Privacy Policy

I. Introduction

II. Information We Collect

• Information you provide voluntarily – When you contact us, subscribe to newsletters, book a consultation or request information, we collect details such as your name, email address, company affiliation, phone number and the contents of your message. These details enable us to respond to your inquiry and provide the requested services. We may also collect billing or payment information if you purchase training or other products.
• Usage data – We automatically collect certain information about how you interact with our websites. This may include your IP address, browser type, device identifiers, operating system, pages visited, and access times. We use this information for analytics, troubleshooting and to improve user experience.
• Cookies and tracking technologies – Our sites use cookies, web beacons and similar technologies to remember your preferences, understand how our services are used and customise content. You can control cookies through your browser settings, but disabling them may affect site functionality.
• Information from third parties – If you connect with us through social media or professional platforms (e.g., LinkedIn), we may receive publicly available profile information (such as your name, company and job role). We may also obtain lead‑generation information from marketing partners.

III. Purpose and Legal Basis for Processing

AR Data processes personal information only for specified and legitimate purposes in accordance with the Data Privacy Act. Under Section 11 of the Act, personal data may be collected only for declared purposes and must be processed fairly, lawfully and proportionately. Our purposes include:

• Providing services and support – We use your contact details to reply to enquiries, schedule consultations, deliver newsletters, facilitate training and provide customer service. When you engage us for bespoke projects (e.g., blockchain data engineering, smart‑contract development, AI workflow automation or tokenomics services), we may need additional information to fulfil contractual obligations.
• Improving our products and services – Usage data and feedback help us refine our offerings, troubleshoot problems and develop new features consistent with our mission to design and deploy blockchain networks and agentic AI systems.
• Marketing – We may send promotional communications about AR Data events, blog posts or products. You can opt out at any time.
• Legal and compliance obligations – We process data as necessary to comply with applicable laws, respond to lawful requests, enforce our contracts and protect our rights. Section 12 of the Data Privacy Act allows processing when the data subject consents or when necessary to fulfil a contract, comply with legal obligations or pursue legitimate interests.

IV. Data Retention

We retain personal information only as long as necessary for the purposes stated above or as required by law. Section 11 of the Data Privacy Act requires that personal data be retained only for as long as necessary for the fulfilment of the purposes for which it was obtained or for legitimate business purposes. Once data is no longer needed, we securely delete or anonymise it.

V. Disclosure of Information

We do not sell or lease personal information. We may share data in the following circumstances:

• Service providers and contractors – We engage vendors to host infrastructure, process payments, provide analytics, or assist with marketing. Under Section 14 of the Data Privacy Act, when personal information is subcontracted, the controller remains responsible for ensuring proper safeguards. We require service providers to process data only as instructed and to implement appropriate security measures.
• Business partners – In the course of delivering projects, we may collaborate with partners in the Web3 ecosystem (e.g., IPFS storage providers or blockchain audit firms). Any data shared will be limited to what is necessary for project execution and subject to confidentiality obligations.
• Legal obligations – We may disclose personal information where required to comply with laws or legal processes or to protect the rights and safety of our company, clients or the public.
• Business transfers – If AR Data undergoes a merger, acquisition or sale of assets, personal data may be transferred as part of that transaction. You will be notified and given choices where required by law.

VI. International Data Transfers

AR Data is headquartered in Toronto and serves clients globally. When we transfer personal information across borders (for example, to cloud providers or project collaborators in other countries), we ensure that appropriate safeguards are in place. These may include contractual clauses, data‑processing agreements and technical measures to protect your information.

VII. Data Subject Rights

Under Section 16 of the Philippine Data Privacy Act, you have the right to:

• Be informed about the collection and processing of your personal information.
• Access personal information held about you and obtain details about how it is processed.
• Rectification – Request correction of inaccuracies.
• Erasure or blocking – Request suspension or deletion of personal information if it is incomplete, outdated, false, unlawfully obtained, or no longer necessary.
• Data portability – Obtain a copy of your personal information in a structured, commonly used format.
• Indemnification – Seek compensation for damages caused by inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.

To exercise these rights, please contact us using the details below. We may request identity verification to protect your privacy and may charge a reasonable fee where permitted by law.

VIII. Security Measures

AR Data implements reasonable and appropriate organizational, physical and technical measures to protect personal information, consistent with Section 20 of the Data Privacy Act. These include:

• Securing our networks against accidental or unlawful access.
• Maintaining a security policy and regular monitoring for vulnerabilities.
• Limiting access to personal data to employees and contractors who need it and requiring confidentiality obligations.
• Encrypting sensitive data and using secure protocols for data transmission.

In the unlikely event of a breach involving sensitive personal information, we will promptly notify the National Privacy Commission and affected data subjects as required by law.

IX. Children's Privacy

Our websites and services are intended for business and professional audiences. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child, we will delete that information promptly.

X. Third‑Party Links

Our sites may contain links to third‑party websites and platforms (e.g., partner organisations, Medium posts, LinkedIn). AR Data does not control the privacy practices of these third‑party sites. We encourage you to read the privacy policies of any site you visit.

XI. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the revised policy on this page with an updated "Last updated" date. We encourage you to review the policy periodically.

XII. Contact Us

If you have any questions or concerns about this Privacy Policy or wish to exercise your data‑subject rights, please contact us at: