We collect the following types of information

Personal Information

• •Full name (first and last name)
• •Email address
• •Phone number
• •Booking details (event dates, locations, themes)

Google Account Information (when you connect Google Calendar)

• •Google account email
• •Google Calendar access (to create and manage event entries)
• •Calendar event details (for synchronization purposes)

Payment Information

• •Payment method selection (GCash, PayMaya, Credit/Debit Card, Cash)
• •Transaction references (provided by PayMongo payment gateway)
• •Payment status and timestamps
• •Note: We do NOT store credit card numbers or sensitive payment credentials

Technical Information

• •IP address
• •Browser type and version
• •Device type (mobile, tablet, desktop)
• •Access timestamps
• •User actions and interaction logs

Photography/Videography Content

• •Photos and videos captured during events
• •Gallery images and metadata
• •Event documentation

We use your information for the following purposes

Service Delivery

• •Process and manage your event bookings
• •Schedule and confirm event dates
• •Send booking confirmations and reminders
• •Coordinate event logistics

Google Calendar Integration

• •Automatically create calendar events for confirmed bookings
• •Sync event details (date, time, location, theme) to your Google Calendar
• •Send calendar notifications and reminders
• •Update or cancel calendar events when bookings change

Payment Processing

• •Process down payments and full payments
• •Generate payment receipts
• •Track payment status
• •Handle refunds if applicable

Communication

• •Send booking updates and confirmations
• •Respond to inquiries and support requests
• •Share event-related information
• •Notify you of important changes

Platform Improvement

• •Analyze usage patterns to improve user experience
• •Monitor system performance and security
• •Identify and fix technical issues
• •Enhance features based on user feedback

Legal Compliance

• •Comply with applicable laws and regulations
• •Respond to legal requests
• •Enforce our terms of service
• •Protect against fraud and unauthorized access

Scope of Google Calendar Access

We request limited access to your Google Calendar with the following scope

• •`https://www.googleapis.com/auth/calendar.events` - To create, read, and update calendar events

What We Do With Google Calendar Data

• •Create calendar events ONLY for confirmed bookings
• •Include event details: date, time, location, theme, and notes
• •Set automatic reminders (1 day before and 1 hour before events)
• •Update events if booking details change
• •Delete events if bookings are cancelled

What We DO NOT Do

• •We do NOT access your existing calendar events unrelated to our bookings
• •We do NOT read, modify, or delete events we did not create
• •We do NOT share your calendar data with third parties
• •We do NOT use calendar data for advertising or marketing
• •We do NOT store your Google account password

Data Storage

• •We store only the Google Calendar event ID to track synchronization
• •Your Google access tokens are encrypted in our database
• •Tokens are refreshed automatically to maintain connection
• •You can revoke access anytime from Google Account settings or our platform

Google OAuth Compliance

• •We comply with Google API Services User Data Policy, including the Limited Use requirements. Your Google user data is used solely to provide and improve user-facing features of our event booking service.

Content Ownership

• •All photos and videos captured by D.CREATIVES during events remain the intellectual property of D.CREATIVES until full payment is received.

Usage Rights

• •We may use event photos/videos in our portfolio and marketing materials (with your consent)
• •You will be notified before any public use of your event content
• •You may request removal of specific images from public galleries

Client Access

• •Clients receive full-resolution copies after final payment
• •Access to online galleries for viewing

Privacy Protection

• •Gallery access is password-protected
• •Images are not indexed by search engines
• •We do not share event photos with unauthorized parties

Content Removal

You have the right to request removal of your photos/videos from

• •Public portfolio galleries
• •Marketing materials
• •Social media posts
• •Requests should be sent to our contact email and will be processed within 14 business days.

We implement industry-standard security measures to protect your personal information

Technical Safeguards

• •SSL/TLS encryption for data transmission
• •Encrypted storage for sensitive data (passwords, tokens)
• •Secure authentication with optional Two-Factor Authentication (MFA)
• •Role-based access control (admin, super admin, user roles)
• •Regular security audits and vulnerability assessments

Database Security

• •Row Level Security (RLS) policies in Supabase PostgreSQL
• •Service role isolation for webhook processing
• •Automatic session refresh and token management
• •Secure backup procedures

Payment Security

• •PCI-compliant payment processing via PayMongo
• •No storage of credit card numbers
• •Secure webhook signature verification
• •Payment transaction logging

Access Controls

• •Admin-only access to sensitive user data
• •Comprehensive audit logging of all admin actions
• •IP address tracking and device fingerprinting
• •Session management with automatic timeout
• •Note: While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to maintain the highest standards.

We do NOT sell, trade, or rent your personal information to third parties. We only share data with trusted service providers necessary to operate our platform

Payment Processing

• •PayMongo (payment gateway) - Processes payments securely
• •Only receives necessary transaction data
• •Subject to their own privacy policies and PCI-DSS compliance

Cloud Services

• •Supabase (database and authentication) - Stores user data securely
• •Vercel (hosting platform) - Hosts our web application
• •Both comply with GDPR and industry security standards

Google Services

• •Google Calendar API - Only when you explicitly connect your calendar
• •Google OAuth - For secure authentication
• •Subject to Google Privacy Policy

Analytics

• •Google Analytics 4 - Tracks website usage (anonymized data)
• •Used only for improving user experience
• •Does NOT include personally identifiable information

Email Services

• •Brevo (transactional emails) - Sends booking confirmations and notifications
• •Only receives email addresses and necessary message content

Legal Requirements

We may disclose information if required by

• •Court orders or legal processes
• •Law enforcement requests
• •Protection of our rights and property
• •Prevention of fraud or illegal activities
• •All third-party service providers are contractually obligated to maintain confidentiality and security of your data.

User Account Data

• •Retained while your account is active
• •Deleted within 30 days of account closure request
• •Backups purged within 90 days

Booking Records

• •Retained for 7 years for tax and legal compliance
• •Payment records kept per financial regulations
• •Can be anonymized upon request after legal retention period

Calendar Sync Data

• •Google access tokens retained until you disconnect calendar
• •Event IDs deleted when bookings are cancelled
• •Sync logs retained for 90 days for troubleshooting

Audit Logs

• •Admin action logs retained for 2 years (security compliance)
• •User activity logs retained for 1 year
• •Anonymized analytics data retained indefinitely

Photo/Video Content

• •Client event content retained per contract terms (typically 6-12 months)
• •Portfolio images retained until removal is requested
• •Deleted content purged from all systems within 30 days

Right to Deletion

• •You may request deletion of your personal data at any time by contacting us. We will comply within 30 days, except for data we must retain for legal, security, or contractual obligations.

We reserve the right to update this Privacy Policy to reflect

• •Changes in our services or features
• •New legal requirements
• •Improved privacy practices
• •User feedback

Notification of Changes

• •Major changes will be announced via email
• •Updated policy will be posted on our website
• •"Last Updated" date will be modified
• •Continued use constitutes acceptance of changes

Review Recommendation

• •We encourage you to review this policy periodically to stay informed about how we protect your information.
• •Last Updated: December 19, 2025

Cookies We Use

• •Essential Cookies: Required for login, session management, and security
• •Analytics Cookies: Google Analytics for usage statistics (anonymized)
• •Preference Cookies: Remember your settings (theme, language)

Third-Party Cookies

• •Google Analytics (analytics)
• •PayMongo (payment processing)

Your Control

• •You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality.

Do Not Track

• •Our platform respects "Do Not Track" browser settings where technically feasible.

Your information may be stored and processed in

• •United States (Vercel hosting, Supabase servers)
• •Europe (Supabase EU region)

We ensure adequate protection through

• •Standard Contractual Clauses (SCCs)
• •GDPR compliance where applicable
• •Encryption during transfer and storage
• •By using our services, you consent to international data transfers as described.

For Privacy-Related Questions or Concerns

• •Email: g.creatives2025@gmail.com
• •Phone: 09123456789
• •Address: Km 38 Pulong Buhangin Sta Maria Bulacan

Response Time

• •We aim to respond to all privacy inquiries within 48-72 hours (business days).

Complaints

If you believe your privacy rights have been violated, you may

• •1. Contact us directly using the information above
• •2. File a complaint with your local data protection authority
• •3. Seek legal remedies under applicable laws
• •We take all privacy concerns seriously and will investigate and respond promptly to all complaints.