Privacy Policy
Last updated: July 10, 2026 (rev. 12)
Storia.ph ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, NPC Circular 16-03 (Data Breach Management) and NPC Circular 2022-04 (Registration of Data Processing Systems and Notification Regarding Automated Decision-Making), and other applicable issuances of the National Privacy Commission.
Updated 10 July 2026. What changed: Section 15 now reflects our completed registrations. Our BIR Certificate of Registration was issued on 9 July 2026 (non-VAT, 8% income-tax option), and we have filed our NPC Sworn Declaration and Undertaking for exemption from Data Processing System registration. Our registered Data Protection Officer contact is shown in Sections 14 and 15.
1. Information We Collect
We collect the following types of information:
1.1 Personal Information You Provide
- Account Information: Name, email address, phone number (optional)
- Wedding Details: Wedding date, venue location, budget range, guest count estimates
- Profile Information: Style preferences, wedding vision, partner information
- Founding Cohort waitlist: Email address and optional preferences (applies only after our active cohort fills)
1.2 Sensitive Personal Information
The Dream Phase quiz may collect information classified as Sensitive Personal Information under RA 10173 Section 3(l), including:
- Religious and cultural preferences: Ceremony type (Catholic, Muslim nikah, Chinese-Filipino, interfaith, civil), specific traditions you wish to include, halal preferences, and related follow-up questions
We process this information only with your explicit consent given through your decision to answer the relevant quiz questions, in accordance with RA 10173 Section 13(a). You may skip any cultural question. See Section 3 for the lawful basis.
Backfill disclosure (couples who took the quiz before May 3, 2026): Earlier versions of our Wedding DNA quiz did not capture your ceremony type as a separate field. To enable cohort-aware features (Auto-Timeline tasks, Budget categories, Hiraya AI suggestions), we backfilled this field for affected couples using a deterministic lookup based on the style profile name your quiz produced. Backfilled classifications are treated as provisional system-generated metadata and are not used for decision-making affecting users unless confirmed by the user. Affected couples see a prompt in Settings to confirm or correct their ceremony type, and the field stays empty until they pick. We did not infer ceremony type for ambiguous cases where the style profile was intentionally cohort-agnostic. Backfill records are retained for accountability under RA 10173 Section 20. You can update your ceremony type anytime in Settings.
1.3 Anonymous Session Data (Dream Phase)
The Dream Phase (quiz plus AI moodboard) is free and does not require you to create an account. During this phase, your answers are tied to an anonymous session identifier, not to your name or email. Your session data is linked to your account only if you later sign up using the same browser session.
1.4 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on the platform
- Device Information: Browser type, operating system, device type
- Cookies: Session cookies for authentication and analytics cookies for improving our service (see Section 10)
- Campaign tracking parameters (UTM): When you arrive at Storia.ph from a Storia-authored social media post, blog citation, or admin-drafted message, the URL may carry tracking parameters (utm_source, utm_medium, utm_campaign). These help us understand which channels bring couples to our platform. UTM parameters are URL strings, not cookies; they are recorded against an anonymous session and aggregated for channel-attribution analytics. They do NOT identify you personally on their own.
2. How We Use Your Information
We use your information for the following purposes:
- Service Delivery: To provide wedding planning tools, the Dream Phase quiz, AI moodboard generation, and related features
- AI Personalization: To generate your Wedding DNA profile, personalized moodboards, and AI-assisted chat responses (see Section 5 for detail)
- Communication: To send updates, reminders, and important notifications about your wedding planning (only with your consent)
- Improvement: To analyze usage patterns and improve our platform. We use aggregate, non-identifying usage data for this purpose
- Support: To respond to your inquiries and provide customer support
- Legal Compliance: To meet our obligations under RA 10173, RA 11967 (Internet Transactions Act), RA 7394 (Consumer Act), and other applicable laws
3. Legal Basis for Processing
Under RA 10173, we process your personal information based on the following lawful grounds:
- Consent (Section 12(a)): You have given consent for specific purposes, including marketing communications and AI personalization
- Contract (Section 12(b)): Processing is necessary for the performance of our services to you
- Legal Obligation (Section 12(c)): Processing is necessary to comply with a legal obligation, such as tax-record retention under RA 8424 and BIR Revenue Memorandum Circular 36-2019
- Legitimate Interest (Section 12(f)): Processing is necessary for our legitimate business interests (for example, platform security, abuse prevention, service-quality monitoring), balanced against your rights and freedoms
Balancing test for legitimate interest. Where we rely on legitimate interest under Section 12(f), we conduct a balancing assessment to ensure your rights and freedoms are not overridden, particularly where sensitive or emotional personal data is involved. Wedding planning data is high-sensitivity by nature (relationship status, religious affiliation, family dynamics, financial commitments), so we weight individual rights heavily in this assessment. You can object to processing under legitimate interest at any time by contacting us at support@storia.ph.
For Sensitive Personal Information (Section 13):
We process Sensitive Personal Information (religious and cultural preferences) only under Section 13(a): you have given your consent, specific to the purpose of generating your Wedding DNA and personalized moodboard. You may withdraw consent at any time by emailing support@storia.ph or by deleting your data (see Section 8). We do not use sensitive personal data to make decisions that produce legal or similarly significant effects.
4. Data Storage and Retention
We retain your data only as long as necessary for the purpose it was collected. Retention periods are tiered by data category. We retain technical logs and usage data for limited periods consistent with our retention policy described below; specific operational retention windows are documented internally and applied automatically.
- Anonymous quiz sessions: Retained while you continue to engage with the session. Abandoned sessions are cleaned automatically.
- Moodboard prompts and generated images: Retained with your session or account until you delete them or request deletion.
- AI usage records (technical logs of AI calls): Retained for a limited period to support service-quality monitoring and abuse detection. We do not use these records to train AI models. Conversational AI transcripts (Layon AI, Hiraya AI) are stored separately from non-conversational AI usage records and follow the same limited-retention principle.
- Hiraya AI conversations (account-linked): Retained with your account; you can export or request deletion at any time. Conversations that include guest details (when you use Hiraya on your guest list) are kept on a shorter window and expire 30 days after your last activity in them, since that third-party data is not needed once the guest question is resolved.
- Founding Cohort waitlist information: Retained until you request deletion or we retire the waitlist; unsubscribe is always available. If you provide your email through the Wedding DNA reveal-page recovery flow (when our personalization service is temporarily unavailable), your quiz answers are stored alongside your email so we can manually send your Wedding DNA. The two consent choices (receive your Wedding DNA; be notified of our official launch) are recorded separately and either can be withdrawn at any time.
- Account data (after signup): Retained while your account is active. Upon deletion request, we remove your data within 30 days, except where retention is required by law.
- Blog engagement data: Anonymous session-scoped records of which posts you viewed and which reactions you left. Aggregate per-post counts contain no personal information and may be retained longer for editorial reporting. No personal information (name, email) is linked to these records unless you later sign up in the same browser session.
- Messages (workspace conversations): Conversations between you and the people you invite to your wedding workspace (partner, coordinator, vendors, guests). Read access is restricted to thread participants. Retained for the lifetime of the wedding workspace; you can soft-delete individual messages at any time and request full deletion of your sent messages by emailing support@storia.ph. We do not use message content to train AI models. Legal basis: RA 10173 Section 12(b) contract performance and Section 12(f) legitimate interest (workspace activity notifications), with the balancing test applied per Section 3 above.
- Vendor names you record in budget items: When you type a vendor or supplier name into a budget row, that name is stored as part of your wedding workspace. Vendor names may identify natural-person sole proprietors and are treated as personal data. Read access is restricted to your invited collaborators. Vendor names are not shared with third parties, are not used to train AI models, and are deleted alongside the budget item or wedding workspace. Legal basis: RA 10173 Section 12(f) legitimate interest, with the balancing test applied per Section 3 above.
- Timeline collaborator names: When you invite a collaborator to your timeline (partner, coordinator, family, sponsor, or friend) so you can assign them tasks, we store the name you enter. This is a third party's personal data; we show a notice at the point of invitation asking you to confirm you have their consent or authority to share it. Read access is restricted to your wedding workspace; the name is not shared with third parties or used to train AI models, and it is deleted within 30 days if you remove the collaborator (or when the wedding workspace is deleted). An invited collaborator may access, correct, or delete their name by emailing privacy@storia.ph. Legal basis: RA 10173 Section 12(f) legitimate interest, with the balancing test applied per Section 3 above.
- Moodboard tile feedback: If you submit feedback on an AI-generated moodboard tile (the "Not quite us" link), we store an anonymous record: tile category, ceremony type, tier, region, your reason selection, and your optional comment. Before storage, a server-side scrubber removes any email addresses, phone numbers, or credit-card-like strings you may have typed. We do not store your name or email. Records are retained for a limited period and aggregated counts (no free text) may be retained longer for quality reporting. Legal basis: RA 10173 Section 12(f) legitimate interest, with the balancing test applied per Section 3 above.
- Service usage and product analytics: We retain anonymous, aggregated usage metrics for product improvement, security monitoring, and operational reporting (for example, which steps couples reached during the Dream Phase, and aggregate daily counts for our internal dashboards). These records do not contain your name, email, or quiz answers, and are automatically purged after limited periods consistent with this retention policy. Aggregate counts that contain no personal information may be retained longer for operational reporting. Legal basis: RA 10173 Section 12(f) legitimate interest, with the balancing test applied per Section 3 above.
- Transactional records (purchases, refunds, receipts): If you purchase a Storia package, we retain transaction records (tier, amount paid, payment reference, hashed customer-email reference) for 10 years to comply with BIR tax-record retention requirements under RA 8424 and BIR RMC 36-2019, and to support our refund and Acknowledgement Receipt obligations under RA 11967. Read access is restricted to authorized personnel under audited access controls. Legal basis: RA 10173 Section 12(b) contract performance and Section 12(c) legal obligation.
Data is stored on secure cloud servers with industry-standard encryption in transit (HTTPS/TLS) and at rest (AES-256). Our primary processing region is asia-southeast1 (Singapore) on Google Cloud Platform.
5. AI Personalization and Automated Decision-Making
What this means for you: Our AI provider is Google. Your quiz answers, your chat messages, and any photos or text you submit to AI features are sent to Google to generate the personalized output we return to you. Google does not use what you submit through our paid services to train its models. You can delete your AI records anytime (Section 8).
5.1 What our AI does
Storia uses artificial intelligence to generate your Wedding DNA profile, personalized moodboards, text summaries, and chat responses (Layon AI, and Hiraya AI). Your quiz answers and, where applicable, your chat messages are sent to our AI provider for processing so we can deliver the personalized output to you.
5.2 Which AI services we use
We use two distinct Google AI services, each for a different set of Storia features. Both are disclosed below per RA 10173 Section 11 (transparency principle) and Section 16 (right to be informed).
- Google Gemini API (Gemini 2.5 Flash and Gemini 2.5 Flash Image), operated by Google LLC. Used for moodboards, hero images, Layon AI (vendor-screening assistant), and Hiraya AI (planning assistant). Per Google's published policy for the paid Gemini API, inputs are not used to train Google's foundation models.
- Google Cloud Vertex AI (Gemini family models), operated by Google LLC. Used for AI-assisted content drafting (such as community-reply drafts, blog-share drafts, and wedding-website section copy generation for the hero, story, and dress code sections) and for additional AI features as we launch them. Vertex AI is the enterprise Google Cloud product line; under the Google Cloud Data Processing Addendum, customer data submitted to Vertex AI is not used to train Google's foundation models.
In both cases, "not used to train Google's models" refers to model training. Google still processes your inputs operationally (abuse detection, transient processing logs, cost-optimization caches) per its published retention windows. This is standard for any cloud AI provider and is not the same as training-data use.
5.3 What AI sees about you (input transparency)
Per RA 10173 Section 11 (transparency principle) and Section 16 (right to be informed), we disclose what context our AI assistants receive when you interact with them:
- Layon AI (vendor-screening assistant): Your typed queries plus your Wedding DNA profile (cohort, ceremony type, region, scale, palette, mood). Layon AI does not see your guest list, budget line items, or messages.
- Hiraya AI (planning assistant): Your typed queries plus your Wedding DNA profile, your budget categories and amounts, and your timeline tasks, so it can give grounded, numbers-aware answers about your specific wedding. If you grant the separate guest-list consent (shown when you open Hiraya on your guest list), it also receives your guest list (each guest's name, email, RSVP status, side, relationship, and table assignment) so it can answer questions and suggest edits you review and confirm. That consent is workspace-wide: once granted, it applies wherever you use Hiraya and your guest list is relevant, including the Timeline and Budget pages, not only the guest list page. It does not receive guests' dietary or allergy notes: those stay on your guest list page and are never sent to the AI. Hiraya proposes changes; nothing is applied until you review and confirm each one. Each conversation is processed in isolation and is not retained as training data for our own models.
- Moodboard and Hero generators: Your Wedding DNA profile (cohort, ceremony type, palette, mood, scale, region, budget tier). These features do not see your guest list, budget detail, messages, or timeline.
- AI Toolkit features (music, copy, timeline, future tools): The minimum context needed for the specific tool, derived from your Wedding DNA. The relevant context surface is shown at the point of use.
- Wedding-website section copy (hero, story, and dress code): Your Wedding DNA profile (cohort, ceremony type, venue type, palette, style keywords, partner names, wedding date) plus, for the story section only, the three short memory seeds you type in at the point of use. These sections do not see your guest list, budget detail, vendor messages, or timeline tasks.
If we add new AI features in the future, we will disclose what context they receive at the point of use and update this section before the feature is enabled. You will always be able to see what each AI surface sees about you, and opt out by not using that surface.
5.4 Synthetic likenesses in AI-generated images
Our moodboard and hero-image generators may render synthetic human likenesses (bride, groom, entourage, guests) for visualization purposes. These synthetic figures are AI-generated and do not represent real individuals. They are not derived from a couple's photographs, are not identifiable biometric data under RA 10173 Section 3(l), and are not retained for facial recognition, identity verification, or any biometric processing. If you upload your own photographs to your wedding workspace (avatars, partner photo), those are personal data and are handled under Section 4 above; they are not used to train AI models or generate synthetic likenesses.
5.5 Our own use of your data for AI training
We do not use your personal data, quiz answers, chat messages, photographs, or AI-generated content to train our own AI models. Aggregate technical metrics are used solely to detect errors, monitor cost, and improve prompt quality.
5.6 Automated decision-making disclosure
Our AI systems generate suggestions (Wedding DNA profile, moodboard styling, chat responses, budget guidance, timeline tasks). These are suggestions, not automated decisions that produce legal or similarly significant effects about you under RA 10173 Section 16(f). You are free to accept, reject, or regenerate any AI output. We do not use profiling to make decisions that produce legal or similarly significant effects. If any Storia feature in the future involves an automated decision with significant effect (for example, automated vendor matching with contractual commitment), we will disclose it here and request your explicit consent separately.
5.7 AI-generated content labeling
Every AI-generated image on Storia (moodboards, hero images) carries an "AI-generated concept" label so you can distinguish AI output from photography. This aligns with emerging global standards for synthetic-media transparency (Content Authenticity Initiative, EU AI Act Article 50) and supports the transparency principle under RA 10173 Section 11.
5.8 Automated safety and accuracy checks
Before Layon AI or Hiraya AI responds, your message passes through an automated safety check. If a message shows signs of serious emotional distress or self-harm, you receive a care response that points you to support, including a crisis hotline, instead of wedding-planning advice. For this check we record only that it occurred: a flag, a severity level, and a count of matched signals. We do not store the message that triggered it or the words that matched. A self-harm disclosure is Sensitive Personal Information under RA 10173 Section 3(l), so we deliberately do not retain it, consistent with the sensitive-information handling described in Section 13 of RA 10173. This response is not a substitute for professional help; Layon AI and Hiraya AI are AI assistants, not counselors (see Section 3 of our Terms of Service).
Layon AI and Hiraya AI also run automated checks on their own replies for accuracy and formatting. Some of these checks may make a brief follow-up request to our AI provider to re-phrase or correct a reply before you see it. These checks operate on the AI's own output and do not collect any new personal information about you. Legal basis for these safety and accuracy checks: RA 10173 Section 12(f) legitimate interest (keeping the service safe and accurate), with the balancing test applied per Section 3 above, and disclosed per RA 10173 Section 11 (transparency principle) and Section 16 (right to be informed).
5.9 Your choices
If you do not wish your data to be processed by our AI features, you can choose not to take the Dream Phase quiz or use chat features. The core Storia experience will be limited without AI personalization. You may also request deletion of your AI records at any time (Section 8).
6. Data Sharing and Third-Party Processors
We do not sell your personal information. We share data with a limited set of processors who help us operate, under confidentiality and data-processing arrangements:
- Google LLC, Google Gemini API: AI text and image generation for the Dream Phase, moodboards, hero images, Layon AI, and Hiraya AI. Processing region: Google's published regions for the consumer Gemini API (multi-region, US-centric). Retention at processor side: per Google's published Gemini API terms; paid-tier inputs are not retained for model training. Contract: Google's published Gemini API terms.
- Google LLC, Google Cloud Vertex AI: AI-assisted content drafting (community-reply drafts, blog-share drafts, and wedding-website section copy generation for the hero, story, and dress code sections) and additional AI features as we launch them. Processing region: asia-southeast1 (Singapore) primary, with US fallback for model-tier features outside that region. Retention at processor side: per the Google Cloud Data Processing Addendum; customer data is not used to train Google's foundation models. Contract: Google Cloud Data Processing Addendum (cloud.google.com/terms/data-processing-addendum) plus Standard Contractual Clauses for international transfer.
- Google Cloud Platform (hosting, database, storage): Firebase Hosting, Firebase Authentication, Cloud Run, Firestore, Cloud Storage. Primary region: asia-southeast1 (Singapore).
- Google Analytics 4 with Consent Mode v2: Operated by Google LLC and Google Asia Pacific Pte. Ltd. for traffic-pattern measurement. When you decline cookies on our banner, Google Analytics still receives anonymous, aggregated signals (no cookies, no device IDs, no personal identifiers); we process these signals under RA 10173 Section 12(f). When you accept, Google Analytics receives a full measurement stream tied to a Google-issued client ID; we process this under RA 10173 Section 13(a). Aggregated modeling may use Google infrastructure outside the Philippines under Google's Standard Contractual Clauses. You can withdraw consent at any time by emailing support@storia.ph; withdrawal reverts you to the cookie-free aggregated stream. Retention follows Google's defaults; aggregated reports may be retained longer.
- Email delivery providers: For transactional email (account emails, cohort communications, payment receipts). We use a Philippines-region SMTP relay; provider details available on request to support@storia.ph.
- Legal Requirements: When required by law, court order, or government regulation.
- With Your Consent: When you explicitly authorize sharing with coordinators, partners, or vendors through our platform.
We never share your budget details, vendor payments, guest list, or financial information with third parties without your explicit consent.
7. Cross-Border Data Transfers
Your data is processed primarily in Singapore (Google Cloud asia-southeast1 region). When our AI providers process your inputs, additional processing may occur in jurisdictions where Google operates infrastructure, including the United States. This applies to both Google Cloud Vertex AI (asia-southeast1 is the primary region; US is a fallback for model-tier features) and the Google Gemini API (Google's published consumer-API regions, which are US-centric and multi-region).
We ensure transfers comply with RA 10173 Sections 21 and 22 through contractual safeguards with each processor. For Google Cloud Vertex AI, this is the Google Cloud Data Processing Addendum plus Standard Contractual Clauses for international transfer. For the Google Gemini API, this is Google's published Gemini API terms. Our processor onboarding follows the accountability principle under RA 10173 Section 21 and its Implementing Rules and Regulations.
8. Your Rights Under RA 10173
As a data subject, you have the following rights:
- Right to Be Informed: Know what data we collect and how it is used (this policy).
- Right to Access: Request a copy of your personal data, including AI usage records and chat transcripts.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data, including AI records and chat transcripts.
- Right to Object: Object to processing of your data for certain purposes, including direct marketing and AI personalization.
- Right to Data Portability: Receive your data in a structured, commonly used format.
- Right to Withdraw Consent: Withdraw any consent you have given at any time, including consent for Sensitive Personal Information processing and AI personalization.
- Right to Lodge a Complaint: File a complaint with the National Privacy Commission (NPC).
How to exercise your rights. Email support@storia.ph with the right you wish to exercise and brief context. We will not require excessive verification or unnecessary steps, and we will provide assistance where needed. We respond within 30 calendar days. If we need more time for a complex request, we will tell you why and when to expect the full response.
If you believe our handling of your rights request was inadequate, you may escalate to the National Privacy Commission at www.privacy.gov.ph.
9. Data Security
We implement appropriate organizational, physical, and technical security measures consistent with RA 10173 Section 20 and its Implementing Rules and Regulations (Rule VI):
- Encryption. All data in transit is protected by TLS 1.2 or higher. All data at rest, including chat messages, attachments, and personal information, is encrypted using AES-256 with keys managed by Google Cloud KMS in the asia-southeast1 region. We do not operate end-to-end encryption (E2EE), because our abuse-report and weekly-digest features need server-side access to message content for the protections those features provide. If you require E2EE for sensitive conversations, use a different channel.
- Access controls and authentication requirements; privileged access is audited.
- Regular security assessments, dependency updates, and rule audits.
- Least-privilege principles for all service accounts.
- Incident response and breach notification procedures aligned with NPC Circular 16-03. We will notify affected data subjects and the National Privacy Commission within 72 hours of confirming a personal data breach that meets the notification threshold under NPC Circular 16-03 Sections 11-13.
10. Cookies and Tracking
We use cookies for:
- Essential Cookies: Required for the platform to function (session, authentication).
- Analytics Cookies: Google Analytics 4 to understand aggregate usage. We use Consent Mode v2: if you decline our banner, no cookies are set, but Google still receives anonymous cookie-free traffic-pattern signals (no personal identifiers); if you accept, full GA4 cookies are set for measurement. See Section 6 for the legal basis for each state.
You can manage cookie preferences through our cookie banner or your browser settings.
11. Children's Privacy
Storia.ph is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have collected data from a minor, please email support@storia.ph immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you by email (if you are an account holder or Founding Cohort waitlist member) or through a prominent notice on our platform. Your continued use of Storia.ph after changes constitutes acceptance of the updated policy. This policy is dated and version-tracked; a material change always updates the "Last updated" date above.
13. Founding Cohort Data Handling
Storia is opening packages via a Founding Cohort program. Data handling for this program is described below. This section applies in addition to Sections 1-12 above; it does not replace the general policy.
13.1 Founding Candidate (signup without booking)
Founding Candidate status is assigned automatically when you create a Storia account without yet purchasing a package. (Email captures from our Wedding DNA reveal-page recovery flow or our Founding Cohort waitlist do not create an account and are handled separately, per Sections 1.1 and 4.) As a Founding Candidate, we collect and retain:
- Your email address, for cohort-related communications and package booking follow-up
- Your Wedding DNA quiz answers and results, to personalize future communications
- Your generated moodboard and related AI outputs (see Section 4 for retention)
- Standard session data (cookies, analytics) per Section 10
Retention: Founding Candidate data is retained for 24 months from your last interaction with Storia. You may request deletion at any time via Section 8 rights. If you upgrade to Founding Member status by booking a package, the retention schedule under 13.2 applies.
13.2 Founding Member (paid booking)
Founding Member status is assigned when you complete the booking of one of the founding cohort's paid packages. This status adds the following data collection on top of 13.1:
- Package booking details (tier, payment method, billing address, and shipping address if applicable)
- Access records (login history and feature usage during your active access window)
- Post-wedding archive data (your wedding content retained per your tier's published access duration)
Retention: Transactional data (payment records, booking receipts) is retained for 10 years to comply with Bureau of Internal Revenue (BIR) audit requirements. Non-transactional usage data is retained for the duration of your active access window published at booking, after which it transitions to read-only archive status until end-of-archive deletion. Data exports remain available throughout active and archive windows.
13.3 Cohort position tracking
To determine your position in the Founding Cohort, we record the timestamp of your completed paid booking. This timestamp is retained as part of your transactional record for the duration described in 13.2. The Founding Cohort is filled in order of booking completion date, not signup date. Founding Member terms are as described in our Terms of Service, Section 5.6.
13.4 Workspace ownership transfer (partner separation)
A wedding workspace is shared between the couple and any invited collaborators. If the relationship between the couple ends and one party requests sole control or full deletion, here is what happens:
Channel. Email support@storia.ph. You can also write directly to the founder; many couples prefer that channel for this conversation. Within 24 hours of your email, we suppress all couple-facing communications and dashboard nudges for both accounts (silent comms freeze) so neither of you receives wedding-themed messages while you sort things out.
Sole-owner takeover. You decide what stays and what is removed; we do not impose changes. We will walk through the workspace with you, item by item if helpful, and act only with your written go-ahead. The 7-business-day SLA is the maximum we will take to complete what you ask, not a deadline we impose on you. Identity is verified by re-authentication of your original Storia email plus a fresh email-OTP, or by government-issued photo ID and a video selfie if account access is lost.
What persists vs what is removed. Identifying contributions of the departing party (chat messages, profile information, photo, displayName, @mentions) are removed or anonymized at your request. Jointly-authored AI-derived artifacts (your shared moodboard, Wedding DNA, joint guest list, joint budget) persist under the remaining party's control because they are joint records. The departing party retains the Section 16 right to a portable export of these joint records but not unilateral deletion, the same way a joint bank account works.
Full workspace deletion. Either party may instead request full workspace deletion under your Right to Erasure (Section 8), which removes all wedding data including the other party's contributions, subject to the retention exceptions in 13.2 (transactional records, BIR audit). Live data deletion completes within a reasonable time consistent with NPC IRR Rule V; backup eviction follows our backup-rotation cycle.
During unresolved conflict. We pause outbound notifications, new collaborator invites, and shared-state writes for 14 days while you and your partner sort things out. Existing data, booking obligations, security alerts, and legal processing continue unchanged. We cannot adjudicate between two people we both care about; what we can do is keep your workspace safe and respond to whichever of you holds the booking on record. If you cannot reach agreement, you may file a complaint with the National Privacy Commission.
Audit. Every takeover decision is logged in an internal audit record retained for 10 years (BIR-overlap), accessible to administrators only.
13.5 Pausing communications during a difficult time
If you are experiencing a death in the immediate family, serious illness, partner separation, or any difficult circumstance, you can request a comms pause. Email support@storia.ph or message us via Settings.
What we suspend within 24 hours of your request:
- Marketing emails and re-engagement nudges
- Countdown timers, milestone celebration banners, and progress reminders on your dashboard
- Weekly digest emails and Layon AI / Hiraya AI proactive prompts
- Partner @mention email notifications
- Any non-essential nudges that draw attention to your wedding date or planning progress
What continues during a pause (per RA 11967 Section 8 and RA 10173 Section 16):
- Booking confirmations, payment receipts, and refund notices
- Security alerts (login from a new device, password reset)
- NPC-mandated breach notifications, if any
- Material-change notices for our Terms or this Privacy Policy
- Vendor communications for any active contract you hold
Duration. A pause lasts 30 days and auto-ends with a single re-engagement notice asking if you would like to extend. You may extend at any time, or convert to a permanent marketing opt-out via the unsubscribe link in any email (always available). A pause does not affect your booking, refund eligibility, or access duration.
If more than one of these clauses applies at once (for example, a partner's passing alongside a workspace handover), write to us once. We will sequence the response with you.
14. Contact Us
For questions, concerns, or to exercise your data rights, contact our Data Protection Officer:
Data Protection Officer: Enrique Lacambra III, privacy@storia.ph
Data-subject requests (including wedding guests): email privacy@storia.ph. If a couple listed you as a guest and you want to access, correct, or delete those details, we verify your request against the information on file and coordinate with the couple, who is the controller of their guest list, to action it within 30 calendar days. You can also ask the couple directly.
General support: support@storia.ph
National Privacy Commission:
If you have concerns about our data practices, you may file a complaint with the NPC at www.privacy.gov.ph.
15. Compliance and Registration Status
Storia.ph operates as a sole proprietorship under Philippine law. We disclose our registration status transparently per the Internet Transactions Act (RA 11967) Section 7, so you know our compliance posture before signing up.
| Registration | Status | Reference |
|---|---|---|
| DTI Business Name | Registered 11 May 2026. Valid until 11 May 2031. | LACAMBRA WEB PORTAL SERVICES, BN Cert No. 8179942, National scope. Issued by Sec. Ma. Cristina A. Roque, DTI. |
| NPC (data processing system) | We filed an NPC Sworn Declaration and Undertaking for exemption from Data Processing System registration on 8 July 2026. The exemption remains valid while our processing activities stay below the applicable thresholds under the NPC's registration rules. We will file a Data Processing System registration if any threshold is crossed. | RA 10173 (Data Privacy Act) |
| Mayor's Permit (LGU) | In progress | RA 7160 (Local Government Code) |
| BIR Tax Registration | Registered 9 July 2026. Non-VAT (8% income-tax option). | BIR Form 2303 Certificate of Registration, RDO 046 East NCR, PSIC 63120, RSN 046RC20260000011356. RA 8424 (NIRC) Section 236(A). |
| Data Protection Officer (DPO) | Designated. Enrique Lacambra III serves as our Data Protection Officer, the contact for data-subject requests. | privacy@storia.ph |
Status updates. Where a registration or licence remains in process, for example the Local Mayor's Permit, it will be updated above upon issuance by the relevant authority. The NPC route is an exemption (see above), not a pending registration, so no NPC registration certificate is forthcoming.
Receipts and the BIR registration sequence. We do not accept payment for any paid package until our BIR Certificate of Registration (COR) is issued. After the COR is issued, and while our Authority to Print (ATP) is still pending, we issue a pre-numbered Acknowledgement Receipt at the time of payment in compliance with BIR Revenue Memorandum Circular 36-2019. Once our ATP is approved, we issue the corresponding BIR Invoice under Revenue Regulations 7-2024, and any customer who paid during the Acknowledgement Receipt window receives it. If you receive a refund before the BIR Invoice is issued, the Acknowledgement Receipt is voided and no Invoice is issued for the refunded amount; you receive a refund confirmation email referencing the voided AR number.
Data privacy posture and lawful basis. Storia processes personal data, including sensitive personal information (religious affiliation per RA 10173 Section 3(l)), under explicit consent obtained at the quiz and signup steps and other lawful bases described in Section 3 above. Storia operates under the NPC registration exemption described above; there is no pending NPC PIC registration certificate.
Questions or concerns about our registration posture, the receipt we will issue you, or our data privacy posture: email support@storia.ph and we will respond within 24 hours.
This Privacy Policy is compliant with Republic Act No. 10173 (Data Privacy Act of 2012), its Implementing Rules and Regulations, and applicable NPC Circulars including 16-03 (Data Breach Management) and 2022-04 (Registration of Data Processing Systems and Notification Regarding Automated Decision-Making). Registration status is disclosed in Section 15 above per RA 11967 (Internet Transactions Act) Section 7.