SchoolBreach.org

Privacy Policy

Your privacy matters. Here's how we protect your data.

Last updated: March 13, 2026

PDPA Aligned
Data Protected
Data Encrypted

SchoolBreach.org, an initiative by OceanEd Inc. ("we," "us," or "our"), is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Philippine school data breach tracker website at schoolbreach.org.

We are committed to aligning with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as enforced by the National Privacy Commission (NPC).

1. Information We Collect

A. Information You Provide

  • Contact Information: Name, email address, and organization when you submit breach reports or inquiries through our website.
  • Breach Reports: Details about data breaches you submit, including school names, incident descriptions, and supporting evidence.
  • Feedback: Comments, suggestions, or questions you send to us.

B. Information Collected Automatically

  • Device information (browser type, operating system, device identifiers)
  • Usage data (pages visited, features used, time spent)
  • IP address and general location data
  • Cookies and similar tracking technologies

2. How We Use Your Information

We use collected information for the following purposes:

  • To maintain and improve our data breach tracker and security tools
  • To verify and publish breach reports for public awareness
  • To respond to inquiries and provide support
  • To send administrative notices and updates
  • To generate aggregate statistics about school data breaches in the Philippines
  • To comply with legal obligations and regulatory requirements
  • To protect against fraudulent or unauthorized activity

3. Data Protection Measures

We implement robust security measures to protect your data:

Encryption

All sensitive data is encrypted at rest and in transit using industry-standard protocols.

Access Control

Strict access controls ensure only authorized team members can manage breach data.

Responsible Disclosure

Some school names may be withheld to protect affected institutions and students.

Source Verification

All breach reports are verified through public reports, NPC filings, and media coverage.

4. Your Rights Under the Data Privacy Act

As a data subject, you have the following rights:

  • Right to be Informed: Know how your personal data is being processed.
  • Right to Access: Obtain a copy of your personal data we hold.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data under certain conditions.
  • Right to Object: Object to processing of your personal data.
  • Right to Data Portability: Receive your data in a commonly used format.
  • Right to Lodge a Complaint: File a complaint with the National Privacy Commission.

5. Data Sharing and Disclosure

We do not sell, rent, or trade personal information. We may share data in the following circumstances:

  • Public Breach Data: Verified breach information is published on our tracker for public awareness. Personal details of reporters are never disclosed.
  • Service Providers: Trusted third parties who assist in operating our website (hosting, analytics, email delivery).
  • Legal Requirements: When required by law, court order, or government regulation.
  • NPC Coordination: We may share breach information with the National Privacy Commission to support their enforcement efforts.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Breach records are retained indefinitely as part of our public tracker for historical reference.
  • Contact information from inquiries is retained for up to 2 years unless you request earlier deletion.
  • Analytics data is retained in aggregate form and cannot be used to identify individuals.

7. Cookies and Tracking

Our website uses cookies and similar technologies to enhance your experience. These include:

  • Essential Cookies: Required for basic website functionality.
  • Analytics Cookies: Help us understand how visitors interact with our website.
  • Preference Cookies: Remember your settings and preferences.

You can control cookie preferences through your browser settings.

8. Children's Privacy

SchoolBreach.org does not knowingly collect personal information from children under 13. Our tracker is designed as a public awareness resource for educators, administrators, and parents. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data privacy rights, please contact our Data Protection Officer:

Email: privacy@theoceaned.com

Organization: OceanEd Inc.

Address: Las Piñas City, Philippines

You may also file a complaint with the National Privacy Commission at www.privacy.gov.ph