SilongEvacuation Center Manager Get the app

Privacy Policy

About this policy. Silong is software provided by MarinersLink.com (Rino Casio). This policy explains how the application handles personal data and the responsibilities that come with it. Silong is offline-first: the developer operates no service that receives your data and collects no analytics. The government office that deploys Silong is the controller of the data it collects and remains responsible for its own compliance under RA 10173.

01 Scope & roles

This policy covers personal data processed through the Silong Evacuation Center Manager (the "app") during the operation of a barangay or LGU evacuation center.

  • Personal Information Controller (PIC): the government office that deploys Silong — typically the barangay or the City/Municipal Social Welfare and Development Office. The PIC decides why and how evacuees' data is processed and is accountable under RA 10173.
  • Software provider: MarinersLink.com (Rino Casio) develops and distributes the Silong application. It is offline-first by design: the provider operates no cloud service that receives evacuees' data, has no access to records created in the app, and collects no analytics or telemetry.
  • Personal Information Processor (PIP), if any: any hosting provider or IT contractor the deploying office engages to run the optional central server acts as its processor under a data-sharing or outsourcing agreement.
Because the app is offline-first, records by default never leave the device they were entered on. Data is transmitted only if your office chooses to enable syncing.

02 Personal data we handle

To run camp coordination and relief, the app records the information found on a Family Access Card and related distribution data:

Identifying information personal data

  • Names of the head of family and household members
  • Place of origin (purok / barangay), reason for displacement, and date of arrival
  • Household composition, relationships, civil status, age, and sex
  • The unique FAC number assigned to each household
  • Names of staff or volunteers who register households and release relief, and validation/sign-off names

Sensitive personal information special category

  • Specific-needs and vulnerability indicators — for example persons with disability, older persons, pregnant or lactating women, those who are ill, and unaccompanied or separated children
  • Any health-related notes captured to provide protection and assistance

Operational records

  • Relief batches and distribution entries (item, quantity, time, releasing staff), recorded in a tamper-evident ledger
  • Optional signatures captured on the device for acknowledgement
The app does not collect device identifiers for tracking, advertising IDs, precise location histories, or browsing behavior. Camera access, when used, is only to scan a Family Access Card's QR code; images are not stored.

03 Purpose & lawful basis

Personal data is processed only for legitimate humanitarian and administrative purposes connected to managing an evacuation center:

  • Registering and accounting for displaced persons (camp coordination and camp management)
  • Identifying and protecting persons with specific needs
  • Planning and recording relief distribution, and preventing duplication or diversion
  • Producing situation reports (DROMIC) for the disaster-response chain

Under RA 10173 and its IRR, processing relies on bases that may include the protection of the data subject's life and health (vital interests) during an emergency, the functions of a public authority mandated to provide disaster response and social welfare, compliance with a legal obligation, and, where appropriate, consent. The deploying office determines and documents the specific basis it relies on for a given operation.

Data is not used for any purpose incompatible with the above, and is never sold, rented, or used for advertising.

04 How data is collected

  • Directly at intake. Staff or volunteers enter household details, usually provided by the head of family, at the registration desk.
  • Via Family Access Cards. A printed card carries a QR code that, when scanned, recalls the existing household record — no new personal data is captured by scanning.
  • No background collection. The app does not gather data automatically, in the background, or from third parties.

Where consent is the basis, data subjects should be informed of this policy at the point of collection in a language they understand, and a record of notice should be kept by the PIC.

05 Storage & security

The app is designed to keep data minimal, local, and protected:

  • On-device by default. Records are stored in the device's durable local storage. They do not leave the device unless an authorized user initiates a sync.
  • Encryption at rest. When a passphrase or PIN is set, records are encrypted with AES-256-GCM, with the key derived via PBKDF2 (SHA-256, 200,000 iterations). The app auto-locks when idle and requires the passphrase to reopen.
  • Tamper-evident records. Every relief entry is fingerprinted with SHA-256 and chained, so edits, deletions, or re-orderings are detectable and surfaced in the app and in reports.
  • Optional central server. If your office deploys the WordPress home base, sync is restricted to HTTPS, authenticated with a constant-time key check, and full records are stored encrypted at rest (AES-256-GCM); only non-identifying counts are kept in plain form for roll-ups.
  • No third-party scripts or trackers are loaded by the app.
Controller responsibilities. Security is shared. The PIC must protect the physical devices, use strong passphrases, enforce access controls and multi-factor authentication on any server, keep software updated, and secure all backups. Data on a centralized, internet-facing server carries greater risk and obligation than data kept on local devices.

06 Sharing & disclosure

Personal data is shared only as necessary for disaster response and as required by law:

  • Within the response chain — for example Barangay → City/Municipal SWDO → DSWD Field Office → OCD/NDRRMC — to the extent needed for coordination and reporting.
  • Aggregate, no-names exports. Where only figures are needed, the app can export sex/age and relief totals with no personal identifiers.
  • Legal requirements. Disclosure may occur where required by Philippine law or lawful order.

Silong does not transmit data to the developer or to any advertiser, data broker, or analytics provider. Any sharing with a processor (e.g. a host) should be governed by a written agreement consistent with RA 10173.

07 Retention & disposal

Personal data is kept only as long as necessary for the response and for any retention period required of your office by law or audit. When no longer needed, it should be securely disposed of.

  • The deploying office sets and documents the retention period — kept only as long as the response and applicable laws or audit requirements demand, then securely disposed of.
  • The app's "erase all data" function clears local records from the device; exported files and server copies must be disposed of separately by the PIC.

08 Your rights as a data subject

Under the Data Privacy Act, every data subject has the right to:

  • Be informed that their personal data is being or has been processed.
  • Access their personal data held by the PIC.
  • Rectify inaccurate or incomplete data.
  • Object to processing, or withdraw consent where consent is the basis.
  • Erasure or blocking of data under the conditions set by law.
  • Damages for violations that cause harm.
  • Data portability — to obtain a copy in an electronic, structured format.
  • File a complaint with the National Privacy Commission (NPC).

To exercise these rights, contact the PIC or Data Protection Officer below. The app supports access and portability through its export functions and rectification by editing a household's record.

09 Children & vulnerable persons

Evacuation centers shelter many children and at-risk individuals. Their data warrants heightened care:

  • Records of unaccompanied or separated children are treated as sensitive and limited to what protection and reunification require.
  • Data minimization applies — collect only what is needed to assist and safeguard the person.
  • Access to sensitive records should be restricted to staff with a genuine protection role.

10 Data breaches

If a personal data breach occurs, the PIC will follow its incident-response procedure: contain and assess the incident, and where the breach is likely to give rise to a real risk of serious harm, notify the National Privacy Commission and affected data subjects within the timeframes set by NPC rules.

Because data is local-first and encryptable, the exposure from a single lost device is limited when encryption is enabled — but the PIC should still assess and report as required.

11 Cookies & telemetry

The app itself uses no cookies, no analytics, and no tracking. It stores records in local storage solely to function offline. This website loads no third-party scripts and sets no tracking cookies.

If the deploying office runs the optional WordPress server, note that WordPress and any plugins added to it may set their own cookies or logs; the office should disclose those in its own site policy.

12 Contact

For questions about the Silong application itself — how it handles data, security, or this policy — contact the software provider:

  • Software provider: Rino Casio, founder of MarinersLink.com
  • Website: marinerslink.com

To exercise your data-subject rights over the records held about you (access, correction, objection, erasure, and the others listed above), contact the government office that registered you — it is the controller of that data and appoints its own Data Protection Officer. Ask staff at the evacuation center, or the barangay or City/Municipal Social Welfare and Development Office, for its DPO and contact details.

You may also contact the National Privacy Commission at privacy.gov.ph.

13 Changes to this policy

This policy may be updated to reflect changes in the app, in your office's procedures, or in law. Material changes should be communicated by the PIC, and the "last updated" date above should be revised accordingly.

This policy describes how the Silong application handles personal data. It is published by MarinersLink.com and is not legal advice. The government office deploying Silong remains responsible for its own compliance with RA 10173 and NPC issuances.