Privacy Policy

1. Introduction

Welcome to QCTourism ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services, including when you sign in using Facebook Login.

By using QCTourism, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information from Facebook Login

When you sign in using Facebook, we collect:

• Name: Your public Facebook name
• Email Address: Your primary email associated with Facebook
• Profile Picture: Your Facebook profile photo URL
• Facebook User ID: A unique identifier from Facebook

We only request the minimum permissions necessary for authentication. We do NOT access your friends list, posts, or other Facebook data.

2.2 Information You Provide

• Comments and posts you create on our platform
• Itinerary bookmarks and preferences
• Event attendance and interactions
• Newsletter subscription email (if you subscribe)

2.3 Automatically Collected Information

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on our site
• Referring website and search terms

3. How We Use Your Information

We use the collected information for:

• Authentication: To verify your identity and provide secure access
• Personalization: To display your name and profile picture
• Communication: To send you notifications about your activity
• Content Management: To attribute comments, posts, and bookmarks to your account
• Analytics: To understand how users interact with our platform
• Security: To detect and prevent fraud, abuse, and security incidents
• Legal Compliance: To comply with legal obligations and enforce our terms

4. How We Store and Protect Your Data

Your data is stored securely in our MySQL database hosted on our servers. We implement industry-standard security measures including:

• Encrypted database connections (SSL/TLS)
• Secure authentication tokens with encryption
• Regular security audits and updates
• Access controls and role-based permissions
• Rate limiting to prevent abuse

5. Data Sharing and Disclosure

We do NOT sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With Your Consent: When you explicitly agree to share data
• Public Content: Comments and posts you make are publicly visible
• Legal Requirements: When required by law or legal process
• Service Providers: With trusted vendors who assist in operating our website (e.g., hosting, analytics)

6. Your Rights and Choices

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data (see section 7)
• Opt-Out: Unsubscribe from newsletters at any time
• Data Portability: Request your data in a machine-readable format

7. How to Delete Your Data

You can request deletion of your account and all associated data at any time:

What gets deleted: Your account, profile information, comments, bookmarks, and all personally identifiable information will be permanently deleted within 30 days. This action is irreversible.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session and improve your experience. Cookies used include:

• Session Cookies: To keep you logged in (essential)
• Preference Cookies: To remember your settings (e.g., dark mode)
• Analytics Cookies: To understand site usage (can be disabled)

You can control cookies through your browser settings, but disabling essential cookies may affect site functionality.

9. Third-Party Services

We use the following third-party services:

• Facebook Login: For authentication (governed by Facebook's privacy policy)
• Google Maps: For location display (governed by Google's privacy policy)
• OpenRouter/Perplexity AI: For chatbot functionality (no personal data shared)

These services have their own privacy policies. We encourage you to review them.

10. Children's Privacy

QCTourism is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. International Data Transfers

Your data is stored on servers located in the Philippines. By using our service, you consent to the transfer of your data to this location. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of our service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

14. GDPR Compliance (For EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed about data collection
• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Our legal basis for processing your data is consent (when you sign in with Facebook) and legitimate interest (for service provision and security).