POLICIES

Privacy policy

Last updated: 15 May 2026

This Privacy Policy explains how Dailys (“Dailys,” “we,” “us,” or “our”) collects, uses, and protects your personal data when you use dailys.ph and our related services (the “Service”). It is written to comply with the Data Privacy Act of 2012 (Republic Act No. 10173, “RA 10173”), its Implementing Rules and Regulations, and issuances of the National Privacy Commission (“NPC”).

1. Who we are

Dailys is the personal information controller for personal data collected through the Service. We have designated a Data Protection Officer (DPO) who is accountable for our compliance with RA 10173. You can reach our DPO at admin@dailys.ph.

2. Personal data we collect

  • Account information — name, email address, mobile number, shipping address, password.
  • Health information — quiz answers, medical history, current medications, allergies, photos you upload, consultation notes, prescriptions, and adverse-event reports. This is sensitive personal information under RA 10173.
  • Order and payment information — products ordered, billing address, transaction reference numbers, refund history. Card details are entered directly with our payment processor and are not stored by Dailys.
  • Device and usage data — IP address, device type, operating system, browser type, pages visited, referring URL, and similar information collected through cookies and analytics.
  • Communications — messages you send to support, the doctor, or our chat channels.

3. How we collect your data

We collect data (a) directly from you when you fill out the quiz, create an account, place an order, or contact support; (b) automatically through cookies, analytics, and server logs when you use the Service; and (c) from our physicians and pharmacy partner in the course of providing care.

4. How we use your data

We process your personal data on the following lawful bases under Sections 12 and 13 of RA 10173:

  • Contract — to set up your account, schedule consultations, dispense and ship medication, and provide customer support.
  • Consent — to process your sensitive health information for telehealth consultation and prescription, to send you marketing emails, and to use cookies that are not strictly necessary.
  • Legal obligation — to comply with FDA, DOH, BIR, and NPC requirements, including retention of medical records and adverse-event reporting.
  • Legitimate interest — to keep the Service secure, prevent fraud, and improve our product, in each case balanced against your rights and freedoms.

5. Who we share your data with

We share your personal data only with parties that need it to deliver the Service, and only under written agreements that protect your data:

  • Treating physicians licensed by the Professional Regulation Commission of the Philippines.
  • Our licensed Philippine pharmacy partner for compounding, dispensing, and dispatch.
  • Storefront and back-office providers: Shopify (storefront and order management), Supabase (clinical record storage), Calendly (consultation scheduling), Resend (transactional email).
  • Payment processor: PayMongo.
  • Courier partners for last-mile delivery of medications.
  • Government agencies and law enforcement when we are required to disclose by law, subpoena, NPC order, or court order.

We do not sell your personal data, and we do not share it with advertisers.

6. Cookies and analytics

We use cookies and similar technologies to keep you logged in, remember your preferences, measure how the Service is used, and improve the experience. You can control cookies in your browser; disabling some cookies may affect how the Service works. Where required by law, we will request your consent before placing non-essential cookies.

7. Data retention

We retain personal data only for as long as needed to fulfill the purposes for which it was collected and to meet our legal and regulatory obligations:

  • Medical records are retained for at least fifteen (15) years from the date of last entry, in line with Department of Health Administrative Order No. 2007-0029 (“Hospital Licensure Standards”) and PRC standards.
  • Account and order records are retained for the lifetime of your account plus five (5) years after closure, in line with the Bureau of Internal Revenue's record-keeping requirements.
  • Marketing data is retained until you unsubscribe or revoke consent.
  • Server and security logs are retained for up to one (1) year.

8. Your rights as a data subject

Under Section 16 of RA 10173, you have the following rights:

  • The right to be informed about how your data is processed.
  • The right to access your personal data.
  • The right to object to processing, including for direct marketing.
  • The right to correct inaccurate or outdated data.
  • The right to erasure or blocking under the conditions set out in the law.
  • The right to data portability for data processed by automated means.
  • The right to be indemnified for damages caused by inaccurate, incomplete, or unauthorized use of your data.
  • The right to lodge a complaint with the NPC at privacy.gov.ph.

9. How to exercise your rights

Send your request to hello@dailys.ph. We will acknowledge within five (5) business days and respond substantively within fifteen (15) business days. We may need to verify your identity before acting on a request. If we cannot meet a request, we will explain why.

10. Security

We implement reasonable and appropriate organizational, physical, and technical measures to protect your data, including encryption in transit and at rest for sensitive records, role-based access controls, audit logging, and least-privilege access for staff and partners. No system is perfectly secure, so we ask you to use a strong password and to notify us immediately at hello@dailys.ph if you suspect any unauthorized access to your account.

11. Children

The Service is not intended for anyone under eighteen (18). We do not knowingly collect personal data from minors. If you believe a minor has provided data to us, contact hello@dailys.ph and we will delete it.

12. International transfers

Some of our service providers (for example Shopify, Supabase, Calendly, and Resend) process data outside the Philippines. Where this happens, we rely on the cross-border transfer safeguards permitted by NPC Circular 16-02 and equivalent agreements, including data processing agreements and accountability commitments by the recipient.

13. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date above reflects the most recent change. Material changes will be communicated by email or in-app notice. Continued use of the Service after the effective date means you accept the updated Policy.

14. Contact

For privacy-related questions, requests, or complaints, write to our Data Protection Officer at admin@dailys.ph. You may also contact the National Privacy Commission at privacy.gov.ph.