies to customers on your behalf through your connected Facebook Page or Instagram account, using Meta's Messaging API.
  • Track message rates and booking attempts per sender to enforce rate limits and prevent abuse of the Meta Business Chat feature.
  • Record and display customer payment entries against a booking, maintain the payment ledger, and run the internal review workflow (approval, reconciliation, voiding) you initiate. Ogeeda only records these entries — it does not process, hold, or transfer any customer payment.
  • Record vehicle checkout and return readings (odometer, fuel level, inspection notes) and calculate handover-related charges (fuel, distance, damage, late return, cleaning, or manual) for your record-keeping. Charge amounts are informational — Ogeeda does not collect or settle them.
  • Store and display garage and location records, and associate pickup and return garages with your bookings.
  • Pre-fill booking confirmation, invoice, and receipt emails using your customizable email templates and your booking and customer data. Your email templates are saved with your organization settings so they persist across your team.
  • Authenticate and authorize Public API requests made with your API keys, enforce each key's scopes and IP restrictions, and record when a key was last used.
  • Deliver webhook event payloads to the external endpoints you configure, sign each payload, and track delivery success and failures so we can retry or disable failing endpoints.

4. How We Share Your Information

We do not sell your personal data. We share data only with trusted service providers required to operate Ogeeda:

Infrastructure & Services

  • Supabase (Database Hosting): Stores your account and business data securely. Data may be stored in the United States. Privacy Policy
  • RevenueCat (Subscription Management): Syncs your subscription status across devices. Privacy Policy
  • Expo (Push Notifications): Delivers booking alerts and reminders when you opt in. Privacy Policy
  • Google Gemini AI (AI Auto-Fill & Meta Business Chat): When you use the AI Auto-Fill feature, the photo or screenshot you select is sent to Google's Gemini API for text extraction. When the Meta Business Chat feature is active, customer messages, your vehicle catalog, and booking context are sent to Google's Gemini API to generate conversational responses. In both cases, Google processes data ephemerally — it is not retained or used for model training under their API terms. Google Privacy Policy
  • Meta Platforms (Meta Business Chat): When you connect your Facebook Page or Instagram account, messages are exchanged via Meta's Webhooks and Messaging APIs. Meta processes message delivery and customer profile data according to their own policies. Meta Privacy Policy
  • Resend (Email Delivery): Sends the automated booking emails we deliver to your customers on your behalf (confirmations, reminders, status updates) and account emails such as notifications. To do this, Resend processes the recipient's email address and the booking and business details contained in the message. Privacy Policy
  • Supabase Auth (Account Email): Password reset and authentication emails are delivered through our infrastructure provider.

Platform Providers

Apple App Store / Google Play handles in-app purchases and subscriptions. We only receive an anonymized receipt to confirm your subscription status — we do not receive your payment details.

Within Your Organization

If your organization uses the Affiliate feature, limited booking and commission data is visible to affiliate members for bookings they are assigned to. Affiliates can only see data related to their own assigned bookings — they cannot access other organization data such as customer personal information, financials, or unrelated bookings.

Integrations You Configure

If you use the Public API or webhooks (Suite plans), data leaves Ogeeda only to destinations you choose: systems you grant API keys to, and webhook URLs you register. We do not control these destinations and are not responsible for how they handle data once it reaches them. You are responsible for vetting and securing any system you connect.

We do not use analytics services, advertising networks, or data brokers.

5. Data Retention

  • Active Account: Data is retained for as long as your account is active.
  • Subscription Cancellation: Your subscription entitlement data is cleared. Your account and business data remain intact on the free Starter plan.
  • Account Deletion: Your account is deactivated immediately upon request. After a 30-day grace period: your authentication account (login credentials and identity) is permanently deleted; your personal data in your profile (name, email, phone) is anonymized — replaced with non-identifiable placeholders. An anonymized profile record is retained solely to preserve the integrity of historical business data (bookings, transactions) as required by BIR regulations. See Section 7 for deletion instructions.
  • Financial Records: Booking, payment, charge, and other transaction records — together with the vehicle handover readings tied to them — may be retained for up to 10 years as required by Bureau of Internal Revenue (BIR) regulations.
  • Audit Logs: Internal system logs that track data changes for security and integrity purposes may be retained beyond the 30-day personal data deletion window. These logs are used solely for security auditing and are not shared with any third party.
  • Notification Logs: Records of push notifications sent are retained temporarily to prevent duplicate alerts and are not linked to personal data after the associated booking is resolved.
  • Meta Business Chat Conversations: Active conversations expire after 30 minutes of inactivity. Expired conversations are automatically cleaned up. If a booking was in progress, a draft booking record is preserved in your organization's data. AI interaction logs (inbound/outbound messages, detected intent, actions taken) are retained for up to 90 days for auditing and quality assurance purposes, after which they are automatically purged.
  • Meta Page Access Tokens: Stored for as long as the integration is active. Tokens are deleted when you disconnect the integration. Expired tokens are automatically flagged for renewal.
  • API Keys & Webhooks: API key metadata (prefix, label, scopes, allowed IPs, last-used date) and webhook endpoint configurations are retained while active. When you revoke a key or delete an endpoint, it stops working immediately; a revoked/disabled record may be retained for security and audit purposes. Webhook delivery metadata (timestamps, failure counts) is retained to support retries and troubleshooting.

6. Security

We protect your data using:

  • TLS encryption for all data in transit.
  • Infrastructure-level encryption at rest provided by Supabase (disk encryption). Data values are not individually encrypted at the column level.
  • Row-level security to ensure your data is only accessible by authorized members of your organization.
  • No third-party analytics or tracking tools.

7. Your Rights & Data Deletion

You have the right to access, correct, or delete your personal data. Under the Philippine Data Privacy Act (RA 10173), you also have the right to data portability and to withdraw consent at any time.

Delete Account

You can delete your account and all associated data at any time using either of the following methods:

Option 1 — In-App (immediate)

  1. Go to the Business tab.
  2. Tap Delete Account below the Sign Out button.
  3. Enter your password and tap Delete to confirm.

Option 2 — Web Request

Submit a deletion request through our support page: ogeeda.com/support or email support@ogeeda.com with the subject line "Account Deletion Request." We will process your request within 7 business days.

Your account will be deactivated immediately. After a 30-day grace period, your authentication account (login credentials) is permanently deleted and your personal data (name, email, phone) is anonymized — replaced with non-identifiable placeholders. Your push notification tokens are permanently deleted. An anonymized profile record is retained to preserve the integrity of historical business records as required by BIR regulations.

Financial transaction records (bookings, payments) are retained for up to 10 years as required by BIR regulations. Audit logs may be retained for security purposes as described in Section 5.

Withdraw Consent for Push Notifications

You can withdraw your consent for push notifications at any time without deleting your account:

  • iOS: Settings → Notifications → Ogeeda → toggle off
  • Android: Settings → Apps → Ogeeda → Notifications → toggle off

Withdrawing notification consent does not affect your access to any app features.

For other data requests (access, correction, portability), contact us at support@ogeeda.com.

8. Children's Privacy

Ogeeda is a business management tool not directed at children. We do not knowingly collect personal information from anyone under 13 years of age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@ogeeda.com and we will delete that information promptly.

9. Changes to This Policy

We may update this policy occasionally. If we make significant changes, we will notify you via email to your registered address.

10. Contact

Ogeeda

Operated by John Cedrick Bermejo

Molave, Zamboanga del Sur, Philippines

Email: support@ogeeda.com

Support: https://ogeeda.com/support

Privacy requests (access, correction, deletion): support@ogeeda.com