Privacy Policy
Simmer — Privacy Policy
_Effective date: July 3, 2026 · Last updated: July 3, 2026_
- Entity: Boiling Waters PH
- Applies to: Simmer web app and mobile app (iOS, Android)
- Compliance: This Privacy Policy is established to comply with Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations, and is aligned with the General Data Protection Regulation (EU) 2016/679 (GDPR) where applicable.
Table of Contents
- Who We Are
- Information We Collect
- How We Use Your Information
- Legal Bases for Processing
- How We Protect Your Identity
- Data Sharing & Third-Party Processors
- Data Retention
- Your Rights
- Account Deletion
- Cookies & Tracking
- Children's Privacy
- International Data Transfers
- Data Breach Notification
- Changes to This Policy
- Contact Us
1. Who We Are
Boiling Waters PH is the operator of Simmer and is responsible for the processing of your personal data. This section outlines our role as the controller of your information and provides the contact details of our Data Protection Officer for any privacy-related enquiries.
Simmer is operated by Boiling Waters PH, a company registered in the Republic of the Philippines. Simmer is a dating and community platform available on the web (community features) and on mobile for both iOS and Android (community and dating features) users. Boiling Waters PH is the personal information controller for all data processed through the Platform, as defined under RA 10173.
Data Protection Officer:
- Name: [placeholder name]
- Email: dpo@simmerbybw.com
If you have any questions about how your data is handled, the DPO is your first point of contact.
_[NOTE: DPO appointment timeline pending. NPC registration is required before the dating module launches — confirm timeline and status.]_
2. Information We Collect
This section explains the types of personal information we collect, the sources from which it was obtained, and what we do not collect, to give you a clear understanding of how your data is handled.
2.1 Information You Provide Directly
- Account information: email address, password (hashed using argon2id; we never store your password in plain text), display name, date of birth, city/region
- Dating profile: profile details, preferences, photos
- Identity verification (KYC): government-issued photo ID and selfie (encrypted at rest, time-limited; see Section 5)
- Community content: persona names, avatars, posts, comments, reactions
- Payment details: tokenized payment information (we never store full card numbers)
- Communications: support messages, feedback, reports
2.2 Information Collected Automatically
- Device information: device model, operating system version, app version
- IP address: used for security and approximate location, not stored long-term
- Session data: login timestamps, session duration
- Crash logs: collected via Firebase Crashlytics for stability improvements
2.3 Information from Third Parties
- OAuth providers (Google, Apple, Facebook): email address and basic profile information only
- Payment processors: transaction confirmation only (no full payment details are shared back to us)
2.4 Information We Do NOT Collect
We want to be explicit about what we do not collect:
- GPS coordinates: we ask for city/region only; we do not track your precise location
- PII in analytics: no personally identifiable information is sent to our analytics providers
- Biometric data: KYC verification is a one-time comparison only; biometric data is not stored (see Section 5)
- Contact lists, call logs, or SMS: we never request or access these
3. How We Use Your Information
This section explains why we collect your personal information and the data required for each purpose.
Data minimization. We collect only the data necessary for each stated purpose, in line with RA 10173's proportionality principle (Section 11(d)). If a feature does not need a specific piece of data, we do not collect it.
- Account creation and authentication: email, password hash, OAuth tokens
- Identity verification (dating): government ID, selfie
- Content moderation: posts, images, reports
- Dating matching: dating profile, preferences, city/region
- Payment processing: tokenized payment information
- Analytics and product improvement: anonymized events only (consent-gated)
- Safety and fraud prevention: IP address, session data, moderation logs
- Push notifications: device tokens
- Legal compliance: consent records, payment history
4. Legal Bases for Processing
This section explains the legal bases we rely on when processing your personal information.
_[LEGAL REVIEW: verify basis mapping against RA 10173 criteria for lawful processing and GDPR Article 6.]_
- Consent: analytics, marketing emails
- Contract: account services, matching, payments, content hosting
- Legitimate Interest: safety, fraud prevention, moderation, platform security
- Legal Obligation: RA 10173 data retention (payment and consent records for 5 years), breach notification
You can withdraw your consent to use your information at any time (see Section 8). Withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.
5. How We Protect Your Identity
This section explains the technical measures we use to protect your personal information and help keep your identity secure.
5.1 Service-Scoped Identity Architecture
Simmer uses a service-scoped identity model. Your internal user ID never leaves the Auth Service. The Dating Service and the Community Service each receives separate, unlinked identifiers. This means a breach in one service does not expose your identity across the platform.
5.2 Community Anonymity
The Community Service only knows your persona ID (anonymous alias). It does not provide access to your real name, email address, or dating profile. This is enforced at the architecture level, not just by policy.
5.3 KYC Image Protection
Identity verification images (government ID and selfie) are:
- Encrypted at rest using industry-standard encryption
- Deleted 30 days after approval
- Deleted immediately upon rejection or account deletion
- Never shared with third parties or sold
_[LEGAL REVIEW: KYC processes sensitive personal information; confirm whether separate consent is required under RA 10173 at the time of verification, distinct from general Privacy Policy acceptance.]_
5.4 Password Security
Passwords are hashed using argon2id. We don't store passwords in plain text and have no ability to retrieve your password.
5.5 Session Security
- Mobile: short-lived access tokens with longer-lived refresh tokens (rotated on use)
- Web: server-side sessions using httpOnly cookies; session data is never accessible to client-side JavaScript
- CSRF protection: double-submit cookie pattern with SameSite=Lax
6. Data Sharing & Third-Party Processors
This section explains the third-party service providers we use, the personal information they process on our behalf, where processing takes place, and our commitment to protecting your data. We do not sell your personal information, serve advertisements, or use tracking cookies.
- Cloud infrastructure provider — Purpose: compute, database, storage, content delivery. Data handled: all application data. Regions: Southeast Asia.
- AI/ML services — Purpose: image moderation, identity verification. Data handled: uploaded images only. Regions: Southeast Asia.
- Mobile analytics & crash reporting — Purpose: app stability, anonymized usage analytics. Data handled: anonymized events, device tokens (no PII). Regions: Global (Standard Contractual Clauses).
- Product analytics — Purpose: feature flags, anonymized product metrics. Data handled: anonymized events (no PII). Regions: EU.
- Payment processors (web) — Purpose: subscription and purchase processing. Data handled: tokenized payment information (we never store full card numbers). Regions: Philippines, Southeast Asia, Global.
- Mobile app store billing — Purpose: in-app purchases and subscriptions. Data handled: payment and device tokens. Regions: Global.
- Push notification routing — Purpose: delivering notifications to your device. Data handled: device tokens. Regions: Global.
A current list of our specific sub-processors, including company names and data residency details, is maintained separately on our Sub-Processors page.
What we do not do:
- We do not sell your personal data to anyone.
- We do not serve advertisements.
- We do not use tracking cookies or ad cookies.
- We do not enable personalized ad signals.
_[LEGAL REVIEW: verify SCC status with each processor category and confirm Data Processing Agreements (DPAs) are in place with all sub-processors per RA 10173 Sections 12–13 and GDPR Article 28.]_
7. Data Retention
This section explains how long we retain your personal information and how it is deleted.
- Active account data — retained while the account is active; removed via the account deletion cascade.
- Chat messages (Dating) — retained 1 year after the match ends; deleted via automatic TTL.
- KYC images — 30 days after approval; immediate on rejection or deletion; removed via lifecycle rule.
- Quarantined images — 30 days (appeal window); removed via lifecycle rule.
- Image moderation scans — 90 days; removed via weekly cron.
- Content reports — 1 year after resolution; removed via weekly cron.
- Payment history — 5 years (anonymized after account deletion); removed via weekly cron + anonymization.
- Consent log — 5 years (anonymized after account deletion); removed via weekly cron + anonymization.
- Moderation audit log — 2 years active + archived, 5 years total then deleted; removed via lifecycle rule.
- Session records — per-session TTL; removed via automatic TTL.
- Device tokens — until replaced or account deleted; removed via overwrite / cascade.
Why 5 years for payment and consent records? Philippine tax and regulatory requirements under RA 10173 require retention of certain financial and consent records. After account deletion, these records are anonymized: email addresses are replaced with a one-way hash, and names are removed. The anonymized records cannot be linked back to you.
_[LEGAL REVIEW: (1) Reviews about deleted users — determine retention and right-to-erasure handling for reviews written about a user who deletes their account. (2) Moderation audit log — confirm the total retention period of 5 years (2 years active + archive) is appropriate under RA 10173.]_
8. Your Rights
This section explains your rights over your personal data and how to exercise them.
Under RA 10173 and the GDPR, you have the following rights:
- Right to Access: you may request a copy of the personal data we hold about you.
- Right to Correction: you may update your profile, email, or other personal information at any time through the app.
- Right to Deletion: you may request deletion of your account and personal data. There is a 7-day grace period, followed by a full deletion cascade (see Section 9).
- Right to Withdraw Consent: you may opt out of analytics and marketing at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
- Right to Data Portability: you have the right to receive your personal data in a structured, commonly used, machine-readable format. This feature is planned but not yet available. _[LEGAL REVIEW: timeline commitment for data portability feature.]_
- Right to Object: you may object to processing carried out on the basis of legitimate interest.
- Right to Appeal Moderation: you may appeal any moderation decision through the in-app appeal process.
How to Exercise Your Rights
- In the app: Settings → Privacy
- By email: privacy@simmerbybw.com
We will respond to all rights requests within 30 days.
Filing a Complaint
If you believe your data privacy rights have been violated, you may file a complaint with the National Privacy Commission (NPC) of the Philippines.
_[LEGAL REVIEW: include NPC contact details, complaint form URL, and exact process.]_
9. Account Deletion
This section explains how you can delete your account and what happens when you do.
9.1 Deletion Process
- Request deletion from Settings in the app.
- A 7-day grace period begins. During this time, you can reactivate your account by logging back in.
- After 7 days, deletion is automatic and irreversible. Deletion is orchestrated as a cascade across all services.
9.2 Data That Is Permanently Deleted
- User profile (email, name, date of birth, city/region)
- All community personas (or anonymized, per your choice — see Terms of Service Section 9.3)
- Dating profile
- Match history
- Chat messages
- Reviews you wrote
- Reviews others wrote about you _[LEGAL REVIEW: determine handling — anonymize or delete]_
- Photos
- Device tokens
- Notification preferences
- KYC images (deleted immediately upon deletion request, not after the 7-day grace period)
- Active sessions (terminated immediately)
9.3 Data That Is Anonymized and Retained
The following records are retained for up to 5 years for legal compliance, but are anonymized so they cannot be linked back to you:
- Payment history — email replaced with one-way hash, name removed
- Consent log — email replaced with one-way hash, name removed
These anonymized records satisfy Philippine tax and regulatory requirements under RA 10173.
9.4 After Deletion
You may re-register with the same email address. The new account is entirely fresh — no data from the previous account is restored or accessible.
10. Cookies & Tracking
This section introduces the cookies we use for analytics, but only when you give your consent.
10.1 Cookies We Use
- Session cookie — Purpose: maintains your login session (web only). Attributes: functional, httpOnly, Secure, SameSite=Lax.
- CSRF token — Purpose: prevents cross-site request forgery attacks. Attributes: security, Secure, SameSite=Lax.
Both cookies are strictly functional. Neither is used for tracking or advertising.
10.2 Analytics
Analytics collection is consent-gated:
- Analytics are disabled by default until you opt in.
- You can opt out at any time via Settings → Privacy.
- When you withdraw consent, tracking stops immediately.
10.3 What We Do Not Use
- No advertising cookies
- No ad personalization
- No cross-site tracking
- No browser fingerprinting
_[LEGAL REVIEW: determine whether a cookie consent banner is required for the web app given functional-only cookies and consent-gated analytics.]_
11. Children's Privacy
This section provides the age limitation we have set. Simmer is only for adults ages 21 and above. We do not collect data from individuals under 21.
Simmer requires all users to be at least 21 years of age. We do not knowingly collect personal information from anyone under 21.
How we enforce this:
- Age is declared during registration.
- Identity verification (KYC) for dating provides additional age confirmation.
If we discover an underage user:
- The account is terminated immediately.
- All associated data is deleted.
If you believe someone under 21 is using Simmer, please report it to support@simmerbybw.com.
12. International Data Transfers
This section lists the regions where your data may be processed, including the data protections in place.
Simmer's infrastructure spans multiple regions:
- Core infrastructure: Southeast Asia
- Product analytics: EU
- Mobile analytics & crash reporting: Global
- Payment processors: Philippines, Southeast Asia, Global (varies by provider)
All international transfers are protected by the Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized under RA 10173 and the GDPR. Specific sub-processor locations are listed in our sub-processors page (see Section 6).
Mobile analytics data residency note: some mobile analytics data residency is not fully controlled by Simmer and may be processed in data centers outside the Philippines. This is disclosed in compliance with RA 10173's transparency requirements.
_[LEGAL REVIEW: verify SCC or adequacy status for each international transfer destination.]_
13. Data Breach Notification
This section discusses the actions we will take according to law if your data is compromised.
In the event of a personal data breach, Boiling Waters PH will follow the notification requirements of RA 10173 Section 20(f) and NPC Circular 16-03:
- National Privacy Commission: notified within 72 hours of discovery of the breach.
- Affected users: notified within 72 hours of knowledge of the breach, or when the NPC directs notification, whichever is earlier.
What the Notification Will Include
- The nature of the breach
- The types of personal data affected
- The measures we have taken or propose to take
- Steps you can take to protect yourself
_[LEGAL REVIEW: verify notification timelines against NPC Circular 16-03 — NPC vs. affected user notification windows may differ. Confirm NPC Form requirements and exact process.]_
14. Changes to This Policy
This section explains our right to update this policy, including our responsibility to inform you. Users will be required to indicate whether they agree with the changes and continue using Simmer or not.
Boiling Waters PH reserves the right to update this Privacy Policy at any time. When we do:
- The required consent version is updated.
- On your next login after the update, you will see a prompt: "We've updated our Privacy Policy."
- You must review and accept the updated Privacy Policy to continue using the Platform.
- Your acceptance is recorded with the new version number and a timestamp in our immutable consent log.
If you do not accept the updated Privacy Policy, you may delete your account (see Section 9). You cannot continue using Simmer without accepting the current Privacy Policy.
15. Contact Us
This section explains how you can reach us regarding privacy matters.
Data Protection Officer:
- Name: [placeholder name]
- Email: dpo@simmerbybw.com
Other contacts:
- Privacy inquiries: privacy@simmerbybw.com
- General support: support@simmerbybw.com
- Entity: Boiling Waters PH
- Address: 2nd Floor Bldg. C, Metrowalk Commercial Complex, Meralco Ave., Ugong, City of Pasig, NCR, 1604
_This Privacy Policy was last updated on July 3, 2026._