Privacy Policy
Your privacy matters to us. This policy explains what information we collect, how we use it, and the choices you have.
Last updated: July 2026
1. Information We Collect
Contact form submissions: When you fill out our contact, booking, or product inquiry forms, we collect your name, email address, phone number, and any message details you provide.
Account credentials: If you are a team member with admin access, we store your email address and a securely hashed password. We never store passwords in plain text.
Technical data: We may collect IP addresses, browser type, and usage logs for security purposes, such as detecting suspicious login attempts or rate-limiting abuse.
2. How We Use Your Information
- To respond to your inquiries and schedule service appointments.
- To provide quotes and follow up on product inquiries.
- To send important service-related notifications (e.g., appointment confirmations).
- To protect our website and user accounts from abuse and unauthorized access.
- To comply with legal obligations where applicable.
We do not sell, rent, or share your personal information with third parties for marketing purposes.
3. Cookies & Session Management
We use a single essential cookie (`gencool_session`) to keep you signed in to the admin dashboard. This cookie contains a hashed session token — it does not store your password or personal data. No third-party tracking or advertising cookies are used.
4. Bot Protection — Cloudflare Turnstile
We use Cloudflare Turnstile to protect our forms from automated bot submissions. Turnstile may collect limited technical data (such as browser characteristics) to verify that form submissions come from real users. This data is processed by Cloudflare in accordance with their privacy practices.
For details on how Cloudflare handles this data, please review the Cloudflare Turnstile Privacy Notice and the Cloudflare Privacy Policy.
5. Data Security
We take reasonable measures to protect your information, including:
- Passwords hashed using bcrypt with 12 rounds.
- Session tokens stored as cryptographic hashes, not plain text.
- HTTPS encryption for all data in transit.
- Rate limiting and account lockout to prevent brute-force attacks.
- Strict Content Security Policy (CSP) headers.
6. Data Retention
We retain inquiry and booking submissions for as long as needed to provide our services and respond to follow-up questions. Admin session data is automatically expired after a period of inactivity. You may request deletion of your personal data at any time by contacting us.
7. Your Rights
You have the right to:
- Request a copy of the personal data we hold about you.
- Request correction of inaccurate information.
- Request deletion of your personal data.
- Withdraw consent for any optional data processing.
To exercise any of these rights, email us at gencoolinfo@gmail.com.
8. Third-Party Links
Our website may contain links to third-party websites (e.g., social media profiles). We are not responsible for the privacy practices or content of those sites. We encourage you to review their privacy policies before providing any personal information.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.
10. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
GenCool HVAC Mechanical Corporation
Blk 165, Lot 7, Paliparan Site, Paliparan III, 4114 Dasmariñas, Cavite, Philippines