Diosh Lequiron

Privacy Policy

Last updated: May 8, 2026

1. Who We Are

This website (dioshlequiron.com) is the personal professional site of Diosh Lequiron. It also showcases the work of HavenWizards 88 Ventures OPC and the ventures it holds.

For the purpose of this Policy:

  • Personal-capacity data controller — Diosh Lequiron, for any data collected through the website itself (contact form, browsing, server logs).
  • Commercial counterparty — HavenWizards 88 Ventures OPC, a One Person Corporation registered in the Republic of the Philippines, when you enter into an advisory, partnership, or venture engagement.

Both are referred to collectively as "we", "us", or "the Operator" in this Policy. Contact details are at the bottom of this page.

2. Scope of This Policy

This Policy describes how we collect, use, disclose, store, and protect personal data submitted through this website. It applies only to data collected through dioshlequiron.com. Data shared with us through other channels — for example, signed advisory engagements, in-person meetings, or third-party platforms — is governed by its own contract or that platform’s policy.

3. Legal Bases for Processing

We process your personal data only when at least one of the following lawful bases applies:

  • Consent — when you voluntarily submit the contact form or otherwise provide information.
  • Performance of a contract — when processing is necessary to enter into or perform an advisory or engagement contract.
  • Legitimate interest — for security, fraud prevention, rate limiting, and the ordinary operation and improvement of the site.
  • Legal obligation — where processing is required to comply with a law, regulation, or lawful order.

This framework follows Section 12 of the Philippine Data Privacy Act of 2012 (Republic Act No. 10173, the “PDP Act”) and, where applicable, Article 6 of the EU General Data Protection Regulation (“GDPR”) for visitors located in the European Economic Area or the United Kingdom.

4. Data We Collect

We collect the minimum data necessary to operate the site and respond to inquiries.

Information you provide directly

  • Name — to address you in our response.
  • Email address — to reply to your inquiry.
  • Inquiry type — to route your message appropriately (advisory, partnership, media, general).
  • Message content — the substance of your inquiry, including any details you choose to include.

Information collected automatically

  • IP address — captured in connection with form submissions for rate limiting, anti-abuse, and basic security logging.
  • Request metadata — standard server logs (timestamp, user agent, requested URL, response status) generated by our hosting provider for operational and security purposes.

We do not knowingly collect special categories of personal data (health, biometric, racial or ethnic origin, religious beliefs, political opinions, sexual orientation, or government-issued identifiers). Please do not include such data in contact form submissions.

5. How We Use Your Data

  • To respond to your inquiry and any follow-up communication.
  • To evaluate, scope, and (where applicable) deliver advisory or partnership engagements.
  • To prevent spam and abuse (rate limiting, anti-bot heuristics).
  • To maintain the security, integrity, and proper functioning of the site.
  • To comply with applicable legal obligations.
  • To understand the volume and types of inquiries received, in aggregate, so we can improve how we communicate and serve.

We do not sell, rent, or trade your personal data. We do not use your data for advertising, behavioral targeting, or marketing unless you have explicitly opted in.

6. Sub-Processors and Third-Party Services

To operate the site, we rely on a small set of vetted third-party service providers. Each acts as a data processor on our behalf under their own privacy and security commitments:

  • Vercel Inc. — hosting, edge delivery, and serverless function execution. Operational logs and form requests are routed through Vercel’s global infrastructure.
  • Supabase, Inc. — managed PostgreSQL database (with row-level security enabled), authentication for the administrative interface, and storage of contact form submissions.

We do not currently use third-party advertising networks, behavioral analytics, social tracking pixels, or marketing automation tools. If this changes, this Policy will be updated and the change reflected in the “Last updated” date.

7. International Data Transfers

Our hosting and database providers operate global infrastructure, meaning your data may be processed and stored outside the Philippines (including, depending on the routing region, in the United States, European Union, or Asia-Pacific data centers operated by Vercel and Supabase). Where personal data is transferred internationally, we rely on the providers’ standard contractual clauses, equivalent safeguards, or other lawful transfer mechanisms required by applicable law.

8. Data Storage and Security

Personal data submitted through the contact form is stored in a Supabase-hosted PostgreSQL database with row-level security (RLS) policies enforced at the database layer. Data is encrypted in transit via HTTPS/TLS and at rest by the underlying provider. Access to contact submissions is restricted to authenticated administrators of this site, protected by password-based authentication and a Content Security Policy that scopes admin sessions to the /admin/* route.

No system can be guaranteed to be 100% secure. While we apply industry-standard controls, you transmit data to us at your own risk and should not include highly sensitive details in casual inquiries.

9. Cookies and Similar Technologies

This site uses only strictly necessary cookies for the proper functioning of the administrative login. Public visitors browsing the site are not assigned tracking cookies, advertising identifiers, or behavioral profiles.

We do not currently load Google Analytics, Meta Pixel, LinkedIn Insight Tag, TikTok Pixel, Hotjar, or other behavioral analytics or advertising scripts. If we add any analytics in the future, we will (a) update this Policy, (b) prefer privacy-respecting alternatives that do not use cross-site identifiers, and (c) obtain consent where required by law.

10. Data Retention

We retain personal data only for as long as needed for the purpose for which it was collected, or as required by law:

  • Active inquiries — retained for the duration of the inquiry plus a reasonable period to allow for follow-up.
  • Archived contact submissions — retained for up to 12 months for reference and continuity, after which they are permanently deleted.
  • Engagement records — where an inquiry leads to a signed advisory or venture engagement, related records are governed by the engagement contract and applicable bookkeeping and tax retention rules (typically up to 10 years under Philippine law).
  • Server logs — retained on a rolling basis by our hosting provider for security and operational diagnostics, generally not exceeding a few weeks.

11. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

  • Right to be informed about how your data is processed (this Policy).
  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) — subject to limitations where we must retain data to comply with law or to defend legal claims.
  • Right to object or restrict processing.
  • Right to data portability — to receive your data in a structured, commonly used format.
  • Right to withdraw consent at any time, where processing is based on consent.
  • Right to lodge a complaint with a supervisory authority — for example, the National Privacy Commission of the Philippines (privacy.gov.ph), or your local data protection authority if you reside outside the Philippines.

To exercise any of these rights, contact us through the contact form or by email at pmdiosh@gmail.com. We will respond within fifteen (15) calendar days in line with the PDP Act, or such shorter period as may be required by applicable law (for example, 30 days for GDPR requests), and may ask for proof of identity before acting on a request.

12. Children’s Privacy

This site is not directed at children. We do not knowingly collect personal data from individuals under the age of eighteen (18) in the Philippines, under sixteen (16) in the European Economic Area or the United Kingdom, or under thirteen (13) in the United States. If you believe a minor has submitted personal data through this site, please contact us so we can promptly delete it.

13. Automated Decision-Making and AI-Assisted Content

We do not use your personal data for fully automated decision-making that produces legal or similarly significant effects on you. Inquiries are reviewed and acted on by a human.

Some of the editorial content on this site may be drafted with AI assistance and then reviewed and approved by Diosh Lequiron before publication. AI assistance is used as a tool, not as a source of personal experience or factual claims.

14. Security Incidents

In the event of a personal data breach that is likely to result in serious harm to affected individuals, we will notify the National Privacy Commission and the affected data subjects in accordance with Section 38 of the PDP Act and its implementing rules — generally within seventy-two (72) hours of becoming aware of the breach. For incidents subject to the GDPR, we comply with the corresponding notification timelines under Articles 33 and 34.

15. Third-Party Links

This site may link to external websites we do not control, including LinkedIn, GitHub, and other professional or media properties. Their privacy practices are governed by their own policies, which we encourage you to review.

16. Changes to This Policy

This Policy may be updated periodically to reflect changes in our practices, the services we use, or applicable law. Material changes will be highlighted at the top of this page. The “Last updated” date indicates when the most recent revision took effect. Continued use of the site after a revision constitutes acceptance of the updated Policy.

17. Contact

For privacy questions, requests under this Policy, or to exercise any of your data subject rights:

  • Operator — Diosh Lequiron (personal capacity) / HavenWizards 88 Ventures OPC (commercial engagements)
  • Email pmdiosh@gmail.com
  • Contact form /contact
  • Registered office (HavenWizards 88 Ventures OPC) — [to be added]
  • Designated Data Protection Officer — [to be appointed and disclosed if required under the PDP Act]
Privacy Policy - Diosh Lequiron