Privacy Policy

Linya ("we," "us," or "our") is committed to protecting the privacy of its users in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Linya platform (web application and mobile app).

1. Personal Information We Collect

We collect the following personal information depending on how you use Linya:

Registered Users (Customers)

• Name — to identify you in queues
• Email address — for account creation, authentication, and email notifications
• Phone number (optional) — for contact purposes
• Password — stored in encrypted (hashed) form; we never store or see your plain-text password

Guest Users (Joining Queues Without an Account)

• Name — to identify you in the queue
• Phone number — for OTP (one-time password) verification via SMS
• Device fingerprint — a non-identifying technical identifier to prevent duplicate queue entries

Business Owners

• Owner name, email, phone — for account creation and management
• Business name, address, phone, email, category — displayed publicly to help customers find your business
• Location coordinates — derived from your business address for map and proximity features

Queue Custom Fields

Business owners may define custom questions when configuring their queues (e.g., "Reason for visit," "Number of guests"). Answers you provide when joining a queue are stored as part of your queue entry and are visible to the business owner managing that queue. We advise businesses to only collect information necessary for their service and to comply with the DPA when configuring custom fields.

2. How We Use Your Information

We process your personal information for the following purposes:

• Queue management — to place you in queues, track your position, and notify you when it's your turn
• Account management — to create and maintain your account, authenticate your identity, and send account-related emails (confirmation, password reset)
• Business discovery — to display business information (name, address, category) publicly so customers can find businesses
• Event management — to manage event queues, ticket reservations, and seat assignments
• Security and fraud prevention — to detect duplicate entries, verify phone numbers via OTP, and protect against abuse (reCAPTCHA)
• Service improvement — to analyze usage patterns (in aggregate, not individually) to improve the platform

3. Legal Basis for Processing

Under the Data Privacy Act of 2012, we process your personal information based on:

• Consent — you provide explicit consent when creating an account or joining a queue
• Contractual necessity — processing is necessary to provide you with the queue management service
• Legitimate interest — for security measures, fraud prevention, and service improvement

4. How We Share Your Information

• Business owners — when you join a queue, the business owner can see your name and any custom field answers you provided for that queue
• Other queue participants — your name may be visible to others viewing the same queue (e.g., queue status board). Your phone number is never shared publicly.
• Third-party services — we use Google reCAPTCHA for bot detection. Google may collect cookies and device information as described in their privacy policy.
• Law enforcement — we may disclose information if required by law, court order, or to protect the safety and rights of Linya and its users

We do not sell, rent, or trade your personal information to any third party.

5. Data Retention

• Registered accounts — your data is retained as long as your account is active. You may request deletion at any time.
• Guest sessions — guest data (name, phone, device fingerprint) is automatically deleted after 90 days of inactivity.
• Completed queue entries — retained for historical and analytics purposes. Custom field answers in completed entries are anonymized after 90 days.
• OTP codes — automatically expire after 5 minutes and are cleared after verification.

6. Your Rights Under the DPA

As a data subject, you have the following rights under the Data Privacy Act of 2012:

• Right to be informed — you have the right to know how your personal data is being collected, used, and processed (this Privacy Policy)
• Right to access — you may request a copy of the personal data we hold about you
• Right to rectification — you may update or correct your personal data through your account settings
• Right to erasure or blocking — you may request deletion of your account and personal data
• Right to object — you may object to the processing of your personal data for specific purposes
• Right to data portability — you may request your personal data in a structured, machine-readable format
• Right to file a complaint — you may file a complaint with the National Privacy Commission (NPC) if you believe your data privacy rights have been violated

To exercise any of these rights, contact us at privacy@linya.app.

7. Data Security

We implement reasonable and appropriate organizational, physical, and technical security measures to protect your personal information, including:

• Passwords are encrypted using industry-standard bcrypt hashing
• All data transmission is encrypted using TLS/HTTPS
• Sensitive parameters (passwords, tokens, OTP codes) are filtered from application logs
• Session tokens are cryptographically signed
• API authentication uses JWT tokens with a denylist for revocation
• OTP verification has rate limiting (maximum 5 attempts) and automatic expiry
• reCAPTCHA v3 protects against automated abuse

8. Cookies

Linya uses the following cookies:

• Session cookie — essential for keeping you signed in during your browsing session. This is a strictly necessary cookie.
• Guest session token — used to identify guest users who join queues without an account. This is a strictly necessary cookie.
• reCAPTCHA cookies — set by Google reCAPTCHA for bot detection. These are third-party cookies subject to Google's privacy policy.

We do not use advertising or tracking cookies.

9. Children's Privacy

Linya is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected personal data from a child without parental consent, we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notice. Continued use of Linya after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding your personal data or this Privacy Policy, contact our Data Protection Officer:

You may also file a complaint with the: