DATA PRIVACY, CONFIDENTIALITY & INTEGRITY
In compliance with the Data Privacy Act of 2012 (RA 10173), SciBiz Informatics Inc. is committed to safeguarding the personal, financial, technical, and proprietary information of its employees, merchants, users, and partners. All employees, regardless of rank or position, are deemed Data Processors and are held to a perpetual duty of confidentiality, integrity, and responsible data handling.
Definition and Scope of Confidential Information
Confidential Information includes all information not officially released to the public, whether written, electronic, verbal, or observed in the course of employment, including but not limited to:
- Financial and Payroll Records Payroll data, salary rates, allowances, bonuses, bank balances, tax filings, liquidation reports, expense records, vending machine collections, and related financial strategies.
- Technical Intellectual Property (IP) Source code, system architecture, private repositories, infrastructure details, deployment processes, and internal metrics.
- Merchant, User, and Transaction Data Merchant and partner records, transaction volumes, wallet addresses, balances, metadata, usage patterns, identities, contact details, and lead lists that may identify user behavior.
- Management, Corporate, and Strategic Information Internal drafts of manuals, memoranda, disciplinary or corrective strategies, policy enforcement plans, growth strategies, marketing campaigns, partnership initiatives, and unreleased Company decisions.
- Internal Communications and Draft Materials Drafts or interim versions of policies, manuals, memoranda, reports, or communications not yet officially released by Management. Such information shall not be disclosed to any unauthorized employee or third party unless formally released through an official Company memorandum or authorized communication.
- Marketing & Growth Strategies Upcoming campaigns, referral programs, partnership leads, and BCH adoption roadmaps.
- Financial & Technical Data Proprietary fee structures, wallet features in development, and internal metrics.
- Transaction Metadata Wallet addresses, transaction history, BCH/token balances, and usage patterns that could be used to identify specific user behavior.
Financial & Strategic Secrecy and the “Conference Room Rule”
Confidential Handling of Financial Information
Employees handling payroll, financial, or strategic information must exercise the highest degree of discretion.
- No Public Discussions Sensitive matters (e.g., salaries, checks, bank balances, internal plans) must never be discussed in open or common areas such as workstations, pantries, hallways, or shared spaces.
Secure Channels
- Verbal discussions must take place in designated private areas (e.g., Conference Room).
- Digital discussions must use Company-approved private channels (e.g., Slack, Messenger).
Draft Protection The sharing or circulation of draft or interim documents before official release is strictly prohibited.
Use the Conference Room for verbal discussions and Company-approved Private Channels (e.g Slack, Messenger) for digital communication.
Data Privacy, Security, and Responsible Access
- Authorized Access Only Employees may access only the data strictly necessary for the performance of their assigned duties.
Secure Handling
- Physical records must be stored in locked cabinets or restricted-access areas.
- Digital files must be protected by passwords, access controls, and Company-approved security measures.
Social Media and Public Disclosure Posting, sharing, or distributing screenshots, photographs, system views, internal communications, or office content that reveals confidential, personal, financial, or technical information is strictly prohibited.
Intellectual Property (Work-for-Hire)
All content created during employment—including code, marketing copy, graphics, and databases—is "Work-for-Hire." The Company is the sole owner of all copyrights and intellectual property.
Perpetual Obligation & Return of Property
Upon separation (resignation or termination), employees must:
- Surrender all devices, keys, and data.
- Transfer ownership of all Company-related Cloud/Drive files.
NOTE
The duty of confidentiality survives the termination of employment and shall remain in full force and effect perpetually.
Department-Specific Protocols
| Role / Department | Specific Data Privacy Responsibility |
|---|---|
| Programmers / IT | Security of Source Code: Prohibited from copying, sharing, or hosting company source code on personal repositories (e.g., personal GitHub) unless they are forks of company-owned public repositories. Must protect and secure credentials and sensitive deployment variables, API keys, and IP addresses. |
| Admin & Accounting | Financial & Personal Records: Must secure employee 201 files, payroll data, and government IDs. Documents must be kept in locked cabinets or password-protected folders. No loud discussion of bank balances or funds. |
| Marketing & Sales | Merchant/Lead Privacy: Information gathered from potential partners (names, contact numbers, business addresses) is Company Property. Selling or using these leads for non-company business is a terminable offense. Non-solicitation of partners for 1 year post-employment. |
| Riders & Liaisons | Physical Document Security: Responsible for the safety of physical documents in transit. Prohibited from reading, photographing, or leaving sensitive business permits or checks unattended in public. |
| Utility & Support | Workspace Integrity: Must ensure that sensitive documents left on desks or in trash bins are handled with care. Any documents marked "Confidential" found during cleaning must be surrendered to the Admin for proper shredding. |
Three Core Provisions for Open Source Publishing
1. Trust-Critical Code Must Be Open
If code directly affects user funds, rights, or guarantees, it must be publishable for public inspection.
This includes wallet logic, signing, transaction construction, smart contracts, escrow logic, and any client-side enforcement of rules.
If users must trust the code to be safe, then they must be able to inspect it.
2. Defense and Advantage Code Must Remain Private
If code exists to protect the system or the business, it must not be published.
This includes fraud detection, abuse prevention, rate limiting, internal analytics, admin systems, infrastructure, deployment logic, and anything that would make attacks easier or weaken the company’s ability to operate if exposed.
Open source must never increase risk.
3. Publishing Is an Intentional Decision, Not a Default
No code is made public without explicit approval and review.
Before publishing, developers must consider security, business impact, and maintenance responsibility. When in doubt, keep it private and ask.
General Provisions (Applicable to All)
Non-Disclosure:
Employees shall not disclose any proprietary information, trade secrets, or personal data encountered during their employment to any third party.
Authorized Access Only:
Employees may only access data that is strictly necessary for the performance of their specific duties.
Reporting Breaches:
Any suspected data leak or loss of company hardware must be reported to the Management within twenty-four (24) hours.