Brix Privacy Policy

This Privacy Policy (“Policy”) describes how Brix IT Solutions, through its Brix Visitor Management System and related applications (collectively, the “Brix Platform” or “App”), collects, uses, stores, shares, and protects Personal Data in accordance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and applicable data protection standards.

By accessing or using the App, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

Last updated on 2026-01-30
  1. DEFINITIONS

    For purposes of this Policy, the following terms shall have the meanings set forth below:

    • “Personal Data” refers to all types of personal information, sensitive personal information, and privileged information as defined under Republic Act No. 10173.
    • “Data Subject” refers to an individual whose Personal Data is processed through the App, including residents, homeowners, employees, visitors, and authorized users.
    • “Personal Information Controller” or “Controller” refers to the entity that determines the purposes and means of the processing of Personal Data. In most cases, this refers to the homeowners’ association, property owner, property manager, or corporate client using the Brix Platform.
    • “Personal Information Processor” or “Processor” refers to an entity that processes Personal Data on behalf of a Controller. Brix acts as a Personal Information Processor with respect to data processed for and on behalf of its clients.
    • “Processing” refers to any operation performed upon Personal Data, including collection, recording, organization, storage, updating, retrieval, use, disclosure, or deletion.
  2. ROLE OF BRIX

    Brix processes Personal Data under two distinct capacities:

    1. As a Personal Information Processor, when processing Personal Data on behalf of its clients (e.g., visitor logs, resident records, security access data). In this capacity, Brix processes data strictly in accordance with the instructions of the Controller and the applicable Data Processing Agreement (DPA).
    2. As a Personal Information Controller, only with respect to limited data necessary for its own business operations, such as account administration, billing, customer support, and system security.
  3. PERSONAL DATA COLLECTED

    Depending on usage and user role, the App may collect the following Personal Data:

    1. Account and User Information
      • Username
      • Full name
      • Email address
      • Profile photograph
    2. Visitor and Access Information (Client-Controlled Data)
      • Visitor name and contact details (if provided by the host)
      • Date and time of visit
      • Property or unit being visited
      • Vehicle license plate number (optional)
      • Number of accompanying persons (optional)
    3. Technical and Usage Data
      • Device and application usage logs
      • Access timestamps and authentication records
  4. PURPOSES AND LEGAL BASES FOR PROCESSING

    Personal Data is processed only for legitimate purposes and based on lawful criteria, including:

    • Contractual Necessity – to provide access to the App and deliver agreed services
    • Legitimate Interest – to ensure security, access control, fraud prevention, and operational efficiency within managed properties
    • Consent – for optional features or non-essential communications
    • Legal Obligation – to comply with applicable laws, regulations, or lawful orders
  5. DATA SHARING AND DISCLOSURE

    Brix does not sell or rent Personal Data. Personal Data may be disclosed only under the following circumstances:

    • Client Instructions – data processed on behalf of a Controller is disclosed only as authorized by that Controller
    • Service Providers – to third-party service providers engaged for infrastructure, cloud hosting, or notification services, subject to confidentiality and data protection obligations
    • Legal Compliance – when required by law, regulation, or valid legal process
  6. DATA STORAGE, SECURITY, AND TRANSFERS

    Personal Data is stored on secure cloud infrastructure located within or outside the Philippines, primarily within the Asia-Pacific region.

    Brix implements appropriate organizational, physical, and technical security measures, including:

    • Role-based access controls
    • Encryption of sensitive data
    • Secure authentication mechanisms
    • Continuous monitoring and system audits

    Where cross-border transfers occur, such transfers are undertaken as necessary to deliver the services, in accordance with the instructions of the relevant Controller, and with adequate safeguards in place pursuant to applicable data protection laws and contractual obligations.

  7. DATA RETENTION

    Personal Data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law, the Subscription Agreement, and the applicable Data Processing Agreement between Brix and the relevant Client.

    • Client-controlled data is retained in accordance with the instructions of the Controller and the applicable Data Processing Agreement.
    • Account-related data may be retained for a reasonable period following account termination for legal, audit, or dispute resolution purposes.

    Data is securely deleted, anonymized, or returned upon termination of services, subject to legal requirements and the retention, export, and deletion procedures set forth in the Subscription Agreement and applicable Data Processing Agreement, including certification of deletion where required.

  8. DATA SUBJECT RIGHTS

    Data Subjects have the following rights under applicable data protection laws:

    • Right to be informed
    • Right to access
    • Right to object
    • Right to correction
    • Right to erasure or blocking
    • Right to data portability
    • Right to damages
    • Right to lodge a complaint with the National Privacy Commission (NPC)

    Requests may be submitted to support@brix.ph. Requests relating to Client-controlled data are generally acted upon by the relevant Controller, with Brix providing assistance as required under the applicable Data Processing Agreement.

  9. DATA BREACH MANAGEMENT

    In the event of a personal data breach, Brix shall:

    • Promptly notify the affected Controller
    • Cooperate in investigation and mitigation efforts
    • Comply with breach notification requirements under applicable law
  10. ADVERTISEMENTS

    The App may display curated or contextual advertisements from select premium brands. Brix does not share Personal Data with advertisers and does not engage in cross-application tracking or behavioral profiling. Any advertising features remain subject to the data protection obligations set forth in the Subscription Agreement and applicable Data Processing Agreement.

  11. CHILDREN’S PRIVACY

    The App is not intended for use by individuals under eighteen (18) years of age. Brix does not knowingly process Personal Data of minors without appropriate parental or guardian consent.

  12. CHANGES TO THIS POLICY

    Brix may update this Policy from time to time. Material changes shall be communicated through the App. Unless otherwise required by law, updates shall take effect fifteen (15) days after publication.

    Continued use of the App constitutes acceptance of the updated Policy.

  13. CONTACT INFORMATION

    For questions, concerns, or data protection inquiries, please contact: support@brix.ph.