How much does a website cost?

Our websites start at ₱3,000 for a single-page business site and go up depending on complexity. E-commerce sites start at ₱7,000, and custom business systems start at ₱8,000. We always provide a clear quote before starting any work — no surprises.

How long does it take to build a website?

A simple business website typically takes 5–7 working days. More complex projects like e-commerce sites or custom systems take 2–4 weeks. We provide a timeline estimate during your free consultation.

Do you offer ongoing support after launch?

Yes! All our plans include post-launch support (30–60 days depending on the plan). After that, we offer affordable monthly maintenance packages or you can reach out anytime for one-time fixes and updates.

What is a Data Protection Officer (DPO) service?

As a certified DPO, we help your business comply with the Data Privacy Act of 2012 (RA 10173) and international data protection standards. This includes creating privacy policies, conducting data audits, handling compliance documentation, and serving as your outsourced DPO.

Do I need to be in the Philippines to work with you?

Not at all! We work with clients worldwide. Everything is handled online — consultations, project updates, file sharing, and support. We use our client portal so you can track progress from anywhere.

Can I see my project progress while it's being built?

Absolutely. Every client gets access to our Client Portal where you can view project status, track tasks, see invoices, and sign agreements. You'll always know exactly where your project stands.

What technologies do you use?

We primarily build with Next.js, React, TypeScript, and Tailwind CSS for websites and web applications. For databases, we use Supabase (PostgreSQL). All our solutions are modern, fast, and mobile-responsive.

Is the free consultation really free?

Yes, completely free with no obligation. We'll discuss your needs, recommend solutions, and give you a clear quote. You decide if you want to proceed — no pressure, no hidden fees.

Do you accept international payments?

We're currently setting up international payment options including Stripe and PayPal. For now, we can arrange payment via bank transfer. Contact us and we'll work out the best option for you.

What if I need changes after the project is delivered?

Minor revisions are included during and after the build phase. For larger changes or new features after launch, we provide a quote based on the scope of work. Our clients often come back for ongoing improvements as their business grows.

Sensitive Personal Information: What Filipino Businesses…

Most Philippine business owners know the term "personal data." Far fewer know that Philippine law has a special, heavier-protected category called sensitive personal information (SPI) — and processing it without the right safeguards is one of the most-fined violations under the Data Privacy Act.

This guide explains what counts as SPI, the stricter rules that apply to it, and what your business must do differently if you handle it.

What Counts as Sensitive Personal Information

Under Section 3(l) of RA 10173, SPI includes:

Race, ethnic origin, marital status, age, color, religious, philosophical, or political affiliations
Health, education, genetic, or sexual life of a person
Records of criminal offense, alleged or actual
Issued by government agencies peculiar to an individual — Social Security numbers, TIN, passport, driver's license, voter ID, PhilHealth, professional license, license plate, government health card
Specifically established by an executive order or act of Congress as classified

If your business collects any of the above, you are processing SPI — even if you only do it occasionally.

Common PH Businesses That Process SPI

You are probably processing SPI if you run:

A clinic, hospital, dental practice, or any healthcare business (health data)
A school, training center, or tutorial service (education records)
A lending company or financial service (SSS, TIN, IDs)
An HR consultancy, payroll service, or staffing agency (almost all employment records)
A driving school, transport service, or insurance agency (license plates, IDs)
A church, religious organization, or affinity group (religious affiliation)
A legal practice or paralegal service (criminal records)

If any of those describe your business and you have not specifically planned for SPI compliance, you are likely exposed.

The Stricter Rules That Apply to SPI

The Data Privacy Act treats SPI more strictly than regular personal data in four major ways:

1. Higher Lawful Basis Requirement

For ordinary personal data, you can process on any of six lawful bases (consent, contract, legal obligation, etc.). For SPI, you generally need explicit specific consent — broad consent does not work.

2. Mandatory Stronger Security

NPC expects encryption at rest and in transit, role-based access controls, audit logs, and stronger physical security for any system holding SPI. The bar is higher than for regular personal data.

3. Mandatory Breach Notification (Lower Threshold)

When SPI is involved in a breach, NPC notification within 72 hours is almost always required — the "risk of serious harm" test is much easier to meet because SPI breaches are inherently high-risk.

4. Higher Penalties

Unauthorized processing of SPI carries higher criminal penalties than ordinary personal data — fines up to ₱2,000,000 and prison time up to 3 years per offense. The administrative fines under NPC Circular 2022-01 also escalate.

What Your Business Must Do Differently for SPI

If you process SPI, your compliance burden goes up. Specifically:

Explicit, granular consent. Separate checkboxes for each SPI category you collect. Not bundled with general terms.
Separate storage. SPI should not sit in the same database table as ordinary personal data without role-based access controls.
Encrypted at rest. SPI files on disk, in backups, and in transit must be encrypted.
Audit logs. Every access to SPI records must be logged with who accessed it, when, and why.
Documented retention. SPI must be deleted as soon as the lawful purpose is fulfilled.
Stronger access control. Need-to-know only. Most staff should not have access to SPI even within your business.
Higher-tier breach response. Your incident response plan must specifically address SPI scenarios.

The Most Common SPI Mistakes PH Businesses Make

Clinics emailing patient records as plain attachments instead of encrypted file transfer
Lending apps storing borrower IDs in unencrypted folders accessible to all employees
Schools posting honor rolls or student data on public Facebook pages without parental consent for SPI publication
HR services using personal Google Drive accounts to store employment records
Religious organizations collecting membership data including religious affiliation without explicit consent

Every one of these is a real, fined violation in NPC's published case decisions.

The Self-Diagnostic

Ask these five questions about your business:

Do I collect any of the SPI categories listed above?
Do I have separate, explicit consent for each SPI category I collect?
Is SPI stored separately from ordinary personal data, with stricter access controls?
Is SPI encrypted at rest and in transit?
Does my breach response plan specifically address SPI scenarios?

If any answer is "no," that gap is a real legal exposure.

Frequently Asked Questions

Is an email address sensitive personal information?

No — email is ordinary personal information, not SPI. SPI is a narrower, specifically defined category.

What about photos of customers?

A photo by itself is ordinary personal information. A photo PLUS metadata identifying ethnicity, religion, or health condition can become SPI.

What if my business processes SPI only rarely?

Rarity does not change your legal obligations. Even one SPI record triggers all the heavier protections.

Need Help Locking SPI Down?

Mapping where SPI lives in your business, putting the right controls around it, and updating your Privacy Notice — these are standard deliverables in our outsourced DPO service at RDahunan I.T. Services. Want a free 30-minute SPI exposure assessment? Send us a message.

General DPO guidance. Not legal advice.