This Privacy Policy explains how JARR-C Solutions ("we", "us", "our") collects, uses, shares, and protects personal information when you use the Barrio web platform at barriosoft.com and related SaaS services (the "Service"). This policy is written in line with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC).
For our mobile application, see the tab above. If you do not agree with this policy, please do not use the Service.
1. Who we are
JARR-C Solutions is the operator of the Barrio platform, which helps homeowners' associations, condominium corporations, property managers, and similar communities manage residents, units, visitors, vehicles, payments, maintenance, and security communications.
Our Data Protection Officer is Ryan G. Gonzales. You can reach us at:
[email protected] — for data-protection requests, rights under the Data Privacy Act, and breach reports.
We only collect what's needed to operate the Service for you and your community.
a. Account & organization information
Your full name, email address, phone number, and password (stored hashed — we never see your plain-text password).
Your community role (owner, admin, manager, security, staff, resident) and the organization you belong to.
The organization name, address, contact details, and branding (logo) provided by the subscribing community.
Profile photo (avatar), if you add one.
b. Property, unit & member data
Properties, blocks, units, and lot details entered by community admins.
Resident, owner, and tenant records linked to units (name, contact details, move-in dates).
Household and "My Members" rosters added by residents or admins.
Vehicles registered to a unit (plate, make, model, color, sticker / RFID details, optional photo).
Documents attached to records (e.g., IDs, OR/CR, insurance, visitor IDs).
c. Billing & payments
Billing schedules, invoices, statements of account, ledgers, and dues records.
Payment submissions, payment proofs (e.g., screenshots of GCash / Maya / bank receipts), and transaction references.
Subscription billing data for paid plans (plan tier, billing period, trial dates, payment history). We do not store credit card numbers; card data is handled by our payment processors.
Investigate and fix bugs, abuse, or security incidents.
Comply with legal obligations and lawful requests from authorities.
We will not use your personal information for any purpose materially different from those described above without first obtaining your consent.
4. Legal basis for processing
Under the Data Privacy Act, we rely on one or more of the following bases:
Consent — when you give explicit permission (e.g., uploading a document or photo, enabling notifications).
Contract — to deliver the Service you and your community signed up for, including paid subscriptions.
Legal obligation — for example, to retain billing records as required by tax and accounting law.
Legitimate interests — for security, fraud prevention, and product improvement, balanced against your rights.
5. Who we share information with
We share data only with the parties below, and only to the extent needed.
a. Within your community
Other members of your household can see household membership and selected unit info.
Community admins, owners, and managers can see member, billing, vehicle, visitor, maintenance, and gate-activity records relevant to their role.
Security / staff can see visitor passes and gate-activity records needed to operate the gate.
Multi-tenant data isolation is enforced by PostgreSQL Row Level Security (RLS) policies — one community cannot see another community's data.
b. Service providers
We use the following processors. They access only the data needed to deliver their service and are bound by contractual confidentiality and data-protection obligations:
DigitalOcean, LLC — hosts our application servers and self-hosted Supabase stack (PostgreSQL database, authentication, and file storage), located in the Singapore (SGP1) region.
Sentry (Functional Software, Inc.) — receives crash reports and error logs for diagnostic purposes.
Xendit — processes B2B subscription payments for paid plans.
PayMongo — processes resident-to-community payments where enabled by the community.
Email service provider — delivers transactional emails (verification, password reset, billing notices). Receives only email addresses and message contents.
Google Analytics 4 — provides anonymous, cookieless traffic analytics on our public landing page only. Not used inside the application.
These providers may store data on servers located outside the Philippines (commonly Singapore, the United States, or the European Union). Where data is transferred internationally, we rely on safeguards such as standard contractual clauses and the providers' own data-protection commitments.
c. Legal disclosure
We may disclose personal information if required by law, court order, or a lawful request from a competent government authority (for example, the Philippine National Police investigating an incident reported via the Service). We will limit disclosures to what is strictly necessary.
d. Business changes
If JARR-C Solutions is involved in a merger, acquisition, or asset sale, your information may be transferred to the successor entity. We will notify you (and your community administrator) before your information becomes subject to a materially different privacy policy.
We do not sell your personal data to third parties.
6. Data retention
We retain your information only for as long as we need it:
Active account & community data — for as long as the community has an active subscription and you have an active account.
Visitor passes, gate logs, and security incidents — typically up to 24 months, or longer where required for legitimate security or legal reasons.
Billing, payment, and invoice records — for the period required by Philippine tax and accounting law (currently up to 10 years for primary documents).
Maintenance ticket history — for the period the community needs it for warranty and audit purposes.
Crash and error logs — typically up to 90 days.
Cancelled subscriptions — after cancellation, your community's data is retained for 90 days during which a full export may be requested. Soft-deleted records are then permanently purged.
Backups — operational backups are rotated regularly and may retain data for short periods after deletion from primary systems.
When the retention period ends, we either delete the data or anonymize it so it can no longer be linked back to you.
7. Your rights
You have the following rights under the Data Privacy Act:
Right to be informed about how your data is processed.
Right to access — to ask what personal information we hold about you.
Right to object — to certain processing, including marketing communications.
Right to rectify — to ask us to correct inaccurate or outdated information.
Right to erasure or blocking — to ask us to delete or block your data, subject to legal and operational limits (for example, payment records we are required to keep).
Right to data portability — to receive your information in a structured, commonly used, machine-readable format.
Right to damages — for any breach of your rights under the Act.
Right to file a complaint with the National Privacy Commission (privacy.gov.ph).
You can exercise most of these rights directly in the platform (editing your profile, deleting attachments, exporting data) or by emailing [email protected]. We will respond within thirty (30) days. We may ask you to verify your identity before acting on a request.
8. Children's privacy
The Service is intended for adult residents, owners, and authorized staff. We do not knowingly collect personal information from children under 13 years of age. Household members under 13 may be listed in a household roster by a parent or guardian, but they do not have their own accounts. If you believe a child under 13 has provided personal information to us, please contact [email protected] and we will delete it.
9. How we keep your data secure
All traffic between your browser and our servers is encrypted using HTTPS / TLS.
Authentication uses industry-standard token-based sessions; passwords are stored hashed using bcrypt-style algorithms. Two-factor authentication (TOTP) is available.
Database access is governed by row-level security policies that limit what each user, role, and community can see.
File uploads (photos, documents, payment proofs) live in private storage buckets and are served only through short-lived signed URLs.
Sensitive operations are protected by server-side checks even if the client requests them.
We monitor for errors and unusual activity and patch known vulnerabilities promptly.
No system is perfectly secure. If we become aware of a security incident that affects your personal information, we will notify you and the National Privacy Commission as required by law.
10. Cookies, identifiers & analytics
Session cookies — used strictly for authentication (keeping you signed in). No tracking cookies are used inside the application.
Theme preference cookie — used only to remember your dark-mode preference.
Google Analytics 4 — runs in cookieless mode on our public landing page only, for anonymous traffic counts. Not used inside the authenticated application.
Error-monitoring identifiers issued by Sentry so we can group related error reports.
We do not run third-party advertising SDKs or sell behavioral data.
11. Changes to this policy
We may update this policy from time to time — for example, when we add a new feature or use a new service provider. When we make material changes we will:
Update the "Last updated" date at the top.
Where appropriate, notify you in the platform or by email at least 30 days before the changes take effect.
Continued use of the Service after a change means you accept the updated policy.
12. Contact us
If you have any question about this policy, want to exercise any of your rights, or wish to report a privacy concern, please contact:
This Privacy Policy explains how JARR-C Solutions ("we", "us", "our") collects, uses, shares, and protects personal information when you use the Barrio mobile application and related services (the "Service"). This policy is written in line with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC).
For our web platform and SaaS subscription policy, see the tab above. If you do not agree with this policy, please do not use the Service.
1. Who we are
JARR-C Solutions is the operator of the Barrio platform, which helps homeowners' associations, condominium corporations, and similar communities manage residents, visitors, vehicles, payments, maintenance, and security communications.
Our Data Protection Officer is Ryan G. Gonzales. You can reach us at:
[email protected] — for data-protection requests, rights under the Data Privacy Act, and breach reports.
We only collect what's needed to make Barrio work for you and your community.
a. Account information
Your full name, phone number, email address.
Your community role (resident, owner, guard, staff, or admin) as assigned by your community administrator.
Your profile photo (avatar), if you add one.
Your password (stored in hashed form — we never see your plain-text password).
Your unit assignment and household membership.
b. Community and household data
Members of your household that you (or another household admin) add.
Vehicles you register (plate number, make, model, color, sticker / RFID details, optional photo).
Documents you attach to a vehicle or visitor pass (e.g., IDs, OR/CR, insurance).
c. Visitor passes and gate activity
Visitor name, phone number, purpose of visit, vehicle plate (if any), and the dates the pass is valid.
Optional visitor photo for guard cross-check at the gate.
QR codes generated for each pass.
Records of gate scans (check-ins and check-outs) performed by guards.
d. Maintenance and billing
Maintenance tickets you submit, including category, description, and photos.
Comments exchanged between you and community staff on those tickets.
Invoices, statements of account, and payment submissions.
Payment proofs you upload (e.g., screenshots of GCash / Maya / bank receipts) and transaction references.
e. Announcements and notifications
Read state for announcements published by your community.
The push-notification token issued by Apple Push Notification Service (APNs) or Firebase Cloud Messaging (FCM) so we can deliver alerts to your device.
f. Safety features
If you trigger the SOS feature, we record the time, your identity, the community you belong to, and route an alert to the relevant guards and staff so they can respond.
g. Device and diagnostic data
Basic device information (operating system version, app version, device model) to help us troubleshoot crashes and provide support.
Crash reports and error logs sent to our error-monitoring provider (see Section 5). These may include the screen you were on and a sanitized snapshot of app state at the time of the error — they do not include your password or payment-method credentials.
h. Camera and photo library
Barrio asks for permission to use your camera and photo library only when needed:
Camera — for scanning QR codes at the gate, taking photos to attach to maintenance tickets, visitor passes, vehicles, or payment proofs, and taking a profile photo.
Photo library — for selecting existing images for the same purposes.
We do not access your camera or photos in the background and we do not upload your gallery. Only the images you explicitly select or capture inside Barrio are uploaded.
i. What we do not collect
We do not collect your precise location.
We do not access your contacts, calendar, microphone, or messages.
We do not run advertising trackers or sell your data to advertisers.
3. How we use your information
Authenticating you and keeping your session secure.
Showing you the right screens, balances, and history for your unit and role.
Letting community admins and staff manage residents, vehicles, billing, maintenance, and announcements.
Generating and validating visitor passes at the gate.
Routing SOS alerts to the right people in real time.
Sending you push notifications about payments, approvals, announcements, and security events you've opted into.
Investigating and fixing bugs, abuse, or security incidents.
Complying with legal obligations and lawful requests from authorities.
We will not use your personal information for any purpose materially different from those described above without first obtaining your consent.
4. Legal basis for processing
Consent — when you give explicit permission, for example by uploading a photo, attaching a document, or enabling push notifications.
Contract — to deliver the Service you and your community signed up for.
Legal obligation — for example, to retain billing records as required by tax and accounting law.
Legitimate interests — for security, fraud prevention, and product improvement, balanced against your rights.
5. Who we share information with
a. Your community
Other residents in your household can see household membership and selected unit info.
Community admins / staff can see your account, billing, vehicles, visitor passes, maintenance tickets, and announcements you submitted or that pertain to your unit.
Guards can see visitor passes valid for your unit (including the visitor photo, if you uploaded one) and your digital ID at the gate.
b. Service providers
We use the following processors to operate Barrio. They access only the data needed to deliver their service and are bound by contractual confidentiality and data-protection obligations:
DigitalOcean, LLC — hosts our self-hosted Supabase stack (database, authentication, file storage) in the Singapore region. Files (photos, documents, payment proofs) live in private storage buckets accessible only via short-lived signed links.
Sentry (Functional Software, Inc.) — receives crash reports and error logs for diagnostic purposes.
Expo (Exponent, Inc.) — relays push-notification messages to Apple's APNs and Google's FCM.
Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM) — deliver push notifications to your device.
PayMongo — processes resident-to-community payments where enabled by the community.
These providers may store data on servers located outside the Philippines (commonly in the United States, the European Union, or Singapore). Where data is transferred internationally, we rely on safeguards such as standard contractual clauses and the providers' own data-protection commitments.
c. Legal disclosure
We may disclose personal information if required to do so by law, court order, or a lawful request from a competent government authority (for example, the Philippine National Police investigating an incident reported via Barrio). We will limit disclosures to what is strictly necessary.
d. Business changes
If JARR-C Solutions is involved in a merger, acquisition, or asset sale, your information may be transferred to the successor entity. We will notify you (and your community administrator) before your information becomes subject to a materially different privacy policy.
We do not sell your personal data to third parties.
6. Data retention
Active account data — for as long as you have an active account in a Barrio-using community.
Visitor passes, gate logs, and security incidents — typically up to 24 months, or longer where required for legitimate security or legal reasons.
Billing, payment, and invoice records — for the period required by Philippine tax and accounting law (currently up to 10 years for primary documents).
Maintenance ticket history — for the period the community needs it for warranty and audit purposes.
Crash and error logs — typically up to 90 days.
Backups — operational backups are rotated regularly and may retain data for short periods after deletion from primary systems.
When the retention period ends, we either delete the data or anonymize it so it can no longer be linked back to you.
7. Your rights
Right to be informed about how your data is processed.
Right to access — to ask what personal information we hold about you.
Right to object — to certain processing, including marketing communications.
Right to rectify — to ask us to correct inaccurate or outdated information.
Right to erasure or blocking — to ask us to delete or block your data, subject to legal and operational limits.
Right to data portability — to receive your information in a structured, commonly used, machine-readable format.
Right to damages — for any breach of your rights under the Act.
Right to file a complaint with the National Privacy Commission (privacy.gov.ph).
You can exercise most of these rights directly in the app (editing your profile, deleting attachments, etc.) or by emailing [email protected]. We will respond within thirty (30) days. We may ask you to verify your identity before acting on a request.
8. Children's privacy
Barrio is intended for adult residents, owners, and authorized staff. We do not knowingly collect personal information from children under 13 years of age. Household members under 13 may be listed in a household roster by a parent or guardian, but they do not have their own accounts. If you believe a child under 13 has provided personal information to Barrio, please contact us and we will delete it.
9. How we keep your data secure
All traffic between the app and our servers is encrypted using HTTPS / TLS.
Authentication uses industry-standard token-based sessions; passwords are stored hashed using bcrypt-style algorithms.
Database access is governed by row-level security policies that limit what each user, role, and community can see.
File uploads (photos, documents, payment proofs) live in private storage buckets and are served only through short-lived signed URLs.
Sensitive operations (e.g., approving a visitor pass) are protected by server-side checks even if the client requests them.
We monitor for errors and unusual activity and patch known vulnerabilities promptly.
No system is perfectly secure. If we become aware of a security incident that affects your personal information, we will notify you and the National Privacy Commission as required by law.
10. Cookies, identifiers, and analytics
The mobile app does not use browser cookies. We do use:
Device storage (AsyncStorage) to persist your session and theme preference between launches.
Push tokens issued by APNs / FCM as described in Section 2(e).
Error-monitoring identifiers issued by Sentry so we can group related crash reports.
We do not run third-party advertising SDKs.
11. Changes to this policy
We may update this policy from time to time — for example, when we add a new feature or use a new service provider. When we make material changes we will:
Update the "Last updated" date at the top.
Where appropriate, notify you in the app or by email before the changes take effect.
Continued use of the Service after a change means you accept the updated policy.
12. Contact us
If you have any question about this policy, want to exercise any of your rights, or wish to report a privacy concern, please contact: