Life Policy Dashboard
Effective Date: November 1, 2025
Public URL: pl.lifepolicydash.com/privacy-policy
Life Policy Dashboard (“Dashboard,” “we,” “us,” “our”) is a professional portal that enables licensed life-insurance agents and agency leaders to monitor policy status indicators (e.g., in-force status, premium currency, VUL fund values, and persistency metrics) more quickly and reliably—without displaying policyholder personally identifiable information (PII).
We handle personal data in line with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and applicable National Privacy Commission (NPC) circulars and advisories.
Role allocation: We act as Data Controller only for user/account data (agents and agency leaders). We do not act as a Data Controller nor a Data Processor for policyholder PII. The Dashboard is an additional monitoring layer that works with policy-monitoring fields only and is designed to avoid processing or displaying policyholder PII.
This Policy explains how we collect, use, store, disclose, and protect user/account data and how we handle policy-monitoring fields that are not policyholder PII. It does not cover third-party sites or services that may be linked from the Dashboard.
The Dashboard is designed to monitor policy status without ingesting or showing policyholder PII (e.g., names, birthdates, addresses, contact numbers, government IDs). The system handles the following non-PII policy-monitoring fields only:
Design note: “Policy Number” is used solely as a system reference for monitoring and is not connected in the Dashboard to any policyholder PII. The platform, as designed and governed by customer/insurer integrations, does not ingest or display policyholder identity attributes.
For user/account data, we rely on: contractual necessity (to provide you with access to the Dashboard); legitimate interests (security, fraud prevention, service improvement, analytics consistent with user expectations and proportionate to risks); legal obligations (e.g., compliance, record-keeping); and consent where specifically required (e.g., certain cookies/analytics if applicable).
Provide & maintain the service: account creation, authentication, authorization, role-based access.
Enable monitoring: display of policy-monitoring fields and performance indicators without policyholder PII.
Security & reliability: troubleshooting, preventing abuse, incident response, maintaining platform integrity.
Service communications: administrative notices, security alerts, and support responses.
Compliance: cooperation with lawful requests, audits, enforcement of terms.
We do not sell personal data.
Strictly necessary cookies are used for login and session continuity. We use Google Analytics to understand usage patterns and improve reliability. Where local rules require, we will provide notice/controls. You can manage cookies in your browser; blocking some cookies may impact functionality.
We share data only as needed and with safeguards:
Sub-processors are listed in Annex A. We conduct due diligence and require contractual data-protection commitments.
The platform is accessible only in the Philippines. Hosting is on AWS. If any administrative access from outside the Philippines becomes necessary (e.g., emergency support), we will apply adequate safeguards (contractual and technical) and restrict access on a least-privilege basis.
User/account data: retained for the life of the account and up to 2 years after account deletion to meet legal obligations, resolve disputes, and enforce agreements.
System logs: retained for 12–24 hours for security and diagnostics, then deleted.
Backups: retained for up to 3 years, with access strictly controlled and data protected using encryption and other safeguards.
When data is no longer necessary, we will securely delete or anonymize it within reasonable timeframes.
We implement ISO/IEC 27001–aligned controls, including (as applicable) encryption in transit and at rest, role-based access control, MFA for privileged/admin accounts, network and application firewalls, vulnerability and patch management, audit logging, staff confidentiality undertakings, and privacy/security training.
No system is perfectly secure. Users must protect their credentials and notify us promptly of any suspected compromise.
For user/account data, you have the right to be informed of processing activities; access and rectify your data; object to certain processing or withdraw consent where applicable; data portability where feasible; and to seek damages and lodge a complaint with the National Privacy Commission (NPC). We may request additional information to verify identity before acting on a request.
The Dashboard is for professional use by adults. We do not knowingly collect personal data from children.
The Dashboard may compute indicators (e.g., persistency rates, premium status flags, fund value aggregations) using the policy-monitoring fields listed in §3.2. These indicators support monitoring and do not produce legal or similarly significant effects about individuals.
External sites or services linked from the Dashboard are governed by their own privacy policies. We are not responsible for their practices.
We may update this Policy periodically. Material changes will be communicated via the Dashboard or by email. The “Effective Date” indicates the latest revision.
For questions or concerns about this Policy or your user/account data, please reach out using the contact details provided on our website.
In the event of a personal data breach affecting user/account data and meeting notification thresholds under the DPA/IRR, we will notify affected customers and/or the National Privacy Commission within 72 hours of becoming aware, consistent with legal requirements and available information at the time.