Merchase

Privacy Policy

Effective July 6, 2026 · Operated by GYRA Technologies OPC

Merchase is a connection platform that helps clients book appointment-, stay-, and rental-based small businesses. We never hold or process your money — payments are made directly between you and the business. This policy explains what personal data we collect and your rights over it.

Who we are

Merchase is a booking platform operated by GYRA Technologies OPC ("Merchase", "we", "us"). This Privacy Policy explains what personal data we collect, why, and your rights over it. For any privacy request, contact us at gyratech@merchase.app.

What we collect

Account data: your name, email, phone number, and password (stored securely by our authentication provider).

Business data (for business accounts): business name, address, contact number, category, payment details, and owner/manager name.

Uploaded images: business logos, service and promo photos, payment QR codes, downpayment proofs, pre-booking documents, and government-issued ID images used for verification.

Booking data: services booked, dates/times, prices, discount codes, and cancellation/refund records.

Usage data: basic app activity needed to run the service.

How we use your data

To create and manage your account; to connect clients with businesses; to process bookings (note: payments are made directly between client and business — Merchase never receives the money); to verify businesses; to send in-app notifications; to provide support; and to keep the service secure.

Legal basis (consent)

We process your personal data based on your consent, given when you create an account and agree to this Policy, and as necessary to provide the service you request. You may withdraw consent by deleting your account (see below).

How we share data

We do NOT sell your personal data. When you book, the relevant business sees the booking details you provide (e.g. your name and any documents required for that booking). We use trusted infrastructure providers (e.g. Google Firebase) to host data. Because payments are made directly between you and the business, Merchase does not share your data with any payment processor.

Storage and security

Data is stored on Google Firebase (Firestore, Authentication, and Storage) and protected with access rules and reasonable technical measures. Sensitive uploads such as ID images and payment proofs are handled with particular care. No system is perfectly secure, and you share information at your own risk.

Retention

We keep your data while your account is active. Notifications automatically expire after a set period. Booking records are retained as long as needed for the service and for legitimate business, dispute, or legal purposes. When you delete your account, we remove your personal data except where retention is required by law.

Your rights

Under the Philippine Data Privacy Act of 2012, you may: access your data; correct inaccurate data; object to or withdraw consent for processing; request deletion; and be informed of how your data is used. You may also lodge a complaint with the National Privacy Commission (NPC).

Deleting your data

To request deletion of your account and personal data, email gyratech@merchase.app from your registered email address. We will act on valid requests within a reasonable time, subject to legal retention requirements.

Children

Merchase is intended for users aged 18 and older, or minors with the consent and supervision of a parent or legal guardian. We do not knowingly collect data from children without such consent.

Changes to this Policy

We may update this Policy from time to time. Material changes will be reflected by an updated effective date, and where appropriate we may ask you to review and accept the changes.

Contact

For privacy questions or requests, contact GYRA Technologies OPC at gyratech@merchase.app.